IT Audit School

IT Audit

Overview

This course is designed for financial, operational, business, and new IT auditors to provide a solid introduction to the risks and controls necessary to audit IT department functions and the underlying technologies. We will cover the basic concepts of information technology to help auditors understand the IT impact on business. We will explore such IT areas as operating systems, networks, database management systems, and application systems. Supporting IT general controls, such as logical and physical access, help desk, system development, change management, and disaster recovery planning will also be covered. We will introduce a top-down, risk-based approach to auditing business applications and ensuring that their supporting infrastructure is considered in the audit process. Learners will leave this intensive seminar with a solid foundation in information technology basics as they apply to IT risks, audit, information security, and business application systems.

Why you should take this course

For users who are new to internal auditing, or would like to learn more about it.

Here are the topics we'll cover.

  1. How is IT used in Companies?

    • Business systems
    • Support systems
    • Infrastructure
    • Marketing and sales
  2. IT Risks

    • Risk overview
    • Confidentiality, integrity, availability (CIA)
    • Managing risk
  3. Basics of IT

    • Computing devices and operating systems
    • Significant computer types
    • Client/server technology
    • Middleware/APIs
    • Virtualization
    • Programs and programming overview
  4. Networks

    • Overview
    • Network devices
    • Network protocols, ports, and services
    • Firewalls
    • Network monitoring (IDS/IPS/SIEM)-
    • Cloud – characteristics
    • Cloud – service models
    • Cloud – audit considerations
  5. Internet of Things (IoT)

    • Definitions
    • Usage and control overview
  6. Databases

    • Database types
    • Database terminology/definitions
    • SQL
    • Database audit concepts
  7. IT General Controls (ITGCs)

    • IT general controls introduction
    • Logical security – authentication
    • Administration and awareness
    • Encryption overview
    • System development lifecycle (SDLC)
    • Change management
    • SDLC/System Development Methodology (SDM) audits
    • IT operations
    • Vulnerability scanning and penetration testing
    • Physical and environmental controls
    • Business continuity planning
    • Disaster recovery planning
    • Mobile device management (MDM)/Bring Your Own Device (BYOD)
    • End-user computing
  8. Frameworks and Laws

    • Security and audit frameworks – Part 1
    • Security and audit frameworks – Part 2
  9. Governance

    • Business and IT strategy
    • IT and security strategy
    • IT risk assessment
    • Risk register and acceptance
    • Vendor management
  10. Applications

    • Application control objectives
    • Business transaction processing
    • Business support and IoT applications
  11. Audit Planning

    • Audit risk assessment
    • IT audit scoping
    • IT general controls
    • Technical audits
    • Application/integrated audits

Learning Style

Instructor Led

Level

Entry Level

Who this course is for

Entry-level IT Auditors and Technologists looking for a foundational understanding of IT auditing.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Learners will be able to describe what a technical term refers to and understand its place in an organization.
  • Learners will be able to identify risks associated with the use of technology by their organization.
  • Learners will be able to describe categories of controls that may be in place to protect systems.
  • Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/