IT Auditing and Controls

IT Audit

Overview

Internal and Operational Auditors in today’s complex organizations must understand information systems and be able to function within a technical environment. This course outlines the concepts of information technology to understand audit concerns in the IT environment. Participants will review critical business application system controls and the supporting IT general controls. The focus is on key risks and controls in critical areas like user access to business applications, database security, networks, change management, and disaster recovery.

Why you should take this course

For users who are new to internal auditing, or would like to learn more about it.

Here are the topics we'll cover.

  1. Introduction to IT Risks and Controls

    • Role of IT
    • Risk Definitions
    • Risk Assessment
    • Information Security Objectives
    • IT Controls Cost / Risk Balance
    • Internal Control Overview
    • Accountability and Auditability
    • Integrated Auditing
  2. Planning IT Audits

    • Definition of Internal Audit
    • Integrated Auditing
    • IT Audit Planning
    • Audit Universe / IT Audit Universe
    • Risk Criteria
    • Audit Engagement Planning
    • IT Control Categories
    • Mapping Risk and Control Categories
  3. Audit and Control Frameworks and Standards

    • Maintaining Objectivity
    • What is a Standard?
    • COSO
    • GAO Green Book
    • IIA - Global Technology Audit Guides
    • COBIT®
    • ISO 27XXX
    • FISMA - Federal Information Security Modernization Act
    • NIST 800-53
  4. Basics of Information Technology

    • Computer Hardware
    • Central Processing Unit / Memory
    • Operating Systems (OS)
    • Mainframe
    • Client/Server Technology
    • Middleware
    • Virtualization / Virtual Servers
    • Batch and Interactive Processing
  5. Database Technology and Controls

    • Managing Information
    • Program-Centric Model
    • Database Management Systems (DBMS)
    • Database Risks
    • Database Terminology
    • Hierarchical Databases
    • Relational Databases
    • Database Review Procedures
  6. Network Technology and Controls

    • Networking Risks
    • What is a “Network”?
    • OSI Model
    • Local Area Networks (LANs)
    • Wide Area Networks (WANs)
    • Network Devices
    • Firewalls
    • Intrusion Detection Systems (IDS / IPS)
    • Virtual Private Networks (VPNs)
    • Wireless
    • The Internet
    • Cloud Computing
  7. IT Governance

    • Audit’s Role in IT Governance
    • IIA Professional Practices Framework - Governance
    • Linking Business and IT Strategies
    • IT Governance Objectives
    • COBIT® 5 – IT Governance / Management
    • Separation of Duties
    • Assessing Outsourced IT Functions
  8. IT General Controls

    • Logical Security
    • Change Management
    • Business Continuity / Disaster Recovery
    • Operation Controls
    • Physical Security
    • Environmental Exposures
    • System Development
  9. Business Application Controls

    • Business Application Control Categories
    • Business Application Risks
    • What is a Transaction?
    • Transaction Life Cycle
    • Business Application Audit Objectives
    • Business Application Controls

Learning Style

Instructor Led

Level

Entry Level

Who this course is for

Internal Audit Staff, Seniors, and Managers responsible for performing integrated internal audits or those who want an introduction to IT auditing.

NASBA Certified CPE

24 credits

Field of Study

Auditing

Length of course

24h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Introduce current information technology concepts and practices.
  • Present the scope of IT auditing and be able to decide which areas are of greatest interest to pursue in the future.
  • Discuss the risks related to IT.
  • Identify control objectives and strategies.
  • Provide understanding of how IT affects audit to effectively interact with business and IT auditors, and learn how all this works in the real world.
  • Gain ability to participate at high level in IT audits.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/