IT Auditing and Controls
Overview
Internal and Operational Auditors in today’s complex organizations must understand information systems and be able to function within a technical environment. This course outlines the concepts of information technology to understand audit concerns in the IT environment. Participants will review critical business application system controls and the supporting IT general controls. The focus is on key risks and controls in critical areas like user access to business applications, database security, networks, change management, and disaster recovery.
Why you should take this course
For users who are new to internal auditing, or would like to learn more about it.
Here are the topics we'll cover.
-
Introduction to IT Risks and Controls
- Role of IT
- Risk Definitions
- Risk Assessment
- Information Security Objectives
- IT Controls Cost / Risk Balance
- Internal Control Overview
- Accountability and Auditability
- Integrated Auditing
-
Planning IT Audits
- Definition of Internal Audit
- Integrated Auditing
- IT Audit Planning
- Audit Universe / IT Audit Universe
- Risk Criteria
- Audit Engagement Planning
- IT Control Categories
- Mapping Risk and Control Categories
-
Audit and Control Frameworks and Standards
- Maintaining Objectivity
- What is a Standard?
- COSO
- GAO Green Book
- IIA - Global Technology Audit Guides
- COBIT®
- ISO 27XXX
- FISMA - Federal Information Security Modernization Act
- NIST 800-53
-
Basics of Information Technology
- Computer Hardware
- Central Processing Unit / Memory
- Operating Systems (OS)
- Mainframe
- Client/Server Technology
- Middleware
- Virtualization / Virtual Servers
- Batch and Interactive Processing
-
Database Technology and Controls
- Managing Information
- Program-Centric Model
- Database Management Systems (DBMS)
- Database Risks
- Database Terminology
- Hierarchical Databases
- Relational Databases
- Database Review Procedures
-
Network Technology and Controls
- Networking Risks
- What is a “Network”?
- OSI Model
- Local Area Networks (LANs)
- Wide Area Networks (WANs)
- Network Devices
- Firewalls
- Intrusion Detection Systems (IDS / IPS)
- Virtual Private Networks (VPNs)
- Wireless
- The Internet
- Cloud Computing
-
IT Governance
- Audit’s Role in IT Governance
- IIA Professional Practices Framework - Governance
- Linking Business and IT Strategies
- IT Governance Objectives
- COBIT® 5 – IT Governance / Management
- Separation of Duties
- Assessing Outsourced IT Functions
-
IT General Controls
- Logical Security
- Change Management
- Business Continuity / Disaster Recovery
- Operation Controls
- Physical Security
- Environmental Exposures
- System Development
-
Business Application Controls
- Business Application Control Categories
- Business Application Risks
- What is a Transaction?
- Transaction Life Cycle
- Business Application Audit Objectives
- Business Application Controls
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Prerequisites
Advanced Preparation
Here are the learning objectives we'll cover
- Introduce current information technology concepts and practices.
- Present the scope of IT auditing and be able to decide which areas are of greatest interest to pursue in the future.
- Discuss the risks related to IT.
- Identify control objectives and strategies.
- Provide understanding of how IT affects audit to effectively interact with business and IT auditors, and learn how all this works in the real world.
- Gain ability to participate at high level in IT audits.