IT Audit School - ITG121

IT Audit School

IT Audit School - ITG121

Upcoming Dates & Locations

Onsite - Seattle
Aug 16th, 2021 - Aug 19th, 2021
Onsite - Dallas
Sep 13th, 2021 - Sep 16th, 2021
Onsite - London
Sep 20th, 2021 - Sep 23rd, 2021
Onsite - Orlando
Dec 6th, 2021 - Dec 9th, 2021
Onsite - Dubai
Dec 12th, 2021 - Dec 15th, 2021

IT Audit School - ITG121


Price: $2063.00


This course is for financial, operational, business, and new IT auditors, and provides an in-depth review of the risks and controls to audit IT and business application systems.

Who Should Attend

For entry level IT Auditors and technologists looking for a foundational understanding of IT auditing.


  • None

What You’ll Learn

You will learn about database, network, business application and transaction risks and controls. Also, end user computing, assessing control ownership, how to document and test inputs, processes, outputs, master files and interfaces.


Introduction to IT Risks & Controls:

  • role of IT
  • risk definitions
  • risk assessment
  • information security objectives
  • IT controls cost / risk balance
  • internal control overview
  • accountability & auditability

Planning IT Audits:

  • definition of internal audit
  • IT audit planning
  • audit universe/IT audit universe
  • risk criteria
  • audit engagement planning
  • IT control categories
  • mapping risk and control categories

Audit & Control Frameworks and Standards:

  • maintaining objectivity
  • what is a Standard?
  • overview of common frameworks
  • overview of common guidelines

Basics of Information Technology:

  • computer hardware
  • central processing unit / memory
  • Operating Systems (OS)
  • Mainframe
  • client/server technology
  • virtualization/virtual servers
  • binary numbering
  • compilers and interpreters

Database Technology and Controls:

  • managing information
  • database terminology
  • Database Management Systems (DBMS)
  • hierarchical databases
  • relational databases
  • database risks
  • database audits

Network Technology and Controls:

  • networking risks
  • what is a “network”?
  • OSI Model
  • Local Area Networks (LANs)
  • Wide Area Networks (WANs)
  • network devices
  • firewalls
  • Intrusion Detection Systems (IDS / IPS)
  • Virtual Private Networks (VPNs)
  • wireless
  • internet
  • cloud computing

IT Governance:

  • audit’s role in IT governance
  • IIA Professional Practices framework-governance
  • linking business and IT strategies
  • IT governance objectives
  • ISACA - IT governance/management
  • IIA GTAG - auditing it governance
  • separation of duties
  • assessing outsourced IT functions

IT General Controls:

  • logical security
  • change management
  • business continuity / disaster recovery
  • operation controls
  • physical security
  • environmental exposures
  • system development

Business Application Controls:

  • what is a transaction?
  • transaction-based application auditing
  • transaction life cycle
  • batch and online models
  • application risk assessment factors
  • establishing audit priorities

Top-Down Risk-Based Planning:

  • planning the application audit
  • top-down risk based planning
  • defining the business environment
  • determining the application’s technical environment
  • performing a business information risk assessment
  • identifying key transactions
  • developing a key transaction process flow
  • evaluating and testing application controls

Executing Integrated Audits:

  • control ownership
  • what is integrated auditing?
  • integrated IT/business controls
  • enterprise risk coverage
  • integrated audit scoping
  • integrated audit staffing
  • IT control activities

Business Application Controls:

  • business applications - information objectives
  • business application auditing
  • business application transaction life cycle
  • transaction origination
  • completeness and accuracy of input
  • completeness and accuracy of processing
  • completeness and accuracy of output
  • completeness and accuracy of master files
  • completeness and accuracy of interfaces
  • output retention and disposal
  • data file controls
  • user review, balancing, reconciliation
  • end-user documentation

Testing Business Application Controls:

  • testing business application controls
  • testing automated and manual controls
  • testing alternatives
  • testing sample size
  • sampling terminology
  • negative assurance testing
  • types of audit evidence
  • functional/substantive testing
  • computer assisted audit techniques (CAATs)
  • data analysis—planning and data verification

Documenting Business Application Controls:

  • evaluating and documenting internal controls
  • internal control questionnaires (ICQ)
  • narratives
  • flowcharts/process flows
  • control matrix

End User Computing:

  • growth of end user computing
  • end user computing risks
  • general IT control risks
  • change control risks
  • purchased application risks
  • spreadsheets—typical errors
  • spreadsheet risk factors
  • practical steps for evaluating spreadsheet controls

Why You Should Attend

You should attend because this course provides a comprehensive overview of IT audit and provides information from auditing standards, IT information and many other essential topics all auditors should be familiar with.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: