Planning & Performing Integrated Audits - ITP102WEB

Planning & Performing Integrated Audits ITP102WEB

Planning & Performing Integrated Audits - ITP102WEB

Upcoming Dates & Locations

Planning & Performing Integrated Audits - ITP102WEB


This webinar covers integrated auditing methodology that includes risk-based scoping and staffing considerations using a top-down, risk-based approach to auditing application system transactions.

Who Should Attend

IT Auditors, Financial and Operational Auditors; Audit Management, Risk Management, Compliance Management.


  • None

What You’ll Learn

You will learn application systems audit and testing techniques that can be applied to integrated audits, including application controls, user access, change management, and business continuity planning.


Integrating IT Risks into the Internal Audit Process:

  • Integrated auditing resources
  • Control ownership
  • Defining integrated auditing
  • Integrated audit risk focus
  • Using COSO
  • IT control categories
  • Integrated auditing best practices

Auditing Business Application Systems:

  • Application audit objectives
  • What is a transaction?
  • Transaction life cycle

Top-Down, Risk-Based Planning:

  • Planning the application audit
  • Defining the business environment
  • Determining the application’s technical environment
  • Performing a business information risk assessment
  • Identifying key transactions
  • Developing a key transaction process flow
  • Evaluating application controls

Auditing Application Controls:

  • Embedded vs. configurable application controls
  • Completeness and accuracy of input
  • Completeness and accuracy of processing
  • Completeness and accuracy of output
  • End-user computing

User Access Controls:

  • Information classification
  • Access control components
  • Authentication
  • Authorizations
  • Conflict matrix
  • Social engineering

Change Management:

  • Change management risks
  • Change requests
  • Testing changes
  • Program migration

Business Continuity Planning:

  • BCP scope considerations
  • Business Impact Analysis (BIA)
  • Recovery Point Objectives (RPO)
  • Recovery Time Objectives (RTO)
  • Off-site data storage
  • BCP testing

Testing Effectiveness of Controls:

  • Testing automated and manual controls
  • Testing alternatives
  • Determining sample size
  • Computer assisted audit tools
  • Data analysis

Why You Should Attend

You should attend because audit departments have been trying to implement audit objectives that fully integrate enterprise and IT risks. For many, however, the lack of adequate planning and scoping has made integrated audits an elusive goal.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: