IT Auditing and the Internal Auditor

• Familiarization with the IT Audit process and associated best practices
• Understanding of IT infrastructure and application terminology, architecture, operation, risks, and controls
• Learn fundamental IT audit “tools of the trade” and how to apply them in a variety of IT and integrated audit projects
• Provide foundation knowledge relevant to IT Audit professional certification

COURSE OUTLINE

Defining the IT Audit Process

• IT Audit Objectives
• Role of the IT Auditor
• IT Audit Projects

Dealing with IT Risks

• Materiality and effects on financial reporting
• Identifying high-risk applications and IT components
• Tools and techniques for assessing and measuring risk

IT Audit and Information Security Standards

• ISACA: COBIT, Risk IT, Val IT
• AICPA/CCPA
• Information Technology Infrastructure Library (ITIL)
• OECD, ISO, and other international standards

Tools and Techniques for the IT Auditor

• Work programs and checklists
• Maturity models
• Flowcharting
• Audit software

Understanding and Auditing IT Governance and Infrastructure: General Controls Reviews

• IT Governance and Management
• Separation of Duties, Least Privilege, and other Organziational Controls
• Incident Response: Disaster Recovery, Computer Crime, and other Breaches of Security
• Physical and Environmental Security
• Hardware and Software Asset Management
• Configuration Management, Change Control, and Problem Reporting
• System Software Security and Patch Management
• Software Development Tools and Library Management
• Network Infrastructure Security: Internal, External
• Information Security
• Identity and Access Control Management
• Cryptography and Public Key Infrastructure (PKI)
• Cloud Computing and Other Outsourcing

Getting Your Arms Around IT Application Audits

• Understanding, Scoping, and Documenting an Application
• Reliance on General Controls
• IT Computing Process Models Up Close: Operational, Risk, and Control Considerations
  • Batch processing
  • Distributed client/server
  • Web-based
  • Mobile computing
• Service oriented architecture (SOA)
• Cloud computing

System Development Life Cycle (SDLC)

• SDLC process models: internally developed, off-the-shelf
• Defining IT Audit, Information Security, and other control agency role(s) in SDLC
• On-going application change management

 Key Application Processes, Risks, and Controls

• Batch data input: collection, authorization, entry
• Web-based and other types of real-time data input
• Transaction authentication, authorization, and logging
• Data editing and input validation
• Processing and interfaces to other applications
• Outputs
• Data Management and Protection

Audit Data Collection and Testing

• Application testing tools and techniques
• Sampling
• Working in support of an integrated or operational audit team

FOR WHOM:

IT auditors and other Internal auditors.

TRAINING METHODOLOGY

The training methodology combines lectures, discussions, group exercises and illustrations. Participants will gain both theoretical and practical knowledge of the topics. The emphasis is on the practical application of the topics and as a result participant will go back to the workplace with both the ability and the confidence to apply the techniques learned to their duties.