I.T AUDITING AND CONTROL

COURSE DESCRIPTION

This intensive, three-day seminar outlines the concepts of information technology you need to know in order to understand the audit concerns in the IT environment.

You will learn the necessary controls for application systems - the session pinpoints specific controls to evaluate when auditing currently installed systems, new systems under development, and the various activities within the information technology department.

In addition, you will learn techniques for auditing automated systems and examine the impact of Sarbanes-Oxley on IT audit.

You will leave this session with a solid foundation in the basics of information technology as they apply to audit and security concerns. (Note: This seminar covers topics found in Chapters 1, 4, 5, and 6 of the CISA Review Manual.)

Prerequisite: This course assumes limited or no prior IT experience.
Learning Level: Basic
Field: Auditing

COURSE OUTLINE::

1. Introduction to IT Audit

  • audit objectives and requirements
  • role of IT within the organization
  • management and security risks in an automated environment
  • what is a control?
  • internal control defined
  • processes and control points
  • physical space vs. logical space
  • identifying control points

2. Planning the IT Audit

  • definition of internal audit
  • objectives of an IT audit
  • IT audit strategies
  • what is an application
  • application vs. general controls
  • IT audit control reviews
  • IT control categories
  • the audit deliverable
  • building the audit team

3. Auditing Organizations and Standards

  • maintaining audit objectivity
  • what is a standard?
  • AICPA and SAS
  • GAO and other certification organizations
  • The Institute of Internal Auditors (IIA)
  • The Treadway Commission
  • COSO Integrated Framework
  • ISACA and the IT Governance Institute
  • COBIT®: Control Objectives for Information and Related Technology
  • ISO 27002 security standard

4. IT Governance and Controls

  • what is IT governance?
  • information security governance
  • IT policies and procedures
  • separation of duties and outsourcing
  • governance and control

5. Information Technology Basics

  • why learn about technology?
  • computer hardware and CPU operation
  • two different classes of computers
  • software, programs, and processing
  • distributed systems and client/server technology
  • the Open Systems Interconnection (OSI) model
  • maintenance and security

6. Network Technology and Controls

  • networking risks
  • auditing networks
  • what is a network?
  • LANs, WANs, and MANs
  • physical network media (cables)
  • cabling audit objectives
  • LAN Protocols
  • WAN connectivity and protocols
  • MAN protocols
  • LAN/WAN/MAN audit objectives
  • network devices
  • network device audit objectives
  • complete networks
  • the Internet
  • intranets and extranets
  • risks of Internet use for business
  • using firewalls
  • Internet communications
  • Internet Protocol (IP) addressing
  • service (process) addressing
  • Internet applications
  • the World Wide Web (www)
  • Web page technologies
  • Internet audit objectives

7. Shared General and Application Controls

  • logical security
  • data classification
  • logical access controls: system access
  • encryption: information access
  • remote access, PCs, and mobile devices
  • information security management
  • change management
  • change management objectives
  • program change control
  • patch management
  • software licensing
  • business continuity/disaster recovery
  • BCP/DRP defined
  • business impact analysis (BIA)
  • disaster recovery strategy
  • maintaining the plan
  • system development technologies
  • SDLC, RAD, ERP purchases
  • Internal Audit involvement
  • audit strategy

8. Application Controls

  • what is an application?
  • business application risks
  • application auditing
  • transactions: the audit focus
  • transaction life cycle controls
  • end
  • user computing
  • data warehouses
  • the future of applications

9. Database Technology and Controls

  • managing information
  • the program
  • centric model
  • program
  • centric audit concerns
  • the data
  • centric model
  • what is a database?
  • database terminology
  • database management systems (DBMS)
  • types of databases
  • database audit concerns

10. Infrastructure General Controls

  • operations controls
  • IT operations
  • operating system controls
  • system utilities
  • system software controls: a review
  • physical security
  • environmental controls

COURSE DURATION: 3 Days.

cia2.jpg

Copyright © 2011. All Rights Reserved.

Mediaoxygen Limited.