This course will provide attendees with an introduction to IT auditing, emphasizing the concepts through exercises and case studies. Internal audit professionals will develop knowledge of basic IT audit concepts that can be used to facilitate integrated audit efforts within their organization.
The course will also provide attendees the opportunity to perform an audit of IT applications supporting key business processes, coordinate the assessment of IT risk with the evaluation of IT general controls, and perform a risk assessment and evaluation of controls over end user computer applications.
Utilizing general IT control audit concepts, perform an audit of IT applications supporting key business processes.
During the performance of an audit of IT applications, which supports key business processes, coordinate the assessment of IT risk with the evaluation of IT general controls.
Describe the concepts of application controls as they relate to the Software Development Life Cycle (SDLC).
Utilizing general IT control concepts, perform a risk assessment and evaluation of controls over end user computer applications.
What You Will Learn
Overview of IT Auditing, Concepts and Controls: Why IT Auditing and What Is It?
Why IT auditing?
What is IT auditing?
What are the benefits of an IT audit?
What is the role of an IT auditor?
Growth of the IT auditor, including background
Common IT audit certifications
IIA standards related to an IT audit
Key components of IT
How COSO and GAIT relate to IT audit
Guide to the Assessment of IT Risk (GAIT)
Major U.S. laws that impact IT audit
IT general and application controls
End-user computing
IT governance
Case Study
General Control: Logical Security
General security concepts
Access management concepts
Access management principles
Common access management controls
Password configuration and authentication
General Control: Business Continuity Planning (BCP), Disaster Recovery (DR), and Backup Processing
Business Continuity Management (BCM)
Disaster Recovery (DR)
Backup processing
BCM Implementation Requirements
Recovery solutions
Application Controls
Application control concepts
Input controls
Processing controls
Output control
Interface controls
Audit trails
Application security
General Control: Change and Patch Management
What is change and patch management?
Why do change and patch management?
What are the types of changes?
Elements of a typical change process
Types of risks and controls
Indicators and recognizable symptoms of poor change management practices
Change management success measures
Variations in change management processes
Cloud Computing and Service Organization Control (SOC) Reports
Cloud computing
SOC reports
General Control: System Development Lifecycle (SDLC)
Aspects of the SDLC
SDLC phases
Impacts of project failures
Pre and post implementation reviews
End User Computing
User Developed Applications (UDAs)
Benefits, risks, and controls of UDAs
Auditor's approach to UDAs
CANCELLATION & SUBSTITUTION POLICY
Cancellations received less than 24 hours prior to the event or after receiving the final confirmation email and zoom link will be charged a cancellation fee, which is 50% of the registration fee.
Substitutions are allowed within the same event without incurring a cancellation fee.
(Rate should be the same, if not, difference should be paid)
No-show registrants will be charged 50% of the registration fee.