Sign Up for Seminars from Over 600 Providers

IT Audit School

Fee:

$2,495

· QuickCode:

QQBRGG

· Print Page · Email Page

Provider:
MIS Training Institute

Topic(s):
Finance & Accounting > Auditing

Who Should Attend?
Financial, operational, business applications, external auditors and new IT auditors

Full Seminar Description

A Guide to the Essential Skills You Need to Perform IT Audits

Focus and Features

This four-day course is designed for financial, operational, business, and IT auditors who need to update their technical and operational knowledge to audit information technologies and business application systems. You will cover the concepts of information technology as they relate to key risks in the IT environment, and explore such IT areas as operating systems, database management systems, and networks. You will review the IT audit concepts you need to know to effectively audit existing application systems, new systems under development, mainframes, and distributed systems. Focusing on a top-down, risk-based approach to auditing application system transactions, you will master techniques you can apply to all types of applications from batch, to on-line, to real-time systems. You will leave this intensive seminar with a solid foundation in the basics of information technology as they apply to IT risks, audit, information security, and business application systems.

Prerequisites: None

Advance Preparation: None

Learning Level: Basic

Delivery Method: Group-Live

Field: Auditing

Who Should Attend

Financial, Operational, Business Applications, and External Auditors; new Information Technology Auditors

Agenda

What You Will Learn

1. Introduction to IT Audit

• audit objectives and requirements
• role of IT within the organization
• management and security risks in an automated environment
• what is a control?
• internal control defined
• processes and control points
• physical space vs. logical space
• identifying control points

2. Planning the IT Audit

• definition of internal audit
• objectives of an IT audit
• IT audit strategies
• what is an application
• application vs. general controls
• IT audit control reviews
• IT control categories
• the audit deliverable
• building the audit team

3. Auditing Organizations and Standards

• maintaining audit objectivity
• what is a standard?
• AICPA and SAS
• GAO and other certification organizations
• The Institute of Internal Auditors (IIA)
• The Treadway Commission
• COSO Integrated Framework
• ISACA and the IT Governance Institute
• COBIT®: Control Objectives for Information and Related Technology
• ISO 27002 security standard

4. Information Technology Basics

• identifying and categorizing key control points in today’s IT environment
• fundamentals of computer hardware architecture and CPU operation
• two different classes of computers
• software, programming, and processing
• distributed systems and client/server technology
• network connectivity and security basics
• IT system maintenance, patch management, and security
• IT technology audit strategies

5. Internet and Web Technology

• organization and operation of the Internet
• risks to Internet connections and applications
• insider abuses of Internet services
• network perimeter security: firewalls and more
• Web application risks and safeguards
• Internet and Web audit strategies

6 Shared General and Application Controls

• logical security
• - data classification
• - logical access controls: system access
• encryption: information access
• - remote access, PCs, and mobile devices
• - information security management
• change management
• - change management objectives
• - program change control
• - patch management
• - software licensing
• business continuity/disaster recovery
• - BCP/DRP defined
• - business impact analysis (BIA)
• - disaster recovery strategy
• - maintaining the plan
• system development technologies
• - SDLC, RAD, ERP purchases
• - Internal Audit involvement
• - audit strategy

7. Database Technology and Controls

• managing information
• - the program-centric model
• - program-centric audit concerns
• - the data-centric model
• what is a database?
• database terminology
• database management systems (DBMS)
• types of databases
• database audit concerns

8. Infrastructure General Controls

• operations controls
• - IT operations
• - operating system controls
• - system utilities
• - system software controls: a review
• physical security
• environmental controls

9. Business Application Transactions

• objectives of an application audit
• what is a transaction?
• transaction-based application auditing
• transaction life cycle
• application risk assessment factors
• establishing audit priorities

10. Top-Down Risk-Based Planning

• planning the application audit
• top-down, risk-based planning
• defining the business environment
• determining the application’s technical environment
• performing a business information risk assessment
• identifying key transactions
• developing a key transaction process flow
• evaluating and testing application controls

11. Data Input and Processing Models

• comparing pros/cons of input and processing models
• batch input/batch processing
• on-line input/batch processing
• on-line input/on-line processing
• real-time input/real-time processing

12. Application Controls

• business applications
• information objectives
• COSO: application controls
• business application auditingv
• application transaction life cycle
• transaction origination
• logical security
• completeness and accuracy of input
• completeness and accuracy of processing
• completeness and accuracy of output
• output retention and disposal
• data file controls
• user review, balancing, reconciliation
• end-user documentation
• training
• segregation of duties
• business continuity planning
• Sarbanes-Oxley application control requirements

13. Testing Application Controls

• testing automated and manual controls
• testing alternatives
• testing sample size
• sampling terminology
• negative assurance testing
• types of audit evidence
• functional/substantive testing
• computer assisted audit techniques (CAATs)
• data analysis: planning and data verification
• Sarbanes-Oxley: testing requirements and examples

14. Documenting Application Controls

• evaluating and documenting internal controls
• internal control questionnaires
• narratives
• flowcharts / process flows
• control matrix

15. End-User Computing

• growth of end user computing
• end user computing risks
• general IT control risks
• change control risks
• purchased applications risks
• spreadsheets: typical errors
• spreadsheet risk factors
• practical steps for evaluating spreadsheet controls

CPEs: 30

Sponsor Background:

Quote From Past Participants:

Past Participants Include:

• Reynolds & Reynolds
• U.S. Department of Revenue
• NY City Board of Education
• University of Kentucky
• Sundstrand
• GPU Service Corporation
• First Tennessee Bank
• Crum & Forster
• Banco Popular de Puerto Rico
• Carrier
• Union Camp
• New Jersey Highway Authority
• Georgia Pacific
• E.I. DuPont
• Pacific Bell
• The Torrington Co.
• Volvo
• Dayton Hudson Department Stores
• Goodyear Tire & Rubber
• National Liberty
• Scott & White Memorial Hospital
• Tenneco
• Public Service Co. of Colorado
• First Interstate Bank of Oklahoma
• Signet Bank
• Warner Lambert
• City of Orlando
• Monsanto
• Towers Department Stores
• RJR Nabisco
• Shell Oil
• Tektronix
• Stroh Brewery Co.
• University of Minnesota

This seminar has 5 upcoming dates & cities. To quickly return to this seminar later, you can search by its QuickCode: QQBRGG.

Get updated when new dates are added for this seminar.
Get a free personalized recommendation from our experts!