Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

In today’s audit environment, very few business applications are of void of IT involvement. In many cases, major operational and process decisions are built into and executed by the “system”. Internal Audit can no longer audit around or make assumptions regarding the functionality and processes within the application. Rather, the auditor must gain assurance of the integrity of the automated components of the application. This course is designed for both the internal and IT auditor as an integrated team. You will learn the associated risks and mitigation approaches and enable you to perform an audit of an application.

This training session prepares you to perform audits of IT-enabled application systems with the necessary technical background to understand:

  • How automated applications operate
  • Control risks inherit to their design depending on application’s architecture
  • Identification of key transactions
  • Testing methodologies

You will focus on:

  • Planning the Application Audit
  • Understanding the Risks in IT Process Models
  • The Key Application Processes
  • Key Controls
  • Audit Testing

You will participate in group exercises and case studies.

Learning Objectives:

  • Identify IT risks in an application
  • Plan an automated applications review
  • Perform an automated applications review
  • Understand how to participate in an integrated audit of an applications system

Bonus: You will receive the ISACA Generic Application Audit/Assurance Program Using COBIT 4.1

Course Outline

Planning the Application Audit

  • Understanding the Application
    • Documentation
    • Structured Walkthroughs

  • Risk Assessment
    • Effect on financial reporting
    • Compliance and Regulatory Requirements
    • Materiality
    • Other critical processes
    • Alignment with business and other risk assessments
  • Scope
    • Identification of processing boundaries
    • Identification of high-risk, or critical transactions and processes
    • Alignment with financial and operational audit objectives
  • Reliance on General Controls

Understanding the Risks in IT Process Models

  • Batch
  • On-Line Interactive Processing
  • Client-Service Processing
  • Web-Based Processing
    • Proprietary Web
    • Cloud-Processing

The Key Application Processes

  • Source Data Preparation and Authorization
  • Source Data Collection and Entry
  • Editing Processes (Accuracy, Completeness and Authenticity)
  • Processing (Data integrity, validity, and interfaces)
  • Outputs (Reconciliation, error management, privacy)
  • Transaction Authentication (access controls, separation of duties)

Key Controls

  • Batch Environment
  • On-Line Interactive Processing
  • Web-Based Processing

Audit Testing

  • Testing Techniques
    • Parallel Simulation/Re-Performance
    • Test Decking
    • Integrated Test Facility
    • Using User Acceptance Tests
  • Assessing Data Availability
  • Sampling
  • Audit Testing Risks and Solutions

Working in an integrated audit team

Additional Information

Who Should Attend

Internal auditors responsible for the audits of IT-enabled applications and internal control professionals

Learning Level

Basic

Delivery

Group-Live & Group Internet-Based

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Introduction to IT Auditing (AA01) or equivalent training including a general understanding of IT processes, business and accounting applications, and audit process

Session Duration

Online: Four 3-hour sessions

On Site: 2 days

CPE Credits: 16