Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

To many business process/operational orders, IT auditing reviews remain an enigma. This seminar is for the general auditor who wants to obtain an understanding of IT Audit, be able to perform the less technical aspects of an IT audit, but does not need the depth required for a professional seeking to pursue a career in IT audit.

This seminar is aligned with our in-depth courses, and utilizes the same basic outline, but has been designed for the non-technical internal auditor. Our focus will be:

  • A understanding of IT concepts focusing on audit risk of IT controls on the audit process
  • Integrating IT risks into the overall risk assessment
  • Reliance on IT control activities
  • Scoping and managing the application audit
  • Staffing and skill set integration

As each topic is introduced and discussed, we will keep the level of detail appropriate to the non– IT auditor and focus on the execution of the audit.

Learning Objectives

  • Gain a working understanding of IT audit concepts and practices
  • Clarify the difference and importance of general versus application control audits
  • Learn how to apply internal control fundamentals to the evaluation of IT system integrity, security and availability
  • Gain an understanding of the operational and control objectives of the principle areas of general control
  • Further your appreciation of the importance of IT in achieving organizational objectives and in providing assurance that appropriate controls are designed, implemented and in effect to attain system integrity, security and availability

Course Outline

Role of the IT Auditor

  • Objectives of IT Audit
  • Information Systems and its Impact on the Business
  • The Objectives of IT Audit
  • The IT Audit Universe

Understanding the IT Controls Frameworks

  • COSO
  • COBIT 4.1 & 5
  • ITIL
  • ISO27001/2
  • NIST SP800-53

Auditing General Controls

  • Objectives of the General Controls Review
  • IT Governance and Management
  • Information Security Management
  • Configuration Management
  • Network Security Management
  • Identity and Access Control Management
  • Data Management
  • Incident Management
  • Change Management
  • Third Party Services
  • Business Continuity Management
  • Backup and Media Management
  • Physical Security

Auditing IT Applications

  • Objectives of Application Systems Audits
  • Key Application Processes
  • Understanding the Risks and Controls in the IT Process Modules

Auditing Existing Applications

  • Planning
  • Identifying Control Objectives
  • Establishing an Audit Workplan
  • Key Controls in the Application Process

Auditing Systems in Development

  • Objectives of the Systems Development Audit
  • Phases in the Development Process

Additional Information

Who Should Attend
  • Internal audit directors, managers, and supervisors
  • Internal control professionals

This course is not appropriate for the professional seeking to pursue an IT audit career or manage an IT audit function.

Learning Level

Basic

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

General internal audit concepts

Session Duration

Online: N/A

On Site: 2 days

CPE Credits: 16