Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

IT auditing has becomes an essential skill set for all internal auditors. The course is designed to provide both operational and IT auditors an introduction to and foundation for their professional career development in the IT auditing field. All business applications are enabled by information technology, and reliance on these controls are an essential part of any audit.

This course will introduce the fundamentals of IT auditing, core drivers behind why it is a specialized area of auditing, evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. It will introduce the role of IT auditing and how IT audit strategies can enhance non-IT audits.

We will introduce you to the four primary types of IT audits: audits of IT systems, IT processing environments, systems development, and technical and special topic audits. We will define critical IT concepts, governance requirements, risk assessment techniques, and related auditing concepts. You will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence.

You will discuss:

  • The IT audit universe
  • Understanding the importance of the operating culture on IT control
  • Understanding the relationship of controls to control objectives
  • Meeting auditing standards for compliance and attaining IT audit value
  • Importance of applying comprehensive audit planning techniques to achieving audit success
  • Impact of outsourced IT functions

Learning Objectives

  • Gain a working understanding of IT audit concepts and practices
  • Clarify the difference and importance of general versus application control audits
  • Learn how to apply internal control fundamentals to the evaluation of IT system integrity, security and availability
  • Gain an understanding of the operational and control objectives of the principle areas of general control
  • Further your appreciation of the importance of IT in achieving organizational objectives and in providing assurance that appropriate controls are designed, implemented and in effect to attain system integrity, security and availability

Course Outline

Role of the IT Auditor

  • Internal Audit Department
  • Organization
  • The Objective of IT Audit

Internal Audit Universe

  • Financial
  • Operational
  • Technology

IT Auditing Standards

  • IT Audit Framework Using COBIT
    • COBIT Domains
    • Using COBIT Control Objectives
    • Understanding a Controls Maturity Model
  • ITIL
  • ISO27001/2
  • Risk IT
  • Val IT

The IT Audit Universe

  • General IT Controls
  • Technical Audits
  • Application Audits
  • Systems Development Audit
  • IT Process Audits

General IT Controls Scope

  • IT Management
  • Hardware Configuration Management
  • IT Contingency Management
  • Data Management
  • Network Perimeter
  • Change Management
  • Software Library Controls
  • Information Security Management
  • Identity & Access Management
  • Outsourced Environment

Systems Development

  • Systems development framework
  • Applying SDLC as a project management
  • Functions of the Project Management Office
  • Secure Development
  • Types of audits

Technical Audits

  • Operating System Configuration
  • Network Configuration
  • Database Controls
  • Server configurations
  • Single-Sign-On
  • PCI-DSS Compliance

Additional Information

Who Should Attend

New IT auditors
Internal auditors assuming an IT or integrated role

Learning Level

Basic

Delivery

Group-Live & Group Internet-Based

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

none

Session Duration

Online: Four 3 hour sessions

On Site: 2 days

CPE Credits: 16