Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Information technology (IT) is a major business enabler in today’s society, but it also brings with it a myriad of significant business risks. Internal auditors must be equipped with the essential knowledge and skills to effectively assess IT controls to ensure that those risks are minimized and documented. This course is targeted to both operational and IT auditors to provide a solid foundational IT audit toolset and a stepping stone to further career development.

Through a thoughtful blend of lectures, discussions, and case studies, this course will introduce: the role of IT auditing, the fundamentals of IT controls and IT auditing, important risk and compliance drivers unique to the IT environment, industry best practices and frameworks for IT auditing, and the relationship of IT auditing to integrated and operational auditing. A one week “immersion” will provide the attendee with a holistic approach to IT auditing with appropriate exercises to reinforce the learning experience.

In conjunction with providing an understandable framework of major contemporary and legacy IT building blocks and related controls, we will place special emphasis on providing an IT Auditor’s “Rosetta Stone” to help overcome the avalanche of common but important IT buzzwords and jargon.

An introduction to IT audit project definition and scoping will be presented including: application system reviews, IT governance and infrastructure control audits, new application systems development controls consulting and assessment, and specialized and technical topic projects.

You will be exposed to the fundamental tools and techniques necessary to: identify operational and control objectives for IT application systems and supporting IT infrastructure, apply methods for gathering and assessing IT audit evidence, identify and quantify important risks and control weaknesses, and recommend prudent controls and safeguards.

In addition to the course workbook, students will receive valuable work programs, checklists, and “IT Audit & Security Swiss Army Knife” – an IT glossary and hundreds of references to printed material and online resources.

Learning Objectives

  • Familiarization with the IT Audit process and associated best practices
  • Understanding of IT infrastructure and application terminology, architecture, operation, risks, and controls
  • Learn fundamental IT audit “tools of the trade” and how to apply them in a variety of IT and integrated audit projects
  • Provide foundation knowledge relevant to IT Audit professional certification

Course Outline

Defining the IT Audit Process

  • IT Audit Objectives
  • Role of the IT Auditor
  • IT Audit Projects

Dealing with IT Risks

  • Materiality and effects on financial reporting
  • Identifying high-risk applications and IT components
  • Tools and techniques for assessing and measuring risk

Government and Industry Regulatory Compliance

  • Sarbanes Oxley, FISMA, and other US Federal regulatory requirements
  • HIPAA, GLBA, European Data Protection Act, US state laws, and other privacy legislation
  • PCI DSS and other industry regulatory standards

IT Audit and Information Security Standards

  • ISACA: COBIT, Risk IT, Val IT
  • AICPA/CCPA
  • Information Technology Infrastructure Library (ITIL)
  • US National Institute of Standards and Technology (NIST) / General accountability Office (GAO)
  • OECD, ISO, and other international standards
  • OWASP

Tools and Techniques for the IT Auditor

  • Workprograms and checklists
  • Maturity models
  • Flowcharting
  • Audit software

Understanding and Auditing IT Governance and Infrastructure: General Controls Reviews

  • IT Governance and Management
  • Separation of Duties, Least Privilege, and other Organziational Controls
  • Incident Response: Disaster Recovery, Computer Crime, and other Breaches of Security
  • Physical and Environmental Security
  • Hardware and Software Asset Management
  • Configuration Management, Change Control, and Problem Reporting
  • System Software Security and Patch Management
  • Software Development Tools and Library Management
  • Network Infrastructure Security: Internal, External
  • Information Security
  • Identity and Access Control Management
  • Cryptography and Public Key Infrastructure (PKI)
  • Cloud Computing and Other Outsourcing

Getting Your Arms Around IT Application Audits

  • Understanding, Scoping, and Documenting an Application
  • Reliance on General Controls
  • IT Computing Process Models Up Close: Operational, Risk, and Control Considerations
    • Batch processing
    • Distributed client/server
    • Web-based
    • Mobile computing
  • Service oriented architecture (SOA)
  • Cloud computing
  • System Development Life Cycle (SDLC)
    • SDLC process models: internally developed, off-the-shelf
    • Defining IT Audit, Information Security, and other control agency role(s) in SDLC
    • On-going application change management
  • Key Application Processes, Risks, and Controls
    • Batch data input: collection, authorization, entry
    • Web-based and other types of real-time data input
    • Transaction authentication, authorization, and logging
    • Data editing and input validation
    • Processing and interfaces to other applications
    • Outputs
    • Data Management and Protection
  • Audit Data Collection and Testing
    • Application testing tools and techniques
    • Sampling
    • Working in support of an integrated or operational audit team

    Additional Information

    Who Should Attend

    New IT auditors
    Internal auditors assuming an IT or integrated role

    Learning Level

    Basic

    Delivery

    Group-Live

    Field

    Auditing

    Advanced Preparation

    None

    Recommended Prerequisites

    none

    Session Duration

    Online:

    On Site: 5 days

    CPE Credits: 40