Course Description
As we introduce new information technologies or approaches, our risks change, and, in many cases, have unintended consequences. This session focuses on 4 key issues in the audit world:
- Transfer of computing resources to a utility model
- Proliferation of smart mobile devices
- Sophisticated communications and a 24 hour news cycle magnifying organizational missteps and outright errors
- Social media as a communications monitoring vehicle
We will frame the risks, obtain an understanding of how these issues affect internal audit, and promote discussion on how we can effectively incorporate these issues into our audit universe.
You will discuss:
- Cloud computing
- Mobile data assets
- Crisis management
- Social media
Learning Objectives:
- An understanding of the scope of these issues
- A basis for assigning assurance risk
- A strategy for incorporating these issues into your audit universe
Course Outline
Cloud Computing
- Defining cloud computing
- Infrastructure as a Service
- Platform as a Service
- Software as a Service
- Evaluating new risks
- How cloud computing differs from traditional outsourcing
- The changing audit universe
- Compliance issues
- Essential best practices
- Adapting controls to the new environment
- Knowing when to say NO
Securing Mobile Data Assets
- Identifying mobile data assets
- Where is our data?
- What is at risk?
- What is personnel versus business owned?
- Wireless computing versus mobile computing
- Balancing “for the convenience of the employer” against “for the convenience of the employee”
- Key policy requirements
- Ownership
- Privacy
- Compliance with regulations
- Balancing control against ease behavioral issues
Crisis Management
- Phases of crisis management
- Pre-Crisis
- Crisis
- Post-Crisis
- Crisis management versus business resumption planning
- Consequences of failing to prepare
- Crisis management components
- Governance
- Risk management
- Communications
- Third-party agreements
- Plan development
Social Media
- Defining Social Media
- What is Social Media
- Technologies That Support Social Media
- Social Media Risks
- Inherent Risks
- Controllable Risks
- Internal Audit’s Role
- Governance
- Controls
- Operational and Financial Considerations
Additional Information
Who Should Attend
- Internal audit directors, managers and supervisors
- IT audit management and staff
- Internal control professionals
Learning Level
Intermediate
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
3-5 years internal audit experience
Session Duration
Online: Two 3-hour sessions
On Site: 1 day
CPE Credits: 8