Course Description
IT auditing has becomes an essential skill set for all internal auditors. The course is designed to provide both operational and IT auditors an introduction to and foundation for their professional career development in the IT auditing field. The. All business applications are enabled by information technology, and reliance on these controls are an essential part of any audit.
This course will introduce the fundamentals of IT auditing, core drivers behind why it is a specialized area of auditing, evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. It will introduce the role of IT auditing and how IT audit strategies can enhance non-IT audits.
We will introduce you to the four primary types of IT audits: audits of IT systems, IT processing environments, systems development, and technical and special topic audits. We will define critical IT concepts, governance requirements, risk assessment techniques, and related auditing concepts. You will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence.
You will discuss:
- The IT audit universe
- Understanding the importance of the operating culture on IT control
- Understanding the relationship of controls to control objectives
- Meeting auditing standards for compliance and attaining IT audit value
- Importance of applying comprehensive audit planning techniques to achieving audit success
- Impact of outsourced IT functions
Learning Objectives
- Gain a working understanding of IT audit concepts and practices
- Clarify the difference and importance of general versus application control audits
- Learn how to apply internal control fundamentals to the evaluation of IT system integrity, security and availability
- Gain an understanding of the operational and control objectives of the principle areas of general control
- Further your appreciation of the importance of IT in achieving organizational objectives and in providing assurance that appropriate controls are designed, implemented and in effect to attain system integrity, security and availability
Course Outline
Role of the IT Auditor
- Internal Audit Department
- Organization
- The Objective of IT Audit
Internal Audit Universe
- Financial
- Operational
- Technology
IT Auditing Standards
- IT Audit Framework Using COBIT
- COBIT Domains
- Using COBIT Control Objectives
- Understanding a Controls Maturity Model
- ITIL
- ISO27001/2
- Risk IT
- Val IT
The IT Audit Universe
- General IT Controls
- Technical Audits
- Application Audits
- Systems Development Audit
- IT Process Audits
General IT Controls Scope
- IT Management
- Hardware Configuration Management
- IT Contingency Management
- Data Management
- Network Perimeter
- Change Management
- Software Library Controls
- Information Security Management
- Identity & Access Management
- Outsourced Environment
Systems Development
- Systems development framework
- Applying SDLC as a project management
- Functions of the Project Management Office
- Secure Development
- Types of audits
Technical Audits
- Operating System Configuration
- Network Configuration
- Database Controls
- Server configurations
- Single-Sign-On
- PCI-DSS Compliance
Additional Information
Who Should Attend
New IT auditors
Internal auditors assuming an IT or integrated role
Learning Level
Basic
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
none
Session Duration
Online: Four 3 hour sessions
On Site: 2 days
CPE Credits: 16