Course Description
Information technology is an integral part of all financial and business processes. The internal audit manager requires a fundamental understanding of IT’s impact on the audit processes and associated risk to effectively drive the audit process.
This course is aligned with our staff-level courses, and utilizes the same basic outline, but has been designed for the internal audit manager. Our focus will be:
- A managerial level understanding of IT concepts focusing on audit risk of IT controls on the audit process
- Integrating IT risks into the overall risk assessment
- Reliance on IT control activities
- Scoping and managing the application audit
- Staffing and skill set integration
As each topic is introduced and discussed, we will keep the level of detail appropriate to the internal manager and focus on the execution of the audit.
Learning Objectives:
- Understand the IT risks and be able to apply these risks to audit planning
- Have the tools to manage integrated audit teams and align IT and financial audit findings
- Be able to consider and build IT audit findings into audit reports, framing the issue in terms relevant to senior management
- Understand how to evaluate opportunities to use computer audit assist techniques as a testing approach
Course Outline
Defining IT Risk
- Audit Risk
- Financial Risk
- Operational Risk
- Reputational Risk
Entity Level Controls
- IT Management
- IT Governance
Control Environment
- Financial Statements
- Applications
- IT Infrastructure Controls
- IT Development Controls
- IT Operations Controls
General Controls
- Physical Security
- Hardware Configuration Management
- Software Change Management
- Network Perimeter
- Identity & Access Management
- Data Management
- IT Contingency Management
- IT Operations
- Information Security Management
- Utilizing third-party reviews
Application Controls
- Understanding the Risks in IT Process Models
- The Key Application Processes
Performing the Risk Assessment
- IT Risk in Relation to Audit Subject
- Materiality
- Control Environment
Performing the Audit
- Scope
- Planning
Audit Resources
- Skill Set
- Integration of Teams
- Staffing
Integrating Fieldwork
Documenting the Audit Processes
Writing Audit Reports with High Impact that Minimizes Jargon
Additional Information
Who Should Attend
Internal audit directors, managers, and supervisors
Internal control professionals
Learning Level
Intermediate
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
None
Session Duration
Online: Four 1/2 day sessions
On Site: 2 days
CPE Credits: 16