The I.T Auditing and the Internal Auditors Course will cover the following topics and more:

Defining the IT Audit Process

• IT Audit Objectives
• Role of the IT Auditor
• IT Audit Projects

Dealing with IT Risks

• Materiality and effects on financial reporting
• Identifying high-risk applications and IT components
• Tools and techniques for assessing and measuring risk

IT Audit and Information Security Standards

• ISACA: COBIT, Risk IT, Val IT
• AICPA/CCPA
• Information Technology Infrastructure Library (ITIL)
• OECD, ISO, and other international standards

Tools and Techniques for the IT Auditor

• Work programs and checklists
• Maturity models
• Flowcharting
• Audit software

Understanding and Auditing IT Governance and Infrastructure: General Controls Reviews

• IT Governance and Management
• Separation of Duties, Least Privilege, and other Organizational Controls
• Incident Response: Disaster Recovery, Computer Crime, and other Breaches of Security
• Physical and Environmental Security
• Hardware and Software Asset Management
• Configuration Management, Change Control, and Problem Reporting
• System Software Security and Patch Management
• Software Development Tools and Library Management
• Network Infrastructure Security: Internal, External
• Information Security
• Identity and Access Control Management
• Cryptography and Public Key Infrastructure (PKI)
• Cloud Computing and Other Outsourcing

Getting Your Arms Around IT Application Audits

• Understanding, Scoping, and Documenting an Application
• Reliance on General Controls
• IT Computing Process Models Up Close: Operational, Risk, and Control Considerations
• Batch processing
• Distributed client/server
• Web-based
• Mobile computing
• Service oriented architecture (SOA)
• Cloud computing

System Development Life Cycle (SDLC)

• SDLC process models: internally developed, off-the-shelf
• Defining IT Audit, Information Security, and other control agency role(s) in SDLC
• On-going application change management

 Key Application Processes, Risks, and Controls

• Batch data input: collection, authorization, entry
• Web-based and other types of real-time data input
• Transaction authentication, authorization, and logging
• Data editing and input validation
• Processing and interfaces to other applications
• Outputs
• Data Management and Protection

Audit Data Collection and Testing

• Application testing tools and techniques
• Sampling
• Working in support of an integrated or operational audit team

Course Booking

Please use the "Book Now" or "Inquire" buttons on this page to reserve your space or request for more information