Events Calendar
IT Auditing for Non-IT Auditors
Monday, March 12, 2018, 08:30am - 04:30pm
Hits : 1411
by This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact This email address is being protected from spambots. You need JavaScript enabled to view it.
Course Overview:
If you answered yes to any of these questions, the IT Auditing for Non-IT Auditors is the course for you. This course was designed for auditors who are not IT experts who realize the importance of integrate IT controls and evaluation into their business audits. Attendees will learn how to plan, test, and communicate the results of the audits to both IT and business owners. During this course, you will acquire baseline knowledge for IT general and application control concepts and skills and their importance and relationship in your business processes. You will learn the fundamentals of issues concerning IT controls and the scope of IT risks that must be addressed in today’s business environment. Attendees will learn using a variety of techniques, including lectures, group discussions, and case studies.
Note: This course lays the foundation for IT Auditing and is the pre-requisit for April's course "Audit Modernization: How Technology is Changing the Way We Audit".
Who should attend:
· Operational, financial, compliance, and internal auditors interested in learning about the auditing of IT general and application controls.
· Auditors new to IT auditing
· Auditors integrating various auditing techniques (Internal Auditing, Performance Auditing, IT Auditing)
Learning Objectives:
At the end of this program, attendees will be able to:
· Explain General and Application Controls
· Identify risks and controls of IT and its impact on business processes
· Test IT controls effectively
· Communicate IT components of audit results, gain agreement from IT and Business Owners, and monitor remediation efforts
Course Outline:
Prerequisites: None
Advanced Preparation: None
Instructional Method: Group-live
Recommended CPE credit: Field of Study – Auditing (8)
- Are you dabbling in audits of Information Technology (IT)?
- Do you hear words like encryption, firewalls, security access, and application controls and cringe?
- Do you want to understand more about Information Technology risks and controls?
- Are you looking for something to alleviate the fear of auditing Information Technology?
If you answered yes to any of these questions, the IT Auditing for Non-IT Auditors is the course for you. This course was designed for auditors who are not IT experts who realize the importance of integrate IT controls and evaluation into their business audits. Attendees will learn how to plan, test, and communicate the results of the audits to both IT and business owners. During this course, you will acquire baseline knowledge for IT general and application control concepts and skills and their importance and relationship in your business processes. You will learn the fundamentals of issues concerning IT controls and the scope of IT risks that must be addressed in today’s business environment. Attendees will learn using a variety of techniques, including lectures, group discussions, and case studies.
Note: This course lays the foundation for IT Auditing and is the pre-requisit for April's course "Audit Modernization: How Technology is Changing the Way We Audit".
Who should attend:
· Operational, financial, compliance, and internal auditors interested in learning about the auditing of IT general and application controls.
· Auditors new to IT auditing
· Auditors integrating various auditing techniques (Internal Auditing, Performance Auditing, IT Auditing)
Learning Objectives:
At the end of this program, attendees will be able to:
· Explain General and Application Controls
· Identify risks and controls of IT and its impact on business processes
· Test IT controls effectively
· Communicate IT components of audit results, gain agreement from IT and Business Owners, and monitor remediation efforts
Course Outline:
- Introductions & Learning Objectives
-
Introduction to Information Technology Auditing
- Concepts and definitions
- Control frameworks (COSO, COBIT, Netcentric, FISCAM, NIST Special Publication 800-series on Security Controls for Federal Information Systems, GAIT, GTAG)
- Statements on Auditing Standards No. 109 and related IT risks and control objectives
- Role of Internal Auditors for IT and IIA standards and practice advisories
-
Defining Application Controls and Application Control Objectives
- Input Controls
- Processing Controls
- Output Controls
-
Application Control Risk Identification [Case Study: Business & IT Risk Assessment]
- Understand the IT risks and continue to build on identified control frameworks
- Explore Application controls and their importance in core business processes, including the initiation, authorization, processing, summarization and reporting of critical business functions and data
- Explore the relationship between general and application controls
-
Types of Application Controls
- Embedded and configurable controls
- Input, processing, and output controls
- Integrity controls
- Preventive and detective controls
- Balancing and file version controls
- Application recoverability controls
-
Define General Controls and Controls Objectives
- Types of General Control audits (security management, change management, disaster recovery/business continuity planning, IT governance, IT infrastructure)
- Global Technology Audit Guide (GTAG)
- Guide to the Assessment of IT General Controls (GAIT)
- Planning IT General and Application Control Audits [Case Study: Identify IT Controls & Defining Tests]
-
Communicating Audit Results to Business Process Owners and IT
- Selling the audit results
- Monitoring remediation activities
Program level: Basic
Prerequisites: None
Advanced Preparation: None
Instructional Method: Group-live
Recommended CPE credit: Field of Study – Auditing (8)
Location Hilton Arden West (2200 Harvard Street, Sacramento, CA 95815)
Instructor: Daniel Grossberg