California Association of State Auditors


P.O. BOX 13844
Sacramento, CA 95853
(916) 633-1CPE (1273)
CASAuditors@gmail.com

California Association of State Auditors


P.O. BOX 13844
Rancho Cordova, CA 95853
(916) 633-1CPE (1273)
This email address is being protected from spambots. You need JavaScript enabled to view it.
California Association of State Auditors
P.O. BOX 13844
Rancho Cordova, CA 95853
(916) 633-1CPE (1273)
This email address is being protected from spambots. You need JavaScript enabled to view it.

Events Calendar

IT Auditing for Non-IT Auditors
Monday, March 12, 2018, 08:30am - 04:30pm
Hits : 1229
by This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact This email address is being protected from spambots. You need JavaScript enabled to view it.
Course Overview:
 
  • Are you dabbling in audits of Information Technology (IT)? 
  • Do you hear words like encryption, firewalls, security access, and application controls and cringe?
  • Do you want to understand more about Information Technology risks and controls?
  • Are you looking for something to alleviate the fear of auditing Information Technology?
 
If you answered yes to any of these questions, the IT Auditing for Non-IT Auditors is the course for you. This course was designed for auditors who are not IT experts who realize the importance of integrate IT controls and evaluation into their business audits.  Attendees will learn how to plan, test, and communicate the results of the audits to both IT and business owners. During this course, you will acquire baseline knowledge for IT general and application control concepts and skills and their importance and relationship in your business processes.  You will learn the fundamentals of issues concerning IT controls and the scope of IT risks that must be addressed in today’s business environment. Attendees will learn using a variety of techniques, including lectures, group discussions, and case studies.

Note: This course lays the foundation for IT Auditing and is the pre-requisit for April's course "Audit Modernization: How Technology is Changing the Way We Audit".

Who should attend:
 
·       Operational, financial, compliance, and internal auditors interested in learning about the auditing of IT general and application controls.
·       Auditors new to IT auditing
·       Auditors integrating various auditing techniques (Internal Auditing, Performance Auditing, IT Auditing)
 
Learning Objectives:

At the end of this program, attendees will be able to:

·       Explain General and Application Controls
·       Identify risks and controls of IT and its impact on business processes
·       Test IT controls effectively
·       Communicate IT components of audit results, gain agreement from IT and Business Owners, and monitor remediation efforts

Course Outline:
  1. Introductions & Learning Objectives
  2. Introduction to Information Technology Auditing
    1. Concepts and definitions
    2. Control frameworks (COSO, COBIT, Netcentric, FISCAM, NIST Special Publication 800-series on Security Controls for Federal Information Systems, GAIT, GTAG)
    3. Statements on Auditing Standards No. 109 and related IT risks and control objectives
    4. Role of Internal Auditors for IT and IIA standards and practice advisories
  3. Defining Application Controls and Application Control Objectives
    1. Input Controls
    2. Processing Controls
    3. Output Controls
  4. Application Control Risk Identification [Case Study: Business & IT Risk Assessment]
    1. Understand the IT risks and continue to build on identified control frameworks
    2. Explore Application controls and their importance in core business processes, including the initiation, authorization, processing, summarization and reporting of critical business functions and data
    3. Explore the relationship between general and application controls
  5. Types of Application Controls
    1. Embedded and configurable controls
    2. Input, processing, and output controls
    3. Integrity controls
    4. Preventive and detective controls
    5. Balancing and file version controls
    6. Application recoverability controls
  6. Define General Controls and Controls Objectives
    1. Types of General Control audits (security management, change management, disaster recovery/business continuity planning, IT governance, IT infrastructure)
    2. Global Technology Audit Guide (GTAG)
    3. Guide to the Assessment of IT General Controls (GAIT)
  7. Planning IT General and Application Control Audits [Case Study: Identify IT Controls & Defining Tests]
  8. Communicating Audit Results to Business Process Owners and IT
    1. Selling the audit results
    2. Monitoring remediation activities

 

Program level: Basic
 
Prerequisites: None
 
Advanced Preparation: None
 
Instructional Method: Group-live
 
Recommended CPE credit: Field of Study – Auditing (8)
Location Hilton Arden West (2200 Harvard Street, Sacramento, CA 95815)
Instructor: Daniel Grossberg

Copyright © 2019. California Association of State Auditors - All Rights Reserved.