IT Auditing for the Non-IT Auditor
Seminar Overview
A One Day Course on the Basics of IT Auditing, Taught by a Non-IT Auditor
In today’s economy, all auditors must become multi-faceted and multi-purposed. Regardless of background, internal auditors must have the basic knowledge of IT auditing to understand the general concepts, understand IT terminology and how IT auditing is integral to general auditing. There is no complete view/opinion of one without looking at the other. This one day course will take auditors through the basics of IT Auditing.
Who Should Attend
Learning Objectives
- Understanding of the basics of IT Auditing, including key terms and acronyms
- Learn the importance of the IT risk assessment and integration with the audit risk assessment
- Understand the difference between application controls and general controls and how to identify each
Agenda
I. Introduction and Background
a. Background
b. Topics to Cover
II. IT Risk Assessment
a. What is an IT Risk Assessment?
b. Understanding the IT Environment
c. IT Risk Frameworks
d. The Audit Plan
e. Mapping the IT and Business Environment
f. Heat Maps
III. General Computer Controls
a. Information Security
b. IS Operations
c. Application System and Maintenance
d. Database Implementation and Support
e. Network Support
f. System Software Support
IV. Pre and Post Implementation Audits
a. Key Concepts
b. Project Risk Management
c. Pre-implementation Review
d. Post-implementation Review
V. Auditing Application Systems
a. Auditing Application System Approach
b. Application Configuration
c. Input Controls
d. Data
e. Transaction Processing
f. Security
g. Reporting
h. Data Interfaces and Conversions
i. Benchmarking
VI. Auditing Security
a. Information Security Governance
b. User Access Administration
c. Technology Based Access Security Controls
d. Secure Systems Development
e. Incident Response
f. Remote Access and Third Parties
g. User Awareness and Training
h. Physical Security
i. Legal and Regulatory Compliance
VII. Segregation of Duties
VIII. Spreadsheets