In addition, you will learn techniques for auditing automated systems and examine the impact of Sarbanes-Oxley on IT audit. You will leave this session with a solid foundation in the basics of information technology as they apply to audit and security concerns

By the end of this course delegates will be able to:

• Develop an understanding of IT project management
• Gain experience using project management tools and techniques
• Apply the concepts of Risk Management to IT audit project
• Learn about how to audit organizations and audit standards

Internal Auditors, Auditors-in-Charge, Financial & Operational Auditors, Finance Personnel, External Auditors, Audit Managers and Supervisors, IT Auditors, Team Leaders and Directors, Operations Managers, Audit Managers

Introduction to IT Audit

•  Audit objectives and requirements
•  Role of IT within the organization
•  Management and security risks in an automated environment
•  What is a control?
• Internal control defined
•  Processes and control points
•  Physical space vs. Logical space
•  Identifying control points

Planning the IT Audit

• Definition of internal audit
• Objectives of an it audit
•  IT audit strategies
•  What is an application
•  Application vs. General controls
• IT audit control reviews
• IT control categories
•  The audit deliverable
• Building the audit team

Auditing Organizations and Standards

•  Maintaining audit objectivity
• What is a standard?, AICPA and SAS
• GAO and other certification organizations
• The Institute of Internal Auditors (IIA)

The Treadway Commission

• COSO Integrated Framework
• ISACA and the IT Governance Institute
•  COBIT®: Control Objectives for Information and Related Technology
• ISO 27002 security standard

IT Governance and Controls

• What is IT governance?
• Information security governance
• IT policies and procedures
•  Separation of duties and outsourcing
• Governance and control

Information Technology Basics

•  Why learn about technology?
• Computer hardware and CPU operation

Two different classes of computers

• Software, programs and processing
• Distributed systems and client/server technology
• The Open Systems Interconnection (OSI) model
• Maintenance and security

Network Technology and Controls

• Networking risks, Auditing networks
• What is a network?
• LANs, WANs and MANs
• Physical network media (cables)
•  Cabling audit objectives
• LAN Protocols
•  WAN connectivity and protocols
•  MAN protocols
• LAN/WAN/MAN audit objectives
•  Network devices
•  Network device audit objectives
• Complete networks
• The internet
• Intranets and extranets
•  Risks of internet use for business
• Using firewalls
•  Internet communications
•  Internet Protocol (IP) addressing
• Service (process) addressing
• Internet applications
• The World Wide Web (www)
•  Web page technologies
• Internet audit objectives

Shared General and Application Controls

• Logical security
• Data classification
• Logical access controls: system access
• Encryption: information access
• Remote access, PCS and mobile devices
•  Information security management
• Change management
•  Change management objectives
•  Program change control
•  Patch management
• Software licensing
• Business continuity/disaster recovery
• Bcp/drp defined
•  Business Impact Analysis (BIA)
• Disaster recovery strategy
• Maintaining the plan
• System development technologies
• SDLC, RAD, ERP purchases
• Internal audit involvement, Audit strategy

Application Controls

•  What is an application?
• Business application risks
• Application auditing
•  Transactions: the audit focus
• Transaction life cycle controls, End
•  User computing
•  Data warehouses
• The future of applications

Database Technology and Controls

• Managing information
• The program
•  Centric model
• Program
• Centric audit concerns
• The data
• Centric model
• What is a database?
• Database terminology
• Database management systems
• Types of databases
• Database audit concerns

Infrastructure General Controls

• Operations controls
• IT operations
• Operating system controls
• System utilities
• System software controls: a review
• Physical security
• Environmental controls

BTS attendance certificate will be issued to all attendees completing minimum of 75% of the total course duration.