Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAn Introduction to IT Auditing
IIARF Icon
Course Description Course Outline Bring Us On Site  

An Introduction to IT Auditing

Course Description

Print-friendly Course Description and Outline

IT auditing has become an essential skill set for all internal auditors. This course is designed to provide an introduction to IT auditing and a foundation for professional career development in the IT audit field. It is geared towards new IT auditors and internal auditors assuming an IT or integrated role.

The course will introduce the fundamentals of IT auditing and review the core drivers behind why it is a specialized area of auditing, the evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. The facilitator will introduce the role of IT auditing and explain how IT audit strategies can enhance non-IT audits.​ 

Attendees will learn about the four primary types of IT audits: audits of IT systems, IT processing environments, systems development, and technical and special topic audits. The facilitator will define critical IT concepts, governance requirements, risk assessment techniques, and related audit concepts. Attendees will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence. ​

In this course, we will discuss:​

  • The IT audit universe.​
  • The importance of the operating culture on IT control.​
  • The relationship of controls to control objectives.​
  • Meeting audit standards for compliance and attaining IT audit value.​
  • Applying comprehensive audit planning techniques to achieve audit success.​
  • The impact of outsourced IT functions.​
Course Duration: 1 day(s)
CPE Hours Available: 7
Knowledge Level: Basic
Field of Study: Auditing
Prerequisites: 
​None
Advance Preparation: 
​None
Delivery Format: On-site Training (Group-Live)

Role of the IT Auditor

  • Internal audit department
  • Organization
  • The objective of IT audit

Internal Audit Universe

  • Financial
  • Operational
  • Technology

IT Audit Framework Using COBIT

  • COBIT domains
  • Using COBIT control objectives

IT Management

  • Governance and executive sponsorship
  • IT management and organization
  • Risk management

Hardware Configuration Management

  • Server configuration
  • Workstation configuration

IT Contingency Management

  • Business continuity and disaster recovery
  • Business continuity drills and tests
  • Business continuity preparedness

Data Management

  • Relational database concepts
  • Data storage location
  • Database access controls
  • Data ownership and custodial controls
  • Data classification
  • Data loss protection

Network Perimeter

  • Network concepts
  • Firewall concepts
  • Network configuration management
  • Intrusion detection monitoring
  • Penetration testing

Change Management

  • Software library controls
  • Promotion to production controls
  • Synchronization of source and executable libraries
  • Distributed computing controls
  • Patch management

Information Security Management

  • Information security policy
  • Monitoring for information security implementations
  • ISO27002 as policy
  • Reliance on information security management
  • Security incident management

Identity & Access Management

  • User ID provisioning, maintenance, and termination
  • Authentication controls
  • Access control maintenance and monitoring

Outsourced Environment

  • Using third-party reviews
  • Supplementing third-party review reports
  • Auditing the interfaces to, and management of, third-party operations

Systems Development

  • Systems development framework
  • Integration of the SDLC and project management process
  • Functions of the project management office
  • Secure development

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.​