Print-friendly Course Description and Outline
IT auditing has become an essential skill set for all internal auditors. This course is designed to provide an introduction to IT auditing and a foundation for professional career development in the IT audit field. It is geared towards new IT auditors and internal auditors assuming an IT or integrated role.
The course will introduce the fundamentals of IT auditing and review the core drivers behind why it is a specialized area of auditing, the evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. The facilitator will introduce the role of IT auditing and explain how IT audit strategies can enhance non-IT audits.
Attendees will learn about the four primary types of IT audits: audits of IT systems, IT processing environments, systems development, and technical and special topic audits. The facilitator will define critical IT concepts, governance requirements, risk assessment techniques, and related audit concepts. Attendees will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence.
In this course, we will discuss:
- The IT audit universe.
- The importance of the operating culture on IT control.
- The relationship of controls to control objectives.
- Meeting audit standards for compliance and attaining IT audit value.
- Applying comprehensive audit planning techniques to achieve audit success.
- The impact of outsourced IT functions.
|Course Duration: 1 day(s)
|CPE Hours Available: 7
|Knowledge Level: Basic
|Field of Study: Auditing
|Delivery Format: On-site Training (Group-Live)
Role of the IT Auditor
- Internal audit department
- The objective of IT audit
Internal Audit Universe
IT Audit Framework Using COBIT
- COBIT domains
- Using COBIT control objectives
- Governance and executive sponsorship
- IT management and organization
- Risk management
Hardware Configuration Management
- Server configuration
- Workstation configuration
IT Contingency Management
- Business continuity and disaster recovery
- Business continuity drills and tests
- Business continuity preparedness
- Relational database concepts
- Data storage location
- Database access controls
- Data ownership and custodial controls
- Data classification
- Data loss protection
- Network concepts
- Firewall concepts
- Network configuration management
- Intrusion detection monitoring
- Penetration testing
- Software library controls
- Promotion to production controls
- Synchronization of source and executable libraries
- Distributed computing controls
- Patch management
Information Security Management
- Information security policy
- Monitoring for information security implementations
- ISO27002 as policy
- Reliance on information security management
- Security incident management
Identity & Access Management
- User ID provisioning, maintenance, and termination
- Authentication controls
- Access control maintenance and monitoring
- Using third-party reviews
- Supplementing third-party review reports
- Auditing the interfaces to, and management of, third-party operations
- Systems development framework
- Integration of the SDLC and project management process
- Functions of the project management office
- Secure development
Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.
Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.