Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorIT General Controls Certificate Program
Course Description Course Outline Bring Us On Site  

IT General Controls Certificate Program

Course Description

Print-friendly Course Description and Outline

​Information technology (IT) is the lifeblood of most organizations today. Speed to market has sent most organizations into a technical catapult where annually more processes become technology driven, whether that technology exists in or outside the organizations data center.

This certificate is designed to ensure that all internal auditors have the minimal technical competencies’ to perform basic IT-related audit activities, focusing on governance, project delivery, and IT general controls.

This seminar assists the internal auditor in gaining a fundamental understanding of technology-related risks and controls in preparation for the IT General Controls Certificate Assessment.

By the end of this program, internal auditors should:

  • Recognize the importance of the governance of enterprise IT.
  • Associate project delivery with effective and efficient technology driven processes.
  • Realize the impact technology has on business processes.
  • Identify and access basic IT general controls related to:
    • IT Change Management.
    • Business Resilience.
    • Logical Security.
    • Physical Security.
    • Environmental Controls.
    • IT Operations and Services Management.
    • System Development Life Cycle.

Upon completion of the program, participants are eligible to sit for the assessment in order to earn this certificate.

Who will benefit from this course?

This certificate program is designed for internal auditors and consulting associates who wish to increase their knowledge of information technology auditing and to demonstrate your knowledge and expertise by earning the ITGC® designation and badge. After completing this program, participants will earn 20 hours of CPE, and be well-prepared to participate in effective IT-related audit engagements and sit for the certificate exam.

Course Objectives

  • Describe the fundamental concepts of IT audit.
  • Explore common risks and controls related to information technology.
  • Recognize methodologies for assessing the effectiveness of technology controls.
  • Discover methods to evaluate risk associated to technologies and the utilization of third-parties.
  • Identify the critical aspects of business resiliency.

Learning Objectives

  • Describe risks and controls related to IT.
  • Recognize key infrastructure and network components.
  • Identify the relationship between organizational governance and IT governance.
  • Identify internal audit’s role in IT governance.
  • Define IT change management.
  • Describe controls necessary for effective IT operations.
  • Identify application security controls.
  • Distinguish characteristics of privileged access.
  • Explain the purpose of the system development life cycle.
  • Distinguish key business recovery concepts, including business impact analysis, business continuity, disaster recovery, and incident response.
  • Identify the general concepts related to auditing computer operations controls.
  • Identify the general concepts related to auditing physical and environmental security.
  • Review the core principles of project management.
  • Describe the basics of auditing the project management process.
  • Establish the elements of a third-party risk program.
Course Duration: 2.5 day(s)
CPEs Available: 20
Knowledge Level: Intermediate
Field of Study: Information Technology
Prerequisites: 
Tools for New Auditors and Fundamentals of IT Audit and/or similar previous audit experience.
Advance Preparation: 
​None
Delivery Method: eLearning (Group-Internet-Based); On-site Training (Group-Live); Seminar (Group-Live); Live Stream

​IT Essentials – Introduction to IT

  • An overview of IT operations.
  • Risks and controls related to IT.
  • The purpose and applications of IT control frameworks and basic IT controls.
  • An overview of IT governance.
  • IT competencies for internal auditors.

IT Essentials – Assessing Networks and Infrastructure

  • Key infrastructure and network components.
  • Devices in the DMZ.
  • Competencies of internal auditors performing infrastructure and networking audits.
  • Common infrastructure and network terminology.
  • OSI model and the layers of defense in depth.

Governance of Enterprise IT

  • Importance of IT governance.
  • Components of IT governance.
  • Relationship between organizational governance and IT governance.
  • Five areas of a sample IT governance framework.
  • Desired outcomes and challenges of implementing an IT governance framework.
  • Internal audit’s role in IT governance.

Logical Security: Application, Database, and Operating System Layers

  • Security controls that relate to an IT audit.
  • Databases and database management systems operate.
  • Database security controls.
  • Common operating system controls.

Logical Security: The Network Layer

  • Privileged access.
  • Common network concepts and terminology.
  • Basic network architecture.
  • Auditing IT Change Management
  • IT change management.
  • Types and sources of change.
  • An overview of the change management process.
  • Roles and responsibilities related to IT change management.
  • Role of patches in the IT change management process.
  • Preventative, detective, and corrective controls necessary for effective IT change management.
  • Best practices for providing assurance over effective change management.

Understanding the SDLC

  • Purpose of the system development life cycle.
  • Key organizational roles in system development projects.
  • Phases within a system development life cycle.
  • Reasons why system development projects fail.
  • Reasons for successful outcomes of system development life cycle projects.
  • General concepts related to assessing a system development life cycle.

Computer Operations

  • General concepts related to auditing computer operations controls.
  • Main components of service management.
  • Value of deploying a unified service management platform.
  • Value of asset and configuration management.
  • Relationship between service management and computer operations management in the auditing process.

Physical and Environmental Controls

  • Basics of physical security.
  • Basics of environmental security.
  • Common physical and environmental risks and controls.
  • General concepts related to auditing physical and environmental security.
  • Exploring Corrective Controls
  • Operational resilience and business resiliency as the primary building blocks needed to successfully recover from an event.
  • Key business recovery concepts, including business impact analysis, business continuity, disaster recovery, and incident response.
  • Phases in developing business continuity plans (BCPs), disaster recovery plans (DRPs), incident response plans (IRPs), and incident response playbooks.
  • Backup processing concepts.
  • Consulting and assessment activities as they relate to internal audit.

Auditing Project Management Practices

  • Fundamentals of portfolio, program, and project management.
  • Core principles of project management.
  • Controls and risks associated with project management.
  • Internal audit’s roles in a project.
  • Auditing the project management process.

Auditing Third Party IT Risk

  • Elements of a third-party risk program.
  • Third-party risk management process.
  • Contracting.
  • Monitoring.
  • The role of internal audit.
  • Performing the engagement.
  • Evaluating and reporting the results.

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.

LocationsDates