IT Audit School Agenda
Seminar: ID# 1003291
Agenda
1. Introduction To IT Audit
- Audit Objectives And Requirements
- Role Of IT Within The Organization
- Management And Security Risks In An Automated Environment
- What Is A Control?
- Internal Control Defined
- Processes And Control Points
- Physical Space Vs. Logical Space
- Identifying Control Points
2. Planning The IT Audit
- Definition Of Internal Audit
- Objectives Of An IT Audit
- IT Audit Strategies
- What Is An Application
- Application Vs. General Controls
- IT Audit Control Reviews
- IT Control Categories
- The Audit Deliverable
- Building The Audit Team
3. Auditing Organizations And Standards
- Maintaining Audit Objectivity
- What Is A Standard?
- AICPA And SAS
- GAO And Other Certification Organizations
- The Institute Of Internal Auditors (IIA)
- The Treadway Commission
- COSO Integrated Framework
- ISACA And The IT Governance Institute
- COBIT®: Control Objectives For Information And Related Technology
- ISO 27002 Security Standard
4. Information Technology Basics
- Computer Hardware And CPU Operation
- Two Different Classes Of Computers
- Software, Programs, And Processing
- Distributed Systems And Client/Server Technology
- The Open Systems Interconnection (OSI) Model
- Maintenance And Security
5. Network Technology And Controls
- Networking Risks
- Auditing Networks
- What Is A Network?
- Lans, Wans, And Mans
- Physical Network Media (Cables)
- Cabling Audit Objectives
- LAN Protocols
- WAN Connectivity And Protocols
- MAN Protocols
- LAN/WAN/MAN Audit Objectives
- Network Devices
- Network Device Audit Objectives
- Complete Networks
- The Internet
- Intranets And Extranets
- Risks Of Internet Use For Business
- Using Firewalls
- Internet Communications
- Internet Protocol (IP) Addressing
- Service (Process) Addressing
- Internet Applications
- The World Wide Web (Www)
- Web Page Technologies
- Internet Audit Objectives
6 Shared General And Application Controls
- Logical Security
- Data Classification
- Logical Access Controls: System Access
- Encryption: Information Access
- Remote Access, Pcs, And Mobile Devices
- Information Security Management
- Change Management
- Change Management Objectives
- Program Change Control
- Patch Management
- Software Licensing
- Business Continuity/Disaster Recovery
- BCP/DRP Defined
- Business Impact Analysis (BIA)
- Disaster Recovery Strategy
- Maintaining The Plan
- System Development Technologies
- SDLC, RAD, ERP Purchases
- Internal Audit Involvement
- Audit Strategy
7. Database Technology And Controls
- Managing Information
- The Program
- Centric Model
- Program
- Centric Audit Concerns
- The Data
- Centric Model
- What Is A Database?
- Database Terminology
- Database Management Systems (DBMS)
- Types Of Databases
- Database Audit Concerns
8. Infrastructure General Controls
- Operations Controls
- IT Operations
- Operating System Controls
- System Utilities
- System Software Controls: A Review
- Physical Security
- Environmental Controls
9. Business Application Transactions
- Objectives Of An Application Audit
- What Is A Transaction?
- Transaction
- Based Application Auditing
- Transaction Life Cycle
- Application Risk Assessment Factors
- Establishing Audit Priorities
10. Top-Down Risk-Based Planning
- Planning The Application Audit
- Top
- Down, Risk
- Based Planning
- Defining The Business Environment
- Determining The Application’s Technical Environment
- Performing A Business Information Risk Assessment
- Identifying Key Transactions
- Developing A Key Transaction Process Flow
- Evaluating And Testing Application Controls
11. Data Input And Processing Models
- Comparing Pros/Cons Of Input And Processing Models
- Batch Input/Batch Processing
- On
- Line Input/Batch Processing
- On
- Line Input/On
- Line Processing
- Real
- Time Input/Real
- Time Processing
12. Application Controls
- Business Applications
- Information Objectives
- COSO: Application Controls
- Business Application Auditing
- Application Transaction Life Cycle
- Transaction Origination
- Logical Security
- Completeness And Accuracy Of Input
- Completeness And Accuracy Of Processing
- Completeness And Accuracy Of Output
- Output Retention And Disposal
- Data File Controls
- User Review, Balancing, Reconciliation
- End
- User Documentation
- Training
- Segregation Of Duties
- Business Continuity Planning
- Sarbanes
- Oxley Application Control Requirements
13. Testing Application Controls
- Testing Automated And Manual Controls
- Testing Alternatives
- Testing Sample Size
- Sampling Terminology
- Negative Assurance Testing
- Types Of Audit Evidence
- Functional/Substantive Testing
- Computer Assisted Audit Techniques (Caats)
- Data Analysis: Planning And Data Verification
- Sarbanes
- Oxley: Testing Requirements And Examples
14. Documenting Application Controls
- Evaluating And Documenting Internal Controls
- Internal Control Questionnaires
- Narratives
- Flowcharts / Process Flows
- Control Matrix
15. End-User Computing
- Growth Of End User Computing
- End User Computing Risks
- General IT Control Risks
- Change Control Risks
- Purchased Applications Risks
- Spreadsheets: Typical Errors
- Spreadsheet Risk Factors
- Practical Steps For Evaluating Spreadsheet Controls
