IT Management Consulting, Training Services, Audit & Security Reviews Since 1984
Home  >  Services  >  Training Courses  >  Strategic Partner Course Offerings  >  Seminars taught by Rod Scott

RGSA04 : Advanced IT Auditing

CPE Credits:

Description: This seminar discusses the methods and tools to facilitate IT Auditing within organizations. You will learn the basic issues concerning IT controls and the scope of IT risks that must be addressed in today's environment. The major areas which can be addressed by IT Auditors will be discussed with hands-on exercises to reinforce that knowledge.

Audience: IT Auditors interested expanding knowledge base

Prerequisites: Knowledge of IT Auditing

Objectives:

Course Outline:

A.    IT Complexity
    1.    Nature of the 'beast'
        i.    Terminology
        ii.    acronyms
    2.    "Network guru"?
    3.    Tools versus experience

B.    IT  "Standards" support positions/guide testing
    1.    COBIT
        i.    Quality Requirements:
        ii.    Fiduciary Requirements (COSO Report)
        iii.    Security Requirements
    2.    GTAG
    3.    Niche "standards"
        i.    ITIL
        ii.    ISO 17799/BS7799

C.    Security issues and tools
    1.    Security software challenges
    2.    Tools

D.    Operating systems risks and Audit tools
    1.    Desktop impact
    2.    Major systems
    3.    Privileged accounts
    4.    Analysis software

E.    Application reviews
    1.    System development life cycle
    2.    Application control issues
    3.    Standards/tools

F.    Network control issues and tools
    1.    Audit impact of LANs and WANs
    2.    Network controls
        i.    VPN
        ii.    Firewall                   
        iii.      Two-factor authentication                                                           
        iv.      Vulnerability assessment

G. Business Continuation Planning reviews
    1. Analyze Plan development
    2. Testing the Plan

 
H.    Data management issues and tools
    1.    Major software
        a.    ORACLE
        b.    SQL
    2.    Privileged accounts
    3.    Tools to analyze

I.    Data Transfer Risks
    1.    FTP
    2.    Personal Devices
    3.    EMAIL

J.    Impact of Regulations on IT
    1.    Sarbanes-Oxley
    2.    Graham-Leach Bliley
    3.    HIPAA
    4.    PCI

K.    Ongoing Monitoring of internal controls
    1.    Identify critical controls
    2.    Software to monitor, archive and report

L.    Conducting the Audit
    1.    Audit Planning
    2.    Risk Assessment
    3.    Audit program
    4.    Testing
    5.    Evidence
    6.    Analysis
    7.    Wrapup

 
This seminar will be taught by RODNEY SCOTT, CIA, MBA

Rod is currently consulting and teaching in the area of the Sarbanes-Oxley Act.  He developed and leads the IIA seminar "Sarbanes-Oxley Act: Assessing IT Controls".  He has formed his own company and services several clients with their Sarbanes-Oxley internal control assessments for IT general controls and application controls, as well as performing IT audit assignments.

For more information contact Dr. Marcella personally

More Items in Seminars taught by Rod Scott

Introduction to IT Auditing
Add Introduction to IT Auditing to Cart
Assessing IT Controls
Add Assessing IT Controls to Cart
Integrating IT Audit
Add Integrating IT Audit to Cart

Business Automation Consultants, LLC
c/o
ALBERT J. MARCELLA, JR., Ph.D., CISA,CISM
Principal

P.O. Box 461
Ballwin, MO 63022
(636) 529-0129
amarcella@mindspring.com
View Al Marcella, Ph.D., CISA, CFSA, CDP's profile on LinkedIn

 

Other Services: