IT Management Consulting, Training Services, Audit & Security Reviews Since 1984
Home  >  Services  >  Training Courses  >  Business Automation Consultants, LLC. Course Offerings

: Fundamentals of IT Auditing for Non-IT Auditors and Enterprise Professionals

CPE Credits: 14 (2 days)

Description: In today's evolving virtual markets and highly complex, global corporate environments, information technology professionals, operational, financial, and IT auditors must all work together in helping to establish, implement and secure organizational infrastructure from both internal and external threats. This course will provide the attendee with an insight into the most critical and sensitive areas of an organization, areas which are increasingly being examined by an organization's internal audit function. Internal controls and security are examined with an objective of gaining a better understanding of the audit concerns related to securing and controlling an organization's IT environment. Participation in this course will provide a unique opportunity for an organization's IT management, financial and operational auditors, and professional IT staff to become acquainted with the role and responsibilities of the organization's IT audit professional.

Audience: IT Managers, system administrators, managers of telecommunications, directors of security, safety and continuity planning, HR managers, financial officers (CEO, CFO, COO), senior management (CIO, CXO, CSO) and IT professionals who through their involvement in managing or directing the IT infrastructure will eventually be requested, by their organization's internal and/or external audit function, to participate in an examination of IT operations under their authority. This particular two-day program would also be of value to financial and operational audit professionals considering a career move into IT auditing as well as non-IT audit professionals tasked with the responsibility for assessing their organization's IT operations and infrastructure.

Prerequisites: There is no prerequisite for this course.

Objectives:

After completing this course, participants will be able to:
 

1. Identify the critical elements involved in the formation of Internal Audit’s Charter.

2. Recognize the important governance principles guiding 21st century organizations.

3. Better understand Internal Audit’s mandate, mission, objectives and approaches to examining IT systems and infrastructure.

4. Evaluate current standards, frameworks and legislative acts, which have mandated that organizations take a closer look at their IT    infrastructure and operations.

5. Assess corporate policies which may direct audit involvement and examination of IT operations.

6. Examine the role of IT governance and its connection to IT auditing.

7. Review the benefits of partnership between audit and IT management. and identify the major elements of an IT Audit.

8. Appraise the role of an IT auditor, including an acknowledgement of an IT auditor’s skill set.

9. Describe risk through effective risk profiling and management in IT auditing.

10. Effectively prepare for an internal audit of IT operations.

 

Course Outline:

 

DAY 1           Day 1 is an examination into IT auditing and IT audit's role in assisting the organization in mitigating exposures and maintaining internal controls.
 
SESSION 1     IT Audit: A 21st Century Perspective. Topics to be discussed include:
 
  • Audit of Valuation, Ownership, Completeness, Existence
  • Three Key Elements for Success
  • Key Leadership Attributes For Success
  • Keys to Making Change Happen
  • Selected Success Measures
  • What are the Most Powerful Audit Questions?
  • 21st Century Governance Principles
  • 21st Century Audit Committee Principles
 
SESSION 2     Overview of audit’s mandate and reason audit needs to examine IT (systems, applications, and infrastructure). Session 2 will focus on:
 
  • What is a Control?
  
  • Audit of Operation and Maintenance
  • Objectives of Computer Controls
  
  • Organizational Controls
  • Audit Methodology
  
  • Physical Access Controls
  • Systems Based Audit
  
  • Authorization Controls
  • Audit Techniques
  
  • Change Management Controls
  • Audits of Acquisition, Development
  
  • Network Communication Security Controls
  • Categories of System Development Audit
  
  • Business Continuity Planning
 
SESSION 3     Review and examination of the current standards which have mandated that organizations take a closer and more personal look at their IT infrastructure and operations. Session 3 will examine the following standards and their impact on operations:
 
  • Basel II
 
  • Sarbanes-Oxley
  • BS 15000
 
  • BS 25999
  • ISO 27001
 
  • BS OHSAS 18001
  • ISO 14001
 
  • COBIT v4
  • ISO 17799
 
  • ISO 9001
  • ISO 38500
 
  • SAS 70 II
  • ISO 13335
 
  • Six Sigma
  • ITIL Service Management
 
 
 
SESSION 4     Brief review of corporate policies which may direct audit involvement and examination of IT operations. Policies addressing the following issues will be discussed:
 
  • Fraud
  
  • E-Discovery
  • Ethics
  
  • Records Retention
  • Acceptable Use
  
  • Data Destruction
  • Non-Disclosure
  
  • Data Loss Prevention
  • Non-Compete
  
  • Backup Vs Archive
  • SLAs
  
  • Contracted Employees
  • Encryption
  
 
  • Outsourcing
  
 
 
SESSION 5     Governance, IT Governance, and compliance. The role of IT governance and its connection to IT auditing and the key issues facing organisations globally. Specifically, this session will address:
 
  • IT Connection to Profit
 
  • IT profit model
  • What Does IT Impact?
 
  • Three obstacles to compliance
  • Requirements for IT Compliance
 
  • GRC Smart Practices
  • Corporate Governance and GRC
  
  • What is Compliance?
  • What is Risk?
  
  • IT’s Contribution to Compliance
  • Benefits of Standards
  
  • Best Practices for Security and SOX Compliance
  • IT Governance and IT-GRC
  
  • How Can IT Systems Assist Management with Compliance Issues?
  • How should an enterprise most effectively and efficiently govern its IT activities?
  
  • Putting IT GRC into action
 
 
DAY 2             Day 2 focuses on the interaction of the IT auditor with the day-to-day business of the enterprise, risk assessment and preparing for an IT audit.
 
SESSION 1     Discussions covering the benefits of partnership between audit and IT management. The IT auditing process, the current auditing framework & its challenges. Session 1 will address theses specific topics:
 
  • The IT Auditing Process
  
  • Systems Development and Change
  • 2011 CISA Job Practices: Defining the Audit Scope
  
  • System Operations and Support
  • IT Audit Planning
  
  • Application Systems Reviews
  • The Major Elements of an IT Audit
  
 
  • Organization and Management
  
 
  • IT Audit Standards and Practices
  
 
  • Policies and Procedures
  
 
  • IT Infrastructure
  
 
 
 
SESSION 2     Brief examination of the role of an IT auditor, including a brief review of an IT auditor’s skill set. Topics addressed will include:
 
  • Mitigating Internal Control Exposures: The Role of the IT Auditor
  • Kinds of IT Audits
  • Skills Needed to Audit Information Systems
  • Skills Set for the 21st Century Auditor
  • Suggested Supplemental Skills for IT Auditors
  • Training Sources for IT Auditing
  • IS Auditing Trends
 
 
SESSION 3     Risk through effective risk profiling and management in IT auditing. Session topics address the following:
 
  • Information threats, vulnerabilities and exposures
  
  • Information security controls and countermeasures and their effectiveness
  • Information resource valuation methodologies
  
  • Risk mitigation strategies for information resources
  • Risk assessment and analysis methodologies
  
  • Gap analysis (end state vs. current state) and the relationship to information risk
  • Determining risk reporting frequency and requirements
  
  • Cost benefit analysis - mitigating risks to acceptable levels
  • Methods used to determine sensitivity and criticality of information resources
  
  • Risk management principles and practices
  • Baseline modeling and risk-based assessments of control requirements
  
  • ISO Risk Management Standard 31000
  • The Nine Primary Steps of a Risk Assessment Methodology
  
  • Mitigating and Managing Risk
 
 
SESSION 4     What should IT management do to prepare for an internal audit of IT operations? This session will focus on the following:
 
  • Questions for Auditor
  • The Audit Objectives
  • Types of Audits to be Conducted
  • Common IT Audit Issues
  • Making Auditors Part of The Management Team
  • Making the Auditing Process Part of the IT Routine.
  • Benefits of Partnering With the Audit Function

 

For more information contact Dr. Marcella personally

More Items in Business Automation Consultants, LLC. Course Offerings

Forensic Auditing: Implementing Auditing, IT and Accounting Skills to Identify and Mitigate Organizational Fraud
Add Forensic Auditing: Implementing Auditing, IT and Accounting Skills to Identify and Mitigate Organizational Fraud to Cart
The Essentials of Cloud Computing for Audit Professionals
More Details
Cyber Forensics: Identification, Acquisition, Processing and Analysis of Digital Evidence
More Details
IT Leadership and Strategic Management
More Details

Business Automation Consultants, LLC
c/o
ALBERT J. MARCELLA, JR., Ph.D., CISA,CISM
Principal

P.O. Box 63362
St. Louis, MO 63163
(314) 504-0530
amarcella@mindspring.com
View Al Marcella, Ph.D., CISA, CFSA, CDP's profile on LinkedIn

 

Other Services: