CPE Credits: TBD
Description: Discusses the status of IT Auditing within organizations, the classic approaches to providing this necessary services to the organization, the preparation of General Auditors for contributing to the IT Audit projects and the categorization of risks to allow the IT Audit universe to be serviced by both IT Auditors and General Auditors. You will learn the basic fundamentals of Lo-tech IT controls that can be audited by General Auditors and the scope of IT risks, Lo-tech and Hi-tech, that must be addressed in today's environment. The major areas which can be addressed by General Auditors will be discussed in detail with hands-on exercises to reinforce that knowledge.
Audience: General Auditors, Audit Management
Prerequisites: None
Objectives:
Course Outline:
A. IT and the Audit Organization
General Auditors
Professional requirements
IEG11
CITP (AICPA)
IT Auditors
Integrated Audit- making it work?
B. IT audit risk
SAS 109 - IT risks
Hi-tech vs Lo-tech
IT Audit Universe
C. General IT Knowledge Requirements for Accountants
IT Architecture
General systems concepts
Transaction processing in business systems
Physical and hardware components of a system
Networks, and electronic data transfer
Software
Protocols, standards, enabling technologies
Data organization and access methods
IT professionals and career paths in IT organizations
System acquisition/development
System acquisition/development life cycle phases, tasks
Investigation and feasibility study
System design, selection, acquisition/development
System implementation
System maintenance and program changes
IT Management
IT Organization
Management of IT operations, effectiveness, and efficiency
Asset management
Management of system change and problem resolution
Performance monitoring and financial control over IT resources
Information Technology Strategy
Enterprise strategy and vision
Assess current and future IT environment
IT strategic planning
Ongoing governance and outcome
Business Process Enablement
Stakeholders and their requirements
The entity's business models
Risks and opportunities
Impact of IT on the entity's business models, processes and solutions
D. Tools for control issues
Overview tools
COBIT
Lo-tech vs hi-tech
Assurance guides
Global Technology Audit Guides (IIA)
Information Technology Committee Guidelines (IFAC)
E. IT Audit Methodologies for General Auditors
Art or science
Every situation can be different based on business needs, development and infrastructure choices
Principles of Audit apply but adapt to environment
Integrate control review into program development cycle
Don't assume a process is a key control. Is there an active control to enforce the process?
Show me not tell me
Eliminate the 'snow job'
How to recognize when the water's too deep
Are there gators in there, too? - evaluate risk
Tools
Go from not possible to gotcha
What to do if
Purchased software
Service organizations
F. Computer assisted audit tools
How to identify what you need?
Creating the solution
Financial audit responsibility?
IT Auditing staff?
Is this an ongoing need
Document
Secure
This seminar will be taught by RODNEY SCOTT, CIA, MBA
Rod is currently consulting and teaching in the area of the Sarbanes-Oxley Act. He developed and leads the IIA seminar "Sarbanes-Oxley Act: Assessing IT Controls". He has formed his own company and services several clients with their Sarbanes-Oxley internal control assessments for IT general controls and application controls, as well as performing IT audit assignments.