Advanced IT Audit Practices

Course Description: 

Geared to the needs of more experienced IT audit practitioners, this two-day seminar examines key control issues, audit approaches, and testing techniques within major IT functions.  The emphasis is on responding to the difficult challenges faced by the seasoned IT auditor through the use of practical methods designed to meet your audit objectives.

Key topics covered include Management Controls, Information Security, Outsourcing and Vendor Management Controls, Networking Controls,  Audit of Business Applications and Business Continuity Planning.  In addition, we will consider important technology hurdles that IT auditors regularly face, and how to overcome them.

 

Key topics: 
  • Management Controls
  • Information Security
  • Outsourcing and Vendor Management Controls
  • Networking Controls
  • Audit of Business Applications
  • Business Continuity Planning
Course Objectives: 

After completing the session, you will be able to deal with advanced IT audit issues, utilizing a wide selection of advanced evaluation and testing techniques.

Course Length: 
2.0 Days
Learning Level: 
Experienced Practitioners
Instructional Method: 

Group-live

CPE Credits: 
14 Hours
Detailed Course Description: 

The course will cover specific training for testing, and what the auditor should look for within the following IT functions:

Management Controls

  • Board and Committee Oversight
  • Policies and Procedures
  • Awareness and Training
  • Risk Assessment development and Management Practices
  • Organizational Relationships  and IT Governance
  • Organizational Changes
  • Accountabilities and Responsibilities

Information Security

  • Including regulatory privacy issues for protection of customer related information in Healthcare, Financial Services, etc.
  • Access and Authentication
  • Network Configuration
  • Operational Performance
  • Testing

Outsourcing and Vendor Management Controls

  • Vendor Selection and Due Diligence
  • Vendor Monitoring
  • Cloud issues

Networking Controls

  • Configuration Management
  • Maintaining and Monitoring
  • New Technologies
    • Mobile
  • Remote connectivity
  • Electronic Payments

Audit of Business Applications

  • Process Integration and Management
  • Development life cycle
  • Change Management
  • Process Controls
  • Flowcharting
  • Application Process Life Cycle – (input, transmission, process, storage and output).

Business Continuity Planning

  • Threat Analysis
  • Business Impact Analyses (BIA)
  • Recovery Strategies
    • Recovery Time Options (RTO)
    • Recovery Point Options (RPO)
  • Planning and Resources
  • Plan Testing and Execution
  • Return to Normal or the New Normal
  • Post implementation Processes