IT Auditing 201: IT Applications and Controls

Seminar Overview

A One Day Crash Course on the true basics of Internal Auditing

As a follow-up to the IT Auditing for Non-IT Auditors course, IT Auditing 201 focuses not only on an overview of IT Auditing but a deeper dive of understanding testing and general compliance.

Who Should Attend
Internal auditors looking to continue to understand IT Auditing and Application Controls


Learning Objective
• Understanding of the basics of IT Auditing, including key terms and acronyms
• Learn the importance of the IT risk assessment and integration with the audit risk assessment
• Understand the difference between application controls and general controls and how to identify each.
• Understand what to look for and how to test general and application controls
• Applying critical thinking skills throughout all facets of the IT Audit process


I. Introduction and Background
   a. Background
   b. Topics to Cover
II. IT Risk Assessment
    a. Heat Maps
III. IT Audit Planning
     a. Determining Key Risks by Audit Type
     b. Critical Thinking throughout the Planning Process
IV. General Computer Controls (GCC’s)
      a. Information Security
      b. Auditing Application System Approach
      c. Application Configuration
      d. Other Areas
V. Pre and Post Implementation Audits
VI. Auditing Application Systems
     a. General Areas of Risk
VII. Testing General Computer Controls
      a. Ways to Test
      b. Testing by GCC Type
      b. IS Operations
      c. Application System and Maintenance
      d. Database Implementation and Support
      e. Network Support
      f. System Software Support
      g. Testing Security by System Type
VIII. Auditing Security
IX. Testing Applications Systems
     a. Way to Test
     b. Testing by Application Control and System Type
X. Segregation of Duties
XI. Spreadsheets