IT Auditing for the Non-IT Auditor

Seminar Overview

A One Day Course on the Basics of IT Auditing, Taught by a Non-IT Auditor

In today’s economy, all auditors must become multi-faceted and multi-purposed. Regardless of background, internal auditors must have the basic knowledge of IT auditing to understand the general concepts, understand IT terminology and how IT auditing is integral to general auditing. There is no complete view/opinion of one without looking at the other. This one day course will take auditors through the basics of IT Auditing.

Who Should Attend
Financial and Operational with any amount of experience that want to further understand IT Auditing.
Learning Objectives
  • Understanding of the basics of IT Auditing, including key terms and acronyms
  • Learn the importance of the IT risk assessment and integration with the audit risk assessment
  • Understand the difference between application controls and general controls and how to identify each

I. Introduction and Background
     a. Background
     b. Topics to Cover

II. IT Risk Assessment
     a. What is an IT Risk Assessment?
     b. Understanding the IT Environment
     c. IT Risk Frameworks
     d. The Audit Plan
     e. Mapping the IT and Business Environment
     f. Heat Maps

III. General Computer Controls
     a. Information Security
     b. IS Operations
     c. Application System and Maintenance
     d. Database Implementation and Support
     e. Network Support
     f. System Software Support

IV. Pre and Post Implementation Audits
     a. Key Concepts
     b. Project Risk Management
     c. Pre-implementation Review
     d. Post-implementation Review

V. Auditing Application Systems
     a. Auditing Application System Approach
     b. Application Configuration
     c. Input Controls
     d. Data
     e. Transaction Processing
     f. Security
     g. Reporting
     h. Data Interfaces and Conversions
     i. Benchmarking

VI. Auditing Security
     a. Information Security Governance
     b. User Access Administration
     c. Technology Based Access Security Controls
     d. Secure Systems Development
     e. Incident Response
     f. Remote Access and Third Parties
     g. User Awareness and Training
     h. Physical Security
     i. Legal and Regulatory Compliance

VII. Segregation of Duties

VIII. Spreadsheets