I. Introduction and Background
a. Background
b. Topics to Cover
II. IT Risk Assessment
a. Heat Maps
III. IT Audit Planning
a. Determining Key Risks by Audit Type
b. Critical Thinking throughout the Planning Process
IV. General Computer Controls (GCC’s)
a. Information Security
b. Auditing Application System Approach
c. Application Configuration
d. Other Areas
V. Pre and Post Implementation Audits
VI. Auditing Application Systems
a. General Areas of Risk
VII. Testing General Computer Controls
a. Ways to Test
b. Testing by GCC Type
b. IS Operations
c. Application System and Maintenance
d. Database Implementation and Support
e. Network Support
f. System Software Support
g. Testing Security by System Type
VIII. Auditing Security
IX. Testing Applications Systems
a. Way to Test
b. Testing by Application Control and System Type
X. Segregation of Duties
XI. Spreadsheets