IT Auditing

As regulatory and compliance demands on Information Technology (IT) departments grows, there is an increased amount of auditing within IT. Whether initiated internally or by outside auditors, most large IT shops are now audited more than once a year. However there is oftentimes a shortage of knowledgeable auditors who understand the specialized techniques for testing information systems. This class is designed to prepare existing and potential auditors to address the unique aspects of auditing procedures and technologies in IT.

Agenda

• Introduction to IT Auditing
• The 3 categories of Audits
• Risk-based approach – what it is and how to do it?
• Basic processes and procedures
• Top 4 findings – most common IT audit findings
• IT Entity-level controls – including discussion on which are early indicators
• IT General Controls – Emphasis on techniques to determine whether critical general controls are tightly designed and operating effectively
• Application Controls – How to track application controls in conjunction with business users & techniques to reduce testing costs
• Vendors – When portions of IT are outsourced, curriculum teaches how to incorporate SAS-70 or other means for gathering evidence
• Implications of an ERP system
• Auditing IT projects
• Introduction to other audits, such as Post-Implementation and ROI

For a printable version of our IT Auditing Brochure - click here.