IT Auditing and the Internal Auditor

LEARNING OBJECTIVES
• Understanding of IT infrastructure and application terminology, architecture, operation, risks, and controls
• Learn fundamental IT audit “tools of the trade” and how to apply them in a variety of IT and integrated audit project
• Familiarization with the IT Audit process and associated best practices
• Provide foundation knowledge relevant to IT Audit professional certification

COURSE OUTLINE

Explaining the IT Audit Process
• IT Audit Objectives
• Role of the IT Auditor
• IT Audit Projects
•
IT Audit and Information Security Standards
• ISACA: COBIT, Risk IT, Val IT
• AICPA/CCPA
• Information Technology Infrastructure Library (ITIL)
• OECD, ISO, and other international standards
•

Dealing with IT Risks
• Materiality and effects on financial reporting
• Identifying high-risk applications and IT components
• Tools and techniques for assessing and measuring risk

Tools and Techniques for the IT Auditor
• Work programs and checklists
• Maturity models
• Flowcharting
• Audit software

Understanding and Auditing IT Governance and Infrastructure: General Controls Reviews
• IT Governance and Management
• Separation of Duties, Least Privilege, and other Organziational Controls
• Incident Response: Disaster Recovery, Computer Crime, and other Breaches of Security
• Physical and Environmental Security
• Hardware and Software Asset Management
• Configuration Management, Change Control, and Problem Reporting
• System Software Security and Patch Management
• Software Development Tools and Library Management
• Network Infrastructure Security: Internal, External
• Information Security
• Identity and Access Control Management
• Cryptography and Public Key Infrastructure (PKI)
• Cloud Computing and Other Outsourcing

Getting Your Arms Around IT Application Audits
• Understanding, Scoping, and Documenting an Application
• Reliance on General Controls
• IT Computing Process Models Up Close: Operational, Risk, and Control Considerations
o Batch processing
o Distributed client/server
o Web-based
o Mobile computing
• Service oriented architecture (SOA)
• Cloud computing

System Development Life Cycle (SDLC)
• SDLC process models: internally developed, off-the-shelf
• Defining IT Audit, Information Security, and other control agency role(s) in SDLC
• On-going application change management

Key Application Processes, Risks, and Controls
• Batch data input: collection, authorization, entry
• Web-based and other types of real-time data input
• Transaction authentication, authorization, and logging
• Data editing and input validation
• Processing and interfaces to other applications
• Outputs
• Data Management and Protection

Audit Data Collection and Testing
• Application testing tools and techniques
• Sampling
• Working in support of an integrated or operational audit team

FOR WHOM:
IT auditors and other Internal auditors.

METHODOLOGY
The training methodology integrates lectures, interactive discussions, collaborative group exercises, and illustrative examples. Participants will acquire a blend of theoretical insights and hands-on practical experience, emphasizing the application of learned techniques. This approach ensures that attendees return to their professional environments equipped with both the competence and self-assurance to effectively implement the acquired skills in their responsibilities.

DATE:
1ST BATCH: 4th – 7th Mar, 2025
2ND BATCH: 1st – 4th Sept, 2025