IT Auditing for Operational Auditors- Available as an On-site Seminar Only

Available as an On-site Seminar Only

• Develop an understanding of IT control concepts and control frameworks.
• Review The IIA’s Guide to the Assessment of IT Risk (GAIT) methodology for assessing IT general controls.
• Understand the three most important IT general controls.
• Appreciate the relationship between IT general controls and application controls.
• Gain experience planning tests of key IT controls.

• Audit managers and lead auditors who want to begin including reviews of IT controls in their operational audits.
• Internal auditors without a formal educational background in IT who want to begin applying their operational audit skills to reviews of IT areas.

Information technology is a critical enabler of business processes employed by organizations to implement strategies, achieve goals, accomplish missions, and realize visions. Several recent surveys of CAE’s and other senior executives indicate that the line separating “IT” and “non-IT” audits is beginning to disappear. Assuring an organization’s governance, risk management, and control processes requires all internal auditors to understand the role of technology within their organizations and begin developing the basic IT knowledge to their job.

The premise of this course is that internal auditors can learn to audit IT by applying their operational audit skills in IT areas. Through group discussion, practical team exercises and individual activities participants gain the skills necessary to assess IT general controls and application controls. Successful completion of this course should enable participants to begin integrating IT into the scope of their operational audits.

Assessing Risk and Engagement Planning

• Understand how to include IT in the development of your annual audit plan
• Explain how the IT environment can support organizational strategy and goals
• Develop an agenda for reviewing IT risks with your audit committee
• Use the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to perform an initial assessment of IT related risks that exist within your organization
• Discuss the concept of an IT audit universe
• Discuss The IIA’s GAIT-R methodology

Information Protection

• Distinguish between the concepts of data security and information integrity
• Understand the process of defining, categorizing, and valuing information assets
• Explain objectives for an effective information security framework
• Understand what information should be collected in assessing IT security
• Plan an initial assessment of IT security activities

IT General Controls

• Discuss roles and responsibilities related to ITGCs
• Understand the objectives of identity and access management
• Explain issues related to segregation of duties within business applications
• Plan an assessment of identity and access management controls
• Plan an initial assessment of controls over change management

Application Controls

• Understand the objectives of application controls
• Explain the systems development life cycle
• Develop a plan for testing application controls
• Understand the impact of ITGCs on application controls
• Identify tests for specific application controls

Wrap-up

• IT control concepts
• IT audit planning
• Information protection
• IT general controls
• Application controls