Course Information
Introduction to IT Audit
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
IT Auditing is an essential skill for internal auditors. To be an effective IT auditor, one needs to understand four major components of IT audit: IT Governance and Management, General IT Controls, Applications Controls, and Development Controls. This course is an introduction to these concepts that will prepare you to pursue further training in IT Audit.
This course will introduce the fundamentals of IT auditing, core drivers behind why it is a specialized area of auditing, evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. It will introduce the role of IT auditing and how IT audit strategies can enhance non-IT audits.
We will define critical IT concepts, governance requirements, risk assessment techniques, and related auditing concepts. Attendees will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence.
You will discuss:
The IT audit universe
Understanding the importance of the operating culture on IT control
Understanding the relationship of controls to control objectives
Meeting auditing standards for compliance and attaining IT audit value
Importance of applying comprehensive audit planning techniques to achieving audit success
Impact of outsourced IT functions
Course Objectives
Upon completion of this course, participants will be able to:
Gain a working understanding of IT audit concepts and practices
Clarify the difference and importance of general versus application control audits
Learn how to apply internal control fundamentals to the evaluation of IT system integrity, security, and availability
Gain an understanding of the operational and control objectives of the principle areas of general control
Further your appreciation of the importance if IT in achieving organizational objectives and in providing assurance that appropriate controls are designed, implemented and in effect to attain system integrity, security, and availability
Course Outline
Role of the IT Auditor
Objectives of IT Audit
Information Systems and its Impact on the Business
The IT Audit Universe
Understanding Prominent IT Controls Framework
COSO
COBIT 4.1 & 5
ISO27001/2
NIST Risk Management and Cybersecurity Frameworks
CIS Critical Security Controls
FFIEC CyberSecurity Assessment
Payment Card Industry Standards
Auditing General Controls
Objectives of the General Controls Review
IT Governance and Management
Information/Cyber Security Management
Configuration Management and Change Control
Network Management and Security
Data Management
Incident Response and Business Continuity
Cloud Computing and Other Outsourcing
Physical Security and Media Management
Auditing IT Application
Objectives of Application Systems Audits
Key Application Processes
Understanding the Risks and Controls in the IT Process Modules
Planning Different Types of Application Audits
Auditing Existing Applications
Identifying Control Objectives
Establishing an Audit Workplan
Key Controls in the Application Process
Auditing Systems in Development
Comparing different System Development Life Cycle (SDLC) Models
Audit Objectives and Roles in System Development
Prerequisites
No prerequisites required.
Instructors
Richard Tarr is an audit and information systems consultant and President of Richard Tarr and Associates, a consulting practice that specializes in application and general control reviews and networks including the development and training of integrated internal auditing functions; quality assurance reviews; strategic planning; business continuation planning; and project management.
Mr. Tarr has more than 20 years in audit and information systems, with additional experience in the design and implementation of large financial and operational systems, includes hotel management and reservations systems and networks. He has managed complex development projects as well as participated in the design and acquisition of software and hardware architectures for both centralized and distributed environments. In addition he has had extensive experience in the development, training, and evaluation of internal audit departments in both government and industry.
Previously with the Walt Disney Company, he initiated and developed the information systems audit function, and served as the Corporate Information Systems Audit Manager. Mr. Tarr was a senior systems engineer with Electronic Data Systems (EDS), where he designed and implemented applications for financial industry clients. He has started and managed corporate audit functions, managed information systems development project teams and has supervised programming staffs in both government and industry. He was the Manager of Quality Assurance Review for the Institute of Internal Auditors (IIA) and is the author of the IIA’s publication Establishing an Internal Audit Function.
Among the seminars Mr. Tarr teaches for MIS are Sarbanes-Oxley for IT Auditors, Using COBIT in Your IT Audits, Auditing IT Governance, Sarbanes-Oxley: A Roadmap to Compliance, IT Audit School; IT Auditing and Controls, How to Audit Automated Business Applications, and How to Perform a General Controls Review. He also teaches Fundamentals of Internal Auditing, Advanced Auditing for In-Charge Auditors, and Data Driven Auditing: A Business Approach.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.