Course Information

This course is designed for financial, operational, business, and new IT auditors to provide a solid introduction to the risks and controls necessary to audit IT department functions and the underlying technologies. We will cover the basic concepts of information technology to help auditors understand the IT impact on business. We will explore such IT areas as operating systems, networks, database management systems, and application systems. Supporting IT general controls, such as logical and physical access, help desk, system development, change management, and disaster recovery planning will also be covered. We will introduce a top-down, risk-based approach to auditing business applications and ensuring that their supporting infrastructure is considered in the audit process. Learners will leave this intensive seminar with a solid foundation in information technology basics as they apply to IT risks, audit, information security, and business application systems.

Upon completion of this course, participants will be able to:

• Learners will be able to describe what a technical term refers to and understand its place in an organization.

• Learners will be able to identify risks associated with the use of technology by their organization.

• Learners will be able to describe categories of controls that may be in place to protect systems.

• Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.

Detailed Course Outline

 Lecture format due to volume of content. Agenda items can be removed or deprioritized for a more interactive learning experience.

• How is IT used in Companies?

  • Business systems

  • Support systems

  • Infrastructure

  • Marketing and sales

• IT Risks

  • Risk overview

  • Confidentiality, integrity, availability (CIA)

  • Managing risk

• Basics of IT

  • Computing devices and operating systems

  • Significant computer types

  • Client/server technology

  • Middleware/APIs

  • Virtualization

  • Programs and programming overview

• Networks

  • Overview

  • Network devices

  • Network protocols, ports, and services

  • Firewalls

  • Network monitoring (IDS/IPS/SIEM)-

  • Cloud – characteristics

  • Cloud – service models

  • Cloud – audit considerations

• Internet of Things (IoT)

  • Definitions

  • Usage and control overview

• Databases

  • Database types

  • Database terminology/definitions

  • SQL

  • Database audit concepts

• IT General Controls (ITGCs)

  • IT general controls introduction

  • Logical security – authentication

  • Administration and awareness

  • Encryption overview

  • System development lifecycle (SDLC)

  • Change management

  • SDLC/System Development Methodology (SDM) audits

  • IT operations

  • Vulnerability scanning and penetration testing

  • Physical and environmental controls

  • Business continuity planning

  • Disaster recovery planning

  • Mobile device management (MDM)/Bring Your Own Device (BYOD)

  • End-user computing

• Frameworks and Laws

  • Security and audit frameworks – Part 1

  • Security and audit frameworks – Part 2

• Governance

  • Business and IT strategy

  • IT and security strategy

  • IT risk assessment

  • Risk register and acceptance

  • Vendor management

• Applications

  • Application control objectives

  • Business transaction processing

  • Business support and IoT applications

• Audit Planning

  • Audit risk assessment

  • IT audit scoping

  • IT general controls

  • Technical audits

  • Application/integrated audits

Prerequisite not required.