Course Information
IT Auditing For the Non-IT Auditor
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
In today’s environment, all auditors must become multi-faceted and multi-purposed. Regardless of background, internal auditors must have the basic knowledge of IT Auditing to understand the general concepts, understand IT terminology and how IT Auditing is integral to general auditing. There is no complete view/opinion of one without looking at the other. This course will take auditors through the basics of IT Auditing.
Course Objectives
Objectives:
• Understanding of the basics of IT Auditing, including key terms and acronyms
• Learn the importance of the IT risk assessment and integration with the audit risk assessment
• Understand the difference between application controls and general controls and
how to identify each
Outline:
I. Introduction and Background
a. Background
b. Topics to Cover
II. IT Risk Assessment
a. What is an IT Risk Assessment?
b. Understanding the IT Environment
c. IT Risk Frameworks
d. The Audit Plan
e. Mapping the IT and Business Environment
f. Heat Maps
III. General Computer Controls
a. Information Security
i. Auditing Application System Approach
b. Application Configuration
c. Input Controls
d. Data
e. Transaction Processing
f. Security
g. Reporting
h. Data Interfaces and Conversions
i. Benchmarking
VI. Auditing Security
a. Information Security Governance
b. IS Operations
c. Application System and Maintenance
d. Database Implementation and Support
e. Network Support
f. System Software Support
IV. Pre- and Post-Implementation Audits
a. Key Concepts
b. Project Risk Management
c. Pre-implementation Review
d. Post-implementation Review
V. Auditing Application Systems
b. User Access Administration
c. Technology Based Access Security Controls
d. Secure Systems Development
e. Incident Response
f. Remote Access and Third Parties
g. User Awareness and Training
h. Physical Security
i. Legal and Regulatory Compliance
VII. Segregation of Duties
VIII. Spreadsheets
Prerequisites
Prerequisite not required.
Instructors
Danny M. Goldberg is a well-known speaker on internal auditing and People-Centric Skills. Danny co-authored People-Centric© Skills: Communication and Interpersonal Skills for Internal Auditors, via Wiley Publications. This is the first book published specifically to address the wide-ranging topic of communication skills for internal auditors. It has been offered through the IIA and ISACA bookstores since July 2015 and has sold over 3,000 copies (through April 2018).
Danny has over 21 years of professional experience, including five years leading/building internal audit functions. Danny was named as one of the Fort Worth Business Press 40 Under 40 for 2014. Danny is also accredited as the Professional Commentator of the Bureau of National Affairs - Internal Audit: Fundamental Principles and Best Practices (Professional Commentator). This book was authored by renowned audit scholars Curtis C. Verschoor and Mort A. Dittenhofer – co-author of Sawyer’s Internal Auditing.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
To see answers to our Frequently Asked Questions, visit Texas State Auditor's Office - Professional Development FAQs