Skip to main content

Introduction to IT Audit

Back to Course Schedule
Date(s): May 18, 2022 - May 19, 2022
Time: 8:00AM - 4:30PM
Registration Fee: $429.00
Cancellation Date: May 11, 2022
City: Austin
Local Hotels:
Parking Info:

Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.

A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.

Course Description

IT Auditing is an essential skill for internal auditors. To be an effective IT auditor, one needs to understand four major components of IT audit: IT Governance and Management, General IT Controls, Applications Controls, and Development Controls. This course is an introduction to these concepts that will prepare you to pursue further training in IT Audit.

This course will introduce the fundamentals of IT auditing, core drivers behind why it is a specialized area of auditing, evolution of IT assurance, and the principle objectives of IT auditing and its relationship to integrated financial or operational auditing. It will introduce the role of IT auditing and how IT audit strategies can enhance non-IT audits.

We will define critical IT concepts, governance requirements, risk assessment techniques, and related auditing concepts. Attendees will be introduced to techniques for identifying operational and control requirements for IT systems, researching control objectives and related controls, evaluating control design or appropriateness, and assessing the reliability of IT audit evidence.

You will discuss:

  • The IT audit universe

  • Understanding the importance of the operating culture on IT control

  • Understanding the relationship of controls to control objectives

  • Meeting auditing standards for compliance and attaining IT audit value

  • Importance of applying comprehensive audit planning techniques to achieving audit success

  • Impact of outsourced IT functions

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level: BEGINNING
Category: Auditing

Course Objectives

Upon completion of this course, participants will be able to:

  • Gain a working understanding of IT audit concepts and practices

  • Clarify the difference and importance of general versus application control audits

  • Learn how to apply internal control fundamentals to the evaluation of IT system integrity, security, and availability

  • Gain an understanding of the operational and control objectives of the principle areas of general control

  • Further your appreciation of the importance if IT in achieving organizational objectives and in providing assurance that appropriate controls are designed, implemented and in effect to attain system integrity, security, and availability

Course Outline

  • Role of the IT Auditor

    • Objectives of IT Audit

    • Information Systems and its Impact on the Business

    • The IT Audit Universe

  • Understanding Prominent IT Controls Framework

    • COSO

    • COBIT 4.1 & 5

    • ISO27001/2

    • NIST Risk Management and Cybersecurity Frameworks

    • CIS Critical Security Controls

    • FFIEC CyberSecurity Assessment

    • Payment Card Industry Standards

  • Auditing General Controls

    • Objectives of the General Controls Review

    • IT Governance and Management

    • Information/Cyber Security Management

    • Configuration Management and Change Control

    • Network Management and Security

    • Data Management

    • Incident Response and Business Continuity

    • Cloud Computing and Other Outsourcing

    • Physical Security and Media Management

  • Auditing IT Application

    • Objectives of Application Systems Audits

    • Key Application Processes

    • Understanding the Risks and Controls in the IT Process Modules

    • Planning Different Types of Application Audits

  • Auditing Existing Applications

    • Identifying Control Objectives

    • Establishing an Audit Workplan

    • Key Controls in the Application Process

  • Auditing Systems in Development

    • Comparing different System Development Life Cycle (SDLC) Models

    • Audit Objectives and Roles in System Development


No prerequisites required.


Richard H. Tarr

Richard Tarr is an audit and information systems consultant and President of Richard Tarr and Associates, a consulting practice that specializes in application and general control reviews and networks including the development and training of integrated internal auditing functions; quality assurance reviews; strategic planning; business continuation planning; and project management.

Mr. Tarr has more than 20 years in audit and information systems, with additional experience in the design and implementation of large financial and operational systems, includes hotel management and reservations systems and networks. He has managed complex development projects as well as participated in the design and acquisition of software and hardware architectures for both centralized and distributed environments. In addition he has had extensive experience in the development, training, and evaluation of internal audit departments in both government and industry.

Previously with the Walt Disney Company, he initiated and developed the information systems audit function, and served as the Corporate Information Systems Audit Manager. Mr. Tarr was a senior systems engineer with Electronic Data Systems (EDS), where he designed and implemented applications for financial industry clients. He has started and managed corporate audit functions, managed information systems development project teams and has supervised programming staffs in both government and industry. He was the Manager of Quality Assurance Review for the Institute of Internal Auditors (IIA) and is the author of the IIA’s publication Establishing an Internal Audit Function.

Among the seminars Mr. Tarr teaches for MIS are Sarbanes-Oxley for IT Auditors, Using COBIT in Your IT Audits, Auditing IT Governance, Sarbanes-Oxley: A Roadmap to Compliance, IT Audit School; IT Auditing and Controls, How to Audit Automated Business Applications, and How to Perform a General Controls Review. He also teaches Fundamentals of Internal Auditing, Advanced Auditing for In-Charge Auditors, and Data Driven Auditing: A Business Approach.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule