Skip to main content

Fundamentals of IT Auditing

Date(s): Aug 07, 2023 - Aug 08, 2023
Time: 8:00AM - 4:30PM
Registration Fee: $249.00
Cancellation Date: Jul 31, 2023
Location: Online

Course Description

This course provides a comprehensive overview of the fundamental concepts of IT auditing, and how to apply them on the job. Learn about IT governance and the regulatory environment, general controls, application controls, and end-user computing, and how to perform various IT audits, and more.

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level:
Category: Auditing

Course Objectives

Behavioral Objectives

Upon completion of this course, participants will be able to:

  • Explore the steps to perform an audit of IT applications that support key business processes, utilizing general IT control audit concepts.

  • Examine the steps for coordinating the assessment of IT risks with the evaluation of IT general controls.

  • Recognize the concepts of application controls as they relate to auditing systems in development.

  • Identify the steps to perform a risk assessment and an evaluation of controls over end-user computer applications, utilizing general IT control concepts.

Detailed Course Outline

Course Topics

  • Overview of IT Auditing Concepts and Controls

  • Types of audits internal auditors perform.

  • The responsibilities, objectives, and skills needed to perform IT audits.

  • How COSO relates to IT auditing.

  • Commonly referenced regulations affecting IT audits.

Overview of Key Technical Processes and IT General Controls

  • Key technical processes.

  • IT governance.

  • Project management.

  • Traditional IT general controls (ITGCs).

  • Common physical security controls.

  • Common environmental controls.

  • Administrative controls.

  • Computer operations controls.

 Introduction to IT Change Management

  • The IT change management process.

  • Standard types of technology changes.

  • Risks and costs of ineffective or inefficient IT change management.

  • Controls by function.

  • Internal Audit’s role in IT change management.

Fundamentals of Logical Security

  • General system security concepts.

  • The IAAA Model.

  • Identification.

  • Authentication.

  • Authorization.

  • Auditing.

  • Primary activities regarding access management.

 Availability and Corrective Controls

  • Recovery objectives.

  • Availability concepts.

  • Business continuity.

  • Disaster recovery.

  • Incident response.

  • Auditing availability and corrective controls recovery processes.

System Development Life Cycle

  • System development life cycle concepts.

  • System development life cycle frameworks.

  • Auditing the system development life cycle.

Application Controls

  • Types of application controls.

  • Purpose, risks, and control activities relating to:

  • Input controls.

  • Processing controls.

  • Output controls.

  • Interface controls.

  • Audit trails (log files).

  • General application security.

End-User Computing – Shadow IT

  • Overview of end-user computing.

  • User-developed applications (UDA) risks and controls.

  • Dependence on spreadsheets within financial activities.

  • User-acquired-systems (UAS) risks and controls.

  • Auditing end-user computing.

Networking Essentials

  • Key networking concepts and technologies.

  • Typical networking risks.

  • Traditional networking controls and tools.

Cloud Computing

  • Basics of cloud computing.

  • Cloud environments.

  • Benefits of cloud computing

  • Cloud service risks.

  • Cloud controls.

  • Importance of the Statement on Standards for Attestation Engagements (SSAE) System and Organizational Controls (SOC) reports.


No prerequisites required.

YB 4.23(k)


Megan Hall

Megan is currently the Chief Information Officer for the First National Bank of Paragould. Prior to becoming the CIO, Megan was the Director of Internal Audit at Simmons Bank, where she was primarily responsible for IT Auditing, Audit Data Analytics and Innovation, Auditor Development, and Quality Assurance. Previous responsibilities included developing policies, processes, standards, and work programs for operational, compliance, branch and financial audits and overseeing audit projects. She has led Simmons Bank in preparing for the transition from a community bank to a regional banking organization (over $10 Billion in total assets) and transitioned the department from a fully outsourced model to a co-sourced function. She has been heavily involved in new technology implementation, both within the audit department and across the organization, and developed a risk assessment tool to enable Internal Audit to use risk-based approaches for auditing technology implementations and has audit and management experience with significant mergers and acquisitions activities.

Prior to joining Simmons Bank, Megan worked for the Office of the Comptroller of the Currency, where she served as a commissioned National Bank Examiner and participated and oversaw bank examinations for national banks of all sizes. She served as a Training Team Leader and Training Team Assistant for the OCC, delivering an intensive training curriculum to new hires.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

To see answers to our Frequently Asked Questions, visit