Course Information
Assessing Data Reliability
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Assessing the reliability of computer generated data is an important step in audit planning as well as addressing specific audit objectives. Data is aggregated from various sources, processed using automated rule sets, and stored in databases, data warehouses, etc. Applications and business users extract or retrieve data as the basis for strategic decisions, reporting, day-to-day operations, and auditing. The reliability of data may be at significant risk when placed in operational and IT environments lacking processing, transmission, storage or security controls. Misinterpretation of reliability risk factors may result in misdirected audit effort or incorrect conclusions. This training session will provide you with the concepts and tools to effectively evaluate the reliability of data processed and available for analysis and decision making.
We will focus on:
• How reliability assessment of data from IT systems should be conducted during audit planning when developing audit objectives and audit procedures.
• Key factors to be reviewed during audit planning to assist the auditor in evaluating the sufficiency, reliability and relevance of data to be used as audit evidence.
• Steps to perform when obtaining evidence during the audit regarding data accuracy, completeness and validity.
• Data reliability issues relating to organization, appropriateness of controls, risk, and testing.
Course Objectives
Behavioral Objectives Upon completion of this course, participants will be able to:
Understanding the requirements of data relevance and data reliability
• Evaluating data classification
• How to introduce good practices for data management
• Identifying data integrity requirements
• Assessing security and availability requirements
• Evaluating factors that impact data reliability
• Assessing risk with respect to data reliability
• Determining the impact of data reliability assessment on developing audit objectives
• Establishing audit evidence requirements
• Using data reliability assessment in developing audit procedures
Detailed Course Outline:
Data Value
• What is data value
o Defining data usefulness
Defining Data Reliability
• Relevance
• Reliance
• Integrity
• Control and Audit Considerations
Operational Requirements for Data Reliability
• Business process requirements
• Legal and compliance requirements
Data Management
• Information architecture
• Data classification
• Distinguishing between controls “in place” and “in effect” for reliability
• Data management definition, ownership and custodianship
Auditing Data Reliability
• Audit objectives
• Audit evidence
o Defining audit evidence
o Evaluating sufficiency of audit evidence
• Evaluating internal controls
• Designing audit procedures
Good Practices for Data Management
• Database management
• Database administration
• Change management
• Data security
o Access control
o Identity management
o Security management and planning
o User accounts
o Incident management
• Outsourcing
• Business Continuity
Impact of Internal Control on Data Reliability
• Control responsibilities
• Factors that impact control
• Technology and controls
• Risk and data reliability
• Reasonable assurance
• Audit framework
o Linking controls to objectives
o Control classification
Prerequisites
No prerequisites required.
YB 4.23(k)
Instructors
Richard Tarr is an audit and information systems consultant and President of Richard Tarr and Associates, a consulting practice that specializes in application and general control reviews and networks including the development and training of integrated internal auditing functions; quality assurance reviews; strategic planning; business continuation planning; and project management.
Mr. Tarr has more than 20 years in audit and information systems, with additional experience in the design and implementation of large financial and operational systems, includes hotel management and reservations systems and networks. He has managed complex development projects as well as participated in the design and acquisition of software and hardware architectures for both centralized and distributed environments. In addition he has had extensive experience in the development, training, and evaluation of internal audit departments in both government and industry.
Previously with the Walt Disney Company, he initiated and developed the information systems audit function, and served as the Corporate Information Systems Audit Manager. Mr. Tarr was a senior systems engineer with Electronic Data Systems (EDS), where he designed and implemented applications for financial industry clients. He has started and managed corporate audit functions, managed information systems development project teams and has supervised programming staffs in both government and industry. He was the Manager of Quality Assurance Review for the Institute of Internal Auditors (IIA) and is the author of the IIA’s publication Establishing an Internal Audit Function.
Among the seminars Mr. Tarr teaches for MIS are Sarbanes-Oxley for IT Auditors, Using COBIT in Your IT Audits, Auditing IT Governance, Sarbanes-Oxley: A Roadmap to Compliance, IT Audit School; IT Auditing and Controls, How to Audit Automated Business Applications, and How to Perform a General Controls Review. He also teaches Fundamentals of Internal Auditing, Advanced Auditing for In-Charge Auditors, and Data Driven Auditing: A Business Approach.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.