Home
Qualifications
Seminar Outlines
Assessing IT Controls
Integrating IT Auditing
Introduction to IT Auditing
Advanced IT Auditing
Course Schedule & Links
IT Audit Services
Article Index - SOX IT


Seminar Focus and features

Discusses the status of IT Auditing within organizations, the classic approaches to providing this necessary services to the organization, the preparation of General Auditors for contributing to the IT Audit projects and the categorization of risks to allow the IT Audit universe to be serviced by both IT Auditors and General Auditors. You will learn the basic fundamentals of Lo-tech IT controls that can be audited by General Auditors and the scope of IT risks, Lo-tech and Hi-tech, that must be addressed in today's environment.  The major areas which can be addressed by General Auditors will be discussed in detail with hands-on exercises to reinforce that knowledge.

Prerequisite: None
Learning Level: Basic NASBA: Auditing

Who should attend?
General Auditors, Audit Management

What You Will Learn

A. IT and the Audit Organization
    General Auditors
        Professional requirements
            IEG11
            CITP (AICPA)
    IT Auditors
    Integrated Audit- making it work?   

B. IT audit risk
    SAS 109 - IT risks
    Hi-tech vs Lo-tech
    IT Audit Universe

C. General IT Knowledge Requirements for Accountants
    IT Architecture
        General systems concepts
        Transaction processing in business systems
        Physical and hardware components of a system
        Networks, and electronic data transfer
        Software
        Protocols, standards, enabling technologies
        Data organization and access methods
        IT professionals and career paths in IT organizations
    System acquisition/development
        System acquisition/development life cycle phases, tasks
        Investigation and feasibility study
        System design, selection, acquisition/development
        System implementation
        System maintenance and program changes
    IT Management
        IT Organization
        Management of IT operations, effectiveness, and efficiency
        Asset management
        Management of system change and problem resolution
        Performance monitoring and financial control over IT resources
    Information Technology Strategy
        Enterprise strategy and vision
        Assess current and future IT environment
        IT strategic planning
        Ongoing governance and outcome
    Business Process Enablement
        Stakeholders and their requirements
        The entity's business models
        Risks and opportunities
        Impact of IT on the entity's business models, processes and solutions

D. Tools for control issues
    Overview tools
    COBIT
        Lo-tech vs hi-tech
        Assurance guides
    Global Technology Audit Guides (IIA)
    Information Technology Committee Guidelines (IFAC)

E. IT Audit Methodologies for General Auditors
    Art or science
        Every situation can be different based on business needs, development and             infrastructure choices
        Principles of Audit apply but adapt to environment
    Integrate control review into program development cycle
    Don't assume a process is a key controlIs there an active control to enforce the     process?
    Show me not tell me
        Eliminate the 'snow job'
      How to recognize when the water's too deep
        Are there gators in there, too? - evaluate risk
    Tools
        Go from not possible to gotcha
    What to do if
        Purchased software
        Service organizations

F. Computer assisted audit tools
    How to identify what you need?
    Creating the solution
        Financial audit responsibility?
        IT Auditing staff?
    Is this an ongoing need
        Document
        Secure

Top