IT Auditing And Controls Agenda
Seminar: ID# 1003293
Agenda
1. Introduction to IT Risks & Controls
- Role of IT
- Risk Definitions
- Risk Assessment
- Information Security Objectives
- IT Controls Cost / Risk Balance
- Internal Control Overview
- Accountability & Auditability
- Integrated Auditing
2. Planning IT Audits- Definition of Internal Audit
- IT Audit Planning
- Audit Universe / IT Audit Universe
- Risk Criteria
- Audit Engagement Planning
- IT Control Categories
- Mapping Risk and Control Categories
3. Audit & Control Frameworks and Standards- Maintaining Objectivity
- What is a Standard?
- COSO
- GAO Green Book
- IIA Global Technology Audit Guides
- COBIT®
- ISO 27002 Security Standard
4. Basics of Information Technology- Computer Hardware
- Central Processing Unit / Memory
- Operating Systems (OS)
- Mainframe
- Client/Server Technology
- Virtualization / Virtual Servers
- Batch and Interactive Models
5. Database Technology and Controls- Managing Information
- Database Terminology
- Database Management Systems (DBMS)
- Hierarchical Databases
- Relational Databases
- Database Risks
- Database Audits
6. Network Technology and Controls- Networking Risks
- What is a “Network”?
- OSI Model
- Local Area Networks (LANs)
- Wide Area Networks (WANs)
- Network Devices
- Firewalls
- Intrusion Detection Systems (IDS / IPS)
- Virtual Private Networks (VPNs)
- Wireless
- The Internet
- Cloud Computing
7. IT Governance- Audit’s Role in IT Governance
- IIA Professional Practices Framework - Governance
- Linking Business and IT Strategies
- IT Governance Objectives
- COBIT® 5 - IT Governance / Management
- IIA GTAG - Auditing IT Governance
- Separation of Duties
- Assessing Outsourced IT Functions
8. IT General Controls- Logical Security
- Change Management
- Business Continuity / Disaster Recovery
- Operation Controls
- Physical Security
- Environmental Exposures
- System Development
9. Business Application Controls- Business Application Control Categories
- Business Application Risks
- What is a Transaction?
- Transaction Life Cycle
- Business Application Audit Objectives
- Business Application Controls
- The Future of Applications