To provide IT professionals the audit side of the technical skills and tools needed to perform an IT auditing functions. The three-day course will examine how the internal audit department operates and provide a real-world business-process view of Information Technology auditing that will help you develop an audit mind-set. To review what will be expected of you as an auditor, you will review professional audit standard and the COSO internal control report, and discover how they differ from IT standards. You will examine the impact of current business environment on IT, including the Sarbanes Oxley Act, control models, and risk management. You will explore the purpose and scope of information system audits, you will learn the importance of application and general controls and how to perform reviews at all levels of the enterprise. Not for computer rookies, this course will place you with other technical professional who must learn the ins and outs of IT auditing. You will also learn IT auditing jobs interview skills and requirements. The demand for IT auditing professionals has been growing in the past year and trend will continue since internal controls could not be outsourced easily.
You will learn
Know how to identify/evaluate/document general and application controls and risks associate with IT and business processes from an internal audit department mind-set
Know how to apply audit/professional standards/regulatory (SOX), develop audit procedures, conduct end to end IT auditing processes which will include audit announcement/request list/interview/testing/develop work papers/ticked mark/evidences/exit negotiation skills, and finalized with a business orient audit report
Course Outline
Unit 1: Fundamentals of IT audit
Auditing Standards – SAS, ISO, COSO, COBIT, and Law and regulations
Infrastructure Essentials – Network, System Software, Database and servers
Databases – audit concerns and controls
Distributed Systems – tier structure and client/server
Unit 2: General computer Controls
Networks – Telecommunication, OSI layers, network components, firewall, IDS and IPS
Internet – e-commerce and x-content
General Control – audit approach, network, OS, DB, Change management, operations and physical security
Business Systems Applications – application audits – AP, AR, GL and Payroll
Business Process versus Transaction – batch, online, real time processing
General Flow of an Application Audit – validation and reconciliation
Components of a Business Application – Origination of input, input, process and output
Unit 3: Application Controls
Data Input and Processing Models
Application Controls – input control, interface header/trailer and output control
Unit 4: audit tools and Control Matrix
Beginning the Audit – who, what, how, when and why
Control Matrix – segregation of duties testing
Computer Assisted Audit Techniques for Substantive Testing – generalize audit tools, excel, ACL, and access
Unit 5: Auditing by Exception and Approaches
Auditing by Exception – fraud – intention and unintentional
SARBANES-OXLEY SECTION 404 and CORBIT PROCESSES – AS2 and AS5.
Certified Information Systems Auditor exam and how to prepare for the test
Unit 6: Mock Audit process reports
In addition, summary of reports on how to write risk statements and their related exposure (impacts), quantification of exposure, audit and technical reports will be discussed.
