IT Auditing Fundamentals

Course Description

To provide IT professionals the audit side of the technical skills and tools needed to perform an IT auditing functions. The three-day course will examine how the internal audit department operates and provide a real-world business-process view of Information Technology auditing that will help you develop an audit mind-set. To review what will be expected of you as an auditor, you will review professional audit standard and the COSO internal control report, and discover how they differ from IT standards. You will examine the impact of current business environment on IT, including the Sarbanes Oxley Act, control models, and risk management. You will explore the purpose and scope of information system audits, you will learn the importance of application and general controls and how to perform reviews at all levels of the enterprise. Not for computer rookies, this course will place you with other technical professional who must learn the ins and outs of IT auditing. You will also learn IT auditing jobs interview skills and requirements. The demand for IT auditing professionals has been growing in the past year and trend will continue since internal controls could not be outsourced easily.

You will learn

  • Know how to identify/evaluate/document general and application controls and risks associate with IT and business processes from an internal audit department mind-set
  • Know how to apply audit/professional standards/regulatory (SOX), develop audit procedures, conduct end to end IT auditing processes which will include audit announcement/request list/interview/testing/develop work papers/ticked mark/evidences/exit negotiation skills, and finalized with a business orient audit report

Course Outline

Unit 1: Fundamentals of IT audit
  • Auditing Standards – SAS, ISO, COSO, COBIT, and Law and regulations
  • Infrastructure Essentials – Network, System Software, Database and servers
  • Databases – audit concerns and controls
  • Distributed Systems – tier structure and client/server
Unit 2: General computer Controls
  • Networks – Telecommunication, OSI layers, network components, firewall, IDS and IPS
  • Internet – e-commerce and x-content
  • General Control – audit approach, network, OS, DB, Change management, operations and physical security
  • Business Systems Applications – application audits – AP, AR, GL and Payroll
  • Business Process versus Transaction – batch, online, real time processing
  • General Flow of an Application Audit – validation and reconciliation
  • Components of a Business Application – Origination of input, input, process and output
Unit 3: Application Controls
  • Data Input and Processing Models
  • Application Controls – input control, interface header/trailer and output control
Unit 4: audit tools and Control Matrix
  • Beginning the Audit – who, what, how, when and why
  • Control Matrix – segregation of duties testing
  • Computer Assisted Audit Techniques for Substantive Testing – generalize audit tools, excel, ACL, and access
Unit 5: Auditing by Exception and Approaches
  • Auditing by Exception – fraud – intention and unintentional
  • Certified Information Systems Auditor exam and how to prepare for the test
Unit 6: Mock Audit process reports
  • In addition, summary of reports on how to write risk statements and their related exposure (impacts), quantification of exposure, audit and technical reports will be discussed.


No schedule available now