IT Auditing And Controls Agenda

Seminar: ID# 1003293

Agenda

1. Introduction to IT Risks & Controls

• Role of IT
• Risk Definitions
• Risk Assessment
• Information Security Objectives
• IT Controls Cost / Risk Balance
• Internal Control Overview
• Accountability & Auditability
• Integrated Auditing

• Definition of Internal Audit
• IT Audit Planning
• Audit Universe / IT Audit Universe
• Risk Criteria
• Audit Engagement Planning
• IT Control Categories
• Mapping Risk and Control Categories

• Maintaining Objectivity
• What is a Standard?
• COSO
• GAO Green Book
• IIA Global Technology Audit Guides
• COBIT®
• ISO 27002 Security Standard

• Computer Hardware
• Central Processing Unit / Memory
• Operating Systems (OS)
• Mainframe
• Client/Server Technology
• Virtualization / Virtual Servers
• Batch and Interactive Models

• Managing Information
• Database Terminology
• Database Management Systems (DBMS)
• Hierarchical Databases
• Relational Databases
• Database Risks
• Database Audits

• Networking Risks
• What is a “Network”?
• OSI Model
• Local Area Networks (LANs)
• Wide Area Networks (WANs)
• Network Devices
• Firewalls
• Intrusion Detection Systems (IDS / IPS)
• Virtual Private Networks (VPNs)
• Wireless
• The Internet
• Cloud Computing

• Audit’s Role in IT Governance
• IIA Professional Practices Framework - Governance
• Linking Business and IT Strategies
• IT Governance Objectives
• COBIT® 5 - IT Governance / Management
• IIA GTAG - Auditing IT Governance
• Separation of Duties
• Assessing Outsourced IT Functions

• Logical Security
• Change Management
• Business Continuity / Disaster Recovery
• Operation Controls
• Physical Security
• Environmental Exposures
• System Development

• Business Application Control Categories
• Business Application Risks
• What is a Transaction?
• Transaction Life Cycle
• Business Application Audit Objectives
• Business Application Controls
• The Future of Applications