Introduction to IT Auditing
All auditors need the knowledge and experience to audit IT systems, as our organisations become increasing dependent on computers and communications networks. This top-quality course will provide you with all the knowledge and techniques that you need to plan and conduct an effective IT audit.
Based on well proven and effective systems-based auditing principles, the course will take you through the audit of the three main areas of IT audit – computer installation controls, system development controls, and the audit of applications. You will learn the essential control objectives to apply to each audit area, where the risks are, what control to expect and how to evaluate them. Using a set of case studies and interactive discussions, you will learn how to ask the right questions and how to assess the answers.
The course will also cover the risks involved with small business systems, operating systems, communications networks and databases. You will see how the auditor carries out and documents an IT audit, how to obtain the information you need and how to make effective recommendations for control improvements.
You will take away a detailed course manual and a complete set of audit programs to help you plan and carry out your own audits.
Suggested duration: 3 days, but can be customised to your requirements.
AgendaRole and objectives of the
IT Auditor
· What does an IT auditor do?
· What does an IT auditor look for during an audit?
· Systems-based auditing and how it is carried out
· Planning an IT systems audit
· Assessing risk in an Information Systems environment
Auditing the IT environment – audit controls required
· Auditing the IT strategy
· Organisational and administrative controls
· Operating system controls
· Change management
· Physical and logical access controls
· Network and Internet security principles
· Viruses, worms, Trojan Horses and related dangers
· Business continuity planning
· Database systems and their associated controls
Auditing systems development – what does an auditor look for?
· Auditing project management controls
· The project development life cycle
· How auditors contribute to systems development
· New development techniques and how to audit them
· Prototyping and Rapid Application Development
· Build or buy? - Auditing software package acquisition
· Computer systems contracts - how the auditor should be involved
· End-user system development controls
Auditing live IT applications – the systems audit approach
· The step-by-step approach
· Setting the objectives
· Identifying and testing controls in business applications
· Evaluating and reporting the audit findings
Controlling small business systems
. Setting control objectives for small systems
· What minimum standards should exist?
Audit tools, software and testing techniques – what the auditor
uses to automate the audit
· What audit tools are available?
· Using software tools for data extraction
· Performing software-based audit tests
Auditing Standards and Practices
· Using standards to plan your audit review
· ISO27001
· COSO and COBIT
· ITIL (ISO 20000) – Service Support and Delivery Issues