Introduction to IT Auditing

All auditors need the knowledge and experience to audit IT systems, as our organisations become increasing dependent on computers and communications networks. This top-quality course will provide you with all the knowledge and techniques that you need to plan and conduct an effective IT audit.

Based on well proven and effective systems-based auditing principles, the course will take you through the audit of the three main areas of IT audit – computer installation controls, system development controls, and the audit of applications. You will learn the essential control objectives to apply to each audit area, where the risks are, what control to expect and how to evaluate them. Using a set of case studies and interactive discussions, you will learn how to ask the right questions and how to assess the answers.

The course will also cover the risks involved with small business systems, operating systems, communications networks and databases. You will see how the auditor carries out and documents an IT audit, how to obtain the information you need and how to make effective recommendations for control improvements.

You will take away a detailed course manual and a complete set of audit programs to help you plan and carry out your own audits.

Suggested duration: 3 days, but can be customised to your requirements.

Agenda

Role and objectives of the IT Auditor
What does an IT auditor do?
What does an IT auditor look for during an audit?
Systems-based auditing and how it is carried out
Planning an IT systems audit
Assessing risk in an Information Systems environment


Auditing the IT environment – audit controls required
Auditing the IT strategy
Organisational and administrative controls
Operating system controls
Change management
Physical and logical access controls
Network and Internet security principles
Viruses, worms, Trojan Horses and related dangers
Business continuity planning
Database systems and their associated controls


Auditing systems development – what does an auditor look for?
Auditing project management controls
The project development life cycle
How auditors contribute to systems development
New development techniques and how to audit them
Prototyping and Rapid Application Development
Build or buy? - Auditing software package acquisition
Computer systems contracts - how the auditor should be involved
End-user system development controls


Auditing live IT applications – the systems audit approach
The step-by-step approach
Setting the objectives
Identifying and testing controls in business applications
Evaluating and reporting the audit findings


Controlling small business systems
. Setting control objectives for small systems
What minimum standards should exist?


Audit tools, software and testing techniques – what the auditor uses to automate the audit
What audit tools are available?
Using software tools for data extraction
Performing software-based audit tests


Auditing Standards and Practices
Using standards to plan your audit review
ISO27001
COSO and COBIT
ITIL (ISO 20000) – Service Support and Delivery Issues