How to Audit IT General Controls - ITG201

Description

Business reliance on technology and the associated risks are reshaping how we audit and what we assess. Attempting to scope an operational audit without drilling into business technology is nearly impossible in today’s business landscape. In turn, conducting an IT audit without factoring business processes delivers limited assurance to the board of directors, and value to the enterprise.

Every internal auditor today must have a general understanding of technology and the vulnerabilities, threats and risks that face our enterprises each day to effectively plan and execute any audit engagement.

In this three-day seminar, we will explore the IT general control areas that must be addressed to ensure confidentiality, integrity and availability as well as reliability and privacy of our sensitive and proprietary data and information assets. During the session, we will discuss the most common IT related vulnerabilities, threats and risks facing most enterprises today and the key controls to help reduce those risks to an acceptable or tolerable level.

We will explore critical aspects of the IT environment including the importance of data governance and data management, the Scenario-based Risk Assessment process commonly used by IT Risk Managers and will walk through many of the most common technologies and associated vulnerability, threats, risks and controls using common business language and using common applications as our examples. We will have several discussions examining various documents to allow attendees to apply the knowledge learned during the session.

By the end of this session attendees will have a better understanding on how to plan, scope and conduct an IT General Controls audit.

Prerequisite: Fundamentals of Internal Audit (OAG101), IT Audit School (ITG121)
Advance Preparation: None
Learning Level: Intermediate
Delivery Method: Group-Live
Field: Auditing

What you will learn

 


1. You will learn the how to assess:
• Data and Information Governance and Management
• Effectiveness of IT Governance
• Common IT Control Standards and Frameworks
• IT Risk Management Using Scenario Analysis
- Risk Identification
- Risk Assessment (Analysis and Evaluation)
- Risk Response
- Risk Monitoring and Reporting

2. Technology overview, common controls, common vulnerabilities, threats, risks and tests related to:
• IT Service Organizations – Roles and Responsibilities (SOD)
• Contract Management
• Technology Insurance
• IT Service Management
- Asset
- Configuration & Hardening
- Change/Release
- Problem/Incident
- Knowledge
• Access Logical/Physical
• Environmental Controls
• Hardware and Software Infrastructure
• Network Perimeter Security
• Patch Management
• Vulnerability Management (and Pen Testing)
• Application Development
• Business Continuity and Disaster Recovery
• Incident Management
• Project Management
• Process Engineering
• Third Parties and Cloud Providers

3. Assessing Information Technology
• GCC Audit
• Other Regulation Variations (SOX, PCI, etc.)
• Adding GCC considerations to every audit engagement


Overview


Training Week Course


Business reliance on technology and the associated risks are reshaping how we audit and what we assess. Attempting to scope an operational audit without drilling into business technology is nearly impossible in today’s business landscape. In turn, conducting an IT audit without factoring business processes delivers limited assurance to the board of directors, and value to the enterprise.

Every internal auditor today must have a general understanding of technology and the vulnerabilities, threats and risks that face our enterprises each day to effectively plan and execute any audit engagement.

In this three-day seminar, we will explore the IT general control areas that must be addressed to ensure confidentiality, integrity and availability as well as reliability and privacy of our sensitive and proprietary data and information assets. During the session, we will discuss the most common IT related vulnerabilities, threats and risks facing most enterprises today and the key controls to help reduce those risks to an acceptable or tolerable level.

We will explore critical aspects of the IT environment including the importance of data governance and data management, the Scenario-based Risk Assessment process commonly used by IT Risk Managers and will walk through many of the most common technologies and associated vulnerability, threats, risks and controls using common business language and using common applications as our examples. We will have several discussions examining various documents to allow attendees to apply the knowledge learned during the session.

By the end of this session attendees will have a better understanding on how to plan, scope and conduct an IT General Controls audit.

Prerequisite: Fundamentals of Internal Audit (OAG101), IT Audit School (ITG121)
Advance Preparation: None
Learning Level: Intermediate
Delivery Method: Group-Live
Field: Auditing

Further information

MIS Training Institute
Provider:
MIS Training Institute
Duration:
3 Days
Price:
POA
Availability:
Scheduled dates
Course type:
Classroom
Locations:
Amsterdam, Atlanta, GA, Bandar Seri Begawan, Boston, MA, Burlington, MA, Cape Town, Charlotte, NC, Chicago, IL, Dallas, TX, Denver, CO, Dubai, Dublin, Dublin, OH, Hong Kong, Houston, TX, Las Vegas, NV, London, Manila, New York, NY, Oman, Orlando, FL, Philadelphia, PA, San Diego, CA, San Francisco, CA, Seattle, WA, Singapore, Virtual Training Room Only, Washington, DC

Contact Information

MIS Training Institute

153 Cordaville Road
Suite 200
Southborough
01772 USA

Credentials

Locations