Intermediate IT Audit School - ITG241


An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks. 

This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Learning Options

Below are the available learning options for this course:


Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

32 Credits


Why you should take this course

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Who should take this course

Senior IT Auditors, Technologists, and Information Security Managers and Analysts with 2+ years of experience looking to increase their ability to move into a position of IT audit leadership.


  • IT Audit School
  • or equivalent experience

1.    Risk Assessment and Audit Planning 

    IT risk definition

    IT threats and risks

    Building the IT audit program

2.    Audit and Security Resources 

    NIST cybersecurity framework

    Center for Internet Security (CIS)




    ISO 27000 Security Standards

    FISMA – NIST SP800-53 R5

3.    Logical Security 

    Logical security concepts

    Social engineering


    User identification and authentication

    User authorization

    Privileged access monitoring

    Log management

    Vulnerability assessments



    Audit considerations

4.    Database Management Systems (DBMS) 

    Database management system concepts

    Relational databases

    Non-relational databases

    DBMS audit considerations

5.    Change Management 

    Change management

    Patch management

    Security configuration management (SCM)

6.    Network Perimeter Security 

    Network perimeter security concepts

    OSI network protocol model

    Network ports and services

    Network addressing


    Demilitarized zone (DMZ)

    Intrusion detection systems (IDS/IPS)

    Zero-trust models

    Endpoint security

    Virtual private networks (VPNs)


7.    Cloud Computing 

    Cloud characteristics

    Cloud service models

    Cloud deployment models

    Cloud security

    Cloud security organizations

    Cloud SOC reports

    Cloud risks

    Audit considerations – contract

    Audit considerations – ongoing

8.    Internet of Things (IoT) 

    Defining the internet of things (IoT)

    IoT Improvement Act

    Code of Practice for Consumer IoT Security

    NIST considerations for IoT

    IoT security foundation

    OWASP Top 10 Risks

9.    Business Continuity and Disaster Recovery Planning 

    Disaster recovery planning (DRP) concepts

    Disaster recovery planning (DRP) components

    Disaster recovery planning (DRP) audit considerations

10.    IT Governance 

    Defining IT governance

    IT governance – ISACA Guidance

    IT governance – IIA Guidance

11.    Organization and Presentation of Information 

    Key components and strategies

  • List key characteristics, advantages, and disadvantages of virtualization.
  • Assess key considerations when preparing audit programs of virtualized environments.
  • Outline key considerations when preparing audit programs of virtualization disaster recovery programs.
  • List key risks and controls related to virtualized environments.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: