This course is designed for financial, operational, business, and new IT auditors to provide a solid introduction to the risks and controls necessary to audit IT department functions and the underlying technologies. We will cover the basic concepts of information technology to help auditors understand the IT impact on business. We will explore such IT areas as operating systems, networks, database management systems, and application systems. Supporting IT general controls, such as logical and physical access, help desk, system development, change management, and disaster recovery planning will also be covered. We will introduce a top-down, risk-based approach to auditing business applications and ensuring that their supporting infrastructure is considered in the audit process. Learners will leave this intensive seminar with a solid foundation in information technology basics as they apply to IT risks, audit, information security, and business application systems.
Below are the available learning options for this course:
This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.Learn more & subscribe
Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.Customize your training
NASBA Certified CPE
Why you should take this course
For users who are new to internal auditing, or would like to learn more about it.
Who should take this course
Entry-level IT Auditors and Technologists looking for a foundational understanding of IT auditing.
1. How is IT used in Companies?
• Business systems
• Support systems
• Marketing and sales
2. IT Risks
• Risk overview
• Confidentiality, integrity, availability (CIA)
• Managing risk
3. Basics of IT
• Computing devices and operating systems
• Significant computer types
• Client/server technology
• Programs and programming overview
• Network devices
• Network protocols, ports, and services
• Network monitoring (IDS/IPS/SIEM)
• Cloud – characteristics
• Cloud – service models
• Cloud – audit considerations
5. Internet of Things (IoT)
• Usage and control overview
• Database types
• Database terminology/definitions
• Database audit concepts
7. IT General Controls (ITGCs)
• IT general controls introduction
• Logical security – authentication
• Administration and awareness
• Encryption overview
• System development lifecycle (SDLC)
• Change management
• SDLC/System Development Methodology (SDM) audits
• IT operations
• Vulnerability scanning and penetration testing
• Physical and environmental controls
• Business continuity planning
• Disaster recovery planning
• Mobile device management (MDM)/Bring Your Own Device (BYOD)
• End-user computing
8. Frameworks and Laws
• Security and audit frameworks – Part 1
• Security and audit frameworks – Part 2
• Business and IT strategy
• IT and security strategy
• IT risk assessment
• Risk register and acceptance
• Vendor management
• Application control objectives
• Business transaction processing
• Business support and IoT applications
11. Audit Planning
• Audit risk assessment
• IT audit scoping
• IT general controls
• Technical audits
• Application/integrated audits
- Learners will be able to describe what a technical term refers to and understand its place in an organization.
- Learners will be able to identify risks associated with the use of technology by their organization.
- Learners will be able to describe categories of controls that may be in place to protect systems.
- Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.
ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.