IT Audit School - ITG121


This course is designed for financial, operational, business, and new IT auditors to provide a solid introduction to the risks and controls necessary to audit IT department functions and the underlying technologies. We will cover the basic concepts of information technology to help auditors understand the IT impact on business. We will explore such IT areas as operating systems, networks, database management systems, and application systems.  Supporting IT general controls, such as logical and physical access, help desk, system development, change management, and disaster recovery planning will also be covered. We will introduce a top-down, risk-based approach to auditing business applications and ensuring that their supporting infrastructure is considered in the audit process. Learners will leave this intensive seminar with a solid foundation in information technology basics as they apply to IT risks, audit, information security, and business application systems.

Learning Options

Below are the available learning options for this course:


Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

32 Credits


Why you should take this course

For users who are new to internal auditing, or would like to learn more about it.

Who should take this course

Entry-level IT Auditors and Technologists looking for a foundational understanding of IT auditing.


  • None

1.    How is IT used in Companies?

    Business systems

    Support systems


    Marketing and sales

2.    IT Risks

    Risk overview

    Confidentiality, integrity, availability (CIA)

    Managing risk

3.    Basics of IT

    Computing devices and operating systems

    Significant computer types

    Client/server technology



    Programs and programming overview

4.    Networks


    Network devices

    Network protocols, ports, and services


    Network monitoring (IDS/IPS/SIEM)

    Cloud – characteristics

    Cloud – service models

    Cloud – audit considerations

5.    Internet of Things (IoT)


    Usage and control overview

6.    Databases

    Database types

    Database terminology/definitions


    Database audit concepts

7.    IT General Controls (ITGCs)

    IT general controls introduction

    Logical security – authentication

    Administration and awareness

    Encryption overview

    System development lifecycle (SDLC)

    Change management

    SDLC/System Development Methodology (SDM) audits

    IT operations

    Vulnerability scanning and penetration testing

    Physical and environmental controls

    Business continuity planning

    Disaster recovery planning

    Mobile device management (MDM)/Bring Your Own Device (BYOD)

    End-user computing

8.    Frameworks and Laws

    Security and audit frameworks – Part 1

    Security and audit frameworks – Part 2

9.    Governance

    Business and IT strategy

    IT and security strategy

    IT risk assessment

    Risk register and acceptance

    Vendor management

10.    Applications

    Application control objectives

    Business transaction processing

    Business support and IoT applications

11.    Audit Planning

    Audit risk assessment

    IT audit scoping

    IT general controls

    Technical audits

    Application/integrated audits

  • Learners will be able to describe what a technical term refers to and understand its place in an organization.   
  • Learners will be able to identify risks associated with the use of technology by their organization. 
  • Learners will be able to describe categories of controls that may be in place to protect systems. 
  • Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: