The following provides course information and pricing information for the course you selected.
|Find A Class Near You:
||View Dates And Locations For This Seminar
||This intensive, three-day seminar outlines the concepts of information technology you need to know in order to understand the audit concerns in the IT environment.
You will learn the necessary controls for application systems - the session pinpoints specific controls to evaluate when auditing currently installed systems, new systems under development, and the various activities within the information technology department.
In addition, you will learn techniques for auditing automated systems and examine the impact of Sarbanes-Oxley on IT audit.
You will leave this session with a solid foundation in the basics of information technology as they apply to audit and security concerns. (Note: This seminar covers topics found in Chapters 1, 4, 5, and 6 of the CISA Review Manual.)
Prerequisite: This course assumes limited or no prior IT experience.
Learning Level: Basic
1. Introduction to IT Audit
2. Planning the IT Audit
- audit objectives and requirements
- role of IT within the organization
- management and security risks in an automated environment
- what is a control?
- internal control defined
- processes and control points
- physical space vs. logical space
- identifying control points
3. Auditing Organizations and Standards
- definition of internal audit
- objectives of an IT audit
- IT audit strategies
- what is an application
- application vs. general controls
- IT audit control reviews
- IT control categories
- the audit deliverable
- building the audit team
4. IT Governance and Controls
- maintaining audit objectivity
- what is a standard?
- AICPA and SAS
- GAO and other certification organizations
- The Institute of Internal Auditors (IIA)
- The Treadway Commission
- COSO Integrated Framework
- ISACA and the IT Governance Institute
- COBIT®: Control Objectives for Information and Related Technology
- ISO 27002 security standard
5. Information Technology Basics
- what is IT governance?
- information security governance
- IT policies and procedures
- separation of duties and outsourcing
- governance and control
6. Network Technology and Controls
- why learn about technology?
- computer hardware and CPU operation
- two different classes of computers
- software, programs, and processing
- distributed systems and client/server technology
- the Open Systems Interconnection (OSI) model
- maintenance and security
7. Shared General and Application Controls
- networking risks
- auditing networks
- what is a network?
- LANs, WANs, and MANs
- physical network media (cables)
- cabling audit objectives
- LAN Protocols
- WAN connectivity and protocols
- MAN protocols
- LAN/WAN/MAN audit objectives
- network devices
- network device audit objectives
- complete networks
- the Internet
- intranets and extranets
- risks of Internet use for business
- using firewalls
- Internet communications
- Internet Protocol (IP) addressing
- service (process) addressing
- Internet applications
- the World Wide Web (www)
- Web page technologies
- Internet audit objectives
8. Application Controls
- logical security
- data classification
- logical access controls: system access
- encryption: information access
- remote access, PCs, and mobile devices
- information security management
- change management
- change management objectives
- program change control
- patch management
- software licensing
- business continuity/disaster recovery
- BCP/DRP defined
- business impact analysis (BIA)
- disaster recovery strategy
- maintaining the plan
- system development technologies
- SDLC, RAD, ERP purchases
- Internal Audit involvement
- audit strategy
9. Database Technology and Controls
- what is an application?
- business application risks
- application auditing
- transactions: the audit focus
- transaction life cycle controls
- user computing
- data warehouses
- the future of applications
10. Infrastructure General Controls
- managing information
- the program
- centric model
- centric audit concerns
- the data
- centric model
- what is a database?
- database terminology
- database management systems (DBMS)
- types of databases
- database audit concerns
Bonus: You will receive a copy of MIS' Information Technology & Audit Acronym Dictionary, defining hundreds of IT terms and acronyms
- operations controls
- IT operations
- operating system controls
- system utilities
- system software controls: a review
- physical security
- environmental controls
Dates & Times
Classes start on the date(s) posted herein, and run from 8:30am to 5pm daily, except for the last day of class, which ends at 1pm.
|Licenses / Designations / Educational Credits:
All US States: 22
|About The Provider:
||Founded in 1978, MIS Training Institute is the international leader in audit and information security training, with offices in the USA, UK, and Asia. MIS’ expertise draws on experience gained in training more than 200,000 delegates across five continents.
Helping audit and infosecurity professionals stay at the top of their game has always been at the core of MIS’ mission. To that end, MIS has developed and focused its seminars, conferences, and symposia on the wide-ranging needs of internal and IT auditors and information security practitioners who are charged with controlling complex systems and business environments.
MIS’ unparalleled course curriculum covers the most up-to-the-minute topics, provides proven audit and security practices, and delivers the information needed to be successful in today’s organizations.
All MIS programs are led by industry experts…hands-on pros who have been in the field and who practice what they teach. Attendees of MIS Training Institute events benefit from unbiased practices, proven strategies, and lessons learned in the real-world.
MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. NASBA Sponsor Number: 103321
A full refund less a $100 administrative fee will be given for cancellations received 15 days or more before the event. Tuition is non-refundable for cancellations made 14 days or less before the event. You may, however, transfer your tuition to another MIS Training Institute event, less a $195 administrative fee. Transfers are valid for 12 months from the time of initial cancellation. Substitutions are welcome at any time.
Those who do not cancel before the event date and who do not attend are responsible for the full non-refundable, non-transferable tuition.
||Contact Us For More Information
There currently are no scheduled dates for this seminar. Please click here to search for another course.
Keywords For This Course:
IT Auditing And Controls