AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives

Similar documents
Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.

Altius IT Policy Collection Compliance and Standards Matrix

Certified Information Systems Auditor (CISA)

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

LeRoy Budnik, Knowledge Transfer

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Chapter 1 The Principles of Auditing 1

Securing the Service Desk in the Cloud

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Domain 5 Information Security Governance and Risk Management

(Instructor-led; 3 Days)

Security Controls What Works. Southside Virginia Community College: Security Awareness

Impact of New Internal Control Frameworks

Domain 1 The Process of Auditing Information Systems

CISA TIMETABLE (4 DAYS)

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

CORE CONCEPTS OF. Thirteenth Edition. Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

The Information Systems Audit

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

BMC s Security Strategy for ITSM in the SaaS Environment

Office of Inspector General

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

ACCOUNTING INFORMATION SYSTEMS

IT Architecture Review. ISACA Conference Fall 2003

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

IT Audit- Hospital Risks, Controls and Audit. AHIA Conference. Grant Thornton LLP. All rights reserved.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Information Security Policy

Cybersecurity The role of Internal Audit

Supporting information technology risk management

Vendor Audit Questionnaire

ELEVENTH EDITION. Brigham Young University. Arizona State University. Pearson Education International

Information Security Program CHARTER

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

State of Oregon. State of Oregon 1

Information Technology General Controls And Best Practices

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

TABLE OF CONTENTS INTRODUCTION... 1

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

i) Question Type The following are guidelines on the type of questions and their approximate weightings:

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

ISO Controls and Objectives

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

Introduction to Cyber Security / Information Security

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

GEARS Cyber-Security Services

IT Governance Dr. Michael Shaw Term Project

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

ISO27001 Controls and Objectives

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Network and Security Controls

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

External Penetration Assessment and Database Access Review

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )

Internet Banking Internal Control Questionnaire

ISACA rudens konference

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

ISO COMPLIANCE WITH OBSERVEIT

Security from a customer s perspective. Halogen s approach to security

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

Network Security Administrator

IBM Connections Cloud Security

Cloud Services Overview

FINRA Publishes its 2015 Report on Cybersecurity Practices

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

CISM ITEM DEVELOPMENT GUIDE

Information Technology Internal Audit Report

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

Information Blue Valley Schools FEBRUARY 2015

Cloud Security. DLT Solutions LLC June #DLTCloud

This is a preview - click here to buy the full publication

Logging In: Auditing Cybersecurity in an Unsecure World

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Cloud Computing. What is Cloud Computing?

Evaluate the Usability of Security Audits in Electronic Commerce

The Importance of IT Controls to Sarbanes-Oxley Compliance

HP Security Assessment Services

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Trends in Information Technology (IT) Auditing

PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Healthcare Compliance Solutions

Transcription:

AUD105-2nd Edition Auditor s Guide to IT - 20 hours Objectives More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student's version of the IDEA Data Analysis Software CD, Auditor's Guide to IT Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls. CHAPTER 1 Technology and Audit Course Outline After completing Chapter 1, you should comprehend the following: 1. Technology and Audit 2. Batch and On-Line Systems 3. Electronic Data Interchange 4. Electronic Business 5. Cloud Computing

CHAPTER 2 IS Audit Function Knowledge After completing Chapter 2, you should comprehend the following: 1. Information Systems Auditing 2. What Is Management? 3. Management Process 4. Understanding the Organization s Business 5. Establishing the Needs 6. Identifying Key Activities 7. Establish Performance Objectives 8. Decide the Control Strategies 9. Implement and Monitor the Controls 10. Executive Management s Responsibility and Corporate Governance 11. Audit Role 12. Conceptual Foundation 13. Professionalism within the IS Auditing Function 14. Relationship of Internal IS Audit to the External Auditor 15. Relationship of IS Audit to Other Company Audit Activities 16. Audit Charter 17. Charter Content 18. Outsourcing the IS Audit Activity 19. Regulation, Control, and Standards CHAPTER 3 IS Risk and Fundamental Auditing Concepts After completing Chapter 3, you should comprehend the following: 1. Computer Risks and Exposures 2. Effect of Risk 3. Audit and Risk 4. Audit Evidence 5. Conducting an IT Risk Assessment Process 6. NIST SP 800 30 Framework 7. ISO 27005 8. The "Cascarino Cube" 9. Reliability of Audit Evidence 10. Audit Evidence Procedures 11. Responsibilities for Fraud Detection and Prevention CHAPTER 4 Standards and Guidelines for IS Auditing

After completing Chapter 4, you should comprehend the following: 1. IIA Standards 2. Code of Ethics 3. Advisory 4. Aids 5. Standards for the Professional Performance of Internal Auditing 6. ISACA Standards 7. ISACA Code of Ethics 8. COSO: Internal Control Standards 9. BS 7799 and ISO 17799: IT Security 10. NIST 11. BSI Baselines CHAPTER 5 Internal Controls Concepts Knowledge After completing Chapter 5, you should comprehend the following: 1. Internal Controls 2. Cost/Benefit Considerations 3. Internal Control Objectives 4. Types Of Internal Controls 5. Systems of Internal Control 6. Elements of Internal Control 7. Manual and Automated Systems 8. Control Procedures 9. Application Controls 10. Control Objectives and Risks 11. General Control Objectives 12. Data and Transactions Objectives 13. Program Control Objectives 14. Corporate IT Governance 15. COSO and Information Technology 16. Governance Frameworks CHAPTER 6 Risk Management of the IS Function After completing Chapter 6, you should comprehend the following: 1. Nature of Risk 2. Risk Analysis Softward 3. Auditing in General

4. Elements of Risk Analysis 5. Defining the Audit Universe 6. Computer System Threats 7. Risk Management CHAPTER 7 Audit Planning Process After completing Chapter 7, you should comprehend the following: 1. Benefits of an Audit Plan 2. Structure of the Plan 3. Types of Audit CHAPTER 8 Audit Management After completing Chapter 8, you should comprehend the following: 1. Planning 2. Audit Mission 3. IS Audit Mission 4. Organization of the Function 5. Staffing 6. IT Audit as a Support Function 7. Planning 8. Business Information Systems 9. Integrated IT Auditor vs Integrated IT Audit 10. Auditees as Part of the Audit Team 11. Application Audit Tools 12. Advanced Systems 13. Specialist Auditor 14. IS Audit Quality Assurance CHAPTER 9 Audit Evidence Process After completing Chapter 9, you should comprehend the following: 1. Audit Evidence 2. Audit Evidence Procedures 3. Criteria for Success 4. Statistical Sampling 5. Why Sample?

6. Judgmental (or Non-Statistical) Sampling 7. Statistical Approach 8. Sampling Risk 9. Assessing Sampling Risk 10. Planning a Sampling Application 11. Calculating Sample Size 12. Quantitative Methods 13. Project Scheduling Techniques 14. Simulations 15. Computer Assisted Audit Solutions 16. Generalized Audit Software 17. Application and Industry-Related Audit Software 18. Customized Audit Software 19. Information Retrieval Software 20. Utilities 21. On-Line Inquiry 22. Conventional Programming Languages 23. Microcomputer-Based Software 24. Test Transaction Techniques CHAPTER 10 Audit Reporting Follow-up After completing Chapter 10, you should comprehend the following: 1. Audit Reporting 2. Interim Reporting 3. Closing Conferences 4. Written Reports 5. Clear Writing Techniques 6. Preparing To Write 7. Basic Audit Report 8. Executive Summary 9. Detailed Findings 10. Polishing the Report 11. Distributing the Report 12. Follow-Up Reporting 13. Types of Follow-Up Action CHAPTER 11 Management After completing Chapter 11, you should comprehend the following:

1. IT Infrastructures 2. Project-Based Functions 3. Quality Control 4. Operations and Production 5. Technical Services 6. Performance Measurement and Reporting 7. Measurement Implementation CHAPTER 12 - Strategic Planning After completing Chapter 12, you should comprehend the following: 1. Strategic Management Process 2. Strategic Drivers 3. New Audit Revolution 4. Leveraging IT 5. Business Process Re-Engineering Motivation 6. IT as an Enabler of Re-Engineering 7. Dangers of Change 8. System Models 9. Information Resource Management 10. Strategic Planning for IT 11. Decision Support Systems 12. Steering Committees 13. Strategic Focus 14. Auditing Strategic Planning 15. Design the Audit Procedures CHAPTER 13 - Management Issues After completing Chapter 13, you should comprehend the following: 1. Privacy 2. Copyrights, Trademarks, and Patents 3. Ethical Issues 4. Corporate Codes of Conduct 5. IT Governance 6. Sarbanes-Oxley Act 7. Payment Card Industry Data Security Standards 8. Housekeeping

CHAPTER 14 - Support Tools and Frameworks After completing Chapter 14, you should comprehend the following: 1. General Frameworks 2. COSO: Internal Control Standards 3. Other Standards 4. Governance Frameworks CHAPTER 15 - Governance Techniques After completing Chapter 15, you should comprehend the following: 1. Change Control 2. Problem Management 3. Auditing Change Control 4. Operational Reviews 5. Performance Measurement 6. ISO 9000 Reviews CHAPTER 16 - Information Systems Planning After completing Chapter 16, you should comprehend the following: 1. Stakeholders 2. Operations 3. Systems Development 4. Technical Support 5. Other System Users 6. Segregation of Duties 7. Personnel Practices 8. Object-Oriented Systems Analysis 9. Enterprise Resource Planning 10. Cloud Computing CHAPTER 17 - Information Management and Usage After completing Chapter 17, you should comprehend the following: 1. What Are Advanced Systems? 2. Service Delivery and Management

3. Computer Assisted Audit Tools and Techniques CHAPTER 18 - Development, Acquisition, and Maintenance of Information Systems After completing Chapter 18, you should comprehend the following: 1. Programming Computers 2. Program Conversions 3. No Thanks Systems Development Exposures 4. Systems Development Controls 5. Systems Development Life Cycle Control: Control Objectives 6. Micro-Based Systems 7. Cloud Computing Applications CHAPTER 19- Impact of Information Technology on the Business Processes and Solutions After completing Chapter 19, you should comprehend the following: 1. Impact 2. Continuous Monitoring 3. Business Process Outsourcing 4. E-Business CHAPTER 20 - Software Development After completing Chapter 20, you should comprehend the following: 1. Developing a System 2. Change Control 3. Why Do Systems Fail? 4. Auditor's Role in Software Development CHAPTER 21 - Audit and Control of Purchased Packages After completing Chapter 21, you should comprehend the following: 1. IT Vendors 2. Request For Information

3. Requirements Definition 4. Request For Proposal 5. Installation 6. Systems Maintenance 7. Systems Maintenance Review 8. Outsourcing 9. SAS 70 Reports CHAPTER 22 - Audit Role in Feasibility Studies and Conversions After completing Chapter 22, you should comprehend the following: 1. Feasibility Success Factors 2. Conversion Success Factors CHAPTER 23 - Audit and Development of Application Controls After completing Chapter 23, you should comprehend the following: 1. What Are Systems? 2. Classifying Systems 3. Controlling Systems 4. Control Stages 5. Control Objectives of Business Systems 6. General Control Objectives 7. CAATS and their Role in Business Systems Auditing 8. Common Problems 9. Audit Procedures 10. CAAT Use in Non-Computerized Areas 11. Designing an Appropriate Audit Program CHAPTER 24 - Technical Infrastructure After completing Chapter 24, you should comprehend the following: 1. Auditing the Technical Infrastructure 2. Infrastructure Changes 3. Computer Operations Controls 4. Operations Exposures 5. Operations Controls 6. Personnel Controls

7. Supervisory Controls 8. Information Security 9. Operations Audits CHAPTER 25 - Service Center Management After completing Chapter 25, you should comprehend the following: 1. Private Sector Preparedness (PS Prep) 2. Continuity Management and Disaster Recovery 3. Managing Service Center Change CHAPTER 26 - Information Assets Security Management After completing Chapter 26, you should comprehend the following: 1. What Is Information Systems Security? 2. Control Techniques 3. Workstation Security 4. Physical Security 5. Logical Security 6. User Authentication 7. Communications Security 8. Encryption 9. How Encryption Works 10. Encryption Weaknesses 11. Potential Encryption 12. Data Integrity 13. Double Public Key Encryption 14. Steganography 15. Information Security Policy CHAPTER 27 - Logical Information Technology Security After completing Chapter 27, you should comprehend the following: 1. Computer Operating Systems 2. Tailoring the Operating System 3. Auditing the Operating System 4. Security 5. Criteria

6. Security Systems: Resource Access Control Facility 7. Auditing RACF 8. Access Control Facility 2 9. Top Secret 10. User Authentication 11. Bypass Mechanisms 12. Security Testing Methodologies CHAPTER 28 - Applied Information Technology Security After completing Chapter 28, you should comprehend the following: 1. Communications and Network Security 2. Network Protection 3. Hardening the Operating Environment 4. Client Server and Other Environments 5. Firewalls and Other Protection Resources 6. Intrusion Detection Systems CHAPTER 29 - Physical and Environmental Security After completing Chapter 29, you should comprehend the following: 1. Control Mechanisms 2. Implementing the Controls CHAPTER 30 - Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning After completing Chapter 30, you should comprehend the following: 1. Risk Reassessment 2. Disaster Before and After 3. Consequences of Disruption 4. Where to Start 5. Testing the Plan 6. Auditing the Plan CHAPTER 31 Insurance

After completing Chapter 31, you should comprehend the following: 1. Insurance 2. Self-Insurance CHAPTER 32 - Auditing E-commerce Systems After completing Chapter 32, you should comprehend the following: 1. E-Commerce and Electronic Data Interchange: What Is It? 2. Opportunities and Threats 3. Risk Factors 4. Threat List 5. Security Technology 6. "Layer" Concept 7. Authentication 8. Encryption 9. Trading Partner Agreements 10. Risks and Controls within EDI and E-Commerce 11. E-Commerce and Auditability 12. Compliance Auditing 13. E-Commerce Audit Approach 14. Audit Tools and Techniques 15. Auditing Security Control Structures 16. Computer Assisted Audit Techniques CHAPTER 33 - Auditing UNIX/Linux After completing Chapter 33, you should comprehend the following: 1. History 2. Security and Control in a UNIX/Linux System 3. Architecture 4. UNIX Security 5. Services 6. Daemons 7. Auditing UNIX 8. Scrutiny of Logs 9. Audit Tools in the Public Domain 10. UNIX password File 11. Auditing UNIX Passwords

CHAPTER 34 - Auditing Windows After completing Chapter 34, you should comprehend the following: 1. History 2. NT and Its Derivatives 3. Auditing Windows Vista/Windows 7 4. Password Protection 5. VISTA/Windows 7 6. Security Checklist CHAPTER 35 - Foiling the System Hackers After completing Chapter 35, you should comprehend the following: 1. Foiling the system hackers CHAPTER 36 - Investigating Information Technology Fraud After completing Chapter 36, you should comprehend the following: 1. Preventing Fraud 2. Investigation 3. Identity Theft

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information