Course Information
IT Basics and Application Controls for Non-IT Auditors
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
This course will help you to de-mystify the seemingly mystical world of information technology (IT). In today’s world, the auditing standards mandate that the process auditors and the financial auditors should gain an understanding of processes and systems that are IT heavy. So let’s make sure you comply with the GAO’s yellow book and AICPA standards, by delving into the world of IT while using plain English to explain the concepts. Learn how to ‘see the IT controls’ thus helping you to audit them effectively.
Come on a journey towards understanding 1) network architectures, 2) public key infrastructure, 3) firewalls and scanning and 4) access controls/schemas. Additionally, let’s differentiate real-time from run time and edits versus validations. Find out how understanding these can benefit you during your process and/or financial audit. Then we’ll take typical business applications, including kiosks or phone apps, and look at the related business risks.
Further, we will identify how it is possible to optimize controls within your financial IT systems, whether your company utilizes systems like SAP or Oracle or utilizes a smaller boutique system. Gain the knowledge to enable you to reduce the time spent on your mundane internal audits. Understand how to audit more by doing less! The benefit for both audit and management is that by optimizing and automating internal controls, you will aid in creating a stronger control environment.
Course Objectives
Upon completion of this course, participants will be able to:
• Recognize IT architecture zones
• Discover how public key infrastructure works
• Differentiate levels of firewalls/routers
• Determine how granular user access is restricted
• Demystify IT phrases
• Explain the business risks related to new technologies
• Perform robust tests of controls
• Decompose advanced business applications into understandable components
• Identify embedded controls in the IT applications.
• Understand the move towards continuous monitoring and assurance.
Course Outline
DAY 1
The Audit Process … A “Process” Focus
· The Audit Risk Model
· Staggering costs of evidence
Demystifying IT
· Network Architecture
· Public Key Infrastructure
· Firewalls and the notion of “scanning”
· Access Controls and User Schemas
IT concepts in a business context
· What are the risks in a complex app?
· Business Process Analysis: it’s ALL about Controls!
· Can you “see” IT controls
· Documenting the process
Getting your arms around a technology-based process
· General Controls
· Application controls (computerized and manual)
· The Future of Controls … Embedded in the Apps
· A re-visit to great concepts: edits and validation controls
· Process-level controls IN the apps … they never sleep!
· SAP configurables and Oracle/PeopleSoft triggers
Control “Testing” vs. “Reviews”
· Tests of Operating Effectiveness (TOEs) versus Tests of Design (TODs)
· Auditing around IT, through IT, with IT and continuously
· All of this leads to an improved “Integrated Audit”
· The shifting sandbox of audit turf: we’re all IT auditors now!
DAY 2
Optimization is Expansive not Expensive
· Automated Monitors are Everywhere so What Next for Auditing
· Controls Optimization and Monitoring in the Literature
· Auditing Less by Optimizing, Monitor More!
The Benefits of Automated/Embedded Controls
· The Benefits of Automated Controls
· What are Embedded Controls and Case Study
· Tests of Design vs. Tests of Effectiveness and Case Study
· Limitations of After the Fact Auditing and Case Study
· Auditing in a Computerized Environment and Case Study
Process Level Control Opportunities via Embedded Controls
· How Do You Locate the Embedded Controls and Case Study
· Linking Business Risk to Embedded Controls and Case Study
· Getting Started with continuous controls monitoring
The Necessary and Missing Components of true Continuous Monitoring
· You Can’t Configure Everything and Case Study
· Some Basic Design and Format Questions
· Design and Implementation Questions and Case Study
Business Cases of Optimization Wins and How to Get Them
· Actual Optimization Business Cases
· Smarter Monitoring Case Study
· Dr Dan’s Methodology
· The Key to Efficient Auditing
Instructors
Amanda has a Bachelor degree in Business with a double major in Accountancy and Public Sector Financial Management, is a qualified CPA and is a member of both the Institute of Internal Auditors (IIA) Australia and the Association of Certified Fraud Examiners. With 12 years of practical experience in the field of audit (internal and external audit) plus over four years as a professional development instructor, Amanda’s goal is to proactively “make a difference”.
Amanda began her career in Australia as a Governmental auditor with the Queensland Audit Office, and got her first taste of teaching when she nominated to lead the Office’s Graduate Development Program as their in-house trainer, over and above her role as a field audit team leader for financial statement audits. After nine years in the field of external audit, Amanda transitioned to the field of internal audit. As an internal auditor she headed the team for the State’s Environmental Protection Agency and subsequently worked with one of the State’s largest Government departments, Queensland Health. It was at Queensland Health where Amanda was introduced to the popular and innovative techniques of Dr. Dan Kneer. Amanda is now proud to be sharing these cutting edge techniques globally.
As a professional development instructor, Amanda promotes techniques helping colleagues to ‘audit smarter, not harder’. Her speaking engagements and workshops have taken her to various international destinations beyond her home base in Australia, including Taiwan, Dubai, Fiji, Thailand, New Zealand, Papua New Guinea, the Philippines and Singapore. Amanda encourages innovation in the field of audit, teaching techniques ranging from statistical data analytics and continuous controls monitoring to statistical sampling and business process analysis in an IT pervasive environment.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.