Skip to main content

IT Auditing & Controls

Date(s): Jan 15, 2020 - Jan 16, 2020
Time: 8:15AM - 4:30PM
Registration Fee: $429.00
Cancellation Date: Jan 06, 2020
Location: JOHN M. KEEL LEARNING CENTER
City: Austin
Parking Info:

Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.

A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.


Course Description

Internal or operational auditors in today's complex organization must understand information systems and be able to function within a technical environment. This intensive, two-day seminar outlines the concepts of information technology you need to know in order to understand the audit concerns in the IT environment. You will learn the critical business application system controls and the supporting IT general controls. We will focus on key risks and controls in such critical areas as user access to business applications, database security, networks, change management and disaster recovery. Attendees will leave this session with a solid foundation in the basics of information technology as they apply to audit and security concerns.

Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level: BEGINNING
Category: Auditing

Course Objectives

Behavioral Objectives

  • Upon completion of this course, participants will be able to:
  • Understand the key technologies facing auditors in organizations
  • Identify the risks in the IT environment
  • Be able to apply appropriate application and general controls

 

 

Introduction to IT Risks & Controls 
• role of IT
• risk definitions
• risk assessment
• information security objectives
• IT controls cost / risk balance
• internal control overview
• accountability & auditability

Planning IT Audits 
• definition of internal audit
• IT audit planning
• audit universe/IT audit universe
• risk criteria
• audit engagement planning
• IT control categories
• mapping risk and control categories

 

Audit & Control Frameworks and Standards 
• maintaining objectivity
• what is a Standard?
• COSO
• GAO Green Book
• IIA Global Technology Audit Guides
• COBIT®
• ISO 27002 Security Standard
• FISMA – NIST 800-53

 

Basics of Information Technology
• computer hardware
• central processing unit / memory
• Operating Systems (OS)
• mainframe
• client/server technology
• virtualization / virtual servers
• binary numbering
• compilers and Interpreters

Database Technology and Controls
• managing information
• database terminology
• Database Management Systems (DBMS)
• hierarchical databases
• relational databases
• database risks
• database audits

 

Network Technology and Controls
• networking risks
• what is a “network”?
• OSI Model
• Local Area Networks (LANs)
• Wide Area Networks (WANs)
• network devices
• firewalls 
• Intrusion Detection Systems (IDS / IPS)
• Virtual Private Networks (VPNs)
• wireless
• the Internet
• cloud computing

 

IT Governance
• audit’s role in it governance
• IIA professional practices framework-governance
• linking business and IT strategies
• IT governance objectives
• COBIT® 5 - IT governance/management
• separation of duties
• assessing outsourced IT functions

 

IT General Controls
• logical security
• change management
• business continuity / disaster recovery
• operation controls
• physical security
• environmental exposures
• system development 

 

Business Application Controls
• business application control categories
• business application transaction life cycle 
• automated & manual controls
• completeness and accuracy of input
• completeness and accuracy of processing
• completeness and accuracy of output
• completeness and accuracy of master files
• completeness and accuracy of interfaces
• output retention and disposal

 


Instructors

Richard H. Tarr

Richard Tarr is an audit and information systems consultant and President of Richard Tarr and Associates, a consulting practice that specializes in application and general control reviews and networks including the development and training of integrated internal auditing functions; quality assurance reviews; strategic planning; business continuation planning; and project management.

Mr. Tarr has more than 20 years in audit and information systems, with additional experience in the design and implementation of large financial and operational systems, includes hotel management and reservations systems and networks. He has managed complex development projects as well as participated in the design and acquisition of software and hardware architectures for both centralized and distributed environments. In addition he has had extensive experience in the development, training, and evaluation of internal audit departments in both government and industry.

Previously with the Walt Disney Company, he initiated and developed the information systems audit function, and served as the Corporate Information Systems Audit Manager. Mr. Tarr was a senior systems engineer with Electronic Data Systems (EDS), where he designed and implemented applications for financial industry clients. He has started and managed corporate audit functions, managed information systems development project teams and has supervised programming staffs in both government and industry. He was the Manager of Quality Assurance Review for the Institute of Internal Auditors (IIA) and is the author of the IIA’s publication Establishing an Internal Audit Function.

Among the seminars Mr. Tarr teaches for MIS are Sarbanes-Oxley for IT Auditors, Using COBIT in Your IT Audits, Auditing IT Governance, Sarbanes-Oxley: A Roadmap to Compliance, IT Audit School; IT Auditing and Controls, How to Audit Automated Business Applications, and How to Perform a General Controls Review. He also teaches Fundamentals of Internal Auditing, Advanced Auditing for In-Charge Auditors, and Data Driven Auditing: A Business Approach.



Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.