This seminar will give participants the knowledge necessary to understand and effectively evaluate both general and application controls in a modern, distributed information processing environment. It will outline and define basic technical concepts, incorporate concepts for modern web and distributed applications, and provide a risk-based approach for ensuring that adequate controls have been implemented. The seminar will incorporate guidance contained in leading industry standards, most notably the Control Objectives for Information Technology (COBIT) and the Federal Information Systems Controls Audit Manual (FISCAM). It will begin at a basic level and slowly progress into more complex technology issues that are prevalent in today’s information processing environments. The seminar will consist of modules that address the core areas of IT risk. Each module will explain the objectives, risks, key controls, and primary audit procedures that can be used. You will leave this seminar with a solid knowledge of key technology concepts, and the foundation needed to audit these technologies and processes effectively.
• Information Technology Risk
• Categories of Risks and Controls
• IT Control Environment
• Security Management
• Operating Systems Security Management
• Network Security Management
• Electronic Communications
• Disaster Recovery & Business Continuity
• Systems Management
• Physical, Environmental, & Operations Management
• Database Management
• Change Management
• Systems Development
• Transactional Integrity, Consistency, Accuracy, Validity
• Web-based Applications
• Application-level Security
• Application Controls: Integration with General Controls
• Types of Audits
