it

Analyst: IT Governance, Risk and Compliance Auditing

  • High Demand for IT Auditors
  • 100% Online, Self-directed
  • Knowledge-checks and Assessments
  • 10 Quizzes

Instructors: Richard Cascarino, Jim Kaplan

https: //academy.izen.ai

Email: info@izen.ai

NASSCOM FutureSkills Ecosystem Partner

Certificate from Webster University

An Information Technology (IT) audit, or Information Systems audit, is an examination of the management controls within an IT infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
iZen has joined forces with AuditNet to bring you a structured learning curriculum for IT audit.

HIGH DEMAND
Most stringent government regulations, tighter lending standards, and demands for accountability keep IT auditors in high demand globally.

HUGE SUPPLY GAP
Demand for qualified IT auditing personnel far exceeds supply. That means less competition and more pay for highly trained-experts.

BRIGHT FUTURE
According to the Bureau of Labor Statistics, the employment rate for IT auditors is expected to grow by 15 percent over the next 10 years.

This course is aimed primarily at auditors, both internal and external, who are beginning their career in Computer Auditing or who wish to understand the complexities and vulnerabilities of computer systems. The course helps one to shorten the time period to productivity and effectiveness.

  • Kick-start or re-ignite your career by completing this course. Improve your career opportunities by learning new skills.
  • Learn IT Auditing from world-class consultants, authors and thought leaders with over 30 years of experience in Risk, Audit, Governance, Forensic, Internal and IT auditing education
  • Learn by doing:
    1. Get hands-on experience by doing several industry-specific case studies
    2. Learn different IT Auditing tools and techniques
    3. Get in-depth knowledge and experience using different software
    4. Learn to assess corporate risks, identify audit strategies, and audit for computer fraud
  • If you are a student seeking employment to kickstart your career, this is a great opportunity for you to learn IT Auditing and build a rewarding, future-proof, and meaningful career
  • If you are already employed but are trying to rekindle your career in the exciting world of IT Auditing, this program is perfect for you
  • If you are already an auditor, this program can give you more confidence and thought leadership in IT-auditing, leading practices, tools, techniques
PREREQUISITES:
  • Basic knowledge of computers and IT-infrastructure
Section-1: IT Audit Basics

By the end of this part of the course the attendees will be able to:

  • Understand the jargon of the computer world
  • Differentiate between types of systems and their major risk elements
  • Understand how computer systems are constructed and how this can influence the eventual running in the business environment
  • Utilize this knowledge to gain a greater acceptance by computer-literate auditees
  • Identify the role of the IS audit specialist
  • Identify potential areas for the audit use of computerized technology

This module is designed to provide the participants with in-depth knowledge and experience of Technology and audit, Control objectives and risks, Batch and online systems, Programming computers, Database systems, Computer risks and exposures, Computer security, Application systems and their development, and Computer operations control.

By the end of this part of the course the attendees will be able to:

  • Identify the different types of database structures, their principal components, and the threats to them
  • Relate DBMS components to the operating system environment in which they operate
  • Identify potential control opportunities and select among control alternatives
  • Recognize vulnerabilities in multiple DBMS environments and make appropriate recommendations
  • Select the appropriate audit tool and technique to meet a given audit objective

The module will cover Database types – Sequential, Hierarchical, Network, Inverted File Structures, Relational Models, Control opportunities in a database environment, Database tools and techniques, Auditing IMS; IDMS; ADABAS; DB2; DATACOM; Oracle; Access.

By the end of this part of the Course attendees will have an in-depth knowledge of:

  • The nature and usage of CAATS
  • Methods for determining the appropriate CAAT
  • Usage of differing types of CAAT
  • Interpretation of results
  • Verification of CAAT results

The module will cover the areas like System testing techniques, Computerized application systems, Non-computerized systems, CAAT types, Source code review, Use of Test Data, Parallel Simulation, Integrated Test Facilities, Snapshot Techniques, SCARF, Retrieval Software, Generalized Audit Software, Specialized Audit Software, Utility Software, ACL, and IDEA.

By the end of this module, you will have the tools and techniques needed in your own environments to:

  • Assess the corporate risks
  • Identify their audit strategies
  • Establish their priorities
  • Develop their Audit Plan
  • Evaluate and test their Corporate Disaster Recovery Plan

The module will cover What is a Disaster? What is a Disaster Recovery Plan? Who is Accountable? What are the Options? What is the cost? How can a C.P. be tested? What is Management’s Role? What is the User’s Role? What is the Information Services Role? What is the Internal Auditor’s Role?

By the end of this module, you will be able to:
  • Distinguish between the varying types of computer fraud, their nature and effect
  • Identify likely fraud indicators
  • Audit for computer fraud
  • Establish a Corporate Risk Profile
  • Structure an anti-fraud security environment
  • Distinguish between fraud and forensic auditing
  • Identify the requirements to ensure that audit evidence is acceptable as legal evidence
  • Identify the requirement and effect of reporting sensitive issues
The module will cover the areas like the nature of computer fraud, the Corporate risk profile, Computer fraud techniques, why computer fraud and who commits it? Fraud auditing, Fraud awareness, EDI and fraud, the expectation gap, Forensic auditing, Sources of evidence and audit tools, Legal evidence and Reporting sensitive issues.
Section-2: Advanced IT-Auditing
By the end of this module, you will get an in-depth knowledge and experience of:
  • Risk and its nature in a corporate environment Risk analysis and Internal Auditing
  • The use of Risk-based auditing as an integrated approach
  • Risks within computer systems
  • Electronic trading risks
  • The IT Risk-based audit approach
  • Risk and materiality
  • A structured approach to audit risk evaluation
  • How to sell Risk-based audits
This module is designed to provide you with an in-depth knowledge of the risks as well as the benefits of Internet connection. You will learn about the tools and information sources available on the internet as well as the uses to which these might be put. The module will cover the following areas:
  • Internet Threats
  • Protection Strategies
  • Internet security and privacy
  • Use of Digital Certificates
  • Client-side Security
  • Downloading threats
  • Firewalling and encryption
  • Formulating an Internet security plan
This module is developed to familiarize auditors with computer risk areas and security mechanisms, to provide auditors with an understanding of the building blocks of operational environments and operating systems, and to provide auditors with an appropriate methodology for reviewing computer security. The module will cover the following areas:
  • Computer risk areas
  • Criteria for effective security
  • Computer operations
  • Applications security
  • Change control
  • Control over viruses
  • The “ACCESS” model
  • Tailoring the Operating System
  • Auditing operating environments
  • The role of security packages: RACF, ACF2, TOP SECRET
  • The internet and Firewalls

The objectives of this module are to provide attendees with the tools and techniques needed in their own environments to familiarize auditors with the Key Performance Areas within IT, to introduce them to a VFMA methodology to determine whether the IT resources are being optimized, and to provide delegates with a complete VFMA audit plan for the IT function. The module will cover the following areas:

  • Background and objectives of VFMA
  • Operational auditing methods and techniques
  • Major operational areas in IT
  • Risks and control opportunities
  • Economy of resource utilization
  • Efficiency determination of the key performance areas
  • The quantification of effectiveness
  • Implementing the VFMA audit programmer
  • Performing the audit and following-up

IT Audit has developed into a maze of specialties with technical specialists requiring ever more. By the end of this part of the Course the attendee will be able to:

  • Distinguish between the varying types of computer fraud, their nature and effect
  • Identify likely fraud indicators
  • Audit for computer fraud
  • Establish a Corporate Risk Profile
  • Structure an anti-fraud security environment
  • Distinguish between fraud and forensic auditing
  • Identify the requirements to ensure that audit evidence is acceptable as legal evidence
  • Identify the requirement and effect of reporting sensitive issues

The module will cover the areas like the Scope of IT Audit, narrowing the perspective, Objective setting, Staffing and recruiting, the use of audit automation, skills and training, measuring effectiveness and the role of the Specialist.

  • Case Studies and Practical Examples
  • Case-studies: Sources of Cybersecurity Risks
  • Practical Negotiating Skills for Auditors
Richard Cascarino
Jim Kaplan
PROGRAM FACULTY

Richard Cascarino, CIA, CISM, CFE is a consultant and lecturer with over 30 years’ experience in Risk, Audit, Governance, Forensic, Internal and IT auditing education. He is a principal of Richard Cascarino & Associates. He is a regular speaker to national and international conferences and has presented courses throughout Africa, Europe, the Middle East and the USA.

He is the author of the books “Internal Auditing-an Integrated Approach”, “Auditor’s Guide to Information Systems Auditing”, “Corporate Fraud and Internal Control: A Framework for Prevention” published by Wiley, and the book “Data Analytics for Internal Auditors”. He is also a contributing author to the Governance section of Finance: The Ultimate Resource and is a frequent speaker at IIA, ACFE and ISACA courses and conferences.

Richard Cascarino was the chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa and served as chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health). He is also a visiting Lecturer at the University of the Witwatersrand.

He is a Past President of the IIA – South Africa and founded the African Region of the IIA Inc. He is also a member of the Board of Regents for Higher Education of the Association of Certified Fraud Examiners. He is a member of the Board of Regents (Higher Education) for the ACFE.

Jim Kaplan CIA CFE is President and Founder of AuditNet®, the global resource for auditors (now available on Apple and Android and Windows devices).

Jim is a highly accomplished Internal auditor and audit manager with 26 years of progressive experience with solid background utilizing internal audit standards and audit procedures and techniques.

Jim Kaplan’s vision for AuditNet® is not unlike the voice Kevin Costner heard in the Field of Dreams. His company AuditNet ® is a portal providing tools, techniques, and training used by auditors on five continents, in 221 countries.

He is recipient of the IIA’s 2007Bradford Cadmus Memorial Award.

Jim Kaplan is an Author of “The Auditor’s Guide to Internet Resources” 2nd Edition

Specialties: As a writer, journalist, educator, lecturer and dedicated local government auditor, Jim has promoted and encouraged the use of technology and the Internet for audit productivity.

  • Online using desktop, laptop or mobile devices
  • Learn at your own convenient time, and pace
  • Video lectures delivered from a cloud LMS platform
  • Quizzes are given remotely
  • Case studies for the reinforcement of the learning
  • 8 weeks, around 10 hours per week, or a total of 80 hours
  • Rolling enrolment allows you to start any time. The duration can be aligned to your requirements

REQUEST DEMO