• No results found

AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

AUD105 - 2nd Edition Auditor’s Guide to IT - 20 hours

Objectives

More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student's version of the IDEA Data Analysis Software CD, Auditor's Guide to IT Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Course Outline CHAPTER 1 – Technology and Audit

After completing Chapter 1, you should comprehend the following: 1. Technology and Audit

2. Batch and On-Line Systems 3. Electronic Data Interchange 4. Electronic Business

(2)

CHAPTER 2 – IS Audit Function Knowledge

After completing Chapter 2, you should comprehend the following: 1. Information Systems Auditing

2. What Is Management? 3. Management Process

4. Understanding the Organization’s Business 5. Establishing the Needs

6. Identifying Key Activities

7. Establish Performance Objectives 8. Decide the Control Strategies

9. Implement and Monitor the Controls

10. Executive Management’s Responsibility and Corporate Governance 11. Audit Role

12. Conceptual Foundation

13. Professionalism within the IS Auditing Function

14. Relationship of Internal IS Audit to the External Auditor 15. Relationship of IS Audit to Other Company Audit Activities 16. Audit Charter

17. Charter Content

18. Outsourcing the IS Audit Activity 19. Regulation, Control, and Standards

CHAPTER 3 – IS Risk and Fundamental Auditing Concepts After completing Chapter 3, you should comprehend the following:

1. Computer Risks and Exposures 2. Effect of Risk

3. Audit and Risk 4. Audit Evidence

5. Conducting an IT Risk Assessment Process 6. NIST SP 800 30 Framework

7. ISO 27005

8. The "Cascarino Cube" 9. Reliability of Audit Evidence 10. Audit Evidence Procedures

11. Responsibilities for Fraud Detection and Prevention CHAPTER 4 – Standards and Guidelines for IS Auditing

(3)

After completing Chapter 4, you should comprehend the following: 1. IIA Standards

2. Code of Ethics 3. Advisory 4. Aids

5. Standards for the Professional Performance of Internal Auditing 6. ISACA Standards

7. ISACA Code of Ethics

8. COSO: Internal Control Standards 9. BS 7799 and ISO 17799: IT Security 10. NIST

11. BSI Baselines

CHAPTER 5 – Internal Controls Concepts Knowledge

After completing Chapter 5, you should comprehend the following: 1. Internal Controls

2. Cost/Benefit Considerations 3. Internal Control Objectives 4. Types Of Internal Controls 5. Systems of Internal Control 6. Elements of Internal Control 7. Manual and Automated Systems 8. Control Procedures

9. Application Controls

10. Control Objectives and Risks 11. General Control Objectives

12. Data and Transactions Objectives 13. Program Control Objectives 14. Corporate IT Governance

15. COSO and Information Technology 16. Governance Frameworks

CHAPTER 6 – Risk Management of the IS Function

After completing Chapter 6, you should comprehend the following: 1. Nature of Risk

2. Risk Analysis Softward 3. Auditing in General

(4)

4. Elements of Risk Analysis 5. Defining the Audit Universe 6. Computer System Threats 7. Risk Management

CHAPTER 7 – Audit Planning Process

After completing Chapter 7, you should comprehend the following: 1. Benefits of an Audit Plan

2. Structure of the Plan 3. Types of Audit

CHAPTER 8 – Audit Management

After completing Chapter 8, you should comprehend the following: 1. Planning

2. Audit Mission 3. IS Audit Mission

4. Organization of the Function 5. Staffing

6. IT Audit as a Support Function 7. Planning

8. Business Information Systems

9. Integrated IT Auditor vs Integrated IT Audit 10. Auditees as Part of the Audit Team

11. Application Audit Tools 12. Advanced Systems 13. Specialist Auditor

14. IS Audit Quality Assurance

CHAPTER 9 – Audit Evidence Process

After completing Chapter 9, you should comprehend the following: 1. Audit Evidence

2. Audit Evidence Procedures 3. Criteria for Success

4. Statistical Sampling 5. Why Sample?

(5)

6. Judgmental (or Non-Statistical) Sampling 7. Statistical Approach

8. Sampling Risk

9. Assessing Sampling Risk

10. Planning a Sampling Application 11. Calculating Sample Size

12. Quantitative Methods

13. Project Scheduling Techniques 14. Simulations

15. Computer Assisted Audit Solutions 16. Generalized Audit Software

17. Application and Industry-Related Audit Software 18. Customized Audit Software

19. Information Retrieval Software 20. Utilities

21. On-Line Inquiry

22. Conventional Programming Languages 23. Microcomputer-Based Software

24. Test Transaction Techniques

CHAPTER 10 – Audit Reporting Follow-up

After completing Chapter 10, you should comprehend the following: 1. Audit Reporting

2. Interim Reporting 3. Closing Conferences 4. Written Reports

5. Clear Writing Techniques 6. Preparing To Write 7. Basic Audit Report 8. Executive Summary 9. Detailed Findings 10. Polishing the Report 11. Distributing the Report 12. Follow-Up Reporting 13. Types of Follow-Up Action CHAPTER 11 – Management

(6)

1. IT Infrastructures 2. Project-Based Functions 3. Quality Control

4. Operations and Production 5. Technical Services

6. Performance Measurement and Reporting 7. Measurement Implementation

CHAPTER 12 - Strategic Planning

After completing Chapter 12, you should comprehend the following: 1. Strategic Management Process

2. Strategic Drivers 3. New Audit Revolution 4. Leveraging IT

5. Business Process Re-Engineering Motivation 6. IT as an Enabler of Re-Engineering

7. Dangers of Change 8. System Models

9. Information Resource Management 10. Strategic Planning for IT

11. Decision Support Systems 12. Steering Committees 13. Strategic Focus

14. Auditing Strategic Planning 15. Design the Audit Procedures CHAPTER 13 - Management Issues

After completing Chapter 13, you should comprehend the following: 1. Privacy

2. Copyrights, Trademarks, and Patents 3. Ethical Issues

4. Corporate Codes of Conduct 5. IT Governance

6. Sarbanes-Oxley Act

7. Payment Card Industry Data Security Standards 8. Housekeeping

(7)

CHAPTER 14 - Support Tools and Frameworks

After completing Chapter 14, you should comprehend the following: 1. General Frameworks

2. COSO: Internal Control Standards 3. Other Standards

4. Governance Frameworks

CHAPTER 15 - Governance Techniques

After completing Chapter 15, you should comprehend the following: 1. Change Control

2. Problem Management 3. Auditing Change Control 4. Operational Reviews

5. Performance Measurement 6. ISO 9000 Reviews

CHAPTER 16 - Information Systems Planning

After completing Chapter 16, you should comprehend the following: 1. Stakeholders

2. Operations

3. Systems Development 4. Technical Support 5. Other System Users 6. Segregation of Duties 7. Personnel Practices

8. Object-Oriented Systems Analysis 9. Enterprise Resource Planning 10. Cloud Computing

CHAPTER 17 - Information Management and Usage

After completing Chapter 17, you should comprehend the following: 1. What Are Advanced Systems?

(8)

3. Computer Assisted Audit Tools and Techniques

CHAPTER 18 - Development, Acquisition, and Maintenance of Information Systems

After completing Chapter 18, you should comprehend the following: 1. Programming Computers

2. Program Conversions

3. No Thanks Systems Development Exposures 4. Systems Development Controls

5. Systems Development Life Cycle Control: Control Objectives 6. Micro-Based Systems

7. Cloud Computing Applications

CHAPTER 19- Impact of Information Technology on the Business Processes and Solutions

After completing Chapter 19, you should comprehend the following: 1. Impact

2. Continuous Monitoring

3. Business Process Outsourcing 4. E-Business

CHAPTER 20 - Software Development

After completing Chapter 20, you should comprehend the following: 1. Developing a System

2. Change Control

3. Why Do Systems Fail?

4. Auditor's Role in Software Development

CHAPTER 21 - Audit and Control of Purchased Packages After completing Chapter 21, you should comprehend the following:

1. IT Vendors

(9)

3. Requirements Definition 4. Request For Proposal 5. Installation

6. Systems Maintenance

7. Systems Maintenance Review 8. Outsourcing

9. SAS 70 Reports

CHAPTER 22 - Audit Role in Feasibility Studies and Conversions After completing Chapter 22, you should comprehend the following:

1. Feasibility Success Factors 2. Conversion Success Factors

CHAPTER 23 - Audit and Development of Application Controls After completing Chapter 23, you should comprehend the following:

1. What Are Systems? 2. Classifying Systems 3. Controlling Systems 4. Control Stages

5. Control Objectives of Business Systems 6. General Control Objectives

7. CAATS and their Role in Business Systems Auditing 8. Common Problems

9. Audit Procedures

10. CAAT Use in Non-Computerized Areas 11. Designing an Appropriate Audit Program CHAPTER 24 - Technical Infrastructure

After completing Chapter 24, you should comprehend the following: 1. Auditing the Technical Infrastructure

2. Infrastructure Changes

3. Computer Operations Controls 4. Operations Exposures

5. Operations Controls 6. Personnel Controls

(10)

7. Supervisory Controls 8. Information Security 9. Operations Audits

CHAPTER 25 - Service Center Management

After completing Chapter 25, you should comprehend the following: 1. Private Sector Preparedness (PS Prep)

2. Continuity Management and Disaster Recovery 3. Managing Service Center Change

CHAPTER 26 - Information Assets Security Management After completing Chapter 26, you should comprehend the following:

1. What Is Information Systems Security? 2. Control Techniques 3. Workstation Security 4. Physical Security 5. Logical Security 6. User Authentication 7. Communications Security 8. Encryption

9. How Encryption Works 10. Encryption Weaknesses 11. Potential Encryption 12. Data Integrity

13. Double Public Key Encryption 14. Steganography

15. Information Security Policy

CHAPTER 27 - Logical Information Technology Security After completing Chapter 27, you should comprehend the following:

1. Computer Operating Systems 2. Tailoring the Operating System 3. Auditing the Operating System 4. Security

(11)

6. Security Systems: Resource Access Control Facility 7. Auditing RACF

8. Access Control Facility 2 9. Top Secret

10. User Authentication 11. Bypass Mechanisms

12. Security Testing Methodologies

CHAPTER 28 - Applied Information Technology Security After completing Chapter 28, you should comprehend the following:

1. Communications and Network Security 2. Network Protection

3. Hardening the Operating Environment 4. Client Server and Other Environments 5. Firewalls and Other Protection Resources 6. Intrusion Detection Systems

CHAPTER 29 - Physical and Environmental Security

After completing Chapter 29, you should comprehend the following: 1. Control Mechanisms

2. Implementing the Controls

CHAPTER 30 - Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning

After completing Chapter 30, you should comprehend the following: 1. Risk Reassessment

2. Disaster—Before and After 3. Consequences of Disruption 4. Where to Start

5. Testing the Plan 6. Auditing the Plan CHAPTER 31 – Insurance

(12)

After completing Chapter 31, you should comprehend the following: 1. Insurance

2. Self-Insurance

CHAPTER 32 - Auditing E-commerce Systems

After completing Chapter 32, you should comprehend the following: 1. E-Commerce and Electronic Data Interchange: What Is It? 2. Opportunities and Threats

3. Risk Factors 4. Threat List 5. Security Technology 6. "Layer" Concept 7. Authentication 8. Encryption

9. Trading Partner Agreements

10. Risks and Controls within EDI and E-Commerce 11. E-Commerce and Auditability

12. Compliance Auditing

13. E-Commerce Audit Approach 14. Audit Tools and Techniques

15. Auditing Security Control Structures 16. Computer Assisted Audit Techniques CHAPTER 33 - Auditing UNIX/Linux

After completing Chapter 33, you should comprehend the following: 1. History

2. Security and Control in a UNIX/Linux System 3. Architecture 4. UNIX Security 5. Services 6. Daemons 7. Auditing UNIX 8. Scrutiny of Logs

9. Audit Tools in the Public Domain 10. UNIX password File

(13)

CHAPTER 34 - Auditing Windows

After completing Chapter 34, you should comprehend the following: 1. History

2. NT and Its Derivatives

3. Auditing Windows Vista/Windows 7 4. Password Protection

5. VISTA/Windows 7 6. Security Checklist

CHAPTER 35 - Foiling the System Hackers

After completing Chapter 35, you should comprehend the following: 1. Foiling the system hackers

CHAPTER 36 - Investigating Information Technology Fraud After completing Chapter 36, you should comprehend the following:

1. Preventing Fraud 2. Investigation 3. Identity Theft

References

Download now ( PDF - 13 Page - 161.57 KB )

Related documents

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

• Copying information to a different medium and storing offsite to be used in event of disaster • Questions to ask when creating a data backup. – What information should be

Alchemical Rubedo in Jill Mellick's "The Red Book Hours": Ecosophy on the Spirit

71 Mellick’s monumental The Red Book Hours is not only a profound scholarly study of Jung’s own extraordinary Red Book, but also a multifaceted, dynamic and living

Before the U.S DEPARTMENT OF TRANSPORTATION NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION. and FEDERAL MOTOR CARRIER SAFETY ADMINISTRATION

(ATA), on behalf of its members, petitions the National Highway Traffic Safety Administration (NHTSA), pursuant to 49 CFR §552.3, to initiate a rulemaking to amend the Federal

Objectives. Upon completing this chapter, you will be able to

Therefore, the first two octets are used to represent the network number, which leaves two octets or 16 bits to represent the host portion of the address.. Recall that two of

Diagnosis Coding. After completing this chapter, you should be able to:

Preliminary codes found in the Index must be verified in the Tabular List in order to confirm the code description and assign additional characters that specify details

Inventory of eeurope 2005 benchmarking indicators

J.3 Percentage of households or individuals with broadband access Source: Eurostat ICT Households Survey 2003, question A4c(1-4) Current availability: available. Spanish source: INE

Dwight M. Jaffee is a professor of finance and real estate at the Haas School of Business at the University of California, Berkeley.

catastrophic risks. First, catastrophes mainly reflect idiosyncratic risks, which implies that capital markets should not even require much in the way of a risk premium. Second,

Experimental investigations for parametric effects of dual synthetic jets on delaying stall of a thick airfoil

Differently, with AoA just being approaching and larger than stall AoA, jet array with 180 ° phase difference is the most significant method to increase lift coefficient of airfoil