1. Introduction
2. The Impact of IT on Organizations
   1. IT Governance
   2. IT and Transaction Processing
   
3. The Work of an IT Auditor
4. The Relationship between Financial and IT Audits
5. IT Audit Skills
   1. Technical Skills
   2. General Personal and Business Skills
   
6. Professional IT Auditor Organizations and Certifications
   1. The Information Systems Audit and Control
   Association (ISACA)
   2. The Institute of Internal Auditors (IIA)
   3. The Association of Certified Fraud Examiners (ACFE)
   4. The American Institute of Certified Public
   Accountants (AICPA)
   5. Security Management Credentials
   a) CISA / CISM
   b) CISSP
   
   
7. Structuring IT Audits
   1. AICPA Audit Standards and Guidelines
   2. International Federation of Accountants (IFAC)
   Guidelines
   3. ISACA Standards, Guidelines, and Procedures

DOMAIN 2:
LEGAL AND ETHICAL ISSUES FOR IT AUDITORS

1. Introduction
2. Code of Ethics
3. Irregular and Illegal Acts
   1. Professional Guidance
4. Regulatory and Legal Issues
   1. Legal Contracts
   2. Sarbanes-Oxley Overview and Action Items
5. Computer Crime and Intellectual Property
   1. Computer Crime
   2. Intellectual Property
   3. Efforts to Thwart Cybercrime
   4. Cyber Information Crimes
   5. Cybercrime and IT Auditors
6. Privacy Issues

DOMAIN 3:
INFORMATION TECHNOLOGY RISKS AND CONTROLS

1. Introduction
2. Identifying Information Technology Risks
   1. Business Risk
   2. Audit Risk
   3. Security Risk
   4. Continuity Risk
3. Assessing Information Technology Risks
   1. Threats and Vulnerabilities
   2. Risk Indicators and Risk Measurement
4. Identifying Information Technology Controls
   1. COSO and Other Control Models
   2. Statements on Auditing Standards
      1. SAS 94
         1. Understanding and Implementing SAS 94
            1. Which IT Risks need to be considered?
         2. What Are The Relevant Planning Issues?
         3. Implementation Strategies
            
   3. COBIT
      1. Executive Overview
      2. Background
      3. The COBIT Framework - Setting the Scene for
         Implementation
         
   4. Systems Reliability Assurance
5. Documenting Information Technology Controls
   1. Internal Control Narratives
   2. Flowcharts
   3. Internal Control Questionnaires
6. Monitoring Information Technology Risks and Controls

DOMAIN 4:
IT DEPLOYMENT RISKS

1. Introduction
2. Developing Strategic Plans
   1. Professional Guidance
   2. IT Function Scorecard
3. Managing Development Projects
4. Acquiring Software Applications
5. Developing Software Applications
   1. Conducting a Feasibility Study
   2. Considering Additional Systems Development Issues
6. Changing Software Applications
7. Implementing Software Applications
   1. Implementation Strategies
   2. Implementation Planning
   3. Other Implementation Issues

DOMAIN 5:
IT NETWORKS AND TELECOMMUNICATIONS RISKS

1. Introduction
2. Network and Telecommunications Technologies
   1. Network Components
   2. Types of Networks
   3. Protocols and Software
3. Risks to IT Network and Telecommunications Systems
   1. Social Engineering
   2. Physical Infrastructure Threats Programmed Threats
   3. Denial of Service Attacks
   4. Software Vulnerabilities
4. Auditing IT Network and Telecommunications Security
   1. Network Security Administration
   2. Authentication
      1. Identification and Authentication
      2. Authorization and Accountability
         
   3. Firewalls
   4. Intrusion Detection Systems
   5. Penetration Testing
      
5. Auditing Network Security

DOMAIN 6:
USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES (CAATS)

1. Introduction to CAATTS
   1. Definition of CAATTS
   2. Types of CAATTS
   a) Intacct Audit
   b) CCH Inc.
   c) PWC TeamMate
   
2. Audit Productivity Software
   1. Electronic Working Papers
   2. Groupware
   3. Time and Billing Software
   4. Reference Libraries
   5. Document Management
   
3. Generalized Audit Software Tools
   1. Data Extraction and Analysis
   a) ACL
   b) CA-Easytrieve
   2. Statistical Analysis
   3. Audit Expert Systems
   
4. Computer Assisted IT Audit Techniques
   1. Professional Standards and Guidelines
   2. Ten Steps to Using CAATs
   3. CAATs to Validate Application Integrity
   4. CAATs to Verify Data Integrity
   5. CAATs to Detect Fraud
5. Class Lab: Working with ACL
6. Continuous Auditing Techniques

DOMAIN 7:
CONDUCTING THE IT AUDIT

1. Introduction
2. Audit Standards
3. The IT Audit Life Cycle
   1. Planning
   2. Risk Assessment, or “What Can Go Wrong?”
      a) Implementing the Risk-Based Audit Approach
   3. Gathering Evidence for IS Audit
      
      a) Types of Evidence
      b) Reliability of Evidence
      c) Evidence Gathering Techniques
      d) Audit Sampling
   4. Forming Conclusions
   5. The Audit Opinion
   6. Following Up
      
4. Four Main Types of IT Audits
   1. Attestation
   2. Findings and Recommendations
   3. SAS 70 Audit
      a) Auditing “Service Organizations”
      b) Service Auditor Reports
      c) Case Study 5.2: Significant Risk with Service
      Organization Application
      d) Case Study 5.5: Service Organization without a
      SAS 70
      e) Examining Vendor Contracts
   4. SAS 94 Audit
      
5. Using CobiT to Perform an Audit

DOMAIN 8:
FRAUD AND FORENSIC AUDITING

1. Understanding Fraud
   1. Why Fraud Occurs
   2. Major Fraud Studies
   3. IT Fraud
   a) Case Study 9.6:
   Fraud Resulting from Inadequate Segregation of Duties
   4. Cybercrime
   
2. Responsibilities to Detect Fraud
   1. Corporate Responsibility
   2. The Auditor’s Responsibility – Professional Guidance
   3. Future Plans by the Accounting Profession
   Regarding Fraud
   4. The Corporate and Auditing Accountability,
   Responsibility, and Transparency Act of 2002 (Sarbanes-Oxley Act)
   
3. Forensic Auditing
   1. What is Computer Forensics?
   2. What Can Computer Forensics Do?
   3. Conducting the Forensic Investigation
   a) Prosecution

Benefits You Will Gain Through This workshop:

• Aligning IT with your business goals, maximizing the benefit of IT to your business functions, and minimizing the associated risks that come with IT
• Discovering strategies in fraud prevention and detection
• Recognizing the contracts and vendors for outsourced services
• Ensuring vendors are protecting the confidentiality, reliability, and the availability of the services and data your organization depends upon to continue to survive and profit
• Mastering how staff been especially trained to audit your outsourced services in order to keep your own organization safe
• Determining organization performed an IT audit specifically aimed at documenting compliance with the new financial legislation enacted around the world since the Enron and Worldcom fiascos
• Evaluating new IT controls reports ready to accompany your financials
• Identifying the knowledge, skills, and task lists they need to immediately improve data controls according to business and regulatory compliance needs.

Who Should Attend

• Chief Executive Officers
• Chief Operating Officers
• Chief Financial Officers
• Chief Information Officers
• Chief Technology Officers
• Chief Information Security Officers
• Operation managers
• IT managers
• Contract managers
• Security managers
• Audit managers
• Audit Committee Members
• Accountant
• Financial Auditor
• System Auditor
• IS Auditing Specialist