Introduction to IT Risks & Controls

16 CPE Seminar


Internal and external auditors in today's complex IT environments must understand core IT risks and controls. Information security knowledge is essential in meeting today’s security challenges and for providing assurance that IT risks are being adequately addressed.

This on-demand class is designed to help IT auditors, financial & operational auditors, and audit management meet today’s challenges and will highlight key concepts necessary to address important IT infrastructure and business application risks. 

During this class you will examine essential IT general controls and business application controls that require audit attention to provide reasonable assurance regarding the confidentiality, integrity and availability of the enterprise’s information assets.

Presented in straightforward language, this introductory class will provide you with a comfortable knowledge of IT and Information Security terminology, risks, key controls and internationally recognized information security frameworks and resources.

You will leave with a solid foundation in the basics of information technology as they apply to addressing critical enterprise IT risks.

Topics covered in this 16-CPE class will include:

·      IT Risk Definition

·      Information Security Objectives

·      Operating Systems (OS)

·      Mainframe Environment

·      Client Server Technology

·      Middleware

·      Virtualization / Virtual Servers

·      Databases

·      Cloud Computing

·      IT Asset Management

·      IT Vulnerability Management

·      Incident Response Management

·      User Identification and Authentication

·      Single Sign-On

·      Authorization Controls

·      Controlling Privileged Access

·      Firewalls

·      Demilitarized Zone (DMZ)

·      Intrusion Detection / Prevention Systems

·      End Point Security / Zero Trust

·      Protecting Sensitive Information / Encryption

·      Business Application Audit Objectives

·      Batch, On-line, Web-facing and Real-time Application Models

·      Enterprise Resource Planning (ERP) Systems

·      Automated & IT Dependent Manual Controls

·      Completeness & Accuracy of Input

·      Error Handling

·      Completeness & Accuracy of Processing

·      Completeness & Accuracy of Output

·      Completeness & Accuracy of Masters

·      Completeness & Accuracy of Interfaces

·      Testing Automated Controls

·      Testing IT Dependent Manual Controls

·      Data Analytics & CAATs

·      End User Computing (EUC)

·      Shadow IT and Shadow Cloud

·      Information Security Resources:

·      Center for Internet Security (CIS) Controls

·      IIA Global Technology Audit Guides (GTAGs)

·      ISACA COBIT®

·      NIST Cybersecurity Framework (CSF)

 

NOTE – The 24-CPE Assessing IT Risks & Controls class will include additional coverage on:

·      Web Application / DMZ Risks

·      Web Application Vulnerability Scanning

·      Cloud Computing

·      Middleware, API, EDI

·      Assessing Systems Development Projects

·      Machine Learning

·      Artificial Intelligence - AI

·      Robotic Process Automation – RPA

·      Internet of Things – IoT

·      Cryptography Concepts

·      Symmetric Key Encryption

·      Asymmetric Key Encryption

·      Message Digests & One-way Hashing

·      Digital Signatures

·      Nonrepudiation

·      HTTPS - TLS Protocol

·      Cryptographic Key Management


Which course should I enroll in?

ERP Risk Advisors offers both a 16-CPE Introductions to Assessing IT Risks & Controls course and a 24-CPE Assessing IT Risks & Controls course. The 24-CPE Assessing IT Risks & Controls class explores a more extensive list of topics relevant to today’s auditors and includes a monthly call with the instructor. We recommend enrolling in either the 16- or 24-hour CPE course based on the topics covered.


Course Curriculum

  Introduction & Objectives
Available in days
days after you enroll
  IT Risks
Available in days
days after you enroll
  Performing Integrated Audits
Available in days
days after you enroll
  Technology Overview
Available in days
days after you enroll
  IT Operations
Available in days
days after you enroll
  Access Management
Available in days
days after you enroll
  Change Management
Available in days
days after you enroll
  Networks
Available in days
days after you enroll
  Application Controls Introduction
Available in days
days after you enroll
  Determining Application Risks
Available in days
days after you enroll
  Application Controls
Available in days
days after you enroll
  Testing
Available in days
days after you enroll
  End User Computing
Available in days
days after you enroll
  Financial Auditor Review
Available in days
days after you enroll
  Course Test
Available in days
days after you enroll