Assessing IT Risks & Controls

24 CPE Seminar

 

Cyberattacks, emerging technologies, and complex IT environments require continual training for all auditors to address the enterprise’s increasing information security risks.

This seminar is targeted toward IT auditors, financial & operational auditors and audit management to provide a foundational understanding of key risks, critical controls, IT audit processes and internationally recognized information security frameworks and resources.

During this class you will examine essential IT general controls and business application controls necessary to provide reasonable assurance regarding the confidentiality, integrity and availability of the enterprise’s information assets.

You will leave equipped with the basics of information security as they apply to addressing critical enterprise IT risks.

Topics covered in this 24-CPE class will include:

·      IT Risk Definition

·      Information Security Objectives

·      Operating Systems (OS)

·      Mainframe Environment

·      Client Server Technology

·      Virtualization / Virtual Servers

·      Databases

·      IT Asset Management

·      IT Vulnerability Management

·      Incident Response Management

·      User Identification and Authentication

·      Single Sign-On

·      Authorization Controls

·      Controlling Privileged Access

·      Firewalls

·      Demilitarized Zone (DMZ)

·      Intrusion Detection / Prevention Systems

·      End Point Security / Zero Trust

·      Web Application / DMZ Risks

·      Web Application Vulnerability Scanning

·      Cloud Computing

·      Middleware, API, EDI

·      Business Application Audit Objectives

·      Batch, On-line, Web-facing and Real-time Application Models

·      Enterprise Resource Planning (ERP) Systems

·      Automated & IT Dependent Manual Controls

·      Completeness & Accuracy of Input

·      Error Handling

·      Completeness & Accuracy of Processing

·      Completeness & Accuracy of Output

·      Completeness & Accuracy of Masters

·      Completeness & Accuracy of Interfaces

·      Testing Automated Controls

·      Testing IT Dependent Manual Controls

·      Data Analytics & CAATs

·      End User Computing (EUC)

·      Shadow IT and Shadow Cloud

·      Assessing Systems Development Projects

·      Machine Learning

·      Artificial Intelligence - AI

·      Robotic Process Automation – RPA

·      Internet of Things – IoT

·      Cryptography Concepts

·      Symmetric Key Encryption

·      Asymmetric Key Encryption

·      Message Digests & One-way Hashing

·      Digital Signatures

·      Nonrepudiation

·      HTTPS - TLS Protocol

·      Cryptographic Key Management

·      Information Security Resources:

·      Center for Internet Security (CIS) Controls

·      IIA Global Technology Audit Guides (GTAGs)

·      ISACA COBIT®

·      NIST Cybersecurity Framework (CSF)

·      OWASP – Open Web Application Security Project

 

Which course should I enroll in?

ERP Risk Advisors offers both a 16-CPE Introductions to Assessing IT Risks & Controls course and a 24-CPE Assessing IT Risks & Controls course. The 24-CPE Assessing IT Risks & Controls class explores a more extensive list of topics relevant to today’s auditors and includes a monthly call with the instructor. We recommend enrolling in either the 16- or 24-hour CPE course based on the topics covered. See the description of the 16-CPE course for a list of topics covered.


 


Course Curriculum


  Introduction & Objectives
Available in days
days after you enroll
  IT Risks
Available in days
days after you enroll
  Performing Integrated Audits
Available in days
days after you enroll
  Technology Overview
Available in days
days after you enroll
  IT Operations
Available in days
days after you enroll
  Access Management
Available in days
days after you enroll
  Change Management
Available in days
days after you enroll
  Networks
Available in days
days after you enroll
  Web Application Risks
Available in days
days after you enroll
  Cloud Computing
Available in days
days after you enroll
  Middleware, Application Programming Interfaces, and Electronic Data Interchanges
Available in days
days after you enroll
  Half Time Review
Available in days
days after you enroll
  Application Controls Introduction
Available in days
days after you enroll
  Determining Application Risks
Available in days
days after you enroll
  Application Controls
Available in days
days after you enroll
  Testing
Available in days
days after you enroll
  End User Computing
Available in days
days after you enroll
  Assessing Systems Development Projects
Available in days
days after you enroll
  Emerging Technologies
Available in days
days after you enroll
  Encryption
Available in days
days after you enroll
  Summary and Review
Available in days
days after you enroll
  Course Test
Available in days
days after you enroll

ERP Risk Advisors are experts in the Oracle ERP platform and possess a complete understanding of the audit requirements in today’s environment. 


IT Vice President

Publicly Traded Company


See more customer testimonials here