Assessing IT Risks & Controls

24 CPE Seminar

Cyberattacks, emerging technologies, and complex IT environments require continual training for all auditors to address the enterprise’s increasing information security risks.

This seminar is targeted toward IT auditors, financial & operational auditors and audit management to provide a foundational understanding of key risks, critical controls, IT audit processes and internationally recognized information security frameworks and resources.

During this class you will examine essential IT general controls and business application controls necessary to provide reasonable assurance regarding the confidentiality, integrity and availability of the enterprise’s information assets.

You will leave equipped with the basics of information security as they apply to addressing critical enterprise IT risks.

Topics covered in this 24-CPE class will include:

·      IT Risk Definition

·      Information Security Objectives

·      Operating Systems (OS)

·      Mainframe Environment

·      Client Server Technology

·      Virtualization / Virtual Servers

·      Databases

·      IT Asset Management

·      IT Vulnerability Management

·      Incident Response Management

·      User Identification and Authentication

·      Single Sign-On

·      Authorization Controls

·      Controlling Privileged Access

·      Firewalls

·      Demilitarized Zone (DMZ)

·      Intrusion Detection / Prevention Systems

·      End Point Security / Zero Trust

·      Web Application / DMZ Risks

·      Web Application Vulnerability Scanning

·      Cloud Computing

·      Middleware, API, EDI

·      Business Application Audit Objectives

·      Batch, On-line, Web-facing and Real-time Application Models

·      Enterprise Resource Planning (ERP) Systems

·      Automated & IT Dependent Manual Controls

·      Completeness & Accuracy of Input

·      Error Handling

·      Completeness & Accuracy of Processing

·      Completeness & Accuracy of Output

·      Completeness & Accuracy of Masters

·      Completeness & Accuracy of Interfaces

·      Testing Automated Controls

·      Testing IT Dependent Manual Controls

·      Data Analytics & CAATs

·      End User Computing (EUC)

·      Shadow IT and Shadow Cloud

·      Assessing Systems Development Projects

·      Machine Learning

·      Artificial Intelligence - AI

·      Robotic Process Automation – RPA

·      Internet of Things – IoT

·      Cryptography Concepts

·      Symmetric Key Encryption

·      Asymmetric Key Encryption

·      Message Digests & One-way Hashing

·      Digital Signatures

·      Nonrepudiation

·      HTTPS - TLS Protocol

·      Cryptographic Key Management

·      Information Security Resources:

·      Center for Internet Security (CIS) Controls

·      IIA Global Technology Audit Guides (GTAGs)

·      ISACA COBIT®

·      NIST Cybersecurity Framework (CSF)

·      OWASP – Open Web Application Security Project

Which course should I enroll in?

ERP Risk Advisors offers both a 16-CPE Introductions to Assessing IT Risks & Controls course and a 24-CPE Assessing IT Risks & Controls course. The 24-CPE Assessing IT Risks & Controls class explores a more extensive list of topics relevant to today’s auditors and includes a monthly call with the instructor. We recommend enrolling in either the 16- or 24-hour CPE course based on the topics covered. See the description of the 16-CPE course for a list of topics covered.