Reviewing the RACM:

Inventorying IT Dependent Controls and ITACs

- 1.5 CPEs

This course will help auditors better understand how to evaluate the RACM to identify IT Dependent Controls and to evaluate whether the RACM is complete. We use real data from client’s RACMs to understand how to evaluate whether the RACM is complete and how to identify if there is a dependency on a report, configuration, or access control.

Course Agenda:
  • ERP Systems Overview and Background
  • Background - ISACA and IIA
  • Identifying IT Dependent Controls in the RACM / Case Studies
  • Looking for Risks Beyond the RACM
  • Decision Matrix for Identifying IT Dependent Controls