Understanding IT Controls

As part of the Sarbanes-Oxley audit, there is a need to document and test controls for data centers, networks, operating systems, as well as client-server and web-server databases supporting those applications. Given the fact that the COBIT has 34 IT processes and 318 detailed control objectives, it is understandable that IT auditors are overwhelmed by the large number of controls. How do you determine what controls are important and which ones are not? Is the control a preventive, detective, or corrective control? What is the testing methodology? How do you determine if the control is effective?

The goal of this presentation is to address these questions and provide the IT auditor the information necessary to perform an effective audit of IT controls.

Learn how to determine if the control is a "key" control. Determine if the control prevents fraud, if it safeguards assets, if it is a manual or automated control, how to identify who performs the control, and if the control is designed in such a way that it mitigates the risk.

Areas Covered in the seminar:

• Understanding the IT audit process
• Selecting and using a control structure
• Understanding the various control frameworks (COBIT, COSO, ITIL)
• Identifying, evaluating, and improving IT controls
• How to collect data evidence

• IT Senior Management / IT management
• Internal IT audit
• IT compliance specialists
• Compliance officers
• Information security officers

Instructor Profile:

Mark Edmead, MBA, CISSP, CISA, the Western Region IT Director for Control Solutions[www.controlsolutions.com] and has over 25 years of experience in computer systems architecture and information security. Mark has extensive knowledge of IT and Application audits, IT Governance, including FDIC, FFIEC, Sarbanes-Oxley, and GLBA compliance auditing. He also teaches audit and IT security courses for the Institute of Internal Auditors (IIA), Learning Tree International, and is an adjunct professor at Keller Graduate School of Management.

Follow us :