AUD105 Course Objectives and Outline1

AUD105
Auditor’s Guide to Information Systems Auditing - 20 hours
Objectives
More and more, auditors are being called upon to assess the risks and evaluate
the controls over computer information systems in all types of organizations.
However, many auditors are unfamiliar with the techniques they need to know to
efficiently and effectively determine whether information systems are adequately
protected. Auditor's Guide to Information Systems Auditing presents an easy,
practical guide for auditors that can be applied to all computing environments.
As networks and enterprise resource planning systems bring resources together,

and as increasing privacy violations threaten more organization, information
systems integrity becomes more important than ever. With a complimentary
student's version of the IDEA Data Analysis Software CD, Auditor's Guide to
Information Systems Auditing empowers auditors to effectively gauge the
adequacy and effectiveness of information systems controls.
Course Outline
CHAPTER 1 – Technology and Audit
After completing Chapter 1, you should comprehend the following:
1. Technology and Audit

2. Batch and On-Line Systems
CHAPTER 2 – IS Audit Function Knowledge

1. Information Systems Auditing
2. What Is Management?
3. Management Process
4. Understanding the Organization’s Business
5. Establishing the Needs
6. Identifying Key Activities
7. Establish Performance Objectives
8. Decide the Control Strategies
9. Implement and Monitor the Controls
10. Executive Management’s Responsibility and Corporate Governance
11. Audit Role
12. Conceptual Foundation
13. Professionalism within the IS Auditing Function
14. Relationship of Internal IS Audit to the External Auditor
15. Relationship of IS Audit to Other Company Audit Activities
16. Audit Charter
17. Charter Content
18. Outsourcing the IS Audit Activity
19. Regulation, Control, and Standards
CHAPTER 3 – IS Risk and Fundamental Auditing Concepts
1. Computer Risks and Exposures

2. Effect of Risk
3. Audit and Risk
4. Audit Evidence
5. Reliability of Audit Evidence
6. Audit Evidence Procedures
7. Responsibilities for Fraud Detection and Prevention
CHAPTER 4 – Standards and Guidelines for IS Auditing
1. IIA Standards
2. Code of Ethics
3. Advisory
4. Aids
5. Standards for the Professional Performance of Internal Auditing
6. ISACA Standards
7. ISACA Code of Ethics
8. COSO: Internal Control Standards
9. BS 7799 and ISO 17799: IT Security
10. NIST
11. BSI Baselines
CHAPTER 5 – Internal Controls Concepts Knowledge
1. Internal Controls
2. Cost/Benefit Considerations
3. Internal Control Objectives
4. Types Of Internal Controls
5. Systems of Internal Control
6. Elements of Internal Control
7. Manual and Automated Systems
8. Control Procedures
9. Application Controls
10. Control Objectives and Risks
11. General Control Objectives
12. Data and Transactions Objectives
13. Program Control Objectives
14. Corporate IT Governance
CHAPTER 6 – Risk Management of the IS Function
1. Nature of Risk
2. Auditing in General
3. Elements of Risk Analysis
4. Defining the Audit Universe
5. Computer System Threats
6. Risk Management
CHAPTER 7 – Audit Planning Process

1. Benefits of an Audit Plan
2. Structure of the Plan
3. Types of Audit
CHAPTER 8 – Audit Management
1. Planning
2. Audit Mission
3. IS Audit Mission
4. Organization of the Function
5. Staffing
6. IS Audit as a Support Function
7. Planning
8. Business Information Systems
9. Integrated IS Auditor vs Integrated IS Audit
10. Auditees as Part of the Audit Team
11. Application Audit Tools
12. Advanced Systems
13. Specialist Auditor
14. IS Audit Quality Assurance
CHAPTER 9 – Audit Evidence Process
1. Audit Evidence
2. Audit Evidence Procedures
3. Criteria for Success
4. Statistical Sampling
5. Why Sample?
6. Judgmental (or Non-Statistical) Sampling
7. Statistical Approach
8. Sampling Risk
9. Assessing Sampling Risk
10. Planning a Sampling Application
11. Calculating Sample Size
12. Quantitative Methods
13. Project Scheduling Techniques
14. Simulations
15. Computer Assisted Audit Solutions
16. Generalized Audit Software
17. Application and Industry-Related Audit Software
18. Customized Audit Software
19. Information Retrieval Software
20. Utilities
21. On-Line Inquiry
22. Conventional Programming Languages
23. Microcomputer-Based Software
24. Test Transaction Techniques
CHAPTER 10 – Audit Reporting Follow-up
1. Audit Reporting
2. Interim Reporting
3. Closing Conferences
4. Written Reports
5. Clear Writing Techniques
6. Preparing To Write
7. Basic Audit Report
8. Executive Summary
9. Detailed Findings
10. Polishing the Report
11. Distributing the Report
12. Follow-Up Reporting
13. Types of Follow-Up Action
CHAPTER 11 – Management
1. IS Infrastructures
2. Project-Based Functions
3. Quality Control
4. Operations and Production
5. Technical Services
6. Performance Measurement and Reporting
7. Measurement Implementation
CHAPTER 12 - Strategic Planning

1. Strategic Management Process

2. Strategic Drivers
3. New Audit Revolution
4. Leveraging IS
5. Business Process Re-Engineering Motivation
6. IS as an Enabler of Re-Engineering
7. Dangers of Change
8. System Models
9. Information Resource Management
10. Strategic Planning for IS
11. Decision Support Systems
12. Steering Committees
13. Strategic Focus
14. Auditing Strategic Planning
15. Design the Audit Procedures
CHAPTER 13 - Management Issues
1. Privacy
2. Copyrights, Trademarks, and Patents
3. Ethical Issues
4. Corporate Codes of Conduct
5. IT Governance
6. Sarbanes-Oxley Act
7. Housekeeping
CHAPTER 14 - Support Tools and Frameworks
1. General Frameworks
2. COSO: Internal Control Standards
3. Other Standards
CHAPTER 15 - Governance Techniques

1. Change Control
2. Problem Management
3. Auditing Change Control
4. Operational Reviews
5. Performance Measurement
6. ISO 9000 Reviews
CHAPTER 16 - Information Systems Planning
1. Stakeholders
2. Operations
3. Systems Development
4. Technical Support
5. Other System Users
6. Segregation of Duties
7. Personnel Practices
8. Object-Oriented Systems Analysis
9. Enterprise Resource Planning
CHAPTER 17 - Information Management and Usage
After completing Chapter 17you should comprehend the following:
1. What Are Advanced Systems?

2. Service Delivery and Management
CHAPTER 18 - Development, Acquisition, and Maintenance of

Information Systems
1. Programming Computers
2. Program Conversions
3. System Failures
4. Systems Development Exposures
5. Systems Development Controls
6. Systems Development Life Cycle Control: Control Objectives
7. Micro-Based Systems
CHAPTER 19- Impact of Information Technology on the Business

Processes and Solutions
1. Impact
2. Continuous Monitoring
3. Business Process Outsourcing
4. E-Business
CHAPTER 20 - Software Development
1. Developing a System
2. Change Control
3. Why Do Systems Fail?
4. Auditor's Role in Software Development
CHAPTER 21 - Audit and Control of Purchased Packages
1. Information Systems Vendors

2. Request For Information
3. Requirements Definition
4. Request For Proposal
5. Installation
6. Systems Maintenance
7. Systems Maintenance Review
8. Outsourcing
CHAPTER 22 - Audit Role in Feasibility Studies and Conversions
1. Feasibility Success Factors

2. Conversion Success Factors
CHAPTER 23 - Audit and Development of Application Controls
1. What Are Systems?

2. Classifying Systems
3. Controlling Systems
4. Control Stages
5. System Models
6. Information Resource Management
7. Control Objectives of Business Systems
8. General Control Objectives
9. CAATS and their Role in Business Systems Auditing
10. Common Problems
11. Audit Procedures
12. CAAT Use in Non-Computerized Areas
13. Designing an Appropriate Audit Program
CHAPTER 24 - Technical Infrastructure
1. Auditing the Technical Infrastructure

2. Computer Operations Controls
3. Operations Exposures
4. Operations Controls
5. Personnel Controls
6. Supervisory Controls
7. Operations Audits
CHAPTER 25 - Service Center Management
1. Continuity Management and Disaster Recovery

2. Managing Service Center Change
CHAPTER 26 - Information Assets Security Management

1. What Is Information Systems Security?

2. Control Techniques
3. Workstation Security
4. Physical Security
5. Logical Security
6. User Authentication
7. Communications Security
8. Encryption
9. How Encryption Works
10. Encryption Weaknesses
11. Potential Encryption
12. Data Integrity
13. Double Public Key Encryption
14. Steganography
15. Information Security Policy
CHAPTER 27 - Logical Information Technology Security
1. Computer Operating Systems

2. Tailoring the Operating System
3. Auditing the Operating System
4. Security
5. Criteria
6. Security Systems: Resource Access Control Facility
7. Auditing RACF
8. Access Control Facility 2
9. Top Secret
10. User Authentication
11. Bypass Mechanisms
CHAPTER 28 - Applied Information Technology Security
1. Communications and Network Security

2. Network Protection
3. Hardening the Operating Environment
4. Client Server and Other Environments
5. Firewalls and Other Protection Resources
6. Intrusion Detection Systems
CHAPTER 29 - Physical and Environmental Security
1. Control Mechanisms
2. Implementing the Controls
CHAPTER 30 - Protection of the Information Technology Architecture

and Assets: Disaster Recovery Planning
1. Risk Reassessment
2. Disaster—Before and After
3. Consequences of Disruption
4. Where to Start
5. Testing the Plan
6. Auditing the Plan
CHAPTER 31 – Insurance
1. Self-Insurance
CHAPTER 32 - Auditing E-commerce Systems
1. E-Commerce and Electronic Data Interchange: What Is It?

2. Opportunities and Threats
3. Risk Factors
4. Threat List
5. Security Technology
6. "Layer" Concept
7. Authentication
8. Encryption
9. Trading Partner Agreements
10. Risks and Controls within EDI and E-Commerce
11. Nonrepudiation
12. E-Commerce and Auditability
13. Compliance Auditing
14. E-Commerce Audit Approach
15. Audit Tools and Techniques
16. Auditing Security Control Structures
17. Computer Assisted Audit Techniques
CHAPTER 33 - Auditing UNIX/Linux
1. History
2. Security and Control in a UNIX/Linux System
3. Architecture
4. UNIX Security
5. Services
6. Daemons
7. Auditing UNIX
8. Scrutiny of Logs
9. Audit Tools in the Public Domain
10. UNIX passwd File
11. Auditing UNIX Passwords
CHAPTER 34 - Auditing Windows
1. History
2. NT and Its Derivatives
3. Auditing Windows 23
4. Password Protection
5. File Sharing
6. Security Checklist
CHAPTER 35 - Foiling the System Hackers

1. Foiling the system hackers
CHAPTER 36 - Investigating Information Technology Fraud
1. Pre-Incident Preparation
2. Detection of Incidents
3. Initial Response
4. Forensic Backups
5. Investigation
6. Network Monitoring
7. Identity Theft

AUD105 Course Objectives and Outline1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUD105 Course Objectives and Outline1

Uploaded by

Copyright:

Available Formats

AUD105

Auditor’s Guide to Information Systems Auditing - 20 hours

As networks and enterprise resource planning systems bring resources together,

CHAPTER 1 – Technology and Audit

After completing Chapter 1, you should comprehend the following:

1. Technology and Audit

CHAPTER 2 – IS Audit Function Knowledge

After completing Chapter 2, you should comprehend the following:

CHAPTER 3 – IS Risk and Fundamental Auditing Concepts

After completing Chapter 3, you should comprehend the following:

1. Computer Risks and Exposures

CHAPTER 4 – Standards and Guidelines for IS Auditing

After completing Chapter 4, you should comprehend the following:

CHAPTER 5 – Internal Controls Concepts Knowledge

After completing Chapter 5, you should comprehend the following:

CHAPTER 6 – Risk Management of the IS Function

After completing Chapter 6, you should comprehend the following:

CHAPTER 7 – Audit Planning Process

After completing Chapter 7, you should comprehend the following:

CHAPTER 8 – Audit Management

After completing Chapter 8, you should comprehend the following:

CHAPTER 9 – Audit Evidence Process

After completing Chapter 9, you should comprehend the following:

CHAPTER 10 – Audit Reporting Follow-up

After completing Chapter 10, you should comprehend the following:

After completing Chapter 11, you should comprehend the following:

CHAPTER 12 - Strategic Planning

1. Strategic Management Process

CHAPTER 13 - Management Issues

After completing Chapter 13, you should comprehend the following:

CHAPTER 14 - Support Tools and Frameworks

After completing Chapter 14, you should comprehend the following:

CHAPTER 15 - Governance Techniques

CHAPTER 16 - Information Systems Planning

After completing Chapter 16, you should comprehend the following:

CHAPTER 17 - Information Management and Usage

After completing Chapter 17you should comprehend the following:

1. What Are Advanced Systems?

CHAPTER 18 - Development, Acquisition, and Maintenance of

After completing Chapter 18, you should comprehend the following:

CHAPTER 19- Impact of Information Technology on the Business

After completing Chapter 19, you should comprehend the following:

CHAPTER 20 - Software Development

After completing Chapter 20, you should comprehend the following:

CHAPTER 21 - Audit and Control of Purchased Packages

After completing Chapter 21, you should comprehend the following:

1. Information Systems Vendors

CHAPTER 22 - Audit Role in Feasibility Studies and Conversions

After completing Chapter 22, you should comprehend the following:

1. Feasibility Success Factors

After completing Chapter 23, you should comprehend the following:

1. What Are Systems?

CHAPTER 24 - Technical Infrastructure

After completing Chapter 24, you should comprehend the following:

1. Auditing the Technical Infrastructure

CHAPTER 25 - Service Center Management

After completing Chapter 25, you should comprehend the following:

1. Continuity Management and Disaster Recovery

CHAPTER 26 - Information Assets Security Management

1. What Is Information Systems Security?

CHAPTER 27 - Logical Information Technology Security

After completing Chapter 27, you should comprehend the following:

1. Computer Operating Systems