Essentials of IT Auditing for the Non-IT Auditor
Information Technology (IT) is a critical enabler of business. As computing power has advanced, enterprises have become increasingly dependent on technology to carry out their operational requirements and to collect, process, maintain and report essential data. This reliance on electronically encoded data and on the systems that affect managerial decisions are a major concern of audit professionals. Assuring an enterprise’s governance, including risk management and control processes, requires auditors to understand the role of IT within their organizations and to develop adequate knowledge and skills to audit IT systems as the line separating “IT,” and “non-IT” audits are beginning to disappear, except in the very technical IT domains.
Consequently, auditors examine the adequacy of controls in information systems and related operations to assure effectiveness and efficiency in business processes. In addition, among other assurance services, auditors evaluate the reliability of computer-generated data supporting financial statements and analyze specific programs and their processing results. To ensure maximum value delivery from audit area assessments, oversight committee members need an evaluation methodology that enables confidence in the work performed by auditors.
This course is designed to give non-IT auditors and beginning Information security professionals an overview of the various considerations and aides in audit planning to gain a greater understanding of how to evaluate defined audit areas.