San Francisco Professional Events List


IT General Control Reviews - ITG201


Date
Sep 11, 2017 - 08:30 AM - Sep 13, 03:00 PM
Organizer
MIS Training Institute Holdings, Inc
Venue
MicroTek Computer Lab SF
Location
655, Montgomery St

San Francisco,
CA,
USA,
ZIP: 94111
Phone:

“Best learning experience I've had in years. Insightful, valuable and very engaging. Definitely making training with MISTI an annual event going forward."
- Head, Internal Control, E-Process International SA (EcoBank Group). 

IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, auditors have an obligation as well as value-adding opportunities to assess enterprise vulnerabilities through effective risk-based IT audit planning.

In this three-day seminar attendees will examine the IT general control areas that must be addressed to ensure the confidentiality, integrity and availability of information assets. The seminar will concentrate on determining risks in critical areas of the IT environment and the key controls that can reduce those enterprise risks. We will explore critical aspects of the IT environment, including IT governance, user access controls IT infrastructure controls, information security, physical security, disaster recovery, production change management and network perimeter security. You will learn how to develop strategies for assessing the key controls in your information systems infrastructure.

Prerequisite: None                  
Advance Preparation: None
Learning Level: Basic           
Delivery Method: Group-Live
Field: Auditing

Who Should Attend

IT, Financial, Operational, Business Applications, and External Auditors; Audit Managers and Directors; others who have compliance responsibilities

CPEs: 24
INSTRUCTOR: Shawna Flanders
LEVEL: Basic
Tuition: $2,195



Agenda



What You Will Learn:

1. IT Risk Assessment
- IT risk definitions
- IT risks and exposures
- linking IT risks to business risks
- IT risk assessment strategy
- IT infrastructure risks

2. IT Control Standards and Frameworks
- COSO Internal Control Framework

- COBIT®

- ISO 27001, ISO 27002
- ISACA IT Risk Framework


3. IT Governance and Operations Management
- using COBIT® to assess IT governance
- IT organizational structure
- policies and procedures
- strategic planning
- risk management
- IT human resources practices
- quality management
- separation of duties
- outsourcing
- audit steps

4. Hardware and Software Infrastructure
- hardware infrastructure

- centralized vs. distributed Processing

- hardware acquisition

- hardware inventories

- hardware audits

- software infrastructure

- operating system components

- virtualization

- patch management 

- privileged administrative access

- vulnerability assessments 

- log management

- database management system (DBMS)

- database terminology

- database risks and key controls

- system software audit steps


5. Logical Access Controls
- access control components
- authentication
- password controls
- tokens, smart cards, biometrics
- authorization
- managing user accounts
- access control systems
- audit trail
- security monitoring
- remote access
- sensitive data on PCs and workstations
- mobile device security
- single sign-on (SSO)
- access controls best practices


6. Physical and Environmental Controls
- exposures, risks and controls
- audit steps


7. Network Perimeter Security
- network security threat/risk analysis
- network security strategy
- data communication software
- OSI model
- TCP/IP
- firewalls/DMZ
- intrusion detection systems
- remote access



8. Change Management
- change management risks
- change management process
- change requests
- testing changes
- program migration
- system documentation
- emergency changes
- changes to vendor supplied source code
- library control software
- audit steps


9. Disaster Recovery and Business Continuity Planning
- disasters and disruptive events
- disaster recovery/business continuity planning
- business impact analysis (BIA)
- disaster recovery strategy
- business continuity strategy
- disaster recovery teams
- off-site storage
- data backup and recovery
- telecommunications networks
- testing the recovery plan
- continuity plan maintenance
- contract requirements
- audit steps



10. Auditing System Development Projects

- business risks

- audit’s primary goals

- getting involved … how, when, who?

- audit’s coverage

- communicating audit’s roles and results

- positioning audit

- audit staffing

- audit resources


11. Planning and Executing General Control Reviews

- audit strategy and planning

- planning memo

- key documents for audit planning

- developing audit programs

- testing controls

- documenting the audit

Event Categories
Keywords: access , applications, business , environment, Financial , learn, Learning , Management , network , opportunities




Comments








Events Calendar

SunMonTueWedThuFriSat
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Event Location

Newsletters

Subscribe
VIP Life Time Subscription to our Newsletters!
$399.99
$299.99