IT Auditing and Controls - ITG101


This course outlines the concepts of information technology that internal and operational auditors must understand. It covers critical application system and IT general controls like user access, database security, change management and disaster recovery.


Tuition cost


NASBA Certified CPE

24 Credits


Why you should attend

You should attend because all auditors must understand information systems and be able to function in a technical environment to effectively review computer systems’ data and functionality.

Who should attend

Internal audit staff, seniors, mangers, financial, operational, business applications auditors and compliance personnel who want an introduction to IT auditing.

What You'll learn

You will learn how to plan IT audits, control frameworks, essentials of IT operations, database and network risks and controls, and about IT governance. Also, ways to assess IT general controls and business application controls.



 Introduction to IT Risks & Controls:

  • role of IT
  • risk definitions
  • risk assessment
  • information security objectives
  • IT controls cost / risk balance
  • internal control overview
  • accountability & auditability
  • integrated auditing

Planning IT Audits:

  • definition of internal audit
  • IT audit planning
  • audit universe
  • risk criteria
  • audit engagement planning
  • IT control categories
  • mapping risk and control categories

Audit & Control Frameworks and Standards:

  • maintaining objectivity
  • what is a Standard?
  • COSO
  • GAO Green Book
  • IIA Global Technology Audit Guides
  • COBIT®
  • ISO 27002 Security Standard
  • FISMA – NIST 800-53

Basics of Information Technology:

  • computer hardware
  • central processing unit / memory
  • Operating Systems (OS)
  • Mainframe
  • client/server technology
  • virtualization and virtual servers
  • batch and interactive processing

Database Technology and Controls:

  • managing information
  • database terminology
  • Database Management Systems (DBMS)
  • hierarchical databases
  • relational databases
  • database risks
  • database audits

Network Technology and Controls:

  • networking risks
  • what is a “network”?
  • OSI Model
  • Local Area Networks (LANs)
  • Wide Area Networks (WANs)
  • network devices
  • firewalls
  • Intrusion Detection Systems (IDS / IPS)
  • Virtual Private Networks (VPNs)
  • wireless
  • internet
  • cloud computing

IT Governance:

  • audit’s role in IT governance
  • IIA Professional Practices framework-governance
  • linking business and IT strategies
  • IT governance objectives
  • COBIT® 5 - IT governance/management
  • separation of duties
  • assessing outsourced IT functions

IT General Controls:

  • logical security
  • change management
  • business continuity / disaster recovery
  • operation controls
  • physical security
  • environmental exposures
  • system development

Business Application Controls:

  • business application control categories
  • business application transaction life cycle
  • completeness and accuracy of input
  • completeness and accuracy of processing
  • completeness and accuracy of output
  • completeness and accuracy of master files
  • completeness and accuracy of interfaces

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: America/Chicago

December 2021

Dec 13th, 2021-Dec 15th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: