Information Systems Auditing
Objective: Focus to help students obtain knowledge or skills to maintain or enhance their competencies in Information Systems Audit & Control as dictated by Industry best practices.
Understanding IT Security and Controls concept/requirements
- Key elements in a successful Information Technology Audit.
- Improved understanding and knowledge in Information
- Technology key controls.
- Access control and the core elements in Logical Access control (Identification, Authorization and Authentication), Password Parameters etc.
- Auditing - Understanding and improving your knowledge of audit login events, importance of logging reviews and protection.
- Segregation of duties - Improving your knowledge by introducing industry best practices and key issues impacting the implementation of this control.
- Data integrity - Improving and understanding data integrity control elements such as field validation, error prompt, data transmission, range analysis, hash totals, sequencing etc.
- Change/Problem Management - Improving and understanding the process of tracking incidents/problem tickets to resolution. Service Level Agreement (SLA) and Change Management - severity level definition, root cause analysis, trend analysis etc.
- Remote Access: Improving your understanding and knowledge of key controls in remote access connectivity - RAS, VPN, Modem, Port protection etc.
- Project management - Improved understanding of the role of an IT Auditor in a Project Management engagement - as dictated by the COBIT (Control Objective for Information Technology) standard.
- Application and system enabled services vulnerabilities: FTP, FINGER, UDP, and TELNET etc.
- Continuity of Business - Understanding and improving skills in COB review - COB Plan update, COB sites, Crisis Management Plan review etc.
Advance Practical Hands-on in Information Systems Audit Practice
(Every Student in this Class will develop a project for all the understated phases).
- Conduct a risk analysis to develop audit universe and audit program
- Ensure detail understanding of audit methodology
- Conduct an audit of OS (UNIX/Windows), Database, ERP application, IT Infrastructure, IT Security etc
- Data gathering for Audit Scoping
- Understand and practicalize the techniques of testing/observation/review and audit evidence validation
- Skills for writing an effective summary of findings report
- Develop skills for writing final audit report
- Exit Conference and the Final Audit report
- Understanding and improving your know of SOX 404
- Testing SOX 404 key controls
- Software Testing Skills
- Static Testing (Reviews, Walkthroughs and Inspections).
- Effective and efficient Dynamic Testing.
- Software Development Life Cycle.
- Improving your skills in Test Management.
- Developing an effective Test Plan and Test Cases.
- Improving relationship with impacted area of testing.
- Advance Practical Hands-on in Testing Tools
- Test Management Process
Creating New Test Folder
Creating New Tests
Add Test Design Steps
Manual Test Scripts
Requirements Coverage /Traceability Matrix
Creating New Test Sets
Schedule Test Runs
Run the Tests
Update the Tests
Analyzing/Tracking Test Results
Repair Open Defects
Analyze Defect Data
Hands on SQL for functional Testers (SQL Advance).
- SQL Order By
- SQL AND & OR
- SQL In
- SQL Between
- SQL Aliases
- SQL Join
- SQL Union
- SQL Create
- SQL Drop
- SQL Alter
- SQL Functions