How to Audit IT General Controls

How to Audit IT General Controls

Business reliance on technology and the associated risks are reshaping how we audit and what we assess. Attempting to scope an operational audit without drilling into business technology is nearly impossible in today’s business landscape. In turn, conducting an IT audit without factoring business processes delivers limited assurance to the board of directors, and value to the enterprise.

Every internal auditor today must have a general understanding of technology and the vulnerabilities, threats and risks that face our enterprises each day to effectively plan and execute any audit engagement.

In this three-day seminar, we will explore the IT general control areas that must be addressed to ensure confidentiality, integrity and availability as well as reliability and privacy of our sensitive and proprietary data and information assets. During the session, we will discuss the most common IT related vulnerabilities, threats and risks facing most enterprises today and the key controls to help reduce those risks to an acceptable or tolerable level.

We will explore critical aspects of the IT environment including the importance of data governance and data management, the Scenario-based Risk Assessment process commonly used by IT Risk Managers and will walk through many of the most common technologies and associated vulnerability, threats, risks and controls using common business language and using common applications as our examples. We will have several discussions examining various documents to allow attendees to apply the knowledge learned during the session.

By the end of this session attendees will have a better understanding on how to plan, scope and conduct an IT General Controls audit.