IT General Controls Certificate Program
Information technology (IT) is the lifeblood of most organizations today. Speed to market has sent organizations into a technical catapult where annually more processes become technology driven, whether that technology exists in or outside the organizations data center. These technology-rich processes continue to transform internal audits priorities and expected core competencies. Tomorrow’s auditors and audit leaders will need to be well versed in recognizing technology-related control weaknesses and have the capability of articulating such weaknesses to business and technology leaders alike.
This certificate program is designed to ensure that all internal auditors have the minimal technical competencies to perform basic IT-related audit activities, focusing on governance, risk, project delivery, and IT general controls.
By the end of this program, internal auditors should be able to:
- Recognize the importance of the governance of enterprise IT.
- Associate project delivery with effective and efficient technology driven processes.
- Realize the impact technology has on business processes.
- Identify and access basic IT general controls related to:
- IT Change Management.
- Business Resilience.
- Logical Security.
- Physical Security.
- Environmental Controls.
- IT Operations and Services Management.
- System Development Life Cycle.
Participants who complete the course are eligible to sit for the certificate exam which is administered on The IIA’s LMS platform.
Who will benefit from this program?
This certificate program is intended to assist the internal auditor in gaining a fundamental understanding of technology-related risks and controls including describing the fundamental concepts of IT audit, exploring common risks and controls related to information technology, recognizing methodologies for assessing the effectiveness of information technology, and so much more! This certificate program is designed for internal auditors and consulting associates who wish to increase their knowledge of information technology auditing. Participants who successfully complete this program are eligible to plus themselves by obtaining The IIA IT General Controls Certificate- a wonderful addition to both your resume and LinkedIn profile.
Certificate Objectives
- Describe risks and controls related to IT.
- Recognize key infrastructure and network components.
- Identify the relationship between organizational governance and IT governance.
- Identify internal audit’s role in IT governance.
- Define IT change management.
- Describe controls necessary for effective IT operations.
- Identify application security controls.
- Distinguish characteristics of privileged access.
- Explain the purpose of the system development life cycle.
- Distinguish key business recovery concepts, including business impact analysis, business continuity, disaster recovery, and incident response.
- Identify the general concepts related to auditing computer operations controls.
- Identify the general concepts related to auditing physical and environmental security.
- Review the core principles of project management.
- Describe the basics of auditing the project management process.
- Establish the elements of a third-party risk program.
Certificate Topics
IT Essentials – Introduction to IT
- An overview of IT operations.
- Risks and controls related to IT.
- The purpose and applications of IT control frameworks and basic IT controls.
- An overview of IT governance.
- IT competencies for internal auditors.
IT Essentials – Assessing Networks and Infrastructure
- Key infrastructure and network components.
- Devices in the DMZ.
- Competencies of internal auditors performing infrastructure and networking audits.
- Common infrastructure and network terminology.
- OSI model and the layers of defense in depth.
Governance of Enterprise IT
- Importance of IT governance.
- Components of IT governance.
- Relationship between organizational governance and IT governance.
- Five areas of a sample IT governance framework.
- Desired outcomes and challenges of implementing an IT governance framework.
- Internal audit’s role in IT governance.
Logical Security: Application, Database, and Operating System Layers
- Security controls that relate to an IT audit.
- Databases and database management systems operations.
- Database security controls.
- Common operating system controls.
Logical Security: The Network Layer
- Characteristics of privileged access.
- Common network concepts and terminology.
- Basic network architecture.
- Suggested auditing techniques.
Auditing IT Change Management
- IT change management.
- Types and sources of change.
- An overview of the change management process.
- Roles and responsibilities related to IT change management.
- Role of patches in the IT change management process.
- Preventative, detective, and corrective controls necessary for effective IT change management.
- Best practices for providing assurance over effective change management.
Understanding the System Development Life Cycle
- Purpose of the system development life cycle (SDLC).
- Key organizational roles in system development projects.
- Phases within a system development life cycle.
- Reasons why system development projects fail.
- Reasons for successful outcomes of system development life cycle projects.
- General concepts related to assessing a system development life cycle.
- Auditing development project reviews.
Computer Operations
- General concepts related to auditing computer operations controls.
- Main components of service management.
- Value of deploying a unified service management platform.
- Value of asset and configuration management.
- Relationship between service management and computer operations management in the auditing process.
- Auditing computer operations.
Physical and Environmental Controls
- Basics of physical security.
- Basics of environmental security.
- Common physical and environmental risks and controls.
- General concepts related to auditing physical and environmental security.
Exploring Corrective Controls
- Operational resilience and business resiliency as the primary building blocks needed to successfully recover from an event.
- Key business recovery concepts, including business impact analysis, business continuity, disaster recovery, and incident response.
- Phases in developing business continuity plans (BCPs), disaster recovery plans (DRPs), incident response plans (IRPs), and incident response playbooks.
- Backup processing concepts.
- Consulting and assessment activities as they relate to internal audit.
Auditing Project Management Practices
- Fundamentals of portfolio, program, and project management.
- Core principles of project management.
- Controls and risks associated with project management.
- Internal audit’s roles in a project.
- Auditing the project management process.
Auditing Third Party IT Risk
- Elements of a third-party risk program.
- Third-party risk management process.
- Contracting.
- Monitoring.
- The role of internal audit.
- Performing the engagement.
- Evaluating and reporting the results
Summary Info
CPE Hours Available: 20
NASBA Knowledge Level: Basic
NASBA Delivery Method: Group Internet based
NASBA Field of Study: Auditing
Prerequisites: None
Advance Preparation: None
Topic(s): IT General Controls
IIA Competencies: Environment
Location: The venue will be decided prior to the course date
