Information Systems Audit: for Beginners

Name: Information Systems Audit: for Beginners
Rating: 4.2 (92 reviews)

Learn computer auditing in a practical, easy and fast way, from the basic level.

Created byDavid Amarante

Last updated 1/2025

English

What you'll learn

In a very short time you will have an overview of what is systems auditing.
You will learn the basic concepts, functions, objectives, stages and types of computer audits.
They will be able to evaluate internal controls and recommend changes based on best practices.

Course content

4 sections • 45 lectures • 1h 1m total length

Introduction0:42
Explore how the information systems audit function is managed in a company, its role and standards, types of audits, and core terms like internal controls, risk, audit evidence, and sampling.
Definition1:17
Information systems audit collects, groups and evaluates evidence to safeguard assets and ensure data integrity, availability, veracity and privacy through best practices and international standards, whether conducted internally or externally.
Management of the IT Audit Function0:53
Establish governance for the audit function with an approved statute by senior management and the audit committee that defines authority, scope, and responsibility, ensuring independence and reporting to the audit committee.
Systems Audit Standards1:34
Identify the general standards for systems auditing, including statute of the audit function, independence, and the use of objective criteria to evaluate control assertions.
Types of Audits1:36
Explore the various audit types, including compliance, financial, operational, integrated, administrative, systems, specialized, and forensic audits, and note how some are internal or external.
Planning the Audit1:23
Plan audits with short term and long term objectives presented to the audit committee or management, and base risk assessments on data from process owners to evaluate risk factors.
Steps to plan an audit1:29
Identify the audit scope and objectives by understanding the environment, business processes, and information systems, assess regulatory requirements, perform risk analysis, and plan audit approach and resources.
Carrying out an IS audit1:17
Learn how to carry out an information systems audit by planning, assessing risks, developing an audit program, collecting evidence, evaluating controls, and reporting findings with recommendations.
Steps to understand the business0:57
Understand the business by reviewing industry publications, annual reports, independent analyses, prior IT and regulatory reports, long-term plans, interviewing managers, identifying regulations and outsourced IT, and touring facilities.
Internal controls0:50
Internal controls comprise policies, procedures, practices, and organizational structures designed to reduce the risks, implemented manually or automatically, with preventive, detective, and corrective measures like access control and backup procedures.
Risks1:34
Define risk as the probability of an event and its impact on business objectives. Examine audit risk and its components: inherent risk, control risk, detection risk, and general audit risk.
Risks evaluation2:09
Identify, quantify, and prioritize information security risks to guide audit planning, management actions, and controls; assess risks, threats, vulnerabilities, probability, and impact, then apply mitigation, acceptance, elimination, or transfer.
Evidence0:35
Assess audit evidence collected by the system's auditor, including observations, interview notes, independent confirmation results, internal documents, contracts, and test results, to determine whether data meet audit criteria.
Evidence gathering techniques1:02
Evaluate evidence gathering techniques, including IT organizational structure review for segregation of duties, and verify policies, standards, and systems documentation exist and are followed through interviews, observations, re-performance, and walkthroughs.
Sampling0:48
Explore sampling in audits when reviewing all transactions isn't feasible. Auditors select a random subset or one at the auditor's discretion from the population.
Communication of results0:56
Present audit results to management, judge which findings add value, discuss findings with area personnel to agree and develop corrective action plans, and report to the audit committee.

Introduction0:38
Explore how top management involvement shapes business strategy by evaluating corporate governance policies and planning processes; examine policies, procedures, segregation of duties, and business continuity plans for technology department management.
Corporate governance0:35
Explore corporate governance as the set of responsibilities guiding management to provide strategic direction, achieve goals, and manage risks and resources, including relationships with the board and shareholders.
IT governance1:45
Drive IT governance by aligning with stakeholders to generate value, manage risk, maintain an up-to-date inventory of IT resources, and protect confidentiality, integrity, and availability through compliance and information security.
Politics and procedures1:12
Explore how high-level policies reflect corporate philosophy, guide information system controls, and serve as a benchmark for audits, reviews, and updates to support business objectives.
Information Security Policies1:09
Information security policies communicate standards to users and technical staff, are approved by management, documented and communicated to employees and service providers, used by auditors as a frame of reference.
Information Security Policy Documentation1:36
Define information security, scope, and objectives; state management's intent; outline risk-based controls, compliance, training, and continuity; assign responsibilities and ensure accessible, understandable policy documentation referencing ISO 271 and ISO 27072.
Auditing the Information Security Policy0:41
Audit the information security policy by evaluating its basis in risk management, relevance, content, exceptions, approval and implementation processes, effectiveness, and its review, update, awareness, and training.
Procedures0:30
Define and document procedures to meet policy objectives; ensure clear, specific guidance for relevant users, while systems auditors review, evaluate, and test controls over business processes.
Human resources management1:19
Examine how recruitment, selection, training, and promotion policies affect system performance, and how employee manuals, codes of conduct, ethics, benefits, vacation rules, and evaluations guide duties and fraud detection.
Segregation of Duties in the IT Department2:48
Identify and document job function relationships in the IT department to assess segregation of duties, and apply compensatory controls—such as audit trails, reconciliation, and supervisory reviews—when segregation is not feasible.
Segregation of Duties Controls1:34
Enforce segregation of duties with transaction authorization, asset custody, data access controls, and formal authorization forms, while the data owner determines access levels and periodic audits detect unauthorized transactions.
Business Continuity Plans (BCP)1:20
Identify key business processes and establish a formal policy to recover operations, assign responsibilities for developing and testing the plan, and protect critical operations, resources, and assets, including the DRP.
Disasters and events that can cause disruptions0:44
Identify disasters and events that disrupt operations by rendering critical information and resources inoperative, including earthquakes, floods, tornadoes, fires, and hacker attacks or human error.
Business Impact Analysis (BIA)0:55
Explore the business impact analysis (BIA) as a core step in developing a business continuity plan, identifying critical processes, recovery time periods, resources, and interdependencies to guide technology choices.

Introduction2:18
Understand how information system operations and maintenance handle production changes through formal change control, user-driven requests, authorized approvals, testing, documentation, and audit-ready records.
Security controls2:13
Explore security controls that mitigate risks, including centralized port management with Active Directory group policy, desktop lockout, antivirus, secure removable storage, and RFID asset tracking.
Encryption0:45
Encrypts plain text into encrypted text using a key, enabling decryption back to plain text; protects data traveling through a network and stored information, and verifies transaction or document authenticity.
Hardware Maintenance Program0:56
Implement a hardware maintenance program with routine cleaning, workload-driven maintenance, and supplier-guided scheduling, while auditing environmental control equipment and ensuring a formal, approved maintenance plan and timely, budget-conscious maintenance.
Systems Operations and Maintenance Audit1:51
Assess hardware acquisition aligned with business plans, criteria, and cost-benefit analyses within the hardware review scope; monitor capacity and utilization reports, maintenance timing, problem logs, and overall system operations.
Systems Operations and Maintenance Audit part.21:28
Audit operating system reviews by evaluating software selection procedures, feasibility study, cost-benefit analysis. Check data security controls, patch management, and change procedures to ensure maintenance aligns with it plans.
Systems Operations and Maintenance Audit part.31:31
Audit database design and controls, verify ER diagram completeness, foreign keys, constraints, portability of interfaces, storage, primary keys, triggers, password policies, audit trails, and backup procedures for integrity and availability.
Systems Operations and Maintenance Audit part.42:19
Assess network infrastructure controls in information systems audit for beginners by examining topology, components, use, personnel, user groups, transmission media, environmental and logical security measures, change requests, and monitoring.
Disaster Recovery Plan (DRP)1:47
Establish internal controls to maintain availability and restore critical processes after disruption, the disaster recovery plan guides backups and BIA to set RPO and OPO.
Recovery Alternatives2:23
Identify recovery alternatives to support critical processes when normal facilities fail, including CITES facilities, mobile, warm, hot sites, reciprocal agreements, and duplicate sites, balancing recovery, cost, and impact.

Introduction1:24
Lay the foundation for effective information security management, protecting information assets from viruses, hackers, and remote access risks while aligning objectives for continuity, integrity, confidentiality, data protection, and compliance.
Information Security Management System (ISMS)1:38
Explore how an information security management system (ISMS) provides a framework of policies, procedures, and controls based on ISO/IEC 27001 and 27002, emphasizing leadership, staff training, monitoring, and incident response.
Computer Crimes2:21
Assess computer crimes and their impact on organizations, including financial losses, legal repercussions, and reputational damage, and identify attacker types such as hackers, script kiddies, crackers, employees, end users, and third parties.
Common attack methods2:08
Explore common attack methods such as alteration attacks, botnets, brute force, denial of service, eavesdropping, phishing, email spoofing, trojans, man-in-the-middle, and viruses.
Assessment of minimum security levels0:55
Assess minimum security levels by maintaining a frequently updated inventory. Enable automatic malware protection, enforce regular password changes, automatic patches, disable unnecessary services, and conduct periodically tested backups.

Requirements

You only need to have basic computer skills.

Description

In this course I am going to show you how fun, easy and fast it can be to learn Systems Auditing. The classes are designed in a dynamic and practical way, made up of short videos with precise information and illustrated examples, based on the 5 domains of the CISA Certification Preparation Manual, so it will be an excellent guide if you decide to embark on the path to certification. international in systems auditing.

At the end you will know:

- Conduct regular audits

- How the audit department is managed

- What are the steps to plan and conduct an audit

- What is the operation of IT governance.

- Audit system operations and maintenance

- Types and forms of cybercrime and attack methods.

The systems audit is responsible for collecting, grouping and evaluating evidence to determine whether computer systems safeguard assets and maintain data integrity, through the effective use of the organization's resources. The systems audit seeks the availability, integrity, veracity and privacy of the information through validation techniques and recommendations based on best practices and international standards.

This function can operate internally or externally to the company. The internal audit is carried out by an internal agent of the company whose function is to carry out a professional, objective and critical analysis as a result of the evaluation of internal controls and the faithful fulfillment of plans in order to improve the operations of the company. In turn, the external audit is carried out by independent personnel who carry out revision work in different management areas of the company, to determine the efficiency they have in the development of their functions.

Who this course is for:

If you have basic computer skills, this course is for you.

Information Systems Audit: for Beginners

What you'll learn

Explore related topics

Course content

Systems Audit Management16 lectures • 19min

IT Management14 lectures • 17min

Information System Operations and Maintenance10 lectures • 18min

Information Assets5 lectures • 8min

Requirements

Description

Who this course is for: