Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Information Systems Auditor
Rating: 4.3 out of 5(98 ratings)
486 students

Information Systems Auditor

All about Audit
Last updated 4/2022
English

What you'll learn

  • Understand the IS audit process
  • Plan audit and Perform risk analysis
  • Learn about different phases of IS audit
  • Understand the role of governance in IT/IS
  • Make policies, procedures and identify risks
  • Create information security policy document
  • Conduct management reviews of the policy document
  • Create insourcing and outsourcing strategy

Course content

5 sections184 lectures10h 6m total length
  • The IS Audit Process1:52
  • Topic A: The Auditing Process and Auditors0:41

    Explore the auditing process and the role of auditors, establishing a high-level framework so students understand who auditors are and how the process fits together.

  • Definitions4:46
  • Types of Auditors5:33

    Explore the two auditor types—internal and external—and their independence, reporting lines, and on-demand versus scheduled audits, and learn how both can be used together for comprehensive information systems assurance.

  • The Auditing Process1:46

    Plan the auditing process thoroughly to map standards and marshal resources, ensuring a timely, efficient audit that yields quality information; execute after solid planning.

  • The Auditing Process2:05
  • The Auditing Process4:15
  • Audit Planning Process12:58
  • Topic B: Risk Analysis0:50
  • Risk Analysis Defined9:30
  • Assessing Countermeasures14:28
  • Steps of Assessment2:18

    Identify risks through interviews and incident data during a risk assessment. Apply risk mitigation to align with tolerance, then reassess controls and loop back in a dynamic environment.

  • Motivations for Risk Analysis2:59
  • Topic C: Internal Controls0:44
  • Internal Controls: Objectives & Procedures6:25
  • Internal Control Types5:28
  • Internal Controls (Preventative)0:47
  • Internal Controls (Detective)1:09
  • Internal Controls (Corrective)3:30
  • Goals of Internal Controls1:09
  • Goals of Internal Controls2:10
  • General Control Methods/Types2:41
  • The IS Audit Process1:26
  • Audit Classifications0:47
  • Audit Classifications4:51
  • Phases of the Audit Process (Page 1)0:58
  • Phases of the Audit Process (Page 2)4:05
  • Inherent Risks During Audits0:57

    Identify inherent, control, and detection risks that can arise during audits, and understand how unobtrusive testing and deep digging may reveal audit risks within the process.

  • A Risk-Based Audit Approach1:46
  • Evidence1:58
  • Evidence Gathering Techniques1:04
  • Computer Assisted Audit0:39
  • Control Self-Assessment (CSA)1:14

    Apply control self-assessment as an ongoing process to analyze control documents and user interactions for early risk detection. Improve internal controls and support security awareness training for mission-critical controls.

  • Chapter 1 Review1:47
  • Quiz 1

Requirements

  • It is expected that the candidates taking part in this course have a basic know-how of the information security management, business critical information, cyber security, data loss protection and other technologies.
  • However, this course comprehensively covers the topics related to information systems auditing and policy making.

Description

Information systems have become an integral part of any modern organization. Many of the business processes are now dependent on the information systems and the data contained in these systems is of critical importance to any enterprise. The need to protect and safeguard these systems is also directly proportional to the increase in their usage. With the information systems becoming so important, the attacks and threats including but not limited to ransomware, data theft, hacking, forgery and brute force are also on the rise. More and more attackers are targeting organization with less control and protection. This course prepares the candidates to put in place effective controls and policies to protect their information systems and assets from unauthorized access and leakage.

Information systems auditor course is a comprehensive course designed with the objective of preparing the candidates to be able to familiarize themselves with the IS audit process, governance, management of IT, IS operations, maintenance and support, IS operations and business resilience as well as protection of information assets.

These information systems or assets can be in the form of databases, files, images, documents and software. The course covers the protection methods and techniques regardless of the form the data is residing within the organization.

After successfully completing this course, the students will be able to:

· Understand the IS audit process

· Plan audit

· Perform risk analysis

· Put in place internal controls

· Learn about different phases of IS audit

· Understand the role of governance in IT/IS

· Make policies, procedures and identify risks

· Create information security policy document

· Conduct management reviews of the policy document

· Perform risk management

· Create in-sourcing and outsourcing strategy

· Perform organizational quality management

· Create project management structure

· Introduce application development best practices

· Plan IS operations and business resiliency plans

· Define RPO/RTO

· Develop disaster recovery plan

· Protect information assets

· Identify exposures and vulnerabilities

· Understand role of encryption in data protection

· Learn the basics of computer forensics

Overall, the course touches all the aspects required to become an effective information systems auditor and perform the taks efficiently. This course also helps the candidates to prepare for the relevant certification, i.e., CISA as the exam topics are in alignment with the concepts taught in this course.

Who this course is for:

  • Information systems auditors
  • Chief information security officers
  • Manager information security
  • Manager cyber security
  • Information system managers
  • Candidates aspiring for CISA certification