
Explore the auditing process and the role of auditors, establishing a high-level framework so students understand who auditors are and how the process fits together.
Explore the two auditor types—internal and external—and their independence, reporting lines, and on-demand versus scheduled audits, and learn how both can be used together for comprehensive information systems assurance.
Plan the auditing process thoroughly to map standards and marshal resources, ensuring a timely, efficient audit that yields quality information; execute after solid planning.
Identify risks through interviews and incident data during a risk assessment. Apply risk mitigation to align with tolerance, then reassess controls and loop back in a dynamic environment.
Identify inherent, control, and detection risks that can arise during audits, and understand how unobtrusive testing and deep digging may reveal audit risks within the process.
Apply control self-assessment as an ongoing process to analyze control documents and user interactions for early risk detection. Improve internal controls and support security awareness training for mission-critical controls.
Explore IT governance as alignment with organizational goals and build policies, procedures, and a risk management process. Learn enterprise-level risk analysis methods to accurately evaluate risk.
Improve the review with purposeful corrections, not changes for change's sake, and clearly separate concerns as questions for management seeking more information.
Explore change management with a focus on clear communication and trackable updates using tools like SharePoint. Involve appropriate team members, secure two-signature sign-offs, and assess financial and operational impact.
Explore how a quality management system, including ISO 9001, uses documents, manuals, and records to ensure an efficient, safe, secure, and stable end product while meeting organizational and legal standards.
Auditors assess quality management systems by checking implementation, documenting data per standards like ISO 9001, and ensuring performance measures align with defined formats for consistency across functions.
Quality management builds a predictable, stable environment that minimizes risk and sustains reliable performance, often achieving standard certification through audits. Use gap analyses against ISO standards to address missing requirements.
Explore the core elements of Topic B within project management, focusing on self-development, software development, and the acquisition of new software for use in your organization under audit.
Use prototyping and evolutionary development to create a basic, operational model that proves feasibility, then adjust, add functionality, and evolve into a production-ready system.
Assess and vet infrastructure assets for line-of-business applications, including email servers, database servers, domain controllers, and web servers, through controlled acquisition to ensure secure, compatible integration within the ecosystem.
Maintain information systems through rigorous change management and configuration controls, documenting change requests, testing, auditing, emergency changes, fast lane exemptions, and authorized versus unauthorized changes within policy.
An information systems auditor analyzes information flow and control effectiveness by mapping data paths, identifying touchpoints and protections, documenting findings, and flagging deficiencies early for compliant and cost-effective improvements.
Apply data validation checks to verify ranges and lengths for fields like addresses and phone numbers, balance thoroughness with system performance, and ensure data meets accuracy requirements.
Examine network models and auditing concerns on the technical side, then focus on business resilience and continuity to keep operations running in a weakened state and recover from problems.
Reference models define seven layers with responsibilities, establishing universal standards such as OCI to enable consistency, interoperability, and auditing and verification across hardware, software, and applications beyond the operating system.
Define business continuity planning and disaster recovery, prioritizing essential services to restore operations, and explain impact analysis and risk analysis with asset value, downtime costs, and qualitative versus quantitative assessments.
Take a closer look at the recovery process in information systems, highlighting its steps and implications for auditors.
Explore threats and vulnerabilities and examine what they mean for information systems auditing in practice.
Explore strong password policy concepts, including longer passwords, alphanumeric and special characters, multi-factor authentication, periodic changes, password history, one password per user, and dual administrator accounts with credential elevation.
Explore network level firewalls as gatekeepers between trusted zones such as internet and intranet. Understand how firewall generations—from packet filtering to application firewalls and unified threat management—balance functionality and performance.
Explore how encryption mechanisms fit different scenarios, applying confidentiality algorithms and using hashing for data integrity, and combine with RSA digital signatures to verify origin.
Select and apply an auditing framework; review administrative policies, legal requirements, security awareness training, onboarding and termination processes, access controls, and accountability across physical, technical, and administrative domains.
Information systems have become an integral part of any modern organization. Many of the business processes are now dependent on the information systems and the data contained in these systems is of critical importance to any enterprise. The need to protect and safeguard these systems is also directly proportional to the increase in their usage. With the information systems becoming so important, the attacks and threats including but not limited to ransomware, data theft, hacking, forgery and brute force are also on the rise. More and more attackers are targeting organization with less control and protection. This course prepares the candidates to put in place effective controls and policies to protect their information systems and assets from unauthorized access and leakage.
Information systems auditor course is a comprehensive course designed with the objective of preparing the candidates to be able to familiarize themselves with the IS audit process, governance, management of IT, IS operations, maintenance and support, IS operations and business resilience as well as protection of information assets.
These information systems or assets can be in the form of databases, files, images, documents and software. The course covers the protection methods and techniques regardless of the form the data is residing within the organization.
After successfully completing this course, the students will be able to:
· Understand the IS audit process
· Plan audit
· Perform risk analysis
· Put in place internal controls
· Learn about different phases of IS audit
· Understand the role of governance in IT/IS
· Make policies, procedures and identify risks
· Create information security policy document
· Conduct management reviews of the policy document
· Perform risk management
· Create in-sourcing and outsourcing strategy
· Perform organizational quality management
· Create project management structure
· Introduce application development best practices
· Plan IS operations and business resiliency plans
· Define RPO/RTO
· Develop disaster recovery plan
· Protect information assets
· Identify exposures and vulnerabilities
· Understand role of encryption in data protection
· Learn the basics of computer forensics
Overall, the course touches all the aspects required to become an effective information systems auditor and perform the taks efficiently. This course also helps the candidates to prepare for the relevant certification, i.e., CISA as the exam topics are in alignment with the concepts taught in this course.