(314) 504-0530 info@bac-mail.com

Auditing Critical Business System Applications

  • CPE Credits: 8 (may be expanded into a two-day program for 14 CPEs)
  • Prerequisites: None
  • Learning Level: Basic
  • Instructional Method: Group/Live
  • Field of Study: Information Technology – Technical
Course Revision Date: March 1, 2023

Back to Training Catalog >

Course Description
An Information Technology (IT) Auditor and Information Security (Info Sec) Professional are really both pursuing the same goals but through different terminology. The IT auditor evaluates for the presence of “controls” whereas Info Sec professional pursues the implementation of “security”. It is essential that both end users and IT professionals understand the process of IT Audit and the concepts of risk and control associated with critical business applications, those applications essential to the daily operational functionality of the enterprise.

The IT Auditor is looking for assurance that the application provides an adequate degree of control over the data being processed. The level of control expected for a particular application is dependent on the degree of risk involved in the incorrect or unauthorized processing of those data. Most generalized IT security audits and the tools used to perform these audits, focus on networks and servers. However, applications are often vulnerable to attacks that will not be detected by network and server security controls, and could compromise not only the application and its data, but the network and servers as well.

The primary focus of this course is on the process of auditing critical business applications, the associated IT infrastructure that supports these applications and the auditor’s role in assessing the internal control environment in which these applications are designed to function.

Audience
This course is intended for internal and external audit professionals, project managers, system and business analysts, end user decision makers, IT steering committee members, Info Sec professionals, and those professionals who need a thorough understanding and have an interest in assessing and establishing well-designed application security, be it public or private enterprise, whether compliance with the provisions of Sarbanes-Oxley or any other legislative action is required or optional.
Objectives
After completing this seminar, the participant will be able to:

1. Identify application controls and their benefits.
2. Recognize the critical role of internal auditors in the assessment and evaluation of application controls
3. Determine that application input data is accurate, complete, authorized, and correct
4. Evaluate whether application data are processed as intended within an acceptable time period.
5. Assess application output and stored data for accuracy and completeness.
6. Establish if a record is maintained to track data processing from input to storage to output.
7. Understand how to perform a risk assessment related to auditing applications.
8. Apply application control review scoping.
9. Determine application review approaches.
10. Specify common application controls.
11. Propose suggested tests to substantiate internal control findings within the application under review
12. Develop a sample review program.

Course Outline

Please contact Al with a request for a detailed course outline…

albert@bac-mail.com

Need more information?

If have questions or would like more information about any of our courses please contact us using the form below. We look forward to hearing from you.

7 + 12 =

Request a Consultation Today

We provide a variety of consultation services and training options to fit the demanding and changing needs of our clients. Contact us today and we will help you determine the best way to meet your goals.

cybersecurity and infrastructure security angency

BAC is a vetted, current provider of training courses through the NICCS Education and Training Catalog. BAC’s courses are aligned to the specialty areas of the National Cybersecurity Workforce Framework.