IT- General Controls and Application Controls

Training Duration
5 days

Training Delivery Method
Onsite instructor led

Prerequisites
IT controls professionals and IT auditors

What Problem Does This Training Help Solve
Help you understand and implement IT application controls to mitigate IT risks.  Learn theory, practice, and implementation of IT general controls from control professional’s perspective and auditing of general controls from assurance professional’s perspective

Who Should Attend
IT control professionals, IT auditors, IT security professionals, IT application developers, IT applications project managers, IT application system designers

Course Material
Content-rich manual/course handouts consisting of about 700 foils

Course Syllabus
This seminar is designed to provide participants with an understanding of key risks and controls related to auditing applications including processing, security, transaction integrity, balancing and reconciliations as well as IT general controls that support critical aspects of application processing.

1. Applications systems and IT
2. Application systems control objectives
3. Life of an application transaction
4. System development life cycle and application controls
5. Controls: buy vs. build
6. Applications  and application controls
7. Business centric application audit planning
8. Data input controls
9. Data processing controls
10. Data output controls
11. IT general controls and their affect on business applications
12. DE and OE testing of application controls
13. End user applications and controls
14. Art and science of sampling
15. Frauds  through application systems

The following topics will be discussed from control, audit, and assurance perspective (in IT-GC):

• IT general controls- theory of controls,  Preventive, Detective, Corrective, Compensating, Deterrent, difference between GCC and GACC, DET and OET
• Control objectives and controls, Controls for centralized and distributed processing
• Related frameworks and models: COBIT, ISO 27002, ITIL, CMM
• IT Processes, control objectives, and controls
• Policies, standards, procedures, and guidelines
• SOD (separation of duties) and R&R
• Regulatory requirements and controls: SOX, EuroSOX, HIPPA
• Logical Access Controls: Identification, Authentication, Authorization, Data classification and ownership, MAC, DAC, and RBAC, SSO, Security administration, Security monitoring, Audit trails and detective controls
• Physical Controls, Environmental controls
• Hardware controls, Acquisition, Contracts, Maintenance agreements- Preventive maintenance
• Software Operating System Controls, Initial software generation, Patch management, Threats and risks,
• DBMS, Centralized database, Distributed database, Access controls and views, DB administration Controls, Audit trails
• Network Perimeter Security, Points of entry, Internet, dial-in modems, wireless, fax modems
• War dialing and war driving
• OSI, TCP/IP, Firewalls, their architecture, and implementations, DMZ, Honeypot and honeynets
• Threats coming from Internet, 32 common attacks and controls
• Change Management, Policy, Standards, Procedures, Scheduled, emergency, out-of-cycle
• Change request, review, approval, testing, scheduling, user notification, implementation, backout provision, Change management for executables, Source code integrity,
• Vendor software, Acquisition process, RFI, RFP, agreement, and controls, Security, Escrow agreement with a third party

BC/DR audit, BIA, RTO, RPO, MTD, Risk assessment, Recovery strategies, Awareness and training, BC implementation, Remote storage of data and documents, Alignment with Change management, Hot site, cold site, warm site, split processing, PR training in emergency situations, ICS for emergency response, BC plan testing and optimization, Backups- full, incremental, differential, and synthetic, Five Components of recovery

This course is currently not scheduled. For more information on future dates or to reserve this class please contact us.