IT Auditing: The Process
About
the Author
Robert E. Davis, MBA, CISA, CICA
Robert E. Davis is an independent management audit consultant, currently associated with Robert Half Management Resources, and a Boson Software, Inc. author and instructor as well as Pleier Corporation author. His IT audit specializations include Control Objectives for Information and related Technologies, Sarbanes-Oxley, and The Foreign Corrupt Practices Act. Regarding information security and privacy, Robert is available to provide International Organization for Standardization ISO-17799, Graham-Leach-Bliley, and Basel II Initiative consulting. His primary computer technology research interests are databases, operating systems, and distributed information systems processing.Since starting his career as an IT auditor, Robert has provided data security consulting and IT auditing services for staff and management from staff through management positions to the United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia) Corporations, and other organizations.
Some of his professional IT software and hardware experience includes MVS, UNIX, Windows, Oracle, the International Money Management System, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.
Prior to engaging in the practice of IT auditing and information security consulting Robert provided inventory and general accounting services to Philip Morris USA and general accounting services to Philadelphia National Bank (Wachovia).
Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively. While attending Temple University, his major areas of study were Business Law and Accounting. He successfully completed the requirements for a Management Information Systems subject major at West Chester University.
Robert obtained the Certified Information Systems Auditor (CISA) certificate, after passing the Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.
During his twenty-year professional involvement in education, Robert acquired postgraduate and professional technical licenses in computer science and computer systems technology.
Currently, Robert is a member of the Institute of Internal Auditors’ IT AUDIT magazine Editorial Review Committee’s member and author of an IT AUDIT magazine emerging issues article, “Did IT Auditing Forget the Foreign Corrupt Practices Act?”
Robert is former ISACA-Philadelphia Chapter Board of Directors member and College Relation Chairman. Robert has provided instruction to an Internet CISA study group, the Data Processing Management Association, and the ISACA-Philadelphia Chapter CISA Review course.
Robert is a member of American Association of University Professors and the Institute for Internal Controls. He is also a college computer science and mathematics instructor, having previously taught at Cheyney University and Bryant & Stratton College.
Robert’s IT audit publications include “Information
Systems Auditing: The IS Audit Planning Process”, “Information
Systems Auditing: The IS Audit Study and Evaluation of Controls Process”,
“Information
Systems Auditing: The IS Audit Testing Process”, and “Information
Systems Auditing: The IS Audit Reporting Process” electronic
monographs.
IT
Auditing: The Process
Robert E. Davis has been privileged to assist various organizations in achieving their information systems control objectives and improving business processes. Recently, he has applied his expertise in assisting organizations in fulfilling U.S. Sarbanes-Oxley reporting and control requirements as well as training professionals internationally.
Robert is sharing his experience by providing tools to prepare auditors to perform IT audits in an extremely cost-effective manner. Business organizations, governmental organizations, colleges, and universities can benefit from his knowledge and expertise concerning IT auditing.
This self-paced PowerPoint presentation with accompanying material is organized to provide initial training of IT auditors as well as continuing training of IT auditors, auditors, and auditor managers. The “Administrator’s Guide” provides tools for group and individual self-paced training.
Utilizing the enclosed PowerPoint slides, in conjunction with the “Participant’s Guide,” can ensure adequate understanding of the entire IT audit process including audit engagement requirements. Furthermore, participant attentiveness to the material and completion of the eight exercises in the guide can enhance auditor professionalism in corresponding job responsibilities.
Participants who complete this course will be adequately prepared to take the Information Systems Audit and Control Association’s (ISACA’s) Certified Information Systems Auditor – The IS Audit Process examination section and to perform competent IT Auditing.
Upon completion of this training the participant will be able to:
- Develop and/or implement a risk-based IT audit strategy and objectives in compliance with generally accepted audit standards to ensure that the organization's information technology and business processes are adequately controlled, monitored, and assessed, and are aligned with the organization's business objectives.
- Plan specific audits to ensure that the IT audit strategy and objectives are achieved.
- Obtain sufficient, reliable, relevant, and useful evidence to achieve the audit objectives.
- Analyze information gathered to identify reportable conditions and reach conclusions.
- Review the work performed to provide reasonable assurance that objectives have been achieved.
- Communicate audit results to key stakeholders.
- Facilitate the implementation of risk management and control practices within the organization.
IT Auditing: The Process addresses managerial responsibilities for audit managers.
Auditors and Audit Departments that purchase this electronic publication on CD can duplicate the enclosed Administrator’s and Participant’s Guides royalty free for training of individual auditors in that department and for in-house group training.
Organizations that purchase this electronic publication on CD can duplicate the enclosed workbook and use that material to conduct public training by sending a royalty fee of $20 for each copy of the workbook produced to:
Pleier Corporation
Attn: IT Auditing: The Process
P.O. Box 3900
Mission Viejo CA 926901-1900
United States of America
Attn: IT Auditing: The Process
P.O. Box 3900
Mission Viejo CA 926901-1900
United States of America
When professional associations forward a check please include the place and date that the training was held.
Your feedback, concerning this product, should be sent to
pleier@pleier.com.
IT
Auditing: The Process Presentation
“IT Auditing: The Process” contains over 450 PowerPoint slides offering a practical method for performing adaptive IT auditing. Furthermore, the PowerPoint slides content allows presentation and participation in either a group or individual self-paced training format.
“IT Auditing: The Process” Presentation – module 1
Module 1 sets the framework for learning about the IT Auditing Process as well as offering suggestions how to use this CD in a self-study or group training mode addressing specifically:
Introduction
Objectives
Introductions (if a group)
Appropriate IT Auditor Training
An 18-question Diagnostic Test with answers
IT Audit Training agenda
Suggested Training Schedule
IT Audit Methodology
4 Types of Standards relevant to IT Auditing
Overview of IT Audit Process
IT Audit Planning
Audit Objectives
Audit Findings Form
Business Objectives
Organizational Practices
Audit Department Scope Limitations
Working Papers Documentation
“IT
Auditing: The Process” Presentation – module 2
Objectives
Introductions (if a group)
Appropriate IT Auditor Training
An 18-question Diagnostic Test with answers
IT Audit Training agenda
Suggested Training Schedule
IT Audit Methodology
4 Types of Standards relevant to IT Auditing
Overview of IT Audit Process
IT Audit Planning
Audit Objectives
Audit Findings Form
Business Objectives
Organizational Practices
Audit Department Scope Limitations
Working Papers Documentation
Audit Risk Assessment
Internal Control Assessment
Audit Plan
Engagement Letter
Opening Conference
Study of Internal Controls
Study of External Controls
Design Materiality
Control Objectives
Evaluation of Internal Controls
Internal Control Assessment
Audit Plan
Engagement Letter
Opening Conference
Study of Internal Controls
Study of External Controls
Design Materiality
Control Objectives
Evaluation of Internal Controls
Module 3 continues the learning about the IT Auditing Process addressing specifically:
Illegal and Irregular Acts
Working Papers
Audit Evidence
Reassessing Risk
Assessing Testing
Sarbanes-Oxley Compliance
FCPA Compliance
Testing Objectives
Testing Materiality
Testing Design
Testing Methodologies
Module 4 continues the learning about the IT Auditing Process addressing specifically:
Statistical Testing
Methodologies
Non-Statistical Testing Methodologies
Sampling Size Selection
Sampling Methodologies
Conducting Testing
CAAT Testing
Testing Evaluation
Test Documentation
Assessing Audit Findings
Audit Report Materiality
Cost-Benefit Analysis
Draft Audit Report
Non-Statistical Testing Methodologies
Sampling Size Selection
Sampling Methodologies
Conducting Testing
CAAT Testing
Testing Evaluation
Test Documentation
Assessing Audit Findings
Audit Report Materiality
Cost-Benefit Analysis
Draft Audit Report
Administrator’s
Guide
"IT Auditing: The Process Administrator’s Guide"
The 49-page instructor guide is correlated to the IT Auditing: The Process PowerPoint presentation and provides answers for course participant exercises. Beneficially, the administrator guide documents researched answers, with additional reference sources available on the Internet.
In self-study mode the participant should use the Participant’s Guide and then check the accuracy of answer with the Administrator’s Guide.
Participant’s Guide
"IT Auditing: The Process Participant’s Guide"
The
participant guide encourages
active learning of the IT auditing process. This 28-page workbook
allows application of presented material and demonstration of the
information system audit methodology, using various formats.
Additionally, practice variety also is incorporated through group or
individual exercise assignments.
The Participant’s Guide contains a glossary of terms that participant might want to reference throughout the PowerPoint presentation.
Other
Resources
If you like the quality
of this electronic publication on CD check http://www.pleier.com
for additional
information.
Current Publications –
Click the link to preview:
- 21st Century Audit Management – Opportunities and Challenges – by a number of contributing authors
- A Practitioner’s Guide to Performance Auditing by Muhammad Akram Khan
- Achieving Auditor
Excellence
- Auditing Fraud - Complete Publications, Threat Scenarios, Purchasing & Contracts Fraud - by David McNamee
- Auditing IT Infrastructures by Alan Oliphant
- Auditing
Purchasing and
Contracts by David McNamee
- Control Self Assessment by David McNamee
- Internal
Auditing: Basics & Best Practices
- IT
Auditing: The Basics
- Internal
Auditor Toolkit by
Michael Lapelosa
- Modern
Integrated Audit Approach
by Michael Lapelosa
- Risk
Management - Best
Practice, Case Studies, and Related Material – by a number of
contributing authors
- Risk
Management and Risk
Assessment by David McNamee
- Systems Analysis and
Design by Bill Anderson
Print Order Form - PDF
Print Order Form -
Word Document
Order
Online
ADM PLUS Audit Management
Systems for managing an Audit Department includes risk management and
risk assessment functions.
o
Review
information about this software
o
Download
and try this client-server software with no risk at http://www.pleier.com.
Please tell other Audit
Professionals during your sharing about these resources.
Thank you.
President
Pleier Corporation