IT Auditing: The Basics
Michael Lapelosa, CISA, is
a 22-year seasoned Internal Audit Professional with experience
in financial services, state government and healthcare.
Michael’s responsibilities have included Internal Audit,
Performance Appraisal, TQM, and Information Security.
Michael is very active with The IIA as both a member of The
IIA Government Relations Committee and Past President of the
New York Chapter.
He is a member of the Academic Relations Committee of ISACA
International and a member of the Executive Committee of the
ISACA New York Chapter.
Michael is a frequent instructor and seminar leader for the
Institute of Internal Auditors, USDA Graduate School, and the
Foundation for Accounting Education (FAE) teaching various
- Internal Auditor’s
- Integrated Auditing
- Internal Auditors
- Internal Auditors
Standards and Quality Assurance
- Computer Fraud
- CISA Review Course
- Risk Assessment
- COSO Self Assessment
- EDP Auditing
- Auditing a Paperless
- Auditing for Fraud: A
- Auditing Local Area
- SDLC Auditing:
Hitting the Hot Spots
- Effective Audit
Michael has published several articles including Internal
Auditing and the New Model Economy, Outsourcing Self Test, and
Auditing Factoring Companies.
His electronic publication “Modern Integrated Audit Approach”
and “Internal Auditor Toolkit” digitalSeminarTM, a complete
seminar including PowerPoint slides accompanied with a digital
soundtrack, are available on CD for both individual and
chapter use at http://www.pleier.com.
Michael is an Adjunct Professor at Baruch College teaching
Accounting Information Systems.
Information Technology (IT) audits continue to be viewed as a
mysterious world that requires highly specialized skills.
However, as regulatory requirements such as those imposed by
the recently enacted Sarbanes-Oxley Act highlight that
organizations’ financial reporting and operational performance
become more and more dependent on complex information
technology, it becomes increasingly difficult to conduct
effective audits that do not include an aspect of IT auditing.
The days of “auditing around the computer” are over.
Mike’s latest electronic publication, “IT Auditing: The
Basics” strips away some of the mystery surrounding IT audits
by presenting a plain English, straightforward discussion of
risks, control objectives, and control techniques for selected
high payback IT audit areas that do not require a large degree
of technical expertise.
As an Audit Director and Information Technology Auditor with
over 22 years experience in the profession, Michael Lapelosa,
has seen both sides of the audit equation. As a strong
advocate of the “Integrated Audit Approach” he has struggled
for many years with the challenge of making IT audit concepts
more understandable for non-technical auditors.
Throughout this digital product he shares a standardized
approach that he has developed to provide guidance and
direction by selecting high risk, high payback areas to
The Basics Presentation
"IT Audit: The Basics PowerPoint Presentation"
Click the link above to
access the PowerPoint presentation. Then click the
left mouse button each time you would like to view the next
The 100-slide PowerPoint offers an excellent introduction to
IT Auditing and includes the following topics:
IT Auditing: The Basics
Control Objectives Have
How to Examine High
Payback IT Areas
Sarbanes-Oxley IT Controls
What Could Go Wrong?
Planning and Organizing
Delivery & Support
Administration of the IT
Areas to Review for IT
Evaluate & Verify
Program Change Controls
IT Auditing: The
Basics Work Programs
Mike’s 100-page Power Point slide presentation is
supplemented by work programs that are based on the industry
standard COBIT. These work programs are in MS Word
format and can easily be modified and adapted for use.
The approach that is presented here combines elements of
several non-technical audit areas that focus on governance,
planning, risk assessment and oversight for the IT
Using this approach permits an extremely efficient audit
process by ensuring key IT risks are adequately addressed,
expands the knowledge base of the entire audit staff,
promotes dialogue between various audit groups, and frees
the technical IT audit staff to delve more deeply into
highly specialized, increasingly complex and high risk IT
One additional benefit is that this approach assists in
staff development and retention.
These work programs address each of these phases in standard
COBIT-based workpaper format using MS Word to facilitation
modification to each Audit Department’s standards and to
complete each audit efficiently.
The work program for each area contains:
Compliance Testing Steps
If you like the quality of this
product please check http://www.pleier.com
for additional resources.
tell other Audit Professionals during your sharing about these