IT Auditing: The Basics
About the Author
Michael
Lapelosa,
CISA
Michael’s responsibilities have included Internal Audit, Performance Appraisal, TQM, and Information Security.
Michael is very active with The IIA as both a member of The IIA Government Relations Committee and Past President of the New York Chapter.
He is a member of the Academic Relations Committee of ISACA International and a member of the Executive Committee of the ISACA New York Chapter.
Michael is a frequent instructor and seminar leader for the Institute of Internal Auditors, USDA Graduate School, and the Foundation for Accounting Education (FAE) teaching various seminars including:
- Internal Auditor’s Toolkit
- Integrated Auditing
- Internal Auditors Best Practices
- Internal Auditors Standards and Quality Assurance
- Computer Fraud
- CISA Review Course
- Risk Assessment
- COSO Self Assessment
- EDP Auditing
- Auditing a Paperless Environment
- Auditing for Fraud: A Proactive Approach
- Auditing Local Area Networks
- SDLC Auditing: Hitting the Hot Spots
- Effective Audit Testing
Michael has published several articles including Internal Auditing and the New Model Economy, Outsourcing Self Test, and Auditing Factoring Companies.
His electronic publication “Modern Integrated Audit Approach” and “Internal Auditor Toolkit” digitalSeminarTM, a complete seminar including PowerPoint slides accompanied with a digital soundtrack, are available on CD for both individual and chapter use at http://www.pleier.com.
Michael is an Adjunct Professor at Baruch College teaching Accounting Information Systems.
IT Auditing: The Basics
Information Technology (IT) audits continue to be viewed as a mysterious world that requires highly specialized skills. However, as regulatory requirements such as those imposed by the recently enacted Sarbanes-Oxley Act highlight that organizations’ financial reporting and operational performance become more and more dependent on complex information technology, it becomes increasingly difficult to conduct effective audits that do not include an aspect of IT auditing. The days of “auditing around the computer” are over.
Mike’s latest electronic publication, “IT Auditing: The Basics” strips away some of the mystery surrounding IT audits by presenting a plain English, straightforward discussion of risks, control objectives, and control techniques for selected high payback IT audit areas that do not require a large degree of technical expertise.
As an Audit Director and Information Technology Auditor with over 22 years experience in the profession, Michael Lapelosa, has seen both sides of the audit equation. As a strong advocate of the “Integrated Audit Approach” he has struggled for many years with the challenge of making IT audit concepts more understandable for non-technical auditors.
Throughout this digital product he shares a standardized approach that he has developed to provide guidance and direction by selecting high risk, high payback areas to review.
IT Auditing:
The Basics Presentation
"IT Audit: The Basics PowerPoint Presentation"
Click the link above to access the PowerPoint presentation. Then click the left mouse button each time you would like to view the next item.The 100-slide PowerPoint offers an excellent introduction to IT Auditing and includes the following topics:
IT Auditing: The Basics
COBIT
Control Objectives Have NOT Changed
How to Examine High Payback IT Areas
Sarbanes-Oxley IT Controls
What Could Go Wrong?
Audit Programs
Planning and Organizing
Acquisition & Implementation
Delivery & Support
Monitoring
Administration of the IT Department
Areas to Review for IT Planning
Evaluate & Verify
External Requirements Review
Project Management
Risk Management
Program Change Controls
Application Controls
Business Recovery
Audit Tools
Audit Programs
COBIT
Control Objectives Have NOT Changed
How to Examine High Payback IT Areas
Sarbanes-Oxley IT Controls
What Could Go Wrong?
Audit Programs
Planning and Organizing
Acquisition & Implementation
Delivery & Support
Monitoring
Administration of the IT Department
Areas to Review for IT Planning
Evaluate & Verify
External Requirements Review
Project Management
Risk Management
Program Change Controls
Application Controls
Business Recovery
Audit Tools
Audit Programs
IT Auditing: The
Basics Work Programs
Mike’s 100-page Power Point slide presentation is supplemented by work programs that are based on the industry standard COBIT. These work programs are in MS Word format and can easily be modified and adapted for use.
The approach that is presented here combines elements of several non-technical audit areas that focus on governance, planning, risk assessment and oversight for the IT environment.
Using this approach permits an extremely efficient audit process by ensuring key IT risks are adequately addressed, expands the knowledge base of the entire audit staff, promotes dialogue between various audit groups, and frees the technical IT audit staff to delve more deeply into highly specialized, increasingly complex and high risk IT technical environments.
One additional benefit is that this approach assists in staff development and retention.
These work programs address each of these phases in standard COBIT-based workpaper format using MS Word to facilitation modification to each Audit Department’s standards and to complete each audit efficiently.
The work program for each area contains:
Audit Objectives
Documentation/Procedure Requirements
Control Evaluation Criteria
Compliance Testing Steps
Documentation/Procedure Requirements
Control Evaluation Criteria
Compliance Testing Steps
Other Resources
If you like the quality of this product please check http://www.pleier.com for additional resources.
Please tell other Audit Professionals during your sharing about these resources.
Thank you.
President
Pleier Corporation