IT Auditing: The Basics

Cd image and Computer

About the Author

Michael Lapelosa, CISA

Michael Lapelosa, CISA, is a 22-year seasoned Internal Audit Professional with experience in financial services, state government and healthcare.
Michael’s responsibilities have included Internal Audit, Performance Appraisal, TQM, and Information Security.
Michael is very active with The IIA as both a member of The IIA Government Relations Committee and Past President of the New York Chapter.
He is a member of the Academic Relations Committee of ISACA International and a member of the Executive Committee of the ISACA New York Chapter.
Michael is a frequent instructor and seminar leader for the Institute of Internal Auditors, USDA Graduate School, and the Foundation for Accounting Education (FAE) teaching various seminars including:
Michael has published several articles including Internal Auditing and the New Model Economy, Outsourcing Self Test, and Auditing Factoring Companies.

His electronic publication “Modern Integrated Audit Approach” and “Internal Auditor Toolkit” digitalSeminarTM, a complete seminar including PowerPoint slides accompanied with a digital soundtrack, are available on CD for both individual and chapter use at

Michael is an Adjunct Professor at Baruch College teaching Accounting Information Systems.

IT Auditing: The Basics

Information Technology (IT) audits continue to be viewed as a mysterious world that requires highly specialized skills. However, as regulatory requirements such as those imposed by the recently enacted Sarbanes-Oxley Act highlight that organizations’ financial reporting and operational performance become more and more dependent on complex information technology, it becomes increasingly difficult to conduct effective audits that do not include an aspect of IT auditing. The days of “auditing around the computer” are over. 

Mike’s latest electronic publication, “IT Auditing: The Basics” strips away some of the mystery surrounding IT audits by presenting a plain English, straightforward discussion of risks, control objectives, and control techniques for selected high payback IT audit areas that do not require a large degree of technical expertise.

As an Audit Director and Information Technology Auditor with over 22 years experience in the profession, Michael Lapelosa, has seen both sides of the audit equation. As a strong advocate of the “Integrated Audit Approach” he has struggled for many years with the challenge of making IT audit concepts more understandable for non-technical auditors. 

Throughout this digital product he shares a standardized approach that he has developed to provide guidance and direction by selecting high risk, high payback areas to review.

IT Auditing: The Basics Presentation

"IT Audit: The Basics PowerPoint Presentation"

Click the link above to access the PowerPoint presentation.  Then click the left mouse button each time you would like to view the next item.
The 100-slide PowerPoint offers an excellent introduction to IT Auditing and includes the following topics:

IT Auditing: The Basics
Control Objectives Have NOT Changed
How to Examine High Payback IT Areas
Sarbanes-Oxley IT Controls
What Could Go Wrong?
Audit Programs
Planning and Organizing
Acquisition & Implementation
Delivery & Support
Administration of the IT Department
Areas to Review for IT Planning
Evaluate & Verify
External Requirements Review
Project Management
Risk Management
Program Change Controls
Application Controls
Business Recovery
Audit Tools
Audit Programs

IT Auditing: The Basics Work Programs

Mike’s 100-page Power Point slide presentation is supplemented by work programs that are based on the industry standard COBIT.  These work programs are in MS Word format and can easily be modified and adapted for use.

The approach that is presented here combines elements of several non-technical audit areas that focus on governance, planning, risk assessment and oversight for the IT environment.

Using this approach permits an extremely efficient audit process by ensuring key IT risks are adequately addressed, expands the knowledge base of the entire audit staff, promotes dialogue between various audit groups, and frees the technical IT audit staff to delve more deeply into highly specialized, increasingly complex and high risk IT technical environments.

One additional benefit is that this approach assists in staff development and retention.

These work programs address each of these phases in standard COBIT-based workpaper format using MS Word to facilitation modification to each Audit Department’s standards and to complete each audit efficiently.

The work program for each area contains:
Audit Objectives
Documentation/Procedure Requirements

Control Evaluation Criteria

Compliance Testing Steps


Other Resources

If you like the quality of this product please check for additional resources.

Order Online

Please tell other Audit Professionals during your sharing about these resources.

Thank you.

Pleier Corporation