Auditing Using SOX

Course Introduction and Overview

• Introduction to Course
• Purpose and Objectives of Course
   
• Types of Business Application Audits

Types and Definitions of IT Controls

• Application Controls
• General Controls
• Relationship of Application Controls to General Controls
• Types / Sub Categories of Controls COSO
   

Discussion of Audit Standards

• ISACA
• Institute of Internal Auditors
• General Accounting Office
• Texas Internal Auditing Act
   
• Department of Information Resources
• Statements on Auditing
• Standards (SAS), including SAS

General Steps in Performing an Application Controls Review

• Planning / Resource Requirements
• Scoping / Application Identification
• Application Risk Assessment
• Audit Program Development
• Identifying, Testing, and Assessing Control Reliability
• Data Integrity Testing
• Certifying Computer Security
   
• Issue, Finding and Report Development and Presentation
• Follow-up considerations

Components and Controls in an Automated Business Application

• Transaction Authorization and Origination
• Input
• Processing
• Output
   
• Security
• Maintenance

Data Input and Processing Relationship Models

• Batch Online
• Real Time
   

Key Issues and Concerns When:

• Beginning the Audit
• Identifying and
• Documenting Controls,
   
• Testing Controls and
• Using Automated Audit Resources.

Hands-on Class Exercise

• Scenario layout, Planning and Scoping
• Audit program development and Execution
• Use of automated audit tools
• Reporting
• Post-exercise discussion
   

Upon completion of the training, participants will be provided a Certificate of Completion / Attendance.