|
Title: Evaluating Information Systems Controls
Date: February 9-10, 2010
Time: 8:30am - 4:30pm
Instructor: Glen D. Chambers, CISA
Location: One Highland Center, 314 E. Highland Mall Blvd., Suite 403, Austin, TX 78752
Price: $425
Early Bird Discount: $399 if you register by January 9, 2010.
Who Should Attend:
All auditors (IS and non-IS), audit supervisors and managers with the desire to gain a better understanding of the challenges facing agencies in integrating and assessing computer security in federal, state and local information systems.
Course Description:
Evaluating Information Systems Controls (EISC) is a two-day training session designed to provide an in-depth review of established guidelines for evaluating the effectiveness of controls employed in federal, state and local government information systems. With all government systems having some level of sensitivity, more emphasis is now being placed on developing and implementing adequate general and business process application controls in information systems. General controls are the policies and procedures that apply to all or a large segment of an entity’s information systems and are applied at the entity-wide, system, and business process application levels. Business process application level controls are those controls over the completeness, accuracy, validity, confidentiality, and availability of transactions and data during application processing. As a result of the increased emphasis in this area, a totally different approach is necessary in evaluating the controls in these computerized information systems.
Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM), selected National Institute of Standards and Technology (NIST) Special Publications and other relevant published guidance, the training material is structured using a check-list approach to address the four major course objectives outlined below. All of the topics presented are designed to give the auditor and audit management a thorough understanding of the challenges facing agencies in integrating and evaluating computer controls in federal, state and local government information systems.
Learning Objectives:
Upon completion of this course, you will be able to:
Define the policies, procedures, practices and controls required in managing IT organizational resources.
Provide a conceptual framework of internal controls in a computer environment.
Describe the fundamental concepts associated with control evaluations.
Discuss the process of evaluating controls in organizational information systems.
Course Outline
Module 1 - Professional Standards, Policies and Guidelines
GAO Standards and Policies
NIST Audit Guidance and Control Criteria
AICPA Statements on Auditing Standards
Other Professional Guidance
Module 2 - Information Systems Environment
Data Processing Environments
Methods of Processing Data
IT Organizational Structure
Nature of IT Management
Separation of Duties
IT Personnel Policies and Management Practices
Assessing Effectiveness and Efficiency of IT Activities
Types of Computers and Software
Module 3 - Information Systems Controls
Vulnerabilities of Information Systems
Nature of Information System Controls
General Controls
Application Controls
Module 4 - Audit Implications of Electronic Document Management
Overview of EDM Systems
Audit Benefits of EDM
EDM Technologies
EDM Components
Pre-Implementation Considerations
Audit Planning Issues
Internal Controls
Module 5 - Evaluating General Controls in Information Systems
Security Management
Access Controls
Configuration Management
Segregation of Duties
Contingency Planning
Module 6 - Evaluating Application Controls in Information Systems
Application Level General Controls
Business Process Controls
Interface Controls
Data Management System Controls
The timing and duration of our discussion on any of the above topics can be adjusted accordingly depending upon the experience level of the attendees. All of the material being presented is designed to look at today’s environment from the auditor’s perspective with emphasis on the steps necessary to satisfy the Government Auditing Standards.
Instructor Bio: Glen D. Chambers, CISA
Glen D. Chambers, a 2002 retiree from the Defense Contract Audit Agency (DCAA), has over 20 years experience in auditing information systems at some of the largest Department of Defense contractors in the country. Glen’s Information Technology (IT) auditing experience has included detailed reviews in areas such as internal controls, cost allocations/job accounting systems, economy and efficiency reviews, and computer performance evaluations.
Glen is a faculty member of the Graduate School, Government Audit Training Institute where he is involved with course development and instruction. Glen is a Certified Information Systems Auditor and a member of the Information Systems Audit and Control Association.
CPE: 16 hours
Level: Intermediate
Type of Class: Audit
TX Board of Public Accountancy Sponsor Number: 009317
Cancellation Information: Cancellation Date: January 19, 2010
To cancel your registration from this course, please call or email the course
contact listed below. If a cancellation is received after the cancellation
date, the registrant will be charged $140 for course materials.
Class participants will
be billed after the class. Payment should be made to SOLUTIONS TRAINING GROUP,
Federal Tax ID: 20-2732184 and mailed to 2701 Maria Anna Rd, Austin, TX 78703.
If you have any questions, please contact Shannon Bieberdorf at (512) 914-5557
shannon@solutionstraininggroup.com. For
additional information about this class, please contact Laurie Garrant at laurie@solutionstraininggroup.com,
(512) 914-5567.
|
