Assessing the Reliability of Computer Processed Data

Level – Intermediate | 2-Day Course | 16 Hours CPE

​

How comfortable are you with the data you are relying upon during the course of your audits? Do you feel confident that the data is current, accurate, and complete? With the proliferation of electronic information systems we are placing much more reliance on invisible audit trails. Recent accounting scandals that have sent shockwaves through the accounting/auditing profession certainly illustrate the fact that reliable data cannot be overemphasized. As a result, various factors must be considered by the auditor when assessing the reliability of computer-processed data.

​

This course focuses on data reliability requirements in conducting audits under the Government Auditing Standards. The course material presented centers around the following questions:

 

Auditing the Contingency Planning Process

Level – Intermediate | 1-Day Course | 8 Hours CPE

​

Auditing the Contingency Planning Process (ACPP) is a one-day training session designed to provide an introduction to a seven-step contingency process that many government agencies apply in developing and maintaining a viable contingency planning program for their IT systems. Our role as auditors is to evaluate the adequacy of established plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency. Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM) and selected National Institute of Standards and Technology (NIST) Special Publications, the training material covers specific contingency planning recommendations for seven IT platform types ranging from desktops and portable systems to mainframe systems in addressing the three major course objectives outlined below.

​

Computer Fraud: Prevention and Detection

Level – Intermediate | 2-Day Course | 16 Hours CPE

​

The training material to be presented is designed to provide an introduction to methods, safeguards, and techniques that help protect an organization from computer fraud, giving particular emphasis to what insiders can do. We will discuss the importance of evaluating the adequacy of information technology (IT) security and provide a practical framework for identifying, measuring, monitoring, and controlling the risks associated with insider threats. Through lectures, discussions and exercises, you will gain an appreciation for developing and maintaining a sound risk assessment methodology, basic steps in managing the insider threat, and determining the adequacy of application controls. You will leave the course with an increased awareness and understanding necessary to effectively manage the risks and controls associated with insider threats.

​

Configuration Management for Auditors

Level – Basic | 1-Day Course | 8 Hours CPE

​

Configuration Management for Auditors is a one-day training session designed to provide an overview of four primary concepts that make up an effective configuration management process: configuration identification, configuration control, configuration status accounting, and configuration auditing. For information assurance, CM can be defined as the management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system. In some instances, an entity may not have an effective entity-wide configuration management process, but may nonetheless have configuration management controls at the systems and business process application level. Therefore, evaluation of configuration controls at all levels is important to determine whether they are effective.

​

Evaluating Information Systems Controls

Level – Intermediate | 2-Day Course | 16 Hours CPE

​

Evaluating Information Systems Controls (EISC) is a two-day training session designed to provide an in-depth review of established guidelines for evaluating the effectiveness of controls employed in federal, state and local government information systems. With all government systems having some level of sensitivity, more emphasis is now being placed on developing and implementing adequate general and business process application controls in information systems. General controls are the policies and procedures that apply to all or a large segment of an entity’s information systems and are applied at the entity-wide, system, and business process application levels. Business process application level controls are those controls over the completeness, accuracy, validity, confidentiality, and availability of transactions and data during application processing. As a result of the increased emphasis in this area, a totally different approach is necessary in evaluating the controls in these computerized information systems.

​

Introduction to Information Technology for Auditors

Level – Basic | 2-Day Course | 16 Hours CPE

​

The Introduction to Information Technology for Auditors (IITA) course is a two-day training session designed to provide an overview of auditing in the electronic environment. With the proliferation of computers over the last several decades, there have been significant changes in how financial and accounting data are recorded, accumulated, processed and stored. Consequently, a totally different approach is required in auditing these computerized information systems. The training material is structured to address several course objectives and is comprised of various discussion topics, all of which are designed to give the auditor (IS and non-IS) and the first-line audit supervisor a thorough understanding of today’s environment from the auditor’s perspective. 

​

Risk Management in the IT Environment

Level – Intermediate | 1-Day Course | 8 Hours CPE

​

This course is designed to provide attendees with an introduction to a structured risk management process adopted for many organizations’ information technology (IT) systems. In this digital era, as organizations use automated technology to process their information, risk management plays a critical role in protecting an organization’s information assets from IT-related risk. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.

​

Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM) and selected National Institute of Standards and Technology (NIST) Special Publications, the training material covers various aspects of the risk management process including nine primary steps which encompass the risk assessment methodology. The topics presented are designed to give the auditor and audit management a thorough overview of the various factors that should be considered by management in establishing a viable risk assessment methodology and the key audit procedures necessary to evaluate the adequacy of management’s actions.

​

How to get the Most from A-133 Sampling

Level – Intermediate | 1-Day Course | 8 Hours CPE

​

“How to Get the Most from A-133 Sampling and Testing” delivers everything Auditors need to know about working with A-133 samples.  This course explains how the sample sizes are calculated and directly relates compliance and control (and other types of) risk to sample size.  And, we give you field-ready Excel tools which: (1) calculate exact (rather than approximate) sample sizes using up to 11 different risk factors; and (2) extrapolate A-133 sampling results to the population so as to estimate risk exposure in terms of both rate of occurrence and monetary valuation.

​

Sampling For Auditors, Investigators, and Evaluators

Level – Basic | 1-Day Course | 8 Hours CPE

​

This one-day informative course provides the skills and tools required for sound sampling and covers both basic concepts and applying the techniques in the field. The sampling process and all relevant calculations have been fully automated in a toolkit, which is designed as turnkey and ready for field use. The course involves very little theory or mathematics, so time can be spent applying the techniques to real-world examples.

​

The instructor covers all three types of sampling used — compliance, attribute, and variable. Attendees will learn more about the SAO Statistical Toolbox which ensures that the most critical parameters are calculated for the auditor, including sampling precision, values for z and t, confidence intervals, and extrapolations to the population of interest. Calculations are performed simultaneously at the four most common confidence levels — 90%, 95%, 98%, and 99%.

​

Statistical Testing of Evidence for Auditors, Investigators, and Evaluators

Level – Intermediate | 1-Day Course | 8 Hours CPE

​

This one-day course focuses on the statistical tests auditors and managers use in their work allowing for real-world examples. The instructor will provide a single integrated automated tool for conducting statistical tests. The tool runs and indicates the specific results of one and two-tailed statistical tests at the four most common confidence levels (90%, 95%, 98%, and 99%) and user-specified confidence levels.

​

Statistics for Data Analysis - Descriptive Statistics and Graphs

Level – Intermediate | 1-Day Course | 8 Hours CPE

​

This one-day informative course provides step-by-step instructions for using Excel to thoroughly describe and display any data set. Providing real-world audit applications, this course will provide tools and methods actually used to describe and display data. Our instructor effectively and interestingly ties automation, statistical theory, evaluation methodology, and applied statistics together into a single, easy-to-use package.

​

​