Would you be prepared if your IT auditor called right now and wanted last year's audit report and a current status of the recommended changes? Getting your institution ready for an IT audit needs preparation and planning and a sharpened knowledge of what systems really are running in your institution. Do you know what IT controls are in place? It doesn't matter whether you manage or work in an information technology function, the IT audit is, if you're not ready for it, a daunting task. An IT audit can actually be a very useful exercise if you know why the audit is taking place, and what the audit is expected to realize when completed.
This webinar will provide attendees with the tools to prepare the IT audit, and will help the institution not just survive the audit but thrive from the changes made in the audit's recommendations. It will help identify, evaluate and improve the IT controls that your auditors are looking at during their work.
Institutions are increasingly looking at their information technology as a key part of their business strategy. As a result, controls to ensure the efficiency and effectiveness of an organization's operations, reliable financial statements and compliance with laws and regulations, are often provided by automated systems. Indeed, in recent years, the passage of regulations such as Gramm-Leach-Bliley, Sarbanes-Oxley and HIPAA have made the need for effective IT controls an absolute necessity. As a result, IT auditors, like their internal financial and operational audit counterparts are charged by the institution's most senior management to evaluate the controls in an organization to ensure that risks are managed and controls are in place and operating effectively.
The webinar will start by discussing the need for IT controls as a way of mitigating the various risks. It will then continue on management's responsibility for ensuring that proper controls are in place, and some of the governance frameworks - including the COBIT framework designed specifically for IT - that help them design the control structure for the organization. We will cover different types of controls including:
- Entity-Level Controls, which are the controls put in place by executive management that set the tone for the organization. These may include policies and procedures, risk assessment, quality assurance and board committees.
- Application Controls, which are controls embedded in computer programs and related manual processes that help ensure the completeness and accuracy of data processing.
- General Controls, which are controls to ensure the continued proper operation of computer systems. These include controls over data center operations, software acquisition and maintenance, systems security, disaster recovery.
We continue with a discussion on the IT auditor's role in documenting, evaluating and testing these controls. We will review the audit process from the risk assessment to determine what to review all the way through to the final report and follow-up on audit recommendations. Finally, we will discuss ways to survive in an audited environment including IT department can continuously collect and categorize this evidence so that it is always available for your auditor.