itauditfornonitauditors-12965710606778-phpapp01
DESCRIPTION
itauditfornonitauditorsTRANSCRIPT
![Page 1: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/1.jpg)
Powerpoint Templates 1Powerpoint Templates
IT Audit for Non-IT Auditors
Ed Tobias, CISA, CIA, CFEFebruary 4, 2011
![Page 2: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/2.jpg)
Powerpoint Templates 2
Overview
What is an IT Auditor? Skills Without IT Audit, what areas/risks
may not be covered? Areas for Non-IT Auditors Next steps? Questions?
![Page 3: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/3.jpg)
Powerpoint Templates 3
To Keep Things Moving…
Participate! Questions:
Brief – will answer Complex – save until the end or offline
![Page 4: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/4.jpg)
Powerpoint Templates 4
What is an IT Auditor?
Skills Hard vs. Soft
Education Technology-related Non-technical
Professional Background IT Consulting
![Page 5: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/5.jpg)
Powerpoint Templates 5
What is an IT Auditor?
Certifications CISA CITP CISM CISSP Vendors (i.e. MCSE, CCNA, etc.) Others (i.e. PMP, CIPP, CIA, etc.)
Training On the job Specialized courses
![Page 6: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/6.jpg)
Powerpoint Templates 6
Auditors must have …
IIA Attribute Standard 1210.3 “Internal auditors must have sufficient
knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work.”
![Page 7: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/7.jpg)
Powerpoint Templates 7
Areas that may need help
Disaster Recovery Data Mining ITGC review Application Controls testing User-developed applications SAS70 (SSAE 16) considerations Data integrity / confidentiality Working w/IT to get data for testing
![Page 8: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/8.jpg)
Powerpoint Templates 8
Areas that Non-IT Auditors can perform
Disaster Recovery (Steve will present)
Data Mining SAS70 (SSAE 16) review ITGC review
![Page 12: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/12.jpg)
Powerpoint Templates 12
Analyze the entire population instead of taking a sample
Predicting major increases in technology audit tools Assess current skills Create plan to address deficiencies
![Page 13: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/13.jpg)
Powerpoint Templates 13
Data Mining
Current Perceptions What is Data Mining? How is it used? How can I use it?
![Page 14: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/14.jpg)
Powerpoint Templates 14
Current Perceptions about DM
Who has NOT heard of DM?
![Page 15: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/15.jpg)
Powerpoint Templates 15
What Is Data Mining?
Automate detection of relevant patterns Look at current & historical data Predict future trends
Efficient method to analyze large amounts of data
Enhance key item sampling Means for “continuous auditing”
![Page 16: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/16.jpg)
Powerpoint Templates 16
How Is Data Mining Used?
Audit Process Risk Assessment Controls Assessment
Fraud Detection and Prevention IIA’s IPPF – Internal Auditing and Fraud
“Routine and/or ad hoc matching of … data against relevant transactions, vendor lists, employee rosters, and other data (p. 22)”
![Page 17: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/17.jpg)
Powerpoint Templates 17
Data Mining Process
1. Validate your data 2. System Risk Assessment 3. Perform testing
![Page 18: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/18.jpg)
Powerpoint Templates 18
1. Validate your data
Compare the file totals to control totals Total Record Count Subtotal of key numeric fields (i.e.
amount
![Page 19: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/19.jpg)
Powerpoint Templates 19
2. System Risk Assessment
Article for upcoming ISACA Journal titled, “Taking Your First Steps in Data Mining” Assess the risk of unauthorized data
modification Important for fraud detection or compliance
Is the system “user-developed”, formally managed by IT, or outsourced?
![Page 20: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/20.jpg)
Powerpoint Templates 20
3. Perform testing
Check for missing data – blank fields or missing records
Invalid data – characters in num fields Duplicate records Data within scope period Accurate computed fields –
independently perform calculations
Stratify data – approval limits
Benford’s Law – find anomalies
![Page 21: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/21.jpg)
Powerpoint Templates 21
Can I Do It?
These functions are possible WITHOUT DM software More time and effort required
DM software provides: Efficiency Audit log functions Repeatability Basis for continuous auditing
Scripts / Enterprise platforms
![Page 22: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/22.jpg)
Powerpoint Templates 22
Example
Risk Assessment / Control Effectiveness
Purchase Order Review - 24 months 6,000+ POs 490,000+ records in Accounting system 510,000+ records r/t Payments
![Page 23: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/23.jpg)
Powerpoint Templates 23
Example
Isolated 14,000 payment records related to 6000+ POs
Developed risk-based reports: Total department spend Total vendor spend Top 10 departments / vendors Possible split transactions Non-Compliance with policies
![Page 24: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/24.jpg)
Powerpoint Templates 24
Example Benford’s Law – helps identify
unusual transactions
![Page 26: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/26.jpg)
Powerpoint Templates 26
SAS70 Review
Why do we need it? Explains controls at a service
organization Test their effectiveness over a period
(Type II SAS 70) Supports financial statement assertions We can’t audit the service organization
![Page 27: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/27.jpg)
Powerpoint Templates 27
SAS 70 -> SSAE 16
Based on Int’l Standards for Assurance Engagements
Effective for period ending on/after June 15, 2011
NOT a certification for the service organization
![Page 28: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/28.jpg)
Powerpoint Templates 28
SSAE 16
Deals with controls over subject matter for financial reporting
Other areas will be dealt with in another AIPCA guide – 2011 Security, Availability, Processing
Integrity, Confidentiality, or Privacy AICPA SOC (Service Organization
Control) 2 – Type II report
![Page 29: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/29.jpg)
Powerpoint Templates 29
IT Audit Items?
Section II – Information provided by the service organization Description of the IT environment and
related ITGC User Control Considerations
Have they been reviewed? Are they implemented?
Section IV – Supplemental Info DR / Business Continuity Plan
![Page 30: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/30.jpg)
Powerpoint Templates 30
ITGC Review
IIA Attribute Standard 1210.3 “Internal auditors must have sufficient
knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work.”
![Page 31: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/31.jpg)
Powerpoint Templates 31
A few words about ITGC…
It’s not necessary to know “everything” about IT controls 2 key control concepts:1. Assurance from IT controls is within
whole system of internal control Continuous Produces reliable evidence trail
![Page 32: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/32.jpg)
Powerpoint Templates 32
A few words about ITGC…
2. Auditor’s assurance is independent, objective assessment of #1.
Understand, examine, and assess the controls r/t risks auditors manage
Perform sufficient control testing – controls designed appropriately & function effectively
GTAG-1: Information Technology Controls, p.3
![Page 33: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/33.jpg)
Powerpoint Templates 33
ITGC Review
Considered during SOX audits Risk of material misstatement Applies to all key systems involved with
financial reporting Can extend to key operational
systems Bad data = Bad Management decisions
![Page 34: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/34.jpg)
Powerpoint Templates 34
ITGC Review
Which is more reliable? Manual or Automated control
Many controls are “hybrid” Partly automated
Manual control relies on application functionality
Example: Key control to detect duplicate receipts relies on review of system report
![Page 35: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/35.jpg)
Powerpoint Templates 35
ITGC Review
Key automated / hybrid controls Assess and test ITGC that provide
assurance -> Automated controls perform consistently
and appropriately
![Page 36: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/36.jpg)
Powerpoint Templates 36
ITGC Review
Minimum 5 areas of review:1. IT Entity-level2. Change Management3. Information Security4. Backup and Recovery5. 3rd party IT providers
Depends on the risk to the system or department
![Page 37: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/37.jpg)
Powerpoint Templates 37
How to use the template?
Guide for examining IT Audit areas Risk Assessment Use judgment to determine applicable
areas Helps determine “key information
technology risks”
![Page 38: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/38.jpg)
Powerpoint Templates 38
1. IT Entity-level
Related to the entity’s env. Covers IT as a whole:
Acquisition Implementation Management Governance (Johan will present) Policies & procedures IT Risk Management Planning / Strategy
![Page 39: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/39.jpg)
Powerpoint Templates 39
1. IT Entity-level
What impact do these controls have on the system? Understand the level of IT
sophistication within the system and/or organization
![Page 40: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/40.jpg)
Powerpoint Templates 40
Level of IT Sophistication
Assess the complexity of the system -> relevance of ITGC Low
COTS, 1 server, 1-15 users High
ERP and/or customized, 4+ servers, 30+ users
Appendix B – guidelines for IT Sophistication levels
![Page 41: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/41.jpg)
Powerpoint Templates 41
1. IT Entity-level
What impact do these controls have on the system? Low IT Sophistication = low risk to
system / department Consider mitigating controls
![Page 42: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/42.jpg)
Powerpoint Templates 42
1. IT Entity-level
Annual Technology Plan IT should align with the business
Annual Budget Overspending?
Prioritization Alignment with business changes
![Page 44: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/44.jpg)
Powerpoint Templates 44
2. Change Management
All changes to the system Properly authorized Securely implemented
Applies to: Software (applications) Hardware (infrastructure – operating
systems and networks)
![Page 45: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/45.jpg)
Powerpoint Templates 45
2. Change Management
Properly scope the risk Vendor-supplied updates In-house coding and updates
Relevant with higher levels of IT Sophistication Mature, more defined processes Change Review Board
![Page 46: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/46.jpg)
Powerpoint Templates 46
2. Change Management
Segregation of Duties (SoD) Creating the change Approved Tested Implemented
Emergency Changes Change implemented before approval
![Page 47: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/47.jpg)
Powerpoint Templates 47
Fraud Example
Deputy Treasurer-Controller of a WA state public utility district Issued $236,925.23 to himself Authorized to make program changes Implemented those changes Circumvented manual controls by A/P Caught by A/P clerk who noticed a
$7,000 check cashed by him
![Page 49: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/49.jpg)
Powerpoint Templates 49
3. Information Security
Unauthorized access to the programs or data
2 types of access: Physical Logical
![Page 50: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/50.jpg)
Powerpoint Templates 50
3. Information Security
Physical Limit physical access to the servers and
critical infrastructure Locked doors Cameras Security guards Biometrics
![Page 51: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/51.jpg)
Powerpoint Templates 51
3. Information Security
Logical Limit access to the applications and
data Less IS More – Least amount of privileges to
perform job functions Segregation of Duties Limit physical access to the servers
![Page 52: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/52.jpg)
Powerpoint Templates 52
3. Information Security
Important to distinguish Information Security problems from risk to the system Compensating manual controls in place
to detect / prevent errors? Low IT Sophistication = Low risk for
financial misstatements Higher operational / regulatory risk
![Page 53: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/53.jpg)
Powerpoint Templates 53
3. Information Security
Security Policy Tone at the Top Sets guidelines for acceptable use Part of Employee Handbook
Access privileges Role-based -> well-defined The “backup” has conflicting roles
Bypass management controls
![Page 54: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/54.jpg)
Powerpoint Templates 54
3. Information Security
Only current employees have access Disable unused accounts Temps / contractors
![Page 55: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/55.jpg)
Powerpoint Templates 55
3. Information Security
Strong passwords Periodic change (90 days) Password history Minimum length Complexity
Upper / lower case Numbers / symbols No dictionary Repeating characters
![Page 56: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/56.jpg)
Powerpoint Templates 56
3. Information Security
Administrators / Super Users Bypass monitoring controls
Delete logs Rerun exception reports
Bypass system controls Change employee’s access Log in as employee Bypass workflow approval
Bypass Change Management SoD
![Page 57: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/57.jpg)
Powerpoint Templates 57
3. Information Security
High level of access = high risk Download data – data privacy breaches Unauthorized changes
Programs and/or data
Limit administrative access Contractors / temps?
![Page 58: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/58.jpg)
Powerpoint Templates 58
3. Information Security
Generic IDs – what’s the problem? No accountability Shared password SoD – bypass controls?
Test IDs – temporary with undocumented access
Vendor default IDs Everyone knows the password
![Page 59: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/59.jpg)
Powerpoint Templates 59
3. Information Security
Unique ID / password Accountability Log files / data mining What about contractors /temps?
Sharing the “temp” id?
![Page 61: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/61.jpg)
Powerpoint Templates 61
4. Backup / Recovery
Steve will discuss after lunch
Restore system and data Server crash Disaster – Fire, flood, hurricane, etc
Usually considered very important
![Page 62: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/62.jpg)
Powerpoint Templates 62
4. Backup / Recovery
Risk for bad recovery Low IT Sophistication
Offsite backups, successful restore in last 12 months
High IT Sophistication Audit procedures to ensure BCP is effective
![Page 63: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/63.jpg)
Powerpoint Templates 63
4. Backup / Recovery
Backups Who can do them?
Offsite storage Who picks up the tapes? Who can request tapes?
Restoring the system File Database How many transactions are lost?
![Page 65: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/65.jpg)
Powerpoint Templates 65
5. 3rd party IT Providers
Outsourced service
![Page 66: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/66.jpg)
Powerpoint Templates 66
5. 3rd party IT Providers
Why are businesses taking the risk to outsource? Lower Cost Lower IT complexity Higher Reliability Universal Access IT not a core competency
![Page 67: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/67.jpg)
Powerpoint Templates 67
5. 3rd party IT Providers
Financial / Operational impact SAS70 -> SSAE16
Vendor Selection / Management Risks properly mitigated?
Data loss Downtime Regulatory constraints Theft of Intellectual Property
![Page 68: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/68.jpg)
Powerpoint Templates 68
5. 3rd party IT Providers
What’s the risk if the vendor accesses the data? Compensating controls? Regulatory risks
![Page 70: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/70.jpg)
Powerpoint Templates 70
Next Steps?
Use your resources and READ Audit programs on the Internet GAIT-R and GTAG series IT Audit section – IIA website
![Page 72: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/72.jpg)
Powerpoint Templates 72
GAIT and GTAG
Available to IIA members
Guide to the Assessment of IT Risk for Business & IT Risk Top-down assessment of business risk,
risk tolerance, and controls ITGC and automated controls
Business risks mitigated by manual and automated controls
![Page 75: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/75.jpg)
Powerpoint Templates 75
GTAG
Global Technology Audit Guide 15 GTAGs so far
![Page 76: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/76.jpg)
Powerpoint Templates 76
Resources
IIA - IT Audit http://www.theiia.org/intAuditor/itaudit/
AuditNet http://www.auditnet.org/ TeamMate and ACL users
Free Premium Access
![Page 77: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/77.jpg)
Powerpoint Templates 77
Next Steps?
Network with IT Auditors Get training Get certified (CISA or CITP)
![Page 78: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/78.jpg)
Powerpoint Templates 78
Summary
IIA Attribute Standard 1210.3 “Internal auditors must have sufficient
knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work.”
![Page 79: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/79.jpg)
Powerpoint Templates 79
Can I Do It?
Data Mining
SAS 70 / SSAE 16 Review
ITGC Review
![Page 82: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/82.jpg)
Powerpoint Templates 82
Contact Info
http://www.linkedin.com/in/ed3200
![Page 83: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/83.jpg)
Powerpoint Templates 83
Appendix A – DM software
The following list is provided for information only. The author makes no recommendations for any of the products. Office 2007 Data Mining Add-Ins using SQL Server
2005 / 2008 ($0) Web CAAT Audit Analytics ($0)
70 program steps, 10 business processes Audit Commander ($50) – works with Excel,
Access, or text files May be sufficient for your needs
------------------------------------------------------------ ACL ($1,000) – most popular among auditors IDEA ($2,295) – more user-friendly
![Page 84: itauditfornonitauditors-12965710606778-phpapp01](https://reader035.vdocuments.us/reader035/viewer/2022081516/55cf9040550346703ba44aee/html5/thumbnails/84.jpg)
Powerpoint Templates 84
Appendix B – System RM
Level of IT Sophistication
Email me – [email protected] for the entire article