IT Control and Audit
This course is all about creating and protecting value with IT Controls and Audit. Our focus is on the business objectives of creating and protecting value, for your organization and potentially for the world at large. Controls are the "steering wheels and brakes" that we use to direct Information Technology. You'll quickly see that IT can be scoped as broadly as you'd like, both inside and outside your organization. We'll use Audit to do what audit does - ensure that the controls are effective in achieving those business objectives of creating and protecting value.
Day One:
What do we already know?
Introductions, to each other, and to the course material. What do you already know about creating and protecting value with IT? What else do you know that can help you learn this material?
Our goal is to get you thinking like an auditor.
Day Two:
The Nature of Threats
In honor of Halloween, we'll start with a discussion about something creepy called Stuxnet — believed to be the first truly weaponized computer malware — and how it crossed over into the more traditional cyberspace. That will underscore the connection between Information Technology and Operational Technology, while introducing you to terms like “zero day” vulnerabilities, exploits, and attacks. In the spirit of Halloween, we’ll keep things dark by talking about worms, viruses, malware attacks, and other scary stuff.
Exploring COBIT
We'll also dig deeper into COBIT - an extremely useful governance framework for organizing IT control objectives and audit activities.
Day Three:
COBIT and The Audit Process
This session expands on our introduction to the COBIT framework and steps through a typical audit. Along the way, we'll touch on COSO, SOX, ITAF, the Business Model Canvas, and a few other items. COBIT is a huge topic, the details of which are well beyond the time allocated to this course, but having a grasp on some of the essentials will be valuable to your career even if you don't choose an IT Audit path.
Audit Interviews
Strong interviewing skills are essential for auditors because effective audits depend on gathering accurate, relevant information from people who understand the processes and controls being evaluated. We’ll take advantage of our class setting to practice interviewing in a low-stakes, stress-free environment where you can experiment, make mistakes, and learn from each other.
Day Four:
COBIT: Build, Acquire, and Implement
In the course of one evening, we'll use Agile to set up a development project then, using a modern development framework, build and deploy a minimal website - all from scratch. You'll see all the steps involved giving you the chance to connect what can feel like fairly abstract COBIT concepts to real activities.
Midterm Assignment
We'll also open the midterm assignment.
Day Five:
Digital Transformation and Emerging Technologies
Is your organization's IT strategy prepared for the future? In this section we'll explore technology trends like Blockchain and Artificial Intelligence. We'll also speculate a bit about their impact on the future, and how they might affect the accounting profession, specifically. We'll also talk about how to audit new technologies in your organization and see what COBIT has to offer.
Day Six:
Third Party Risk
We'll see how SOC-2 and SOC-3 audits can help us establish trust with our partners.
Possible Simulation
Details to come.
Final Assignment
We'll also preview and release the final. This is a great opportunity to make sure we all have the same understanding of the assignment.
The Final:
Take home case study
That's Richard Smith, the former CEO of Equifax testifying before Congress on October 3, 2017. Your final won't be quite that hard. You'll have two weeks to answer a few short essay questions and complete some audit activities related to a specific case. I anticipate the exam will take about 3 hours to complete.