Information System Auditing Process

This is the third of five courses that helps prepare you for the ISACA Certified Information Systems Auditor certification. In this course you will learn the key processes and methodologies used by organizations in the areas of information systems acquisition, development and implementation. This includes testing methodologies, control identification and design, business case and feasibility analysis and system migration.

WEBVTT >> Welcome in. I'm so excited to have you here today. I'm your host, Lauren Deal, and I'll be your learner advocate as we go along. But I'm so excited to welcome to the show, Chris Ward. How are you doing today? >> I'm doing really well, Lauren. Thanks for coming along on the ride as we talk about our certified in information systems audit. Being an auditor, yeah, it's going to be great. >> I have to say, I'm really excited about this. You know that I'm passionate about audit, and I know you are too. So who is this course specifically designed for? >> Well, what we're trying to do here is provide a course that is not only good for CPEs, those continuing education credits that most people are looking for if you are an auditor, but we're also trying to prepare maybe some of you who don't have the CISA or CISA certification. And if that's you, great, because we're going to be giving you all these tips and tricks on how to prepare, be ready for this exam. But if you're just, hey, you know, I'm looking for a more updated information about what information systems audit looks like and what has ISACA added in the latest and greatest version. Well, Lauren, this is going to be a course for you. >> And you are so knowledgeable, Chris. You know, this is the perfect course for us to be learning along with you. Tell us a little bit about your background and how you got into this. >> Well, you know, that's a great question. How did I get involved in this? I think I was dragged kicking and screaming into this particular area. But I'm all kidding aside. My background is primarily in the world of I.T. and project management. And so when I got into I.T. service management, when I started working in consulting and training, I found myself more and more being involved with potential edits and audits and everything in between. And so it was it was a really cool experience for me as I stepped from, as I like to say, the one side of the audit to the other side of the audit, where instead of being the one who was being audited, I was working alongside people that were doing the auditing. And it's definitely a different perspective. But what I found, and maybe many of you are going to find this as well, is much of the information is the same. It's just the matter of perspective. And so that's kind of my background. And that's kind of how I approach this particular course. >> Well, Chris, this is such a fun opportunity to learn with you. I happen to be passionate about data data analytics and understanding how audits work. I find it like detective work. And you're getting to the the pieces that hold the organization together. And in this course, we're going to be covering quite a bit. What are we going to be exploring, Chris? >> Well, the first thing that we want to remember is that this is the first of five courses that you can take. This one in particular is going to be dealing with the you know, what where do we start basically the the information and you know, systems, the I.S. from from the I.S. audit information systems auditing. You know, how do we plan this? How do we get ready to execute on this? What are some of the background information that we need before we even start doing research and gathering the data and doing the research? Well, what is it that we need to know? Well, let's take a look here and we kind of outline it a little bit about what's going to happen in this course. The first thing that we're going to really look at is planning and executing an I.S. audit. And again, this is for those of you who are thinking, wait, is this different than financial audits? Absolutely. I mean, there are some generalized audit type of functions and roles that are out there. But in particular, this course is premier in or primarily, I should say, looking at the information systems or the I.T. world. And that's what we're going to look at. We're also going to be taking a look at how we evaluate our control environment, because one of the things that we are doing as auditors is making sure our organizations following through on how they handle risk, how they put in controls and are they following those controls? Are those controls adequate? Many of those questions we can help an organization answer by coming in and doing these audits. Also, we're going to be taking a look at how we communicate the audit. Results, you know, some it's great to have all those work papers, right? It's great to have all that documentation. But how do you turn around and actually communicate that to the actual senior management, the audit committee, those who have called upon us to step in and help out? Then we're also going to take a look at quality assurance and improving the audit process itself. We don't just rest on our laurels. We're asking our clients or whether if it's an internal audit, our organization, if it's an external audit, it's the clients that we're working with. We ask them to improve. We ask them to have some sort of improvement process or practice in place. So we should also be considering what is it that we can do to improve >> our audit process, our audit practice, >> the way that we do these things. And so, Lauren, that is what we're going to cover in this particular course here in SISA. >> This sounds like an exciting adventure, Chris. We're going to be covering a lot of ground, like you said. So you at home get your pen and your paper ready. And let's jump into the first episode and start our learning.