Seminar Overview  

Seminar Objectives/Course Content. In today’s corporate environments there is an expectation of access to relevant information from anywhere at anytime. Organizations have embraced technologies to facilitate this communication expectation between customers, partners, vendors and employees. This is the essence of the “Connected Organization.”

The focus of this seminar will be to explore current IT technologies and their audit implications. We will review various technologies referencing the benefits and issues of each and discussing the methods of performing a relevant audit of the IT technologies utilized by the “Connected Organization”. The presentation will focus on practical and relevant issues referencing real-world experience and examples. Demonstrations will be utilized where beneficial to enhance the learning experience.

Discussions to include: 

The Physical Organization
Network Technologies
Network Topologies
Network Devices (routers, bridges, hubs, switches, etc.)
Auditing the Physical Organization

The Logical Organization
Network Protocols (TCP/IP, IPX, SNA, etc.)
Network Layers (ISO/OSI Model)
Operating Systems (MS NT, Novell, UNIX, etc.)
Application Access (servers, distribute, centralized, etc.)
Auditing the Logical Organization

The Connected Organization
Internet, Intranet, Extranet
Wide Area Networks
Value Added Networks
Remote Access (home, travel, technologies, etc.)
Auditing the Connected Organization

The Business Organization
Operational Integrity
Risk Assessment
System Criticality
Policies and Procedures
Business Continuance and Disaster Recovery
Auditing the Business Organization

The Secure Organization
Security Policy
Security Architecture
AAA (Authentication, Authorization and Auditing)
Access Control
Content and Liability Management
Services
Policy Enforcement
Secure Communications (email, application access, e-commerce, remote access, etc.)
Auditing the Secure Organization

The Managed Organization
Vulnerability Assessment and Assurance
Operational Management (SNMP, proprietary, etc.)
Alert Procedures
Log Analysis
Reporting
Documentation
Intrusion Detection
Auditing the Managed Organization

The Audited Organization
Review audit requirements (Physical, Logical, Connected, Business, Security and Management)
Auditing Tools and Utilities
Audit Reports
Gathering the Desired Information
Validation
Audit Procedures Checklist

Learning Objectives. Understanding the purpose and process involved in an external peer review; general approach used by review teams; information required to be compiled for the external review, and related professional expectations.

Program Level/Professional Experience - Advanced . Course is designed for both the experienced internal auditor and those with some experience in internal auditing. Limited information systems knowledge/expertise is helpful.

Knowledge Requirements. Internal auditors with some practical experience in the internal audit process.

Advanced Preparation. None required.