2. Business Application Transactions
- what is a transaction?
- transaction-based application auditing
- transaction life cycle
- application risk assessment factors
- establishing audit priorities

3. Top-Down Risk-Based Planning
- planning the application audit
- top-down, risk-based planning
- defining the business environment
- determining the application’s technical environment
- performing a business information risk assessment
- identifying key transactions
- developing a key transaction process flow
- evaluating and testing application controls

4. Data Input and Processing Models
- comparing pros/cons of input and processing models
- batch input/batch processing
- on-line input/batch processing
- on-line input/on-line processing
- real-time input/real-time processing

5. Application Controls
- business applications
- information objectives
- COSO: application controls
- business application auditing
- application transaction life cycle
- transaction origination
- logical security
- completeness and accuracy of input
- completeness and accuracy of processing
- completeness and accuracy of output
- output retention and disposal
- data file controls
- user review, balancing, reconciliation
- end-user documentation
- training
- segregation of duties
- business continuity planning
- Sarbanes-Oxley application control requirements

6. IT General Control Objectives and Risks
- IT general controls overview
- relationship between IT general controls and application controls
- COBIT™ and ISO-27002
- physical security
- environmental exposures
- logical security
- encryption
- systems development
- production change management
- disaster recovery and business continuity planning
- Sarbanes-Oxley IT general control requirements

7. Testing Application Controls
- testing automated and manual controls
- testing alternatives
- testing sample size
- sampling terminology
- negative assurance testing
- types of audit evidence
- functional/substantive testing
- computer assisted audit techniques (CAATs)
- data analysis: planning and data verification
- Sarbanes-Oxley: testing requirements and examples

8. Documenting Application Controls
- evaluating and documenting internal controls
- internal control questionnaires
- narratives
- flowcharts / process flows
- control matrix

9. End-User Computing
- growth of end user computing
- end user computing risks
- general IT control risks
- change control risks
- purchased applications risks
- spreadsheets: typical errors
- spreadsheet risk factors
- practical steps for evaluating spreadsheet controls

10. Auditing System Development Projects
- business risks
- audit’s primary goals
- costs to correct errors during system development
- traditional system development life cycle
- rapid application development
- internal audit involvement
-- advantages and challenges
-- qualifications of audit personnel
-- requirements of audit involvement
- internal audit objectives
-- assess project and product risks
-- assess user involvement

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.