NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
Auditing Application Systems Development - ITG212 
A Step-by-Step Guide to Auditing Traditional and Advanced Applications Development
Learning Level: Intermediate
CPEs: 24 Fee: $2,150.00
Focus and Features Who Should Attend Agenda Register
Agenda

What You Will Learn
1. Technical Environments and Their Impact on Applications Systems Development
- mainframes and traditional application systems development
- client/server development
- prototyping
- RAD rapid-fire development
- Web-based development

2. Application Systems Development Failures and What Auditors Can Do to Prevent Them
- poor or no application development methodologies
- incomplete internal controls
- poor planning and project management
- limited or no testing, or testing that does not involve users
- time and budget overruns
- unskilled programmers
- purchased systems that do not meet user needs
- inadequate end-user training
- data conversion weaknesses
- unknown programming languages
- inadequate development team staffing
- questionable software vendors

3. The Impact of Sarbanes-Oxley on Application Systems Development
- meeting new internal control and documentation requirements
- testing controls
- financial disclosures
- reporting changes in internal controls
- quarterly management reporting of internal controls
- fraud detection measures
- compliance issues
- defining “as of” dates for compliance

4 Challenges Common to All Application Systems Development Methodologies
- identifying needs
- preparing specifications
- gaining authorizations
- programming
- testing
- implementation
- documentation
- maintenance

5. Purchased Application Systems: Unique Challenges and Auditor Responses
- identifying potential automated solutions and software vendors
- obtaining bids
- selection and purchase
- contractual issues

6. Implementing New Releases of Purchased Application Systems: Unique Challenges and Auditor Responses
- obtaining updates
- staying current
- notifying users
- compliance with warranties
- backup and retention

7. In-House Application Systems Development: Unique Challenges and Auditor Responses
- programming
- maintaining a qualified technical support staff

8. Web-Based Applications Systems Development: Unique Challenges and Auditor Responses
- indexing
- security and privacy
- Internet security flaws to beware of
- authentication
- interfaces
- firewalls

9. Rapid Application Development: Unique Challenges and Auditor Responses
- converting end-user needs into software specifications
- user resistance to testing
- what you see is what you get

10. Getting Started
- who to talk to and what to ask
- documents to request
- making sure you are included in the process
- maintaining independence
- fast-start systems development techniques and how auditors can respond

11. Auditing Applications Systems Design Specifications
- defining end-user requirements
- identifying impacted users
- programming specifications

12. Auditing Anticipated Application Internal Controls
- input, processing, and output controls
- computer security
- separation of duties
- user documentation
- business continuity plans
- restart/recovery

13. Auditing Programming
- program code
- programmer skills sets
- analyst’s interpretations
- documentation requirements

14. Auditing Purchased Application Systems
- request for proposal
- vendor selection and contract

15. Auditing Testing
- testing strategies
- developing test models
- test data
- programmer, unit, system, performance, and end-user testing
- testing the extremes

16. Auditing Implementation and Change Control
- planning
- authorization
- data conversion
- transferring computer programs from test to production status
- issuance and distribution
- documentation preparation
- the role of the QA function
- reviewing changes and updates

17. Auditing Training
- training technical staff
- vendor-provided, in-house, and online training
- train-the-trainer programs
- overcoming resistance to change

18. Auditing Computer Security
- segregating test and production environments
- computer-level access controls
- application-level access controls

19. Conducting Post-Implementation Reviews
- critiquing results
- who and what to evaluate
- preparing for the next project

20. Application Software Inventory Control
- software licenses
- contract management
- consolidated purchases
- multiple location and site compatibility

21. Auditing Project Management
- project manager skills
- project oversight and delegation of responsibilities
- budgeting the audit
- developing the specifications
- defining business requirements and end-user capabilities
- deliverables from each phase
- monitoring

22. Getting Your Application Systems Development Audits Done Faster
- key performance and control indicators
- monitoring

23. Payment Card Industry Data Security Standard
- PCI DSS defined
- compliance and security standards

24. Reporting Audit Findings
- sample audit findings
- issue recommendations that have an impact

25. Planning for the Future
- building continuous audit tests into the system
- complying with Sarbanes-Oxley internal control reporting requirements

26. Automated Audit Tools
- generalized audit software
- project management tools
- automated Sarbanes-Oxley tools for management reporting

27. The Relationship Between Applications Development and IT General Controls in a S-OX World
- incident and problem management
- automated logging
- IT organization and management
- separation of duties
- capacity management
- business continuity planning
- systems software management
- security administration
- telecommunications controls

28. Application Systems Development Audit Resources
- supporting information
- audit programs
- Sarbanes-Oxley

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
May 6 - 8, 2013
Boston
November 13 - 15, 2013
New York