WASHINGTON AREA MIDRANGE
Home Officers Seminars Membership Resources

Mid Atlantic Midrange Seminar





















  

Mid Atlantic Midrange is proud to offer the next in our continuing education seminars, bringing you the best education and educators available in the iSeries world, and to do so at User Group Rates.

Introduction to IT Audit
With Stu Henderson

Agenda - Day 1

Introduction to IT Audit is designed for new IT auditors, financial auditors who need to learn more about IT, and moderately experienced IT auditors who want a refresher in the basics. You will learn: what IT auditing is and how to conduct it, from planning and scoping, through evidence collection and analysis, to verification and the closing meeting. You will learn basic Information Technology terms and a basic level of how various IT technologies work. Each section of the class will teach you either a new aspect of IT technology or a new aspect of how to audit IT.

  • Introduction
  • What IT Audit Is and How It Differs From Financial Auditing
  • Computer Basics: Types of Computers, Parts of Computers, Programming Languages
  • The IT Audit Process: Planning and Scoping; Leveraging Work Papers
  • The Data Center: Its Components, What It Means to an Audit
  • The IT Audit Process: Standards and Objectives, the Glue that Makes the Audit Easy
  • Distributed Data Processing: What It Is, What it Means to an Audit
  • The IT Audit Process: Evidence Collection and Analysis
  • Networks: Types, Topologies, Technologies, Protocols
  • The IT Audit Process: Verification and the Closing Meeting
  • Basic Types of System Software: Job Schedulers to Intrusion Detection
  • Summary
Agenda - Day 2

IT Audit Practical Exercises shows you how to conduct various types of IT audit by involving you in case studies. Each case will illustrate a different type of audit, and a different stage of the audit process, from planning through final deliverables. The cases illustrate the concepts introduced in DAY 1, and show you how to go about thinking about each type of audit. Each case starts with a description of the critical points for a given type of audit, and then introduces the class to an example of that type of audit. You will learn from class discussion of the cases the types of problems likely to be encountered, and what the really important aspects of each audit type are.

Please note that due to time restrictions, not all types of audit listed in the agenda may be covered in class.

  • Introduction
  • Basic Principles
  • Application Controls Review: Core knowledge and Practical Exercise
  • Data Center Audit: Physical Security: Core Knowledge and Practical Exercise
  • Data Center Audit: Management Controls: Core Knowledge and Practical Exercise
  • Security Audit: Core Knowledge and Practical Exercise
  • Network Audit: Core Knowledge and Practical Exercise
  • Business Resumption Plan (Disaster Recovery Plan) Audit: Core Knowledge and Practical Exercise
  • Chargeback System Audit: Core Knowledge and Practical Exercise
  • Firewall Audit: Core Knowledge and Practical Exercise
  • HIPAA Compliance Audit: Core Knowledge and Practical Exercise
  • Summary: What the Good Audits Have in Common
Stu Henderson is an experienced consultant, auditor, and systems programmer who specializes in Information Technology Security and audit. He has over twenty-five years of hands-on experience as a system programmer, Data Security Officer, and consultant. Using this experience, Stu founded his own consulting organization, the Henderson Group, which provides consulting and training to information security staff and information technology auditors. Mr. Henderson is editor of both the Mainframe Audit News and the RACF User News. His website (www.stuhenderson.com) offers free, practical information on information security and IT auditing, providing articles, links to other useful sites, and other information useful to auditors and IT professionals. He has taught CISA preparation courses for the National Capital Area ISACA chapter for the past several years. His information security and "How to Audit..." seminars are taught nationally. He speaks frequently at the annual ISACA Conference on Computer Audit, Control and Security (CACS) and has taught ISACA chapters from Victoria, British Columbia to Central Maryland. His presentations to ISACA chapters across the country and at CACS conferences have been well received for over fifteen years.

This course starts at 8:30 AM and ends at 5:00 PM and will be held on:

    March 17-18, 2004 at the Holiday Inn in College Park, MD
Registration will start at 8 A.M. Continental breakfast during registration as well as a working lunch are included in the course fee.

The course fee is $250 per day for non-user group members and $225 per day for user group members. A cancellation fee of $50 will be assessed for cancellations within 7 days of the event. This fee offering is a special arrangement between Washington Area Midrange Users Group and MidAtlantic Midrange. Members of other AS/400 User groups may also apply under the user group rate.

Name: _____________________________________________________

Company:___________________________________________________

Address:____________________________________________________

City: _________________________________ State: _____ Zip: ________

Office Phone: _______________________ Fax: ______________________

Email address: _________________________________________________

Please mail completed form with check to:

    MidAtlantic Midrange - Conference Services
    12023 Blackberry Terrace
    North Potomac, MD 20878
For any further questions or reservations, contact K.B. Soni at 301-590-7121 or by email.

Latest Update - January 16, 2004

Home Officers Seminars Membership Resources