Management, ever conscious of the organization's reliance on the computers (both micro and mainframe), is increasingly looking to the auditor to address the risks in this environment. Many auditors are unfamiliar with the risk areas and control opportunities available. The training concentrates on logical security, the control mechanisms available to enforce logical security, and audit approaches, tools and techniques to carry out such reviews.
The objectives of the training are:
- To familiarize auditors with computer risk areas and security mechanisms.
- To provide auditors with an understanding of the building blocks of operational environments and operating systems.
- To provide auditors with an appropriate methodology for reviewing computer security.
The training will cover the following areas:
- Computer risk areas
- Criteria for effective security
- Computer operations
- Applications security
- Change control
- Control over viruses
- The "ACCESS" model
- Tailoring the Operating System
- Auditing operating environments
- The role of security packages: RACF, ACF2, TOP SECRET
- The internet and Firewalls
This is a previously recorded 2-hour AuditNet® webinar with Jim Kaplan and Richard Cascarino
Delivery Method: Self-Study
Richard is a principal of Richard Cascarino & Associates LLC based in Colorado, USA with over 32 years of experience in audit training and consultancy. http://www.rcascarino.com/
He is a regular speaker to National and International conferences and has presented courses and webinars throughout Africa, Europe, the Middle East and the USA.
He has assisted in the implementation and audit of IT and Operational systems as well as the training of Internal Auditors in the USA, UK, and Middle East and throughout Africa. He is a Past President of the IIA – South Africa and founded the African Region of the IIA Inc. He has also served as a member of the Board of Regents for Higher Education of the Association of Certified Fraud Examiners. He developed the BComm Internal Audit for the University of the Witwatersrand in Johannesburg and the Honors program in Governance and Risk at the same university.
He is a consultant and lecturer with experience in Large scale, Project Management, Risk, Audit, Governance, Forensic, Internal and IT auditing education and author of the books Internal Auditing-an Integrated Approach and Auditor’s Guide to IT Auditing and Corporate Fraud and Internal Control: A Framework for Prevention published by Wiley in 2013. Data Analytics for Internal Auditors published in 2017 He is also a contributing author to the Governance section of all 4 editions of QFinance: The Ultimate Resource and is a frequent speaker at IIA, ACFE and ISACA workshops and conferences. His latest book, Complete Guide for CISA Exam Preparation came out in October 2020.