General discussion

  • Creator
  • #2257643

    IT Auditing


    by blondie b ·

    I am in going down the garden path of becoming an IT Auditor eventually. Are there any Key courses that one could take? I tried doing some googling on the topic but thought I’d ask if anyone recommends anything.

All Comments

  • Author
    • #3199439

      Auditing for Compliance? Privacy?

      by tig2 ·

      In reply to IT Auditing

      CISSP and CIPP are the two certs that I am aware of. May be others. University of Fairfax online has a number of InfoSec education offerings as well as a number of freebies.

      There are numerous others as well. Google is a good place to start.

      Good luck!

      • #3199402


        by maecuff ·

        In reply to Auditing for Compliance? Privacy?

        CISA. You can google it to find out how to take the test for certification. I believe it’s under $1000.00 to take the test.

    • #3199836


      by prasadvrao ·

      In reply to IT Auditing

      I think you should check out
      it is really worth doing it!

    • #3199828

      IT Auditing

      by phammond ·

      In reply to IT Auditing

      As a senior IT Auditor I suggest you try MIS which has courses to help you swap from IT into Auditing and they to work with an experienced auditor, because remember that over 50% of the job is writing reports in lay-man terms so that you can get Board level approval and funding for your recommendations. This is especially required if you go into internal auditing. If you want to go into external auditing, then I would approach on of the big 4 accounting firms as they are always looking for new recruits

    • #3199818

      Way to go…

      by sylviepw ·

      In reply to IT Auditing

      Hi Blondie,

      I made a career switch some over 8 years ago into IT Auditing. I will whole heartedly recommend CISA certification provided by ISACA. This is the recognized standard to achieve worldwide. Once you have affirmed your role as an IT Auditor you can then consider the CISSP. Though CISSP is better suited to IT Security professionals. The Louisiana State University provides an IT Auditor graduate program, so a few other universities in the US. If you prefer professional courses then MIS, ISACA will help you finding the right one. Also you should familiarize yourself with COBIT, ISO 17799, ITIL, PRINCE, which are the criteria/best practices that auditors will use to audit against.

    • #3209030

      IT Audit Training Courses

      by jerrbear ·

      In reply to IT Auditing


      I am the CISA Review coordinator for KC’s ISACA chapter. The best training groups for IT audit are MIS Training Institute and CanAudit. They offer basic, intermediate, and advanced courses. They average about $500/day with most courses about three days. MIS Training offers more courses because they are larger, but individually on the average, CanAudit offers more actual and practical training in their courses. Good audit process training is as important as technical skills as well. Professional traning is also offered by ISACA in various training weeks.

      I would not recommend that you go for the CISA exam right away. I am sure that there are a few areas that you would need to bring yourself up to speed on. An intro and a intermediate course would provide a good basis for you. I would not recommend the Fairfax University option, I have looked at it and it seems to be significantly expensive.

      Details for the CISA are: Final registrations is due by 27 September 2006 US $390 for ISACA members and US $510 for nonmembers.

      The CISA exam Content Areas are:
       IS audit process?Provide IS audit services in accordance with IS audit standards, guidelines and best practices to assist the
      organization in ensuring that its information technology and business systems are protected and controlled.
       IT governance?Provide assurance that the organization has the structure, policies, accountability, mechanisms and
      monitoring practices in place to achieve the requirements of corporate governance of IT.
       Systems and infrastructure lifecycle?Provide assurance that the management practices for the development/acquisition,
      testing, implementation, maintenance and disposal of systems and infrastructure will meet the organization?s objectives.
       IT service delivery and support?Provide assurance that the IT service management practices will ensure delivery of the level
      of services required to meet the organization?s objectives.
       Protection of information assets?Provide assurance that the security architecture (policies, standards, procedures and
      controls) ensures the confidentiality, integrity and availability of information assets.
       Business continuity and disaster recovery?Provide assurance that, in the event of a disruption, the business continuity and
      disaster recovery processes will ensure the timely resumption of IT services, while minimizing the business impact.

      If you have any other questions, I would be glad to provide what information that I can.

      Good Luck!

Viewing 4 reply threads