General discussion

Locked

IT Auditing

By blondie B ·
I am in going down the garden path of becoming an IT Auditor eventually. Are there any Key courses that one could take? I tried doing some googling on the topic but thought I'd ask if anyone recommends anything.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Auditing for Compliance? Privacy?

by Tig2 In reply to IT Auditing

CISSP and CIPP are the two certs that I am aware of. May be others. University of Fairfax online has a number of InfoSec education offerings as well as a number of freebies.

There are numerous others as well. Google is a good place to start.

Good luck!

Collapse -

Also

by maecuff In reply to Auditing for Compliance? ...

CISA. You can google it to find out how to take the test for certification. I believe it's under $1000.00 to take the test.

Collapse -

CISA

by prasadvrao In reply to IT Auditing

I think you should check out http://www.isaca.org
it is really worth doing it!

Collapse -

IT Auditing

by phammond In reply to IT Auditing

As a senior IT Auditor I suggest you try MIS which has courses to help you swap from IT into Auditing and they to work with an experienced auditor, because remember that over 50% of the job is writing reports in lay-man terms so that you can get Board level approval and funding for your recommendations. This is especially required if you go into internal auditing. If you want to go into external auditing, then I would approach on of the big 4 accounting firms as they are always looking for new recruits

Collapse -

Way to go...

by SylviePW In reply to IT Auditing

Hi Blondie,

I made a career switch some over 8 years ago into IT Auditing. I will whole heartedly recommend CISA certification provided by ISACA. This is the recognized standard to achieve worldwide. Once you have affirmed your role as an IT Auditor you can then consider the CISSP. Though CISSP is better suited to IT Security professionals. The Louisiana State University provides an IT Auditor graduate program, so a few other universities in the US. If you prefer professional courses then MIS, ISACA will help you finding the right one. Also you should familiarize yourself with COBIT, ISO 17799, ITIL, PRINCE, which are the criteria/best practices that auditors will use to audit against.

Collapse -

IT Audit Training Courses

by JerrBear In reply to IT Auditing

Blondie,

I am the CISA Review coordinator for KC's ISACA chapter. The best training groups for IT audit are MIS Training Institute and CanAudit. They offer basic, intermediate, and advanced courses. They average about $500/day with most courses about three days. MIS Training offers more courses because they are larger, but individually on the average, CanAudit offers more actual and practical training in their courses. Good audit process training is as important as technical skills as well. Professional traning is also offered by ISACA in various training weeks.

I would not recommend that you go for the CISA exam right away. I am sure that there are a few areas that you would need to bring yourself up to speed on. An intro and a intermediate course would provide a good basis for you. I would not recommend the Fairfax University option, I have looked at it and it seems to be significantly expensive.

Details for the CISA are: Final registrations is due by 27 September 2006 US $390 for ISACA members and US $510 for nonmembers.

The CISA exam Content Areas are:
IS audit process?Provide IS audit services in accordance with IS audit standards, guidelines and best practices to assist the
organization in ensuring that its information technology and business systems are protected and controlled.
IT governance?Provide assurance that the organization has the structure, policies, accountability, mechanisms and
monitoring practices in place to achieve the requirements of corporate governance of IT.
Systems and infrastructure lifecycle?Provide assurance that the management practices for the development/acquisition,
testing, implementation, maintenance and disposal of systems and infrastructure will meet the organization?s objectives.
IT service delivery and support?Provide assurance that the IT service management practices will ensure delivery of the level
of services required to meet the organization?s objectives.
Protection of information assets?Provide assurance that the security architecture (policies, standards, procedures and
controls) ensures the confidentiality, integrity and availability of information assets.
Business continuity and disaster recovery?Provide assurance that, in the event of a disruption, the business continuity and
disaster recovery processes will ensure the timely resumption of IT services, while minimizing the business impact.

If you have any other questions, I would be glad to provide what information that I can.

Good Luck!

Back to IT Employment Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums