Auditing Business Applications - In-Person
The Auditing Business Applications CPE event is designed to provide participants with a comprehensive understanding of auditing techniques and best practices for business applications.
The event aims to enhance participants' knowledge and skills in effectively auditing various types of business applications, including enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other critical applications used in today's organizations.
The event will cover a range of topics, including risk assessment, controls evaluation, data analysis, and compliance auditing specific to business applications. Attendees will have the opportunity to learn from industry experts, engage in interactive sessions, and explore real-world case studies to gain practical insights into auditing business applications.
Key Learning Objectives:
- Understand the importance of auditing business applications in modern organizations.
- Learn effective techniques for assessing risks associated with business applications.
- Explore best practices for evaluating controls within business applications.
- Gain knowledge of data analysis techniques applicable to business application audits.
- Develop an understanding of compliance auditing specific to business applications.
Each attendee will receive 24 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.
Details on Event Presentation
The sessions will be as follows:
Tuesday – 9:00 a.m. to 5:00 p.m.
Wednesday - 9:00 a.m. to 5:00 p.m.
Thursday - 9:00 a.m. to 4:00 p.m.
Offered in-person in various cites each month on Tuesday-Thursdays in three sessions.
CPE Event Highlights
Information Technology controls are categorized as General Controls and Application Controls. This “Auditing Business Applications” seminar can be paired with our one-day, 8 CPE-credit, “IT General Controls” seminar, or taken as a stand-alone class. As a stand-alone class, we will briefly cover ITGCs but focus on ITACs…how the business applications are identified and risk-ranked, and how their controls are documented, assessed, and improved. We will cover various methodologies from COBIT, NIST, ISO, PMI, etc. and terminologies such as SDLC, DevSecOps, Agile Development and Testing, Identity Access and Management (IAM), Application Programming Interfaces (APIs), Immutable Backups, Recovery Point Objectives (RPOs), Recovery Time Objectives (RTOs), Moves-to-Production (MTPs), and others.
- Understand the fundamentals of IT auditing and auditing business applications, including the role and importance of auditing in ensuring application system integrity, security, and control.
- Gain knowledge of auditing methodologies and techniques specifically applicable to business applications.
- Learn how to assess and manage risks associated with business applications, including identifying potential application vulnerabilities and implementing appropriate controls.
- Acquire skills to test and evaluate the effectiveness of internal controls within business applications.
- Develop an understanding of the criteria for inventorying and risk-ranking business applications.
- Enhancing critical thinking and problem-solving abilities through case studies and discussion of instructors’ ITAC audits.
- Build communication and reporting skills to effectively communicate audit findings and recommendations to stakeholders.
- Obtain a comprehensive framework for conducting successful audits of business applications and ensuring compliance with organization and industry best practices.
Key Issues on the Agenda
- Introduction and Concepts: COSO Frameworks, Internal Control, Internal Auditing, IT Auditing
- Overview of ITGCs, ITACs, and the Sarbanes-Oxley Act
- How Business Applications Work
- The Buy vs. Build Decision of Application Software
- On-Premise vs. Hosted Applications
- The Systems Development Lifecyle and DevSecOps
- Personnel Responsibilities for Applications: IT Management, Users, Business System Analysts, Application Developers and Software Engineers, IT Security, Computer Operations, Software QA, Testers, Consultants, Auditors
- Control Objectives of Business Application System Audits
- Planning Application Audits, Assessing Application Risk, and Determining the Scope
- Performing Application Audits: Control Identification, Sampling and Testing Methods, Assessment, Workpaper Documentation
- Application Security Provisioning and De-Provisioning, User Profiles/ Roles, Change Control, and Implementation Control
- Controls over Application Input, Processing, and Output
- Application System Backup and Recovery, RTO and RPO
- Accounting for Software Costs
- Reporting the Results of the Business Application Audit
- Recommendations for ITAC Improvements
NASBA Program Disclosure
Program Level of Understanding: Basic
Advance Preparation: None
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: "Auditing" and "Information Technology"
CPE Credits: 24, based on 50 minutes of instruction per hour
Summary of the Subject Matter
The Auditing Business Applications CPE event is a comprehensive training program designed to equip participants with the necessary skills and knowledge to effectively audit business applications. This in-person event covers a wide range of topics related to auditing various types of business applications, including enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other critical applications used in organizations.
During the event, participants will delve into the importance of auditing business applications in today's digital landscape and understand the risks associated with these applications. The program focuses on providing practical guidance and best practices for evaluating controls within business applications, conducting risk assessments, performing data analysis, and ensuring compliance with relevant regulations.
Led by an industry expert, the event offers interactive sessions, real-world case studies, and discussions that encourage active participation and knowledge sharing among attendees. The goal is to enhance participants' auditing capabilities, enabling them to assess the effectiveness of controls, identify potential vulnerabilities, and contribute to the overall governance and risk management processes within their organizations.
Whether you are an internal auditor, IT professional, or compliance officer, this CPE event provides valuable insights and tools to enhance your ability to audit and assess business applications. Register now at Compliance-Seminars.com to secure your spot in this engaging and informative in-person training opportunity.