Join Michael Lester for an in-depth discussion in this video What you should know, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] All right, let's talk about what you should know to actually take this course. So, who is this course for? Well, anyone performing audits on information systems would be a pretty good candidate for an auditing information systems course. IT professionals who work for organizations that have internal audits. If you have an internal audit team, and they come around and they give you audits, this a good course for you. Any professionals who work for organizations that are regulated. If you have some governing regulating body and you have to go through routine audits for that, this is a good course. Any professionals that work for organizations that must comply with standards, like PCID assess or any other standards, like NIST.
Any IT professionals involved in security. Now, there's a lot of security-related topics in information systems auditing, particularly when we start talking about controls and auditing and testing those controls, this is a good course. And then finally, any executives or managers of business units that might have audits or might need to be audited and want to understand some of the risks and some of the challenges involved and some of the processes involved. So, things you should know. You should have some basic understanding of organizational concepts, like what a policy is, what a procedure is, what a standard is, what a guideline is.
If you don't know the difference between a policy and a procedure, for example, go google it and take a look and get some information, read up on that before you take this course, so you at least understand the lingo. You should have some idea of organizational structures. You should have some idea of what an org chart is, for example. You should understand how organizations can be functionally distributed, or divided by divisions, or what a flat hierarchy looks like, if there is a flatarchy. We sometimes refer to those as flatarchies. Those are the kinds of things you should know before you take this course so you understand the lingo and how an audit might stretch across and be involved in business processes and an entire enterprise.
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery