IT Control and Audit
This course is all about creating and protecting value with IT Controls and Audit. Our focus is on the business objectives of creating and protecting value, for your organization and potentially for the world at large. Controls are the "steering wheels and brakes" that we use to direct Information Technology. You'll quickly see that IT can be scoped as broadly as you'd like, both inside and outside your organization. We'll use Audit to do what audit does - ensure that the controls are effective in achieving those business objectives of creating and protecting value.
Day One:
What do we already know?
Introductions, to each other, and to the course material. What do you already know about creating and protecting value with IT? What else do you know that can help you learn this material?
Day Two:
The Nature of Threats
In honor of Halloween, we'll start with a discussion about something creepy called Stuxnet — believed to be the first truly weaponized computer malware — and how it crossed over into the more traditional cyberspace. That will underscore the connection between Information Technology and Operational Technology, while introducing you to terms like “zero day” vulnerabilities, exploits, and attacks. In the spirit of Halloween, we’ll keep things dark by talking about worms, viruses, malware attacks, and other scary stuff.
Perhaps scariest of all, we'll briefly introduce COBIT - an extremely useful framework for organizing IT control objectives and audit activities.
Day Three:
COBIT and The Audit Process
This session introduces the COBIT framework and steps through a typical audit. Along the way, we'll touch on COSO, SOX, ITAF, the Business Model Canvas, and a few other items. COBIT is a huge topic, the details of which are well beyond the time allocated to this course, but having a grasp on some of the essentials will be valuable to your career even if you don't choose an IT Audit path.
Day Four:
COBIT: Build, Acquire, and Implement
In the course of one evening, we'll use Agile to set up a development project then, using a modern development framework, build and deploy a minimal website - all from scratch. You'll see all the steps involved giving you the chance to connect what can feel like fairly abstract COBIT concepts to real activities.
We'll also open the midterm assignment.
Day Five:
Digital Transformation and Emerging Technologies
Is your organization's IT strategy prepared for the future? In this section we'll explore technology trends like Blockchain and Artificial Intelligence. We'll also speculate a bit about their impact on the future, and how they might affect the accounting profession, specifically. We'll also talk about how to audit new technologies in your organization and see what COBIT has to offer.
Day Six:
Third Party Risk; Putting it all together
In the first half of class, we'll build a simple database-backed website from scratch. Don't worry - you won't have to write any code. The goal is to use the exercise to reinforce our knowledge of controls and frameworks. You can't build a modern website without some reliance on third party tools and resources. We'll see how SOC-2 and SOC-3 audits can help us establish trust with our partners.
Day Seven:
Possible Simulation
Details to come. We'll also preview and release the final. This is a great opportunity to make sure we all have the same understanding of the assignment.
The Final:
Take home case study
That's Richard Smith, the former CEO of Equifax testifying before Congress on October 3, 2017. Your final won't be quite that hard. You'll have two weeks to answer a few short essay questions and complete some audit activities related to a specific case. I anticipate the exam will take about 3 hours to complete.