6 Steps of an IT Audit Program
Recorded: July 8, 2019 - $345 for the CD-Rom and Handouts
Monday, July 8, 2019
1:30 pm – 3:30 pm CT
Recommended for 2.5 CE Credits
Every successful Information Security Program is built on 3 key elements. It requires decision-making risk management processes, clearly documented Information Security Policies, and an effective IT Audit Program. These elements work in conjunction with each other, feeding the next component information that continually improves the Information Security Program. The IT Risk Assessment process identifies key systems and information, threats against those systems, and helps management identify which controls are necessary to mitigate risk to an acceptable level. The controls have been selected in the risk assessment and are captured and solidified in the Information Security Policies. These controls are then implemented by the institution to mitigate the actual risks. The IT Audit process comes in to validate that the identified controls are successfully implemented in the institution’s daily operations and to also ensure they are adequate to address best practice and regulatory guidelines.
A well-developed IT Audit Program will govern this process and provide the Board of Directors with assurances that the Information Security Program is implemented and working. This session will examine in more detail how the IT Audit Program integrates with the Information Security Program.
- Risk-based Audit Models
- FFIEC IT Audit Requirements
- FDIC InTREx Expectations
- Internal/External Audit Processes
- 6 Basic Audit Steps
- Engagement Letters
- Audit Workpapers
- Reporting and Exception Tracking
Who Should Attend:
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, Directors, and Executives looking to improve processes for IT Auditing.
Chad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry, and has served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.
Chad is dedicated to educating industry professionals about cybersecurity. While consulting with financial institutions, he saw the need to empower employees to be better prepared to confidently handle cybersecurity threats, create and manage strong information security programs, and understand ever-changing regulations at their institution. He was a driving force in the development of the SBS Institute certification program, which is uniquely designed to serve the banking industry by providing banking specific, role-based certifications cyber education. The SBS Institute has grown to include over ten certifications and State Association partners in over 30 states.