(Two parts of four days each)

A highly successful and acclaimed seminar worldwide for its comprehensiveness, low-cost and its practical and modern risk-analysis oriented methodologies. It condenses ten individual courses in only 8 days.

This course can be customized and presented in-house anywhere in the world in fewer days to provide uniform training to your staff at considerable savings over public seminars. Inquire for details. 

A Spanish version of this seminar is available for presentation in-house with class notes also in Spanish. Inquire for details. jaykmasp@aol.com


Part 1 Foundation & practice:
     Please inquire
Part 2, Advanced Technologies: Please inquire



This course will equip you to handle I/S audit assignments through intensive training on the most important topics in I/S auditing in only four or eight days in a cost-effective manner (course is 30% cheaper than regular courses). Through lecture and workshops, the course provides you with audit and control methodologies that you can apply immediately to any I/S audit and system control situation.


• Financial and operational auditors

• Newly appointed and experienced I/S auditors        

• Audit executives/supervisors, senior auditors and I/S professionals who need to learn I/S      auditing

• CPAs, Controllers, Consultants

• Quality Assurance and Information Systems/Security professionals.


PART 1 - I/S AUDIT FOUNDATION - • I/S Controls Design, Assessment and Testing • Basic Application Systems Audits • Data Center Audits • Organizing the I/S Audit Function.

  1. INFORMATION TECHNOLOGY EXPOSURES. Data & asset concentration. Firm's exposure and auditor's risk. Computer Security and I/S audit - Key components and their differences.

  2. DESIGN OF INTERNAL CONTROLS BY RISK ANALYSIS. Internal Control Models (COSO, Cobit). Risk analysis structured methodology. Control zones, control points, control objectives setting (what) & control selection (how). Controls justification & documentation. Exercise.

  3. HOW TO ASSESS AND TEST INTERNAL CONTROLS AND PREPARE I/S AUDIT PLANS. Control characteristics of various systems. How to document and assess internal controls. Six approaches to test controls. Types of testing (compliance, substantive, intrinsic, etc.). 65 Tools and Techniques for testing internal controls. Methodology to Prepare Detailed Audit/Test Plans. Application by Case.

  4. AUDITING EXISTING & BASIC APPLICATION SYSTEMS. Three-segment audit (manual, computerized, environment). Audit of programs, files and embedded controls. Techniques: audit software, test decks, control point flow charts.

  5. DATA CENTERS & I/S FUNCTION AUDIT. Scope. Control point/control objectives & controls for data centers. Audit approaches (checklists, in-depth and surprise). Preparing a detailed audit plan. Audit modules (physical security, organization, logical security, contingency planning, operations standards, change control, library controls, etc.). Case.

  6. ORGANIZING AN EFFECTIVE I/S AUDIT FUNCTION. Function scope. Key program components (Initiation, directional strategy, organization and charter, staffing and training, I/S audit standards, audit projects work plan, sizing up staff priority setting).

PART 2 - ADVANCED TECHNOLOGIES: • On-Line/Client/Server Systems • System Development • Networks • LANs • System Software Audits

  1. SYSTEM DEVELOPMENT AUDITS (SDAs). Audit roles and scope. Controls and auditability building. Audit Standards for SDAs. (Feasibility, General Design, Detailed Design, Coding, Testing, Conversion, Acceptance). Audit Endorsement. Purchased Software Audit.

  2. ADVANCED/ON-LINE/DATA-BASE/CLIENT/SERVER SYSTEMS. Control and audit characteristics. Threats and Risks. Complex system software environment. How to control and secure advanced systems. Control zones and control points. Audit approaches and test techniques for programs, data bases and internal controls. Backup and recovery in Systems. How to prepare audit plans for advanced systems. Client/Server (C/S) System Controls. Control objectives and control solutions.

  3. AUDIT AND CONTROL OF DATA COMMUNICATION NETWORKS. Fundamentals. Threats and Exposures. Control points and controls for networks. Auditing approaches and techniques. Work papers (the network diagram). Network Contingency Plans. Exercise in preparing a detailed audit plan.

  4. LANs & DISTRIBUTED SYSTEM CONTROL & AUDIT. Exposures. Control points. Control objectives and Techniques. Controls and audit approaches for LANs. Controls for hardware and software, connectivity distributed systems, and hacking (viruses).

  5. ELEMENTS OF SYSTEM SOFTWARE. Control and audit approaches for systems software. New Information Technologies and exposures.

Course attendance is limited. To register, call (781) 235-2895, Fax (781) 235-5446 or e-mail jaykmasp@aol.com.

COURSE FEE: $1,400 one part, $2,650 for two parts



           - P.O. Box 81151 - Wellesley Hills, MA 02481-0001

                 (781) 235-2895 - Fax: (781) 235-5446

- e-mail: jaykmasp@aol.com

Return to Home Page