Auditing Critical Business System Applications

An Information Technology (IT) Auditor and Information Security (Info Sec) Professional are really both pursuing the same goals but through different terminology.  The IT auditor evaluates for the presence of “controls” whereas Info Sec professional pursues the implementation of “security”.  It is essential that both end users and IT professionals understand the process of IT Audit and the concepts of risk and control associated with critical business applications, those applications essential to the daily operational functionality of the enterprise.

The IT Auditor is looking for assurance that the application provides an adequate degree of control over the data being processed. The level of control expected for a particular application is dependent on the degree of risk involved in the incorrect or unauthorized processing of those data.  Most generalized IT security audits and the tools used to perform these audits, focus on networks and servers. However, applications are often vulnerable to attacks that will not be detected by network and server security controls, and could compromise not only the application and its data, but the network and servers as well.

The primary focus of this seminar is on the process of auditing critical business applications, the associated IT infrastructure that supports these applications and the auditor’s role in assessing the internal control environment in which these applications are designed to function.