Learn the methodology described in the U.S. Government Accountability Office's Federal Information System Controls Audit Manual (FISCAM) for evaluating internal controls over the integrity, confidentiality and availability of data maintained in the computer-based systems of organizations you audit. You learn about general and application control areas. Course topics include: entity-wide security program planning and management, access controls, application software development and change controls, system software, segregation of duties and service continuity. This course is complementary to Information Systems Auditing (AUDT8029G), which provides alternative methods of evaluation and testing both general and application controls in today's computer environment, including identifying indicators of potential fraud.
Describe the elements of general controls and application controls that an auditor should consider while performing an IT review
Describe the commonly available tools to conduct an IT review, including network security penetration testing
Access information sources available in the government environment, such as practice aids to conduct operating systems (OS/390, Windows NT, UNIX, etc.) and security software reviews (RACF, ACF2, etc.)
Syllabus:
Syllabus -- Cost Recovery Auditing, AUDT8039G, Grad. School, USDA