CITP Examination Content Specification Outline
|
|
- Myles Todd
- 6 years ago
- Views:
Transcription
1 CITP Examination Content Specification Outline
2 2016 American Institute of CPAs. All rights reserved. DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American Institute of CPAs, its divisions and its committees. This publication is designed to provide accurate and authoritative information on the subject covered. It is distributed with the understanding that the authors are not engaged in rendering legal, accounting or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For more information about the procedure for requesting permission to make copies of any part of this work, please copyright@aicpa.org with your request. Otherwise, requests should be written and mailed to the Permissions Department, AICPA, 220 Leigh Farm Road, Durham, NC
3 TABLE OF CONTENTS The Pathway to the CITP Credential...2 High-Level Content Specification Outline...2 Module 1 Information Management...2 Module 2 Information Technology Risk & Advisory...3 Detailed Content Specification Outline...5 AICPA CITP Examination Content Specification Outline 1
4 THE PATHWAY TO THE CITP CREDENTIAL The content of the Certified Information Technology Professional (CITP ) Examination was developed to test a candidate s understanding of the fundamental sections of the CITP body of knowledge. The content of each of the topical sections is described in outline form and provides an overview of the knowledge and skills tested on the CITP Examination. The examination questions are intended to test each content area and its logical extensions. The percentage range following each major content area in the outline represents the approximate weighting for that content area. The examination is fully computerized and consists of multiple-choice questions only. High-Level Content Specification Outline Module 1 Information Management A. Information Management (20 25%) 1. Data management 2. Information lifecycle management 3. System development/capital acquisition and improvement 4. Application integration 5. Business performance, management 6. Solution administration, monitoring and governance B. Information Governance (25 30%) 1. Policies, procedures and standards 2. Access 3. Software and other process controls 4. Security authorization and authentication 5. Encryption 6. Business continuity and disaster recovery 7. Regulatory compliance (privacy and cybersecurity) C. Accounting Operations Technology Services (5 10%) 1. Solution implementation and delivery 2. Business process design and engineering 2 AICPA CITP Examination Content Specification Outline
5 Module 2 Information Technology Risk & Advisory A. Information Technology Risk & Advisory Services (10 15%) 1. IT considerations to the financial statement audit 2. Considerations for businesses using vendors 3. IT reviews and consulting engagements 4. Internal audit B. Engagement Compliance (5 10%) 1. Techniques and procedures 2. Planning 3. Risk 4. Scope 5. Evidence-gathering 6. Sampling 7. Fraud considerations 8. Reporting C. IT Controls & Assessment (15 20%) 1. IT controls 2. Assessment of IT controls AICPA CITP Examination Content Specification Outline 3
6 4 AICPA CITP Examination Content Specification Outline
7 DETAILED CONTENT SPECIFICATION OUTLINE MODULE 1 INFORMATION MANAGEMENT This module covers knowledge pertaining to Information Management, Information Governance and Accounting Operations Technology Services. Information Management ensures that information is managed such that it provides value in decision-making and serves other managerial needs. The foundation of effective information management is a thorough understanding of the structures and processes associated with managing information from creation or capture through disposition or destruction and the ability to apply data analysis and reporting concepts to analyze enterprise performance. Information Governance centers around the policies, procedures and standards in place to ensure the confidentiality, integrity and availability of information. Accounting Operations Technology Services focus on the use of IT to create or modify works flows and business processes that have the potential to make more effective use of resources. Topic/Content Referenced Readings A. Information Management (20 25%) 1. Data Management a. Types of infrastructure/platforms typically employed b. Data prep/manipulation c. Data analysis: Functions, tools and approaches 1) Business intelligence and analytics d. Information traceability 1) Source traceability 2) Transformation traceability e. Information quality 2. Information Lifecycle Management a. Identify b. Capture c. Manage d. Utilize e. Archive f. Retention policy g. Destruction 3. System Development/Capital Acquisition and Improvement a. Policy and procedure b. Planning/budget c. Test phase d. Implementation e. System development risk f. Customization risks g. Reduction of risk through commercial software AICPA. An overview of Data Management AICPA. Why Predictive Analytics should be a CPA Thing AICPA. How CPAs Can Drive Business Intelligence. AICPA. Information for Advantage and Knowledge Management AICPA. Strategic Business Management: From Planning to Performance AICPA Clarified Statement of Auditing Standards. AU-C 500 Audit Evidence. Krishnan, Krish. Data Warehousing in the Age of Big Data Morgan Kaufmann. Chapter 12. AICPA. A Practice Aid for Records Retention AICPA. A Job Aid to the Solution Selection Process Sherman, Richard. Business Intelligence Guidebook. Morgan Kaufmann Chapter 7 Technology and Product Architectures. AICPA CITP Examination Content Specification Outline 5
8 Topic/Content Referenced Readings A. Information Management (20 25%) (continued) 4. Application Integration a. Application integration framework b. Conceptualizing application integration for information management c. Financial systems/other systems/electronic medical record (EMR) d. Outside vendor management 5. Business Performance Management a. Budget and profitability management b. Performance metrics and reporting 6. Solution Administration, Monitoring, and Governance a. Continuous monitoring b. Business activity monitoring c. Business solution governance Misra, Harekrishna; Rahman, Hakikur. Managing Enterprise Information Technology Acquisitions. IGI Global Chapter 5 Conceptualization of IT Acquisition Life Cycle Management Model. AICPA. Find Out Why You Need Corporate Performance Management Software and Make Better Business Decisions AICPA. Is Your Company Trying to Eliminate All Vulnerabilities? AICPA. Build a Performance Management Plan That Works B. Information Governance (25 30%) 1. Policies, Procedures and Standards 2. Access a. Logical access 1) Data (transaction) level 2) Application and financial system level i. Evaluate and test application controls ii. Evaluate and test segregation of duties iii. Evaluate and test spreadsheet controls 3) Operating system level 4) Network level i. Firewalls ii. Network access controls b. Hardware and physical access 1) Access to server room, building facilities and sensitive hardcopy records 3. Software and Other Process Controls 4. Security Authorization and Authentication 5. Encryption Lanz, Joel. Communicating Cybersecurity Risks to the Audit Committee. The CPA Journal. May 2016 Issue. Merkow, Mark; Breithaupt, Jim. Information Security: Principles and Practices, Second Edition. Pearson Certification Chapter 2 Information Security Principles of Success; Chapter 4 Governance and Risk Management; Chapter 6 Business Continuity Planning and Disaster Recovery Planning; Chapter 8 Physical Security Control Understanding the Physical Security Domain. Turner, Leslie; Weickgenannt, Andrea. Accounting Information Systems: The Processes and Controls, 2nd Edition. John Wiley and Sons Module 2, Chapter 4 Internal Control and Risks in IT Systems; Module 2, Chapter 7 Auditing Information Technology-Based Processes; Module 4, Chapter 14 E-Commerce and E-Business. 6 AICPA CITP Examination Content Specification Outline
9 Topic/Content Referenced Readings B. Information Governance (25 30%) (continued) 6. Business Continuity and Disaster Recovery a. Business continuity planning (BCP) b. Disaster recovery (DRP) c. Contingency planning 1) Incident response 2) Data backup d. Testing 7. Regulatory Compliance (Privacy and Cybersecurity) AICPA. 5 steps CPAs can take to fight hackers. Journal of Accountancy. April AICPA. Business Continuity: Tools and Techniques AICPA. The Top 5 Cybercrimes Compliance Audits. PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessments Procedures, Version C. Accounting Operations Technology Services (5 10%) 1. Solution Implementation and Delivery 2. Business Process Design and Engineering a. Understanding of business processes that affect financial data b. Proper design and integration of internal controls into business processes AICPA. A CPA s Approach to Business Solution Implementations AICPA CITP Examination Content Specification Outline 7
10 MODULE 2 INFORMATION TECHNOLOGY RISK AND ADVISORY This module covers knowledge pertaining to Information Technology Risk and Advisory Services, Engagement Compliance, and IT Controls and Assessment. Information Technology Risk and Advisory knowledge centers around the considerations of IT risks, whether as part of a financial statement audit, service organization control report, internal IT audit, IT review, or IT consulting engagement. Engagement Compliance covers knowledge of techniques and procedures used in conjunction with assurance and advisory services. This includes components of planning, risk assessment, and evidence gathering. IT Controls and Assessment covers knowledge pertaining to IT controls, in relation to the integration of internal control frameworks with financial reporting, management considerations of internal controls, and change management procedures. Topic/Content Referenced Readings A. Information Technology Risk and Advisory Services (10 15%) 1. IT Considerations to the Financial Statement Audit 2. Considerations for Businesses using Vendors a. Service Organization Control Reports 1) SOC 1 reports 2) SOC 2 reports 3) SOC 3 reports 3. IT Reviews and Consulting Engagements a. Information compliance 1) Internal policy and procedure 4. Internal Audit a. Audit universe b. Specific audit programs c. Assessment of IT risk d. Work paper documentation e. Nature/substance of an audit report f. Board reporting 402 Audit Considerations Relating to an Entity. 935 Compliance Audits. AICPA. Trust Services Principles and Criteria AICPA. Service Organizations: Reporting on Controls at a Service Organization Relevant to User Entities Internal Control Over Financial Reporting Guide (SOC 1) AICPA. Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2 ) AICPA Guide Weiss, Martin; Solomon, Michael. Auditing IT Infrastructures for Compliance. Jones and Bartlett Learning Part Two, Auditing for Compliance: Frameworks, Tools, and Techniques. Gantz, Stephen. The Basics of IT Audit. Syngress Chapter 3 Internal Auditing; Chapter 6 IT Audit Components. 8 AICPA CITP Examination Content Specification Outline
11 Topic/Content Referenced Readings B. Engagement Compliance (5 10%) 1. Techniques and Procedures 2. Planning a. Research/process documentation/flowcharting b. Understanding business environment and processes 1) Complexity of business 2) Assess the level of IT sophistication, and degree of F/R reliance on IT 3) Business or accounting change, such as within business process and cycles 4) Executive management functions 3. Risk a. Risk Assessment 1) Enterprise risk assessment 2) Financial statement risk assessment 3) IT risk assessment 4) Security risk assessment (Audits) b. Risk Model 1) Inherent risk i. Entity (economy, industry and entity-specific) ii. IT control environment 2) Control risk i. Manual vs. automation; hybrid ii. Preventive, detective and corrective controls iii. Key vs. non-key controls iv. Control gaps 3) Risk of material misstatement i. Combination of inherent and control risk ii. Consider applicable account balances, classes of transactions, and disclosures iii. Tie to relevant F/S assertions iv. Consider adverse effects of the entity s IT v. Assessing RMM due to fraud 240 Consideration of Fraud in a Financial Statement Audit. 265 Communicating I/C Related Matters Identified in an Audit. 300 Planning an Audit. 315 Understanding the Entity, Its Environment, and Assessing the Risks of Material Misstatement. 450 Evaluation of Misstatements Identified During the Audit. 500 Audit Evidence. 520 Analytical Procedures. 530 Audit Sampling. AICPA CITP Examination Content Specification Outline 9
12 Topic/Content Referenced Readings B. Engagement Compliance (5 10%) (continued) 4. Scope a. Develop walkthrough plan b. Preparing an IT audit plan c. Draft risk assessment report 5. Evidence Gathering a. Strategy b. Inquiry c. Observation d. Inspection/reperformance e. Analytical procedures 6. Sampling a. Methodologies b. Size c. Technical tools and techniques (CAATs) 7. Fraud Considerations a. Digital Evidence 1) E-discovery rules and processes 2) Implications of federal and state-specific laws b. Detection and Investigation 1) Use of IT in fraud investigations 2) Data mining/analysis i. Proper digital acquisition tools and procedures ii. Determine suitable digital sources Cascarino, Richard. Auditor s Guide to IT Auditing, Second Edition. John Wiley and Sons Part 1, Chapter 3: IT Risk and Fundamental Auditing Concepts; Part 1, Chapter 6: Risk Management of the IT Function; Part 1, Chapter 7: Audit Planning Process; Part 1, Chapter 9: Audit Evidence Process. AICPA. Board and Audit Committee Involvement in Risk Management Oversight AICPA. Computer Assisted Audit Techniques or CAATS Hingarh, Venna; Ahmed, Arif. Understanding and Conducting Information Systems Auditing + Website. John Wiley and Sons Part 1: Chapter 6 Risk Based Systems Audit. 8. Reporting a. Information presentation b. Information timeliness 10 AICPA CITP Examination Content Specification Outline
13 Topic/Content Referenced Readings C. IT Controls and Assessment (15 20%) 1. IT Controls a. COSO Framework 1) Integration b. Management considerations 1) History and prior control reports 2) Management s attention to controls c. Control environment 1) IT strategic plan 2) IT policies and procedures i. Role of IT governance in the control environment ii. Role of project management in the control environment 3) IT Operations i. Consider portfolio of systems used or in place d. Change management 1) Policies and procedures i. Configuration management ii. Software management iii. Operating system and network management 2) Vulnerability management 3) Systems implications i. Accounting and financial reporting systems ii. Commercial off-the-shelf software (COTS) vs. customized software iii. Enterprise and ERP systems iv. E-Business systems and applications e. Application controls Trugman, Gary R Understanding Business Valuation: A Practical Guide to Valuing Small to Medium-Sized Businesses, 4th ed. New York: AICPA, chap. 2, 3, 6, 17, 21 22, Hitchner, James R Financial Valuation: Application and Models, 3rd ed. New Jersey: John Wiley & Sons, chap. 16 and 23. Pratt, Shannon P., Niculita, Alina V Valuing a Business: The Analysis and Appraisal of Closely Held Companies, 5th ed. New York: McGraw-Hill, chap , AICPA Consulting Services Special Report 03 1 Litigation Services and Applicable Professional Standards AICPA Consulting Services Practice Aid 96 3 Communicating in Litigation Services: Reports 2. Assessment of IT Controls a. Deficiency evaluation of IT-related controls 1) Control deficiency, significant deficiency and material weakness 2) Aggregation of deficiencies b. Materiality/impact to the entity 1) Risk of material misstatement AICPA CITP Examination Content Specification Outline 11
14 12 AICPA CITP Examination Content Specification Outline
15
16 T: F: E: W: aicpa.org/citp
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationCITP Credential handbook
CITP Credential handbook A guide to the AICPA Certified Information Technology Professional credential i CITP Credential handbook A guide to the AICPA Certified Information Technology Professional credential
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationADVANCED AUDIT AND ASSURANCE
ADVANCED AUDIT AND ASSURANCE CPA PROGRAM SUBJECT OUTLINE The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements.
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationHow Secure is Blockchain? June 6 th, 2017
How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones
More informationService Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017
Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationCOPYRIGHTED MATERIAL. Index
Index 2014 revised COSO framework. See COSO internal control framework Association of Certified Fraud Examiners (ACFE), 666 Administrative files workpaper document organization, 402 AICPA fraud standards
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationApplication Kit. A guide to the AICPA Certified Information Technology Professional credential
Application Kit A guide to the AICPA Certified Information Technology Professional credential 2017 Association of International Professional Accountants. All rights reserved. AICPA and American Institute
More informationThe Minimum IT Controls to Assess in a Financial Audit (Part II)
The Minimum IT Controls to Assess in a Financial Audit (Part II) Tommie W. Singleton, Ph.D., CISA, CITP, CMA, CPA, is an associate professor of information systems (IS) at the University of Alabama at
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationSAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2
SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationSSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services
SSAE 18 & new SOC approach to compliance Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services Agenda 1. SSAE 18 overview 2. SOC 2 + 3. 2017 Trust Services Criteria SSAE 18
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationCITP Mentoring Program Guidelines
CITP Mentoring Program Guidelines 1 AICPA CITP Mentoring Program Guidelines 2017 American Institute of CPAs. All rights reserved. DISCLAIMER: The contents of this publication do not necessarily reflect
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More information354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2
Index Accounts Payable Process Review Procedures Assessments, 191 Actions to Resolve Risks COSO ERM Control Activities, 97 Activity Management COSO ERM Control Activities, 81 AICPA SAS No. 1 Internal Controls
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More information26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Office of the Secretary Public
More informationSERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?
WHITE PAPER SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY? JEFF COOK DIRECTOR CPA, CITP, CIPT, CISA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Summary...
More informationAuditing IT General Controls
Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program
More informationIT Audit Process Prof. Liang Yao Week Two IT Audit Function
Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationDATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK)
DATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK) Release 2.2 August 2013. This document was created in collaboration of the leading experts and educators in the field and members of the Certified Data Steward
More informationSOC Reporting / SSAE 18 Update July, 2017
SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationInformation Systems and Tech (IST)
Information Systems and Tech (IST) 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey of
More informationWithin our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.
1633 Broadway New York, NY 10019-6754 Mr. Jim Sylph Executive Director, Professional Standards International Federation of Accountants 545 Fifth Avenue, 14th Floor New York, NY 10017 Dear Mr. Sylph: We
More informationAdvanced Corporate Reporting. Corporate Reporting. Financial Accounting. Management in Organisations
CPA Syllabus 018: Auditing Stage: Professional 1 Subject Title: Auditing Examination Duration: 3 Hours Aim The aim of this subject is to introduce students to the concepts and principles of the audit process
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationSERVICE ORGANIZATION CONTROL 3 REPORT
SERVICE ORGANIZATION CONTROL 3 REPORT Digital Certificate Solutions, Comodo Certificate Manager (CCM), and Comodo Two Factor Authentication (Comodo TF) Services For the period April 1, 2016 through March
More informationTAN Jenny Partner PwC Singapore
1 Topic: Cybersecurity Risks An Essential Audit Consideration TAN Jenny Partner PwC Singapore PwC Singapore is honoured to be invited to contribute to the development of this guideline. Cybersecurity Risks
More informationUnderstanding and Evaluating Service Organization Controls (SOC) Reports
Understanding and Evaluating Service Organization Controls (SOC) Reports Kevin Sear, CPA, CIA, CISA, CFE, CGMA Agenda 1. Why are SOC reports important? 2. Understanding the new SOC-1, SOC-2, and SOC-3
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationWebtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service
More informationThe SOC 2 Compliance Handbook:
The SOC 2 Compliance Handbook: Your guide to SOC 2 Audit Success The SOC 2 Compliance Handbook Page 2 Table of Contents Abstract 3 Why am I being asked about SOC Compliance? 4 What s the difference between
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationHong Kong Institute of Certified Public Accountants Practising Certificate ("PC") Business Assurance
Hong Kong Institute of Certified Public Accountants Practising Certificate ("PC") Business Assurance Examinable Auditing Standards December 2017 Session and June 2018 session This document contains the
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationISACA CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS
ISACA The recognized global leaders in IT governance, control and assurance 1 2007 CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS 2 1 Chapter Overview 1. Introduction Organization of the IS audit function
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationCourse Intended Learning Outcomes (CILOs): Upon successful completion of this course, students should be able to:
Title (Units): COMP 7330 Information Systems Security & Auditing (3,3,0) Course Aims: Prerequisite: To introduce the fundamental concepts and techniques in computer and network security, giving students
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationInternal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit
Internal Audit Report Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Objective Review of process controls and service delivery of the TxDOT electronic bidding process. Opinion Based
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationInstitute of Certified Forensic Accountants. Certificate in Internal Auditing
Institute of Certified Forensic Accountants Certificate in Internal Auditing www.forensicglobal.org info@forensicglobal.org Welcome The Institute of Certified Forensic Accountants is a professional body
More informationCISA ITEM DEVELOPMENT GUIDE
CISA ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CISA Item Development Guide 3 CISA Exam Structure 3 Writing Quality Items 3 Multiple-Alternative Items 4 Steps
More informationMaryland Health Care Commission
Special Review Maryland Health Care Commission Security Monitoring of Patient Information Maintained by the State-Designated Health Information Exchange September 2017 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationINFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK. Ronald E. Franke, CISA, CIA, CFE, CICA. April 30, 2010
INFORMATION TECHNOLOGY AUDITING GAO AND THE FISCAM AUDIT FRAMEWORK Presented by Ronald E. Franke, CISA, CIA, CFE, CICA April 30, 2010 1 Agenda General Accountability Office (GAO) and IT Auditing Federal
More informationChapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC
Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationKENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)
KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT) 1. DIRECTOR, LEARNING & DEVELOPMENT - LOWER KABETE Reporting to the Director General, Campus Directors will be responsible for
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationC22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers
C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background
More informationCISA EXAM PREPARATION - Weekend Program
CISA EXAM PREPARATION - Weekend Program THE CISA QUALIFICATION: CERTIFICATION PREPARATION COURSE SYLLABUS PT. RIALACHAS TATHYA PRAYUKTI Menara Palma 12th Floor Jalan HR Rasuna Said Blok X2 Kav 6 Jakarta,
More informationInternational Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationContracting for an IT General Controls Audit
Contracting for an IT General Controls Audit Lori Schubert, C.P.A. Internal Audit Manager age Waukesha County (WI) lschubert@waukeshacounty.gov Overview of Presentation Description of Waukesha County Information
More informationAdopting SSAE 18 for SOC 1 reports
Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationData Classification, Security, and Privacy
Data Classification, Security, and Privacy Jennifer Bayuk Securities Industry and Financial Markets Association Internal Audit Division October, 2007 Overview of Information Classification Logical Relationship
More informationTesters vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7
Testers vs Writers: Pen tests Quality in Assurance Projects 10 November 2016 @ Defcamp7 Contents INTRODUCTION CONTEXT WHAT ABOUT AUDITING STANDARDS WHAT ABOUT INDEPENDENCE PEN TEST BETWEEN REGULATORY AND
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More information3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework
COSO Revised: Implications for Compliance and Ethics Programs Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and EY Professor The University of Kentucky Session Agenda The COSO Framework
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More information