IT Audit: Challenges and Opportunities

This session discusses how to properly determine what elements of the IT environment could and should be audited on a cyclical basis through a better understanding of the business, defining the IT Universe and proper application of risk assessments.

Continuous control testing is defined as activities performed to ensure that controls are operating effectively. It usually involves regular and automatic testing of all related events within a scope. In this session, we will define general concepts, discuss how to build a business case, establish scope and determine the appropriate data extraction and testing routine. The session will conclude with an explanation of the effectiveness of the internal control system and a real life case scenario.

Compliance used to be a periodic and mostly manual project driven by audit dates and deadlines. But those days are gone. Security threats to IT systems are real-time and ongoing. As any company that has suffered a data breach can tell you, the experience can be costly. Unfortunately, government mandates and industry regulations can be a year behind the threat curve. That's why even late-adopting organizations are opting for best practices in governance and risk management. Automated continuous compliance is the best method for ensuring security and meeting regulatory standards, even as those standards become more stringent. In this webcast, attendees will learn about what continuous compliance means for standards such as PCI, NERC, SOX, HIPAA and more. We will also discuss the cost benefits of maintaining a constant state of readiness and potential solutions for implementing automated continuous compliance.

This e-Symposium qualifies for 3 CPE points. To obtain CPE credit, members must download and listen to all event presentations and successfully complete a CPE quiz. To access the quiz, click the CPE button at the top of this page or click the Play button below.