A Standardized Financial Statement Auditing Framework
For The CLOUD Ecosystem
STANDARDS PRINCIPLES RULES
BACKGROUND
Technology is ever changing and so have the principles, methods and tools for auditing financial statements in this 21st century CLOUD environment. The advent of CLOUD technologies have introduced new system architectures such as: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) and their derivative services such as Security-as-a-Service, Storage-as-a-Service, Anything-as-a-Service. Due to these new IT service models, businesses and government agencies that once operated their own data centers are now outsourcing their IT functions to IT service providers at various levels of the cloud ecosystem.
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) computing platforms and their derivative services such as Security-as-a-Service, Storage-as-a-Service enable IT service providers to provide specialized data processing, networking, data security, data storage, and application hosting services to companies and government agencies on an a la carte basis.
Data in the CLOUD ecosystem is continually in motion between IaaS, PaaS and SaaS layers of the CLOUD architecture. Data remains in motion in the CLOUD until it reaches its final destination in the financial statements. Sometimes the resulting financial statements are further distributed electronically which adds another dimension to data security and data processing integrity that auditors should be aware of. Likewise, data in motion can cross international borders in violation of a country’s regulations.
Implementation of Application Programming Interfaces (APIs) further exacerbates the challenges financial statement auditors face when they are auditing financial data that is processed and stored in the CLOUD ecosystem. In the CLOUD ecosystem, financial data is constantly moving from one third-party provider servers to another and APIs technology play and key role in transporting data and datasets to their final resting place on the company’s server or government agency’s server and ultimately in the company’s financial statements. For example banking institutions transmit companies banking and investment data electronically to the companies’ accounting department and their auditors. Payroll service providers are responsible for processing companies payroll, making payments directly to state and federal tax authorities and transmitting the payroll and tax file electronically to designated servers that are accessibly by the companies’ accounting department and their auditors. Ultimately, data from these diverse sources end up in the company’s financial statements. Some APIs are also used to modify data while in motion in the CLOUD. API consists of complex algorithms that are constantly modifying and transporting data in the CLOUD. As CLOUD technologies continue to evolve, financial institutions, companies, government agencies and their auditors will have to adopt new ways of tracing, reconciling, verifying, validating, and testing financial data as various points in the CLOUD ecosystem.
Accountants and internal auditors who want to understand how their companies' employees benefits, payroll, e-commerce and banking data is being processed in the CLOUD will benefit immensely from taking this course. CPAs in public accounting practice who are providing SOX readiness and IT auditing services to their clients will be able to fulfill their due diligence responsibilities of examining and reporting on application controls and IT general controls in the CLOUD Ecosystem.
This 3-day course is designed to introduce participants to the underlying fundamentals of Information Technology (IT) and the principles, standards and rules for auditing financial statement production and operations in the CLOUD ecosystem.
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) computing platforms and their derivative services such as Security-as-a-Service, Storage-as-a-Service enable IT service providers to provide specialized data processing, networking, data security, data storage, and application hosting services to companies and government agencies on an a la carte basis.
Data in the CLOUD ecosystem is continually in motion between IaaS, PaaS and SaaS layers of the CLOUD architecture. Data remains in motion in the CLOUD until it reaches its final destination in the financial statements. Sometimes the resulting financial statements are further distributed electronically which adds another dimension to data security and data processing integrity that auditors should be aware of. Likewise, data in motion can cross international borders in violation of a country’s regulations.
Implementation of Application Programming Interfaces (APIs) further exacerbates the challenges financial statement auditors face when they are auditing financial data that is processed and stored in the CLOUD ecosystem. In the CLOUD ecosystem, financial data is constantly moving from one third-party provider servers to another and APIs technology play and key role in transporting data and datasets to their final resting place on the company’s server or government agency’s server and ultimately in the company’s financial statements. For example banking institutions transmit companies banking and investment data electronically to the companies’ accounting department and their auditors. Payroll service providers are responsible for processing companies payroll, making payments directly to state and federal tax authorities and transmitting the payroll and tax file electronically to designated servers that are accessibly by the companies’ accounting department and their auditors. Ultimately, data from these diverse sources end up in the company’s financial statements. Some APIs are also used to modify data while in motion in the CLOUD. API consists of complex algorithms that are constantly modifying and transporting data in the CLOUD. As CLOUD technologies continue to evolve, financial institutions, companies, government agencies and their auditors will have to adopt new ways of tracing, reconciling, verifying, validating, and testing financial data as various points in the CLOUD ecosystem.
Accountants and internal auditors who want to understand how their companies' employees benefits, payroll, e-commerce and banking data is being processed in the CLOUD will benefit immensely from taking this course. CPAs in public accounting practice who are providing SOX readiness and IT auditing services to their clients will be able to fulfill their due diligence responsibilities of examining and reporting on application controls and IT general controls in the CLOUD Ecosystem.
This 3-day course is designed to introduce participants to the underlying fundamentals of Information Technology (IT) and the principles, standards and rules for auditing financial statement production and operations in the CLOUD ecosystem.
TOPICS COVERED
Participants will learn:
|
STUDENTS WILL RECEIVE THEIR COURSEWARE ON TABLETS THAT WILL BE USED TO DOWNLOAD FUTURE UPDATES TO THE COURSEWARE
LEARNING OBJECTIVES
CHAPTER 1: The ABC of Information Processing Systems
What you will learn: At the completion of this chapter, you will have learned the basic principles of computer system architecture and information processing systems, how computer networks work, and how computer hardware, firmware, software, and network components have morphed into the CLOUD platforms that businesses are utilizing today. This knowledge will shape the mindset that financial statement auditors need to have when they are engaged to audit financial statements in a CLOUD environment.
CHAPTER 2: Overview of the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned about the three CLOUD deployment models and how they interoperate. You will also have learned how ingenious computer software developers continue to invent new value-added services aimed to extend the utility of CLOUD offerings. These services are referred to as derivative and intervention services. Furthermore, you will have learned the difference and similarities between CLOUD service providers and Managed Service Providers (MSP). Finally, you will learn why companies and government agencies transition from the traditional data center to the CLOUD.
CHAPTER 3: CLOUD Backplane Systems
What you will learn: At the completion of this chapter, you will have learned about backplane systems, their design, the risk involved with backplane systems, and why financial statement auditors should or should not be concerned about backplane systems.
CHAPTER 4: Base CLOUD Computing Platforms
What you will learn: At the completion of this chapter, you will have learned about the three base CLOUD computing platforms: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and how financial transactions are executed, approved and provisioned at the SaaS level. You will also have learned how the financial data is stored at the PaaS level of the CLOUD architecture and how user, customers and business access and collaboration are managed at the IaaS level.
CHAPTER 5: IaaS, PaaS, and SaaS Derivative Services and Their Relevance in the CLOUD Supply Chain
What you will learn: At the completion of this chapter, you will have learned about various types of CLOUD derivative services provided at the IaaS, PaaS, and SaaS levels. You will also have learned about how providers derive and implement derivative services as part of the CLOUD supply chain and about the overarching contribution derivative CLOUD services make to the CLOUD ecosystem.
CHAPTER 6: CLOUD Brokered Services
What you will learn: At the completion of this chapter, you will have learned the types of CLOUD broker services, how CLOUD providers contribute to the supply chain, and their respective roles and responsibilities.
CHAPTER 7: Requisite Competencies and CLOUD Auditing Tools
What you will learn: At the completion of this chapter, you will have learned how to identify cutting-edge auditing tools and platforms for electronic evidence gathering, testing, and examination and you will have gained an understanding of the skill set needed to navigate the financial auditing process in the CLOUD ecosystem.
CHAPTER 8: Roles and Responsibilities of Actors in the CLOUD Supply Chain and Ecosystem
What you will learn: At the completion of this chapter, you will have learned about specific base and derivative CLOUD service offerings and the roles and responsibilities each actor plays in the supply chain.
CHAPTER 9: Key Steps in Financial Statement Auditing in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to conduct financial statement auditing in the CLOUD environment in accordance with ISA and GAAS.
CHAPTER 10: Key CLOUD Auditing Concepts: A Case Study
What you will learn: The three auditing standards prescribed by Generally Accepted Auditing Standards (GAAS) and the International Standards on Auditing (ISA) are applicable in both the traditional auditing process and auditing in the CLOUD ecosystem.
CHAPTER 11: Conducting Risk Assessment in the CLOUD: A Use Case Scenario
What you will learn: At the completion of this chapter, you will have learned how to conduct risk assessment in the CLOUD ecosystem for purposes of conducting financial statement auditing.
CHAPTER 12: Mapping Transaction Data to Transaction Controls and Testing Transaction Cycles in the CLOUD
What you will learn: At the completion of this chapter, you will have learned various methods for mapping, documenting, and testing transaction cycle in the CLOUD ecosystem.
CHAPTER 13: Formulating Accounting Cycles and Integrating the Relevant Transaction Cycles
What you will learn: At the completion of this chapter, you will have learned how various accounting transactions are integrated in the accounting cycle to generate an entity’s financial statements. You will also have learned how to audit accounting cycles in the CLOUD.
CHAPTER 14: Mapping CLOUD Controls to Financial Statement Assertions
What you will learn: At the completion of this chapter, you will have learned how to identify the various levels of controls that are implemented in the CLOUD ecosystem and how to identify, document, map, and test the relevant transaction and accounting controls related to the entity’s financial operations and specifically the assertions that are reflected in the entity’s financial statements.
CHAPTER 15: Identification of Relevant Accounting and Financial Processing Controls in Event Logs and Metadata Files
What you will learn: At the completion of this chapter, you will have learned how to identify event logs and metadata files; access event logs and metadata files; and document the relevant data points relating to key financial controls and audit trails in event logs and metadata files.
CHAPTER 16: Statistical Sampling in a “Big Data” Environment
What you will learn: At the completion of this chapter you will have learned about the “Big Data” environment and cutting-edge auditing tools and platforms needed to navigate the massive amount of transaction stored in the CLOUD. You will also have learned how to conduct audit sampling in a ”Big Data” environment.
CHAPTER 17: Continuous Auditing in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to employ the appropriate continuous auditing and continuous monitoring principles, tools and techniques to overcome the challenges of navigating and analyzing the massive amount of e-commerce data that is continually generated in the CLOUD environment.
CHAPTER 18: Testing Segregation of Duties in the CLOUD Ecosystem
What you will learn: At the completion of this chapter you will have learned how:
What you will learn: At the completion of this chapter, you will have learned how to audit Service Level Agreements (SLA) with SaaS, PaaS, and IaaS service providers and their derivative counterpart.
CHAPTER 20: Documenting, Gathering, and Evaluating Electronic Evidence in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to identify sources of a client’s data and how to document, gather, evaluate, analyze, and report on electronic evidence that is stored on servers located in multiple data centers around the world.
CHAPTER 21: Testing CLOUD Security and Security-as-a-Service in the CLOUD
What you will learn: By the end of this chapter, you will have learned various security deployment strategies and how to identify and test security controls that have direct impacts on client data and on accounting and financial reporting operations in the CLOUD.
CHAPTER 22: Testing Business and Financial Controls in Virtualized Multi-Tenant Environments
What you will learn: How to identify and test business and financial controls in a virtualized-multi-tenant environment.
CHAPTER 23: Testing SaaS Controls against Business Rules, Accounting Policies, and Regulatory Requirements
What you will learn: At the completion of this chapter you will have learned how to identify and document SaaS application controls to determine whether business rules, company policies, accounting policies, and regulatory requirements are implemented. You will also have learned how to perform tests of controls to determine their operating effectiveness.
CHAPTER 24: Testing Accounting Cycles in the CLOUD
What you will learn: At the completion of this chapter you will have learned how to re-construct accounting cycles in the CLOUD so that risk assessment and testing activities can be performed efficiently and expeditiously.
CHAPTER 25: Testing CLOUD Controls against Regulatory Requirements
What you will learn: At the completion of this chapter, you will have learned how to test compliance with PCI DSS as a regulatory compliance requirement.
CHAPTER 26: Testing SaaS Application Access and Data Partitioning Controls in a Multi-tenant CLOUD Environment
What you will learn: At the completion of this chapter you will have learned how to distinguish between data compartmentalization protection controls and application controls. You will also have learned how to test application and data security and privacy protection controls in a multi-tenant CLOUD environment.
CHAPTER 27: Testing Metadata and Event Logging Activities
What you will learn: At the completion of this chapter you will have learned how to (a) identify sources of metadata in computer systems; (b) how metadata is generated; (c) how to identify event logs generated at the IaaS, PaaS, and SaaS levels; (d) how to use event logs and metadata files as sources of audit evidence in the financial statement auditing process. You will also have learned how to identify network, system, and application metadata and event logs at IaaS, PaaS, and SaaS security layers.
CHAPTER 28: Testing Data Transformation and Disposition in the CLOUD
What you will learn: At the completion of this chapter, you will have learned how to navigate the CLOUD ecosystem by examining data integrity at all stages of the data life cycle, from data transformation to data disposition.
CHAPTER 29: Testing Configuration Management and Interoperability Controls in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to identify configurable components in IaaS, PaaS, and SaaS platforms. You will also have learned how to deploy change tracking and version control tools to ensure that changes to computer components that could impact accounting and financial reporting controls can be identified and tracked.
CHAPTER 30: Testing Strategy for Derivative IaaS, PaaS, and SaaS CLOUD Services
What you will learn: At the completion of this chapter, you will have learned how to test derivative IaaS, PaaS, and SaaS platforms such as Identity-as-a-Service, Policy Enforcement Points-as-a-Service, Policy Access Points-as-a-Service, Security-as-a-Service, and Policy Decision Points-as-a-Service.
CHAPTER 31: Computer Forensics Investigation in Financial Statement Auditing
What you will learn: At the completion of this chapter, you will have learned how to select the appropriate tools for computer forensic investigation. You will also have learned how to conduct computer forensics and valuable tips and tricks of the trade.
CHAPTER 32: Auditing System Development Life Cycle (SDLC) Controls in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to conduct auditing at the various phases of the SDLC, including system conversion and system migration projects.
CHAPTER 33: Testing Disaster Recovery (DR), Business Continuity (BC) and Incident Response (IR) in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to audit the DR, BC and IR plans designed for the CLOUD ecosystem.
What you will learn: At the completion of this chapter, you will have learned the basic principles of computer system architecture and information processing systems, how computer networks work, and how computer hardware, firmware, software, and network components have morphed into the CLOUD platforms that businesses are utilizing today. This knowledge will shape the mindset that financial statement auditors need to have when they are engaged to audit financial statements in a CLOUD environment.
CHAPTER 2: Overview of the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned about the three CLOUD deployment models and how they interoperate. You will also have learned how ingenious computer software developers continue to invent new value-added services aimed to extend the utility of CLOUD offerings. These services are referred to as derivative and intervention services. Furthermore, you will have learned the difference and similarities between CLOUD service providers and Managed Service Providers (MSP). Finally, you will learn why companies and government agencies transition from the traditional data center to the CLOUD.
CHAPTER 3: CLOUD Backplane Systems
What you will learn: At the completion of this chapter, you will have learned about backplane systems, their design, the risk involved with backplane systems, and why financial statement auditors should or should not be concerned about backplane systems.
CHAPTER 4: Base CLOUD Computing Platforms
What you will learn: At the completion of this chapter, you will have learned about the three base CLOUD computing platforms: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and how financial transactions are executed, approved and provisioned at the SaaS level. You will also have learned how the financial data is stored at the PaaS level of the CLOUD architecture and how user, customers and business access and collaboration are managed at the IaaS level.
CHAPTER 5: IaaS, PaaS, and SaaS Derivative Services and Their Relevance in the CLOUD Supply Chain
What you will learn: At the completion of this chapter, you will have learned about various types of CLOUD derivative services provided at the IaaS, PaaS, and SaaS levels. You will also have learned about how providers derive and implement derivative services as part of the CLOUD supply chain and about the overarching contribution derivative CLOUD services make to the CLOUD ecosystem.
CHAPTER 6: CLOUD Brokered Services
What you will learn: At the completion of this chapter, you will have learned the types of CLOUD broker services, how CLOUD providers contribute to the supply chain, and their respective roles and responsibilities.
CHAPTER 7: Requisite Competencies and CLOUD Auditing Tools
What you will learn: At the completion of this chapter, you will have learned how to identify cutting-edge auditing tools and platforms for electronic evidence gathering, testing, and examination and you will have gained an understanding of the skill set needed to navigate the financial auditing process in the CLOUD ecosystem.
CHAPTER 8: Roles and Responsibilities of Actors in the CLOUD Supply Chain and Ecosystem
What you will learn: At the completion of this chapter, you will have learned about specific base and derivative CLOUD service offerings and the roles and responsibilities each actor plays in the supply chain.
CHAPTER 9: Key Steps in Financial Statement Auditing in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to conduct financial statement auditing in the CLOUD environment in accordance with ISA and GAAS.
CHAPTER 10: Key CLOUD Auditing Concepts: A Case Study
What you will learn: The three auditing standards prescribed by Generally Accepted Auditing Standards (GAAS) and the International Standards on Auditing (ISA) are applicable in both the traditional auditing process and auditing in the CLOUD ecosystem.
CHAPTER 11: Conducting Risk Assessment in the CLOUD: A Use Case Scenario
What you will learn: At the completion of this chapter, you will have learned how to conduct risk assessment in the CLOUD ecosystem for purposes of conducting financial statement auditing.
CHAPTER 12: Mapping Transaction Data to Transaction Controls and Testing Transaction Cycles in the CLOUD
What you will learn: At the completion of this chapter, you will have learned various methods for mapping, documenting, and testing transaction cycle in the CLOUD ecosystem.
CHAPTER 13: Formulating Accounting Cycles and Integrating the Relevant Transaction Cycles
What you will learn: At the completion of this chapter, you will have learned how various accounting transactions are integrated in the accounting cycle to generate an entity’s financial statements. You will also have learned how to audit accounting cycles in the CLOUD.
CHAPTER 14: Mapping CLOUD Controls to Financial Statement Assertions
What you will learn: At the completion of this chapter, you will have learned how to identify the various levels of controls that are implemented in the CLOUD ecosystem and how to identify, document, map, and test the relevant transaction and accounting controls related to the entity’s financial operations and specifically the assertions that are reflected in the entity’s financial statements.
CHAPTER 15: Identification of Relevant Accounting and Financial Processing Controls in Event Logs and Metadata Files
What you will learn: At the completion of this chapter, you will have learned how to identify event logs and metadata files; access event logs and metadata files; and document the relevant data points relating to key financial controls and audit trails in event logs and metadata files.
CHAPTER 16: Statistical Sampling in a “Big Data” Environment
What you will learn: At the completion of this chapter you will have learned about the “Big Data” environment and cutting-edge auditing tools and platforms needed to navigate the massive amount of transaction stored in the CLOUD. You will also have learned how to conduct audit sampling in a ”Big Data” environment.
CHAPTER 17: Continuous Auditing in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to employ the appropriate continuous auditing and continuous monitoring principles, tools and techniques to overcome the challenges of navigating and analyzing the massive amount of e-commerce data that is continually generated in the CLOUD environment.
CHAPTER 18: Testing Segregation of Duties in the CLOUD Ecosystem
What you will learn: At the completion of this chapter you will have learned how:
- Access logical security controls in terms of identifying the number of employees that are involved in a given business transaction, who is performing an accounting function, and who is performing a financial reporting function
- To test segregation of accounting and financial reporting duties in the CLOUD ecosystem.
What you will learn: At the completion of this chapter, you will have learned how to audit Service Level Agreements (SLA) with SaaS, PaaS, and IaaS service providers and their derivative counterpart.
CHAPTER 20: Documenting, Gathering, and Evaluating Electronic Evidence in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to identify sources of a client’s data and how to document, gather, evaluate, analyze, and report on electronic evidence that is stored on servers located in multiple data centers around the world.
CHAPTER 21: Testing CLOUD Security and Security-as-a-Service in the CLOUD
What you will learn: By the end of this chapter, you will have learned various security deployment strategies and how to identify and test security controls that have direct impacts on client data and on accounting and financial reporting operations in the CLOUD.
CHAPTER 22: Testing Business and Financial Controls in Virtualized Multi-Tenant Environments
What you will learn: How to identify and test business and financial controls in a virtualized-multi-tenant environment.
CHAPTER 23: Testing SaaS Controls against Business Rules, Accounting Policies, and Regulatory Requirements
What you will learn: At the completion of this chapter you will have learned how to identify and document SaaS application controls to determine whether business rules, company policies, accounting policies, and regulatory requirements are implemented. You will also have learned how to perform tests of controls to determine their operating effectiveness.
CHAPTER 24: Testing Accounting Cycles in the CLOUD
What you will learn: At the completion of this chapter you will have learned how to re-construct accounting cycles in the CLOUD so that risk assessment and testing activities can be performed efficiently and expeditiously.
CHAPTER 25: Testing CLOUD Controls against Regulatory Requirements
What you will learn: At the completion of this chapter, you will have learned how to test compliance with PCI DSS as a regulatory compliance requirement.
CHAPTER 26: Testing SaaS Application Access and Data Partitioning Controls in a Multi-tenant CLOUD Environment
What you will learn: At the completion of this chapter you will have learned how to distinguish between data compartmentalization protection controls and application controls. You will also have learned how to test application and data security and privacy protection controls in a multi-tenant CLOUD environment.
CHAPTER 27: Testing Metadata and Event Logging Activities
What you will learn: At the completion of this chapter you will have learned how to (a) identify sources of metadata in computer systems; (b) how metadata is generated; (c) how to identify event logs generated at the IaaS, PaaS, and SaaS levels; (d) how to use event logs and metadata files as sources of audit evidence in the financial statement auditing process. You will also have learned how to identify network, system, and application metadata and event logs at IaaS, PaaS, and SaaS security layers.
CHAPTER 28: Testing Data Transformation and Disposition in the CLOUD
What you will learn: At the completion of this chapter, you will have learned how to navigate the CLOUD ecosystem by examining data integrity at all stages of the data life cycle, from data transformation to data disposition.
CHAPTER 29: Testing Configuration Management and Interoperability Controls in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to identify configurable components in IaaS, PaaS, and SaaS platforms. You will also have learned how to deploy change tracking and version control tools to ensure that changes to computer components that could impact accounting and financial reporting controls can be identified and tracked.
CHAPTER 30: Testing Strategy for Derivative IaaS, PaaS, and SaaS CLOUD Services
What you will learn: At the completion of this chapter, you will have learned how to test derivative IaaS, PaaS, and SaaS platforms such as Identity-as-a-Service, Policy Enforcement Points-as-a-Service, Policy Access Points-as-a-Service, Security-as-a-Service, and Policy Decision Points-as-a-Service.
CHAPTER 31: Computer Forensics Investigation in Financial Statement Auditing
What you will learn: At the completion of this chapter, you will have learned how to select the appropriate tools for computer forensic investigation. You will also have learned how to conduct computer forensics and valuable tips and tricks of the trade.
CHAPTER 32: Auditing System Development Life Cycle (SDLC) Controls in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to conduct auditing at the various phases of the SDLC, including system conversion and system migration projects.
CHAPTER 33: Testing Disaster Recovery (DR), Business Continuity (BC) and Incident Response (IR) in the CLOUD Ecosystem
What you will learn: At the completion of this chapter, you will have learned how to audit the DR, BC and IR plans designed for the CLOUD ecosystem.
After completing this course you will be able to:
- Differentiate between mainframe systems, client server systems, web-based systems, and CLOUD based systems.
- Describe how networks work using the ISO OSI Reference Model
- Identify and document generic and customized features of the SaaS, PaaS and IaaS platforms.
- Identify and document IaaS, PaaS, and SaaS interfaces.
- Identify the various hardware components in a company’s CLOUD environment for input to the risk assessment process.
- Select the appropriate tools to conduct data analysis in a “Big Data” environment.
- Document the various features and services of a company’s SaaS, PaaS and IaaS platform to be used as input to the risk assessment and testing processes.
- Differentiate between CLOUD brokered services and derivative CLOUD services.
- Differentiate between continuous auditing and continuous monitoring
- Identify, differentiate and document application and system controls in a CLOUD environment.
- Differentiate between application controls, network controls and system controls.
- Identify data related to a specific transaction and formulate transaction cycles in the CLOUD environment.
- Identify the various phases of the System Development Life Cycle (SDLC) and their applicability to a company’s system development project in the CLOUD.
- Document the roles and responsibilities of various actors in a company’s CLOUD environment based on the Service Level Agreement (SLA)
- Determine the need for computer forensic investigation and select the relevant tools.
- Determine the existence of segregation of duties in the CLOUD or the lack thereof.
- Trace data from its origin to its final disposition.
- Examine and document key controls in a Disaster Recovery Plan (DRP) an Incident Response Plan (IRP) and a Business Continuity Plan (DRP).
- Learn the principles of data security and how to document and assess the controls surrounding data in motion and data at rest.
- Reconstruct transaction cycles in the CLOUD environment from various sources where data was stored.
- Select tools to use for data reconciliation and data tracing.
The Agenda provides timelines for the program content coverage per chapter.
Download Agenda
agenda.pdf | |
File Size: | 530 kb |
File Type: |
INSTRUCTOR BIO
Robert Llewellyn Kilby, CPA, CITP, CCSK
Robert is a former exam writer of the AICPA Certified Information Technology Professional (CITP) and CPA exams. He is one of the 16 writers of the first CITP exam. Robert is executive director of 247 Continuous Auditing, LLC (a PCAOB registered CPA firm). He is a graduate of the University of Maryland – College Park where he majored in Accounting, Information System Management and Telecommunications Management. Robert has more than 25 years of experience working with Fortune 100 companies including MCI Telecommunications Corporation, IBM, BellSouth, the Southern Company and Harbinger Corporation in management. In a management consulting role Robert was responsible for system development, software quality assurance, SOX readiness assessment, SAS 70®, SOC 1® and SOC 2® lead auditor and IT auditor. As senior partner of Independent Software Certification, Robert served in a lead audit role. His SAS 70 audit engagements include the State of West Virginia Powerball lottery and instant lottery systems, the State of Mississippi, Washington D.C., the State of Massachusetts, and the State of Georgia Medicaid Management Information System (MMIS) and Prescription Benefit Management (PBM) systems. He is Training Director of the American Institute of CLOUD Auditors (AiCA). Robert is co-author of the AiCA SKYBLUE Book Series. He is a Certified CLOUD Security Knowledge (CCSK) credential holder.
Robert is a former exam writer of the AICPA Certified Information Technology Professional (CITP) and CPA exams. He is one of the 16 writers of the first CITP exam. Robert is executive director of 247 Continuous Auditing, LLC (a PCAOB registered CPA firm). He is a graduate of the University of Maryland – College Park where he majored in Accounting, Information System Management and Telecommunications Management. Robert has more than 25 years of experience working with Fortune 100 companies including MCI Telecommunications Corporation, IBM, BellSouth, the Southern Company and Harbinger Corporation in management. In a management consulting role Robert was responsible for system development, software quality assurance, SOX readiness assessment, SAS 70®, SOC 1® and SOC 2® lead auditor and IT auditor. As senior partner of Independent Software Certification, Robert served in a lead audit role. His SAS 70 audit engagements include the State of West Virginia Powerball lottery and instant lottery systems, the State of Mississippi, Washington D.C., the State of Massachusetts, and the State of Georgia Medicaid Management Information System (MMIS) and Prescription Benefit Management (PBM) systems. He is Training Director of the American Institute of CLOUD Auditors (AiCA). Robert is co-author of the AiCA SKYBLUE Book Series. He is a Certified CLOUD Security Knowledge (CCSK) credential holder.
PRICING REGISTRATION GROUP & MEMBERSHIP DISCOUNTS
Visit the store to register and take advantage of our group and membership discounts. ENTER HERE....
In order to be awarded full credit hours for this course, you must be present for the entire time of the course duration. You must sign in prior to the commencement of the session and sign out when the class is over. An attendance log will be available at the registration desk at the entrance of the conference room where the session will be held.
Participants will earn: 24 CPE credits
Field of Study: Auditing (Technical):
ADDITIONAL INFORMATION:
Prerequisites: Basic knowledge of auditing
Who Should Attend: CPAs and accounting professionals
Advanced Preparation: None
Program Level: Intermediate
Delivery Method: Group Live
Participants will earn: 24 CPE credits
Field of Study: Auditing (Technical):
- Auditing and Reports - Subjects related to IT Auditing Standards and procedures
- Auditing – General
- Auditing Research
- ERISA Auditing
- Forensic Analysis and Evaluation
- Planning and Supervision
- Study, Evaluation, Implementation and Monitoring of Internal Controls
- Substantive Audit Procedures - Subjects related to activities performed by the auditor (during the substantive testing stage of the audit) that gather evidence as to the completeness, validity and/or accuracy of account balances and underlying classes of transactions
- Technical Computer Software and Applications – Subjects, especially CLOUD platforms that focus on the application of software in an auditing practice including understanding the issues in auditing Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS) and the derivative services (Security-as-a-Service, Storage-as-a-Service, etc.) of these three base-CLOUD platforms and applying IT auditing principles.
ADDITIONAL INFORMATION:
Prerequisites: Basic knowledge of auditing
Who Should Attend: CPAs and accounting professionals
Advanced Preparation: None
Program Level: Intermediate
Delivery Method: Group Live
REFUND & CANCELLATION POLICY
Requests for refunds must be received in writing before the course session begins and will be subject to a cancellation fee. No refunds will be granted after the course begins. For more information regarding refund, complaint, and/or program cancellation policies please email inquiries to [email protected]. Don’t forget to put “REFUND” in the subject line.
NATIONAL ASSOCIATION OF STATE BOARDS OF ACCOUNTANCY (NASBA) REGISTRATION REQUIREMENTS
American Institute of CLOUD Auditors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. |
TRAVEL & ACCOMMODATION
TBD