|
AICPA-NASBA ISC Discipline Exam
Review Course
It is not enough to know the correct answer on the ISC Discipline exam.
You must know why the answer is correct.
We teach the theories and provide hands-on training on the prevailing IT and CLOUD platforms.
Los Angeles: TBD
Las Vegas: TBD |
Atlanta: TBD
Washington DC: TBD |
New York City: TBD
San Francisco: TBD |
Chicago: TBD
Dallas: TBD |
OVERVIEW
In today’s era of CLOUD technology, companies are outsourcing significant segments of their business operations to third-party service providers and these services are being delivered through the CLOUD. Companies that are outsourcing their payroll functions, e-commerce, banking, inventory, warehousing operations, employee benefit plan management, brokerage and other services to third-party service providers need to have a peace of mind that their financial data is secured, accurate and that the data remains within the national borders while in the CLOUD.
Accounting professionals must understand how financial data is generated, transformed, aggregated, transmitted and stored in the CLOUD. Accountants and auditors must also understand how financial statements are generated in the CLOUD. Finally, accounting professional must be able to conduct risk assessment at all levels of the CLOUD architecture as financial data is process in and out of the CLOUD ecosystem.
Sarbanes Oxley Act of the U.S. Congress:
Section 302(a) of the Sarbanes-Oxley Act of 2002, requires an issuer's principal executive and financial officers each to certify the financial and other information contained in the issuer's quarterly and annual reports. The rules also require these officers to certify that: they are responsible for establishing, maintaining and regularly evaluating the effectiveness of the issuer's internal controls; they have made certain disclosures to the issuer's auditors and the audit committee of the board of directors about the issuer's internal controls; and they have included information in the issuer's quarterly and annual reports about their evaluation and whether there have been significant changes in the issuer's internal controls or in other factors that could significantly affect internal controls subsequent to the evaluation. In addition, issuers are required to maintain, and regularly evaluate the effectiveness of, disclosure controls and procedures designed to ensure that the information required in reports filed under the Securities Exchange Act of 1934 is recorded, processed, summarized and reported on a timely basis. Courtesy: U.S. Securities Commission (website)
Section 404 of the Sarbanes-Oxley Act of the U.S. congress requires that the management of public companies assess the effectiveness of the internal control of issuers for financial reporting. Section 404(b) requires a publicly-held company's auditor to attest to, and report on, management's assessment of its internal controls.
Today, most of the accounting and financial reporting controls that auditors examine and report on are implemented in the CLOUD. So, it is incumbent on corporate executives, accountants and their auditors to perform their due diligence responsibilities of ensuring the integrity of financial data that is stored, processed, and reported in corporate financial statements that are generated in the CLOUD and any other automated business operating environment.
AICPA-NASBA ISC Discipline:
The AICPA and NASBA developed the ISC Discipline exam to test the skills and competencies required to meet the challenges that IT has thrust upon the accounting profession. The ISC Discipline exam is designed to test whether a candidate has the requisite knowledge required to bridge the gap between business and technology to overcome the technological challenges the profession faces.
The American Institute of Certified Public Accountants (AICPA) and the National Association of State Boards of Accountancy (NASBA) developed the ISC Discipline Exam to recognize CPAs who can bridge the gap between business and technology.
Under the AICPA-NASBA New CPA Evolution Model Curriculum, candidates that pass the ISC Discipline exam can effectively conduct audits under the following standards:
- Sarbanes-Oxley 404 Standards
- Internal Control Over Financial Reporting (ICFR) Standards
- SOC 1 Standards
- SOC 2 Standards
- SOC 3 Standards
- Other IT Auditing Standards.
TEXT BOOK
CLICK or TAP on our STORE Menu Item above for the cost of our books and publications.
What You Will Learn
At the completion of the course you will be able to:
1) Apply the prevailing standards and risk assessment models for:
3) Determine whether controls are implemented to mitigate IT and non IT related risks and determine whether the controls are effective.
4) Determine how risks are introduced into the financial reporting process when Information Technology is implemented to automate business processes:
5) Conduct walkthroughs to identify and assess risks.
6) Conduct walkthroughs and develop the risk assessment report.
7) Determine the types of fraud that was perpetuated which requires consideration in order to know how to approach the fraud investigation. This dimension discusses (a) fraud triangle and fraud tree. The scope of the fraud is key as well because fraud in one system can permeate other systems in and exponential fashion.
8) Determine the admissibility of digital evidence in court which is an issue due to the fact that digital evidence collection and custody is a relatively new phenomenon.
9) Determine that data mining and data analysis present another area of concern when it comes to digital evidence. In this era of “BIG DATA”, in other words massive amounts of data that is generated in the cloud as a result of e-commerce and organizations move to a paperless work environment.
10) Identify controls that management put in place to ensure the information in the financial statements is reliable.
11) Prepare an IT audit plan that assesses and reports on the IC structure and some challenges you may face.
12) Discuss the 5 basic area ITGC covers:
16) Conduct financial statement audit with focus on IT auditing
17) Discuss attest services from the client perspective
18) Conduct attest services for service organizations:
21) Identify and report on deficiencies in IT related controls
22) Identify and report on adverse impacts of deficiencies in IT controls.
23) Conduct effective information management that can add value to the entity by providing management with relevant information for decision making.
24) Identify opportunities by using IT to implement new workflows or modify existing workflows and business processes for more effective and efficient management and utilization of corporate resources.
(a) Gather data (b) model data (c) transform data for purposes of:
26) Apply data analysis and reporting concepts so as to achieve the enterprise accountability goals and objectives – in the process using both financial and non-financial data.
1) Apply the prevailing standards and risk assessment models for:
- COSO
- COBIT
- AICPA ICFR Auditing Standards
- SOX
- PCAOB
- Other Federal and States: Computer Forensic Investigation Standards, IT Auditing Standards and Computer Risk Analysis and Standards.
3) Determine whether controls are implemented to mitigate IT and non IT related risks and determine whether the controls are effective.
4) Determine how risks are introduced into the financial reporting process when Information Technology is implemented to automate business processes:
- When business processes are automated, the organization must implement the appropriate set of controls to manage the newly introduced risks, including: monitoring controls, preventive controls, and detective controls to mitigate IT and non IT related risks.
5) Conduct walkthroughs to identify and assess risks.
6) Conduct walkthroughs and develop the risk assessment report.
7) Determine the types of fraud that was perpetuated which requires consideration in order to know how to approach the fraud investigation. This dimension discusses (a) fraud triangle and fraud tree. The scope of the fraud is key as well because fraud in one system can permeate other systems in and exponential fashion.
8) Determine the admissibility of digital evidence in court which is an issue due to the fact that digital evidence collection and custody is a relatively new phenomenon.
9) Determine that data mining and data analysis present another area of concern when it comes to digital evidence. In this era of “BIG DATA”, in other words massive amounts of data that is generated in the cloud as a result of e-commerce and organizations move to a paperless work environment.
10) Identify controls that management put in place to ensure the information in the financial statements is reliable.
11) Prepare an IT audit plan that assesses and reports on the IC structure and some challenges you may face.
12) Discuss the 5 basic area ITGC covers:
- The Control Environment
- Change Management
- Logical and Physical Security
- Backup and Recovery
- Service Providers.
- Information Security
- Policies and Procedures
- Hardware and Physical Controls
- Software and Process Controls
- Authorization and Authentication
- Encryption.
- The degree of risk the entity has assumed
- Which could adversely affect the entity’s business operations and/or financial reporting
- Directly impact the reliability of application controls.
- Which includes: Identifying, designing, implementing, and monitoring: (a) systems (b) processes that are used to secure information and data.
16) Conduct financial statement audit with focus on IT auditing
17) Discuss attest services from the client perspective
18) Conduct attest services for service organizations:
- From the service organization’s perspective
- From the CITP’s (auditor’s) perspective
- Test of controls
- Gathering evidence
- Use of sampling techniques
- Use of Computer Assisted Audit Tools (CAAT)
21) Identify and report on deficiencies in IT related controls
22) Identify and report on adverse impacts of deficiencies in IT controls.
23) Conduct effective information management that can add value to the entity by providing management with relevant information for decision making.
24) Identify opportunities by using IT to implement new workflows or modify existing workflows and business processes for more effective and efficient management and utilization of corporate resources.
(a) Gather data (b) model data (c) transform data for purposes of:
- Identifying useful information
- Suggesting conclusions
- Supporting effective decision making.
26) Apply data analysis and reporting concepts so as to achieve the enterprise accountability goals and objectives – in the process using both financial and non-financial data.
INSTRUCTOR BIO
Robert Llewellyn Kilby, CPA, CITP, CCSK
Robert is a former exam writer of the AICPA Certified Information Technology Professional (CITP) and CPA exams. He is one of the writers of the first CITP exam. Robert is executive director of 247 Continuous Auditing, LLC (a PCAOB registered CPA firm). He is a graduate of the University of Maryland – College Park where he majored in Accounting, Information System Management and Telecommunications Management. Robert has more than 25 years of experience working with Fortune 100 companies including MCI Telecommunications Corporation, IBM, BellSouth, the Southern Company and Harbinger Corporation in management. In a management consulting role Robert was responsible for system development, software quality assurance, SOX readiness assessment, SAS 70®, SOC 1® and SOC 2® lead auditor and IT auditor. As senior partner of Independent Software Certification, Robert served in a lead audit role. His SAS 70 audit engagements include the State of West Virginia Powerball lottery and instant lottery systems, the State of Mississippi, Washington D.C., the State of Massachusetts, and the State of Georgia Medicaid Management Information System (MMIS) and Prescription Benefit Management (PBM) systems. He is Training Director of the American Institute of CLOUD Auditors (AiCA). Robert is co-author of the AiCA SKYBLUE Book Series. He is a Certified CLOUD Security Knowledge (CCSK) credential holder.
Robert is a former exam writer of the AICPA Certified Information Technology Professional (CITP) and CPA exams. He is one of the writers of the first CITP exam. Robert is executive director of 247 Continuous Auditing, LLC (a PCAOB registered CPA firm). He is a graduate of the University of Maryland – College Park where he majored in Accounting, Information System Management and Telecommunications Management. Robert has more than 25 years of experience working with Fortune 100 companies including MCI Telecommunications Corporation, IBM, BellSouth, the Southern Company and Harbinger Corporation in management. In a management consulting role Robert was responsible for system development, software quality assurance, SOX readiness assessment, SAS 70®, SOC 1® and SOC 2® lead auditor and IT auditor. As senior partner of Independent Software Certification, Robert served in a lead audit role. His SAS 70 audit engagements include the State of West Virginia Powerball lottery and instant lottery systems, the State of Mississippi, Washington D.C., the State of Massachusetts, and the State of Georgia Medicaid Management Information System (MMIS) and Prescription Benefit Management (PBM) systems. He is Training Director of the American Institute of CLOUD Auditors (AiCA). Robert is co-author of the AiCA SKYBLUE Book Series. He is a Certified CLOUD Security Knowledge (CCSK) credential holder.
PRICING REGISTRATION GROUP & MEMBERSHIP DISCOUNTS
Visit the store to register and take advantage of our group and membership discounts. ENTER HERE....
In order to be awarded full credit hours for this course, you must be present for the entire time of the course duration.
You must sign in prior to the commencement of the session and sign out when the class is over. An attendance log will be available at the registration desk at the entrance of the conference room where the session will be held.
Participants will earn: 24 CPE credits
Field of Study: Auditing (Technical):
You must sign in prior to the commencement of the session and sign out when the class is over. An attendance log will be available at the registration desk at the entrance of the conference room where the session will be held.
Participants will earn: 24 CPE credits
Field of Study: Auditing (Technical):
- Auditing and Reports - Subjects related to IT Auditing Standards and procedures
- Auditing – General
- Auditing Research
- ERISA Auditing
- Forensic Analysis and Evaluation
- Planning and Supervision
- Study, Evaluation, Implementation and Monitoring of Internal Controls
- Substantive Audit Procedures - Subjects related to activities performed by the auditor (during the substantive testing stage of the audit) that gather evidence as to the completeness, validity and/or accuracy of account balances and underlying classes of transactions
- Technical Computer Software and Applications – Subjects, especially CLOUD platforms that focus on the application of software in an auditing practice including understanding the issues in auditing Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS) and the derivative services (Security-as-a-Service, Storage-as-a-Service, etc.) of these three base-CLOUD platforms and applying IT auditing principles.
ADDITIONAL INFORMATION:
Prerequisites: Basic knowledge of auditing
Who Should Attend: CPAs and accounting professionals
Advanced Preparation: None
Program Level: Intermediate
Delivery Method: Group Live
Who Should Attend: CPAs and accounting professionals
Advanced Preparation: None
Program Level: Intermediate
Delivery Method: Group Live
REFUND & CANCELLATION POLICY
Requests for refunds must be received in writing before the course session begins and will be subject to a cancellation fee. No refunds will be granted after the course begins. For more information regarding refund, complaint, and/or program cancellation policies please email inquiries to services@aicamembers.com. Don’t forget to put “REFUND” in the subject line.
NATIONAL ASSOCIATION OF STATE BOARDS OF ACCOUNTANCY (NASBA) REGISTRATION REQUIREMENTS
|
American Institute of CLOUD Auditors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.
|
TRAVEL & ACCOMMODATION
TBD