Shop Courses > Guide to IT Auditing

Guide to IT Auditing #380326

Course Overview

Credit

Amount

CPA

Course Author: Steven M. Bragg, CPA Field of Study (CPA): Auditing

Course Description

Course publication/revision date: This course was updated on 5/12/2026.

The auditor may be called upon to examine an organization’s information technology (IT) function, which is one of the more difficult areas to audit, given its highly technical nature. In the Guide to IT Auditing course, we discuss how an IT audit is conducted and the specific audit steps required. These steps cover such areas as IT governance, data centers, networking devices, databases, end-user computing devices, applications, outsourced operations, and much more. The course is intended to give the auditor a complete checklist for how to conduct an IT audit.

Table of Contents

Guide to IT Auditing	1
Introduction	1
The Purpose of IT Auditing	1
Business Advisory Audits	1

The Nature of Controls2

Types of Internal Controls

The Audit Process3

The Project Ranking Process	4
The Audit Process	5
1. Planning	5
2. Fieldwork	6
3. Issue Discovery	6
4. Solution Development	6
5. Report Creation	7
6. Issue Tracking	8

Auditing IT Governance	8
Auditing Entity-Level Controls	8
Auditing Cybersecurity Programs	11
Auditing Data Centers	13
Auditing Networking Devices	17
Auditing Windows Servers	19
Auditing Unix and Linux Operating Systems	21
Auditing Web Servers and Web Applications	23
Auditing Databases	24
Auditing Storage	26
Auditing Zero Trust Concepts	26
Auditing End-User Computing Devices	27
Auditing Applications	29
Auditing Outsourced Operations	30
Auditing Project Management	34
Continuous Auditing	36
IT Auditing Efficiency	37
Summary	38
Review Questions	39
Answers to Review Questions	41
Glossary	44
Index	46

Course Details

Author: Steven M. Bragg, CPA

Steven Bragg, CPA, has been the chief financial officer or controller of four companies, as well as a consulting manager at Ernst & Young. He received a master’s degree in finance from Bentley College, an MBA from Babson College, and a Bachelor’s degree in Economics from the University of Maine. He has been a two-time president of the Colorado Mountain Club, and is an avid alpine skier, mountain biker, and certified master diver. Mr. Bragg resides in Centennial, Colorado. He has written more than 300 books and courses, including New Controller Guidebook, GAAP Guidebook, and Payroll Management.

Publication/Revision Date: 5/12/2026

Course Exam Questions: 15 (multiple-choice)

Program Delivery Method: Self-Study (NASBA QAS Self-Study)

Available Formats of Course Text: Downloadable PDF, Printed/Mailed

Course Level, Prerequisites, and Advance Preparation Requirements

License	Course Level	Prerequisites	Advance Preparation Requirements
CPA	Overview	None	None

* This program is appropriate for professionals at all organizational levels.

Sponsor ID Numbers

National Registry of CPE Sponsors I.D.: 107615

State CPA Board Sponsor ID Numbers (where applicable)

Florida Division of Certified Public Accounting: 0004761

Hawaii Board of Public Accountancy: 14003

New York State Board for Public Accountancy: 002146

Ohio Accountancy Board: .51 PSR

Pennsylvania State Board of Accountancy: PX178025

Texas State Board of Public Accountancy: 009349

Learning Objectives

As a result of studying the course material, you should be able to meet the objectives listed below:

Recognize the types of controls that can be applied to a system.
Specify how a ranking system might be formulated to identify a group of IT audits to be performed.
Identify the different types of audit activities associated with each area of the IT function.
Recognize the different hardware and software network devices used to protect a computer system from attackers.
Identify the reports an IT vendor can provide an auditor regarding its system of controls.
Recognize the concerns associated with offshoring an IT function.
Specify the characteristics of a continuous auditing system.