All right. So good morning, guys and thank you for joining me here today. So, today, I just wanted to do a quick training on IT audio walkthroughs, and to be honest, I was planning to record this by myself and then I decided, you know, what, why not just make it a live training and see if others are interested in joining, and you guys are. So, thank you for joining. It's going to be short. This is just going to be 30 minutes, maybe about 15-20 minutes of training. And then, I'll see if you guys have any questions. It's intended for YouTube, for transparency sake. So, it will be recorded to YouTube, but the difference is those that are here live with me, you get to ask questions, and those on YouTube can't ask questions right. So, let's go ahead and get started. If you guys are ready to get started, okay. You let me know. Yep, yep, yep. All right. So awesome awesome. So let's go ahead, and get started here. Thank you for joining me here today for a training on IT audit walkthroughs. So in today's training, I just want to give you guys a quick overview or an introduction to what IT audit walkthroughs are. I know many of you might have been searching the internet trying to find additional information on audits, and you may have seen the word walkthrough, right. And you don't understand what that is. So today, I'm just going to give you an introduction to that. And then, we'll see if you guys have any questions related to the topic. Later on, all right. So, I see more of you joining. Thank you for joining, guys. So, before we get started, very brief introduction to myself. I don't want to take too much time here. But for those, that are just meeting me for the first time. My name is Peju Adedeji. I have over 18 years of experience in the I.T space. A lot of that is around IT audit GRC program management. All in the audit and compliance space really. My passion is teaching. That's one of the things that I've always loved to do. So, I'm also a career coach where I help people that are looking to start their careers in I.T cyber security audit, and compliance. Okay, for me, I like practical training recently joined the Forbes coaches council. Again, I really love teaching so I like to be with other coaches trying to develop myself so that I can help my students as well. This year, we've already had multiple six-figure salaries that have come in our program, and so I I'm really excited about what we're doing. So let's go ahead and get started with the training for today. So here are the topics for today. We're going to go over an introduction to IT audit at a higher level. So if you are not familiar with this you can probably check my YouTube channel. And you see the training, I've done it on this in the past. But I'm going to just introduce that because I know some people that are here today may not right have watched any of my videos before or attended any of my training. And then, we'll talk about the IT audit phases because it's during this discussion that we're then going to talk about walkthroughs, because walkthroughs that's one of the phases or part of one of the phases. And there's going to be a bonus review, where I'm going to walk through some actual examples with you. And maybe I'll give you guys a bonus document. But let's see, okay. And at the end I'll give about 10 minutes or so for questions. So let's go ahead and start with our introduction to IT audit. I'm not going to go in depth into this like I said, I have a training on my YouTube channel that you guys can watch. But, I do want to introduce this in today's training because I want you to understand what audits are before we talk about walkthroughs, right. So, what's an audit at the end of the day, you know, people have different definitions of what it is, but IT audit at the end of the day, if you want to use simple terms, is an examination of the organization systems to determine if controls are operating effectively. So systems usually have controls in there, and for controls. Again, the prior training I mentioned will have that but think of a control as like a password control, right. When you want to log into your computer, you have to put in a password, or maybe your e-mail you have to put in a password that's a control. So, organization systems have controls, as well, and this controls right. In order, part of an I.T audit is testing and examining those systems to determine if those controls are operating effectively because if they are not operating effectively, then the security of that system right is in question. And you might be wondering, "Well, why should I be concerned about the security or of a system or whether the controls are operating effectively," and the reason is one you want to mitigate risks, right. You don't want people having inappropriate access to your systems, so when I say, "You, I'm in the organization," an organization doesn't want people having inappropriate access to the systems. So, it's important to have controls in place to ensure that that security is there. And as the I.T auditor, right, part of your audit objective or your control objective for your test is determining if security controls are in place. So you are examining those systems to see if those controls are effective in mitigating risks, like I said for example security risks or just even medium compliance and regulatory requirements, right. So in the US, we have servings, okay. Other countries have similar laws and standards as well. We have PCI, SOX, SSA 18, right. So, all those standards depending on what your organization needs to comply with then the audit is going to take place to examine and determine if those controls are meeting those requirements, okay. So that's a summary of what we have of what IT audits are. So, there are three key phases of IT audience, all right. So we have the audio planning phase we have our field workplace, and this is where you have the walkthrough, so that's where the walkthroughs are performed, and you also have the reporting and the follow-up phase. So I'm going to again summarize this. So that I set the stage for what we really want to talk about today, so in your audit planning phase right. This is where you're understanding the organization trying to define the scope, and the objective and also trying to identify what tests you perform so you're essentially just planning for the audit in that phase. Now, the field work phase is, kind of, I'll say, that's where the medium potatoes are right. I guess when you do the real field work for the audit you do your testing and all of that. But, before you actually start testing, you have to perform your walkthroughs, and I'm going to come back to the World Series after I finish the third stage or the third phase. The third phase is where you do the reporting, so you finish planning, you've done the actual testing, and you have results then in the third phase, you're doing your reporting, and your follow-up. So, this is where you type up the report to management on the results. And if there were any issues identified, you can go back, and retest to confirm whether or not, they've been addressed. So those are the three phases of an audit. Now, I want to dial in on that walk through piece because there are many moving parts, right. So as you can imagine an audit is like a pretty big project, right. So, there are many moving pieces and today, I'm now going to focus on the IT audio walkthrough piece right again. The IT or the walkthrough is part of the field work phase. So now, let's talk about what are IT? What other walkthroughs or what, I'm not sure if you know, maybe if you've you rented an apartment, or you bought a house before they give you the keys, right. You, kind of, they will take you to what they call a walkthrough. Typically, right, you just go in kind of just look at how things are before they give you the keys and say, "Okay, we agree that this is the state that you're giving us the house or the apartment in or whatnot." So if you think about that it's not exactly the same, but a walkthrough from the IT audit perspective is you getting a better understanding of the I.T control environment of the company. So what you do at the beginning of the audit, because you're an auditor right, you're not I.T. You're not, if you're an external auditor, you're not working in the company right. So you can't assume that you know everything about that company. You can't assume that you know their control environment. So the reason for that walkthrough is for the auditors to get a better understanding, right, of the control environment that they're going to be auditing. So, it's absolutely critical because if you don't conduct your walkthrough effectively, you might have gaps in your understanding of the control environment, and that's going to ultimately impact right the quality of the control procedures that you choose to perform and your understanding of the impact of the risk. So, walkthroughs are very important because that's where you really get a good understanding of that environment, and a key part of that is that you have to include key players and the control owners from I.T. So, you're not just going to have a random set of people in your work just giving you information about the environment. You have to understand that you have to invite the right players. So if for your IT audit walkthrough, you probably have their management levels there right the people that are responsible for those controls. So the control owners you want to make sure that they are in the room with you or on Zoom if it's virtual, right, explaining their an I.T environment. And even if they're not the key control owner, but they have a part in the process. And, they're a key player or key stakeholder then you want to make sure that they're also in the room with you because if not, then again, you run the risk of not having that information on the control environment. So it's important to have the key players and especially the control owners in the meeting where you're having that walk through and one of the things that you would test there or that you could test, there is a test of design again if you don't know what test of design is, you can watch my prior video, and I'll probably link it when I post this on YouTube, so you can see that video where I talk about test of design in terms of operating effectiveness. So depending on the control that you're testing or the controls that you're reviewing during your walkthroughs, you may be able to perform some tests of design there. Okay. So again, just to summarize this why didn't we conduct I.T audit walkthroughs, it's to understand or better understand the control environment. The I.T control environment that you'll be testing, you should include the key players stakeholders and control owners from it. And during this, you may be able to test the design of controls as, well, okay, one thing I do want to stay here before we move on to the next area is that you'll go through questions should be worded properly, right. So that you can get useful responses from those that you're interviewing. So let me pause here for a second. Have you guys ever asked a question and then you got the wrong answer back? Let me see you guys in the chat just to make sure, you guys are still here with me. Have you ever asked the question and the kind of answers you're getting, you're like, "Okay, maybe I asked the wrong question." Yeah? Okay, so that's the same thing for walkthroughs. So it takes some skill, right? You need to know what questions that you should ask in order to be able to get the right risk. I don't want to use the word, right because it's not really right and wrong, but in order to get good responses, right. Useful responses where you when you're actually testing it makes sense not the kind of response is that when you start testing, it's like okay what they said doesn't make sense based on what I'm looking at right. So, that's a skill you'll need to gain as you go through your walkthroughs because if you don't write, then you run the risk of not getting the responses that will be useful to you in performing your audience. So um here is the bonus part I'm going to now give you a couple of examples so that you know again I like practical teaching so that this can be real to you okay so let's look at some um sample questions and there are different parts of it audits I'm going to look at couple of questions and logical security so logical security this is around access to systems we're not going to go deep into logical security itself but let's talk about what are some questions right so you want you're going to have different levels to your questions so for example you start off with describe the user access provisioning process this is open-ended you want to give them the opportunity to describe the whole process for you and then you can go deeper right so who has authority to approve users and their privileged levels so you again you're starting higher getting a broader understanding of the environment and their process and then you can ask deeper questions based on the controls that you're testing so these are just a few examples for you to see what you might ask during a walkthrough and then um again let me look at change management so change management again is another area that we test for in I during it Audits and here you might also start with describe the change management process right again Study High Level giving them the opportunity to describe the process to you end to end and then you ask who's required to approve changes for example so that's a little bit more um you're diving deeper into maybe one of the controls to get a better understanding of that particular control area okay so um hopefully that was helpful for you guys do you guys feel like you have a better understanding of what walkthroughs are now yep okay good good I see yes uh thank you Diamond Lake con thank you Ashley so that's really what I wanted to cover here today again this is intended to be a short training session just bite size so that you understand um some unique areas in the audit space that would help you all right so um rainbow said basically to understand the yeah so to understand the IC control environment and that would help you when you're putting together your um procedures of Performing your test for your it audit all right so now let's do a summary I promise you there'll be some time for Q a at the end let me see if you guys have any questions if you have questions you can put them in the Q a section and I'll take a few minutes to answer them here but let me do a quick summary for you guys because I know some of you um joined after we already started um just to summarize what we talked about here today we started off by just going through an introduction to it audits right uh again if you want more information there you can watch that video I have on the channel and then we talked about the I.T audit faces right what are the phases so let me pause before I answer the question in the chat can you tell me what are the phases that we talked about today awesome thanks Bob oh second phase thank you and then one more reporting and follow awesome awesome on what phase do we have the Ito walkthroughs walk through his field work so the field work isn't um the ID audio walkthrough happens in the field work stage and this is where again you're getting a better understanding of the environment you're talking to the control owners and you're talking to the uh all the key stakeholders in the I.T space and then we just walk through a few examples so that you can see how um how walkthroughs are conducted okay so I'm going to pause now let's see if you guys have any questions I did tell you it's going to be about 30 minutes so I want to make sure that we don't go over time what questions do you guys have you guys have any questions or was this straightforward for you guys okay so great question Nick and Nick is asking can walkthroughs be done virtually or does he have to be in person um it can be done virtually so if you think about the pandemic right where everyone no one went out right if we weren't going to the office we're all working remotely a lot of those walkthroughs were performed remotely because you can have interviews now the difference would be physical security will views where you have to physically walk through a data center for example then you'll have to physically go there but other than that for the most part you can have them virtually it can be in a meeting on Zoom or whatever meeting software your organization uses um rough is asking which video should you focus on um I'll say that depends on your interest right because I have a lot of videos on different areas so you you can select the one that you want I'm trying to do a better job posting I'm pretty busy I have a full-time job so training is not the only thing I do um so I'm trying to do a better job posting but I'll say watch the video that makes sense to you all right so um oh what she was asking walkthroughs seem to be like something to be done to enhance your planning how come it's in the field work phase um it depends on your definition of enhancing your planning right because planning you're not really doing any work right in planning you actually determine what areas you need to test and that will then determine what areas you need to do your walk through right because you don't necessarily need to test all the areas of I.T depending on the scope of your audit so planning is more scope focused once you identify your scope and then you know the areas you want to test then it's reasonable that you would then go do walkthroughs for that area you don't need to do walkthroughs for everything definitely you don't need to do a walk through for an area you don't need to test okay so hopefully that addressed the question um the last one I see here so Laker is asking what it audit applications are used as a side Erp systems um I don't know that that question is really accurate um because you're talking about two different things so when you say it audit applications Erp systems those are two different things so maybe you want to reward that question let me better understand if you're talking about applications that the audit team uses for their audit and GRC you have servicenow orchard all of that and then the Erp systems are not audit systems Erp systems are systems that the organization is using for their operational needs right so those are two different things so hopefully that helps all right um and she Iggy is asking what's the name of the YouTube channel it's your I.T career maybe I'll find the link hold on I'll put it in the record when I post the recording I'll send an email out and I'll just um I'll give you guys access to that because I don't know that I have a handy let's see um what's the difference between internal and external audit so sure I will refer you to my YouTube channel for that just because I have another video that goes into that in depth so I think that'll probably be more beneficial to you okay um Sarah is asking you missed the training yes the recording is going to be on YouTube so I was transparent I was planning to record this for YouTube anyways and instead of recording it by myself I decided to invite you guys to listen to me record it live so let's say in the next couple of days or so you guys should see it on YouTube the difference is those that are here live get to and ask questions okay all right so let's now go to let's see if there any other questions I will be wrapping up in a few minutes in Lincoln said got it okay good so she always asking can virtual audit be done for a physical Operation Center um it depends on the objective it depends on what you're testing but typically if the con it depends on the controls so if you don't understand what controls are again let me see if I can find that channel for you uh but it's the control is what's going to determine how you perform right so you can't just take an audit what what are you actually testing because if the control is a physical control that someone needs to see Right Touch or whatever then you will need to do that physically but if it doesn't require physical presence then if that control could be tested virtually okay all right let's see if there's any more question if there are any more questions hey so good good good so thank you guys for joining me here today now did you guys let all some media is asking do I have resume workshops on it audits do you mean just training on how to do your your resume is that what you're asking awesome media okay so I don't do workshops on resume training however I have covered the topic before where I talked about resume mistakes that you might make in it audit so if and I think I actually have that on my YouTube channel as well so if you go there I think I have one training where I talk about resume mistakes that you might be making um so I don't do workshops and that now in my full-blown comprehensive training I do provide resume training for my students I bring in like a live professional resume writer to come give training to students in one of my courses so that's something I provide because you resume is not just about finding a template online and putting it together right your resume should reflect what you know your experience I think okay I'll answer one more question because we have just one more minute um did we do control testing in the process of walkthrough only check the design um typically during your walkthrough you're just that's where you're really doing your design review depending on the control you may not even be able to really finish that in the walkthrough but you would look at that there however additional testing will be needed to finish your testing procedures okay all right so I think we're up on time here today thank you guys for joining me if you guys learned something I promise to you guys you will learn something all right great great great so before we go let me just make sure there's a free Italy career guide so this guide has been downloaded so so many times by so many people let me put it in the chat and it's also going to be available in the YouTube link when I'm done but if you guys want the guide for those interested in it audits go ahead and download this guide um and it just walks through some things that you need to know so make sure you download that guide um it's free I'm not charging you for that at all and um I'm not sure how often I'll do this free training maybe once a month I don't know but if you're on my email list so if you get that guy for example you'll be on my email list and you'll get invited to this I don't publicize this small meetings anywhere else it's just going to be for those on my email list I think I scroll too fast okay there it is all right so thank you guys you guys have a great rest of your day bye