-
all right so good morning guys and thank
-
you for joining me here today so today I
-
just wanted to do a quick training on it
-
audio walkthroughs and to be honest I
-
was planning to record this by myself
-
and then I decided you know what why not
-
just make it a live training and see if
-
others are interested in joining and you
-
guys are so thank you for joining
-
um it's going to be short this is just
-
going to be 30 minutes maybe about 15-20
-
minutes of training and then I'll see if
-
you guys have any questions
-
um it's intended for YouTube for
-
transparency sake so it will be recorded
-
to YouTube but the difference is those
-
that are here live with me you get to
-
ask questions and those on YouTube can't
-
ask questions right so let's go ahead
-
and get started if you guys are ready to
-
get started okay you let me know yep yep
-
yep
-
all right so awesome awesome so let's go
-
ahead and get started here thank you for
-
joining me here today for a training on
-
it audit walkthroughs so in today's
-
training I just want to give you guys
-
um a quick overview or an introduction
-
to what it audit walkthroughs are I know
-
many of you might have been searching
-
the internet trying to find additional
-
information on Audits and you may have
-
seen the word walkthrough right and you
-
don't understand what that is so today
-
I'm just going to give you an
-
introduction to that and then we'll see
-
if you guys have any questions related
-
to the topic
-
um later on all right so I see more of
-
you joining thank you for joining guys
-
so um before we get started very brief
-
introduction to myself I don't want to
-
take too much time here
-
um but for those that are just meeting
-
me for the first time my name is
-
I have over 18 years of experience in
-
the I.T space a lot of that is around it
-
audit GRC program management all in the
-
audit and compliance space really my
-
passion is teaching that's one of the
-
things that I've always loved to do so
-
I'm also a career coach where I help
-
people that are looking to start their
-
careers in I.T cyber security audit and
-
compliance
-
okay uh for me I like practical training
-
um recently joined the Forbes coaches
-
Council again I really love teaching so
-
I like to be with other coaches trying
-
to develop myself so that I can help my
-
students as well
-
um this year we've already had multiple
-
six-figure salaries that have come in
-
our program and so I I'm really excited
-
about what we're doing so let's go ahead
-
and get started with the training for
-
today
-
so here are the topics for today
-
um we're going to go over an
-
introduction to it audit at a higher
-
level so if you are not familiar with
-
this you can probably check my YouTube
-
channel and you see the training I've
-
done it on this in the past
-
um but I'm going to just introduce that
-
because I know some people that are here
-
today may not right have um watched any
-
of my videos before or attended any of
-
my training and then we'll talk about
-
the it audit phases because it's during
-
this discussion that we're then going to
-
talk about walkthroughs because
-
walkthroughs that's one of the phases or
-
part of one of the phases and there's
-
going to be a bonus review where I'm
-
going to walk through some actual
-
examples with you and maybe I'll give
-
you guys a bonus document but let's see
-
okay and at the end I'll give about 10
-
minutes or so for questions
-
so let's go ahead and start with our
-
introduction to it audit
-
I'm not going to go in depth into this
-
like I said I have a training on my
-
YouTube channel that you guys can watch
-
but I do want to introduce this in
-
today's training because I want you to
-
understand what audits are before we
-
talk about walkthroughs right so what's
-
an audit at the end of the day you know
-
people have different definitions of
-
what it is but I'm audit at the end of
-
the day if you want to use simple terms
-
is an examination of the organization
-
systems to determine if controls are
-
operating effectively so systems usually
-
have controls in there and for controls
-
again the prior training I mentioned
-
will have that but think of a control as
-
like a password control right when you
-
want to log into your computer you have
-
to put in a password
-
um or maybe your email you have to put
-
in a password that's a control so
-
organization systems have controls as
-
well
-
and this controls right
-
um in order part of an I.T audit is
-
testing and examining those systems to
-
determine if those controls are
-
operating effectively because if they
-
are not operating effectively then the
-
security of that system right is in
-
question and you might be wondering well
-
why should I be concerned about the
-
security or of a system or whether the
-
controls are operating effectively and
-
the reason is one you want to mitigate
-
risks right you don't want people having
-
inappropriate access to your systems so
-
uh when I say you I'm in the
-
organization an organization doesn't
-
want people having inappropriate access
-
to the systems so it's important to have
-
controls in place to ensure that that
-
security is there and as the I.T auditor
-
right part of your audit objective or
-
your control objective for your test is
-
determining if security controls are in
-
place so you are examining those systems
-
to see if those controls are effective
-
in mitigating risks like I said for
-
example security risks or just even
-
medium compliance and regulatory
-
requirements right so in the US we have
-
servings Oxley other countries have
-
similar laws and standards as well we
-
have PCI sock SSA 18 right so all those
-
standards depending on what your
-
organization needs to comply with then
-
the audit is going to take place to
-
examine and determine if those controls
-
are meeting those requirements okay so
-
that's a summary of what we have um of
-
what it audits are
-
so
-
um there are three key phases of it
-
audience all right so we have the audio
-
planning phase we have our field
-
workplace and this is where you have the
-
walkthrough so that's where the
-
walkthroughs are performed and you also
-
have the reporting and the follow-up
-
phase so I'm going to again summarize
-
this um so that I set the stage for what
-
we really want to talk about today so in
-
your audit planning phase right this is
-
where you're understanding the
-
organization trying to define the scope
-
and the objective and also trying to
-
identify what tests you perform so
-
you're essentially just planning for the
-
audit in that phase now the field work
-
phase is kind of I'll say that's where
-
the medium potatoes are right I guess
-
when you do the real field work for the
-
audit you do your testing and all of
-
that but before you actually start
-
testing you have to perform your
-
walkthroughs and I'm going to come back
-
to the World Series after I finish the
-
third stage or the third phase
-
the third phase is where you do the
-
reporting so you finish planning you've
-
done the actual testing and you have
-
results then in the third phase you're
-
doing your reporting and your follow-up
-
so this is where you type up the report
-
to management on the results and if
-
there were any issues identified you can
-
go back and retest to confirm whether or
-
not they've been addressed so those are
-
the three phases of an audit now I want
-
to dial in on that walk through piece
-
because
-
there are many moving parts right so as
-
you can imagine an audit is like a
-
pretty big project right so there are
-
many moving pieces and today I'm now
-
going to focus on the It audio
-
walkthrough piece right again the it or
-
the walkthrough is part of the field
-
work phase
-
so now let's talk about what are it what
-
other walkthroughs or what I'm not sure
-
if you know maybe if you've
-
um you rented an apartment or you bought
-
a house before they give you the keys
-
right you kind of they will take you to
-
what they call a walk through typically
-
right you just go in kind of just look
-
at how things are before they give you
-
the keys and say okay we agree that this
-
is the state that you're giving us the
-
house or the apartment in or whatnot so
-
if you think about that it's not exactly
-
the same but a walkthrough from the itod
-
perspective is you getting a better
-
understanding of the I.T control
-
environment of the company
-
so what you do at the beginning of the
-
audit because you're an auditor right
-
you're not I.T you're not if you're an
-
external auditor you're not working in
-
the company right so you can't assume
-
that you know everything about that
-
company you can't assume that you know
-
their control environment so the reason
-
for that walkthrough is for the Auditors
-
to get a better understanding right of
-
the control environment that they're
-
going to be auditing so it's absolutely
-
critical because if you don't conduct
-
your walkthrough effectively you might
-
have gaps in your understanding of the
-
control environment and that's going to
-
ultimately impact right the quality of
-
the control procedures that you choose
-
to perform and your understanding of the
-
impact of the risk so walkthroughs are
-
very important because that's where you
-
really get a good understanding of that
-
environment and a key part of that is
-
that you have to include key players and
-
the control owners from I.T so you're
-
not just going to have a random set of
-
people in your work just giving you
-
information about the environment you
-
have to understand that you have to
-
invite the right players so if for your
-
Italy walkthrough you probably have
-
their management levels there right the
-
people that are responsible for those
-
controls so the control owners you want
-
to make sure that they are in the room
-
with you or on Zoom if it's virtual
-
right explaining their an I.T
-
environment and even if they're not the
-
key control owner but they have a part
-
in the process
-
um and they're a key player or key
-
stakeholder then you want to make sure
-
that they're also in the room with you
-
because if not then again you run the
-
risk of not having that information on
-
the control environment so it's
-
important to have the key players and
-
especially the control owners in the
-
meeting where you're having that walk
-
through and one of the things um that
-
you would test there or that you could
-
test there is a test of design again if
-
you don't know what test of design is
-
you can watch my prior video and I'll
-
probably link it when I post this on
-
YouTube so you can see that video where
-
I talk about test of design in terms of
-
operating Effectiveness so depending on
-
the control that you're testing or the
-
controls that you're reviewing during
-
your walkthroughs you may be able to
-
perform some tests of design there okay
-
so again just to summarize this why
-
didn't we conduct I.T audit walkthroughs
-
it's to understand or better understand
-
the control environment the I.T control
-
environment that you'll be testing you
-
should include the key players
-
stakeholders and control owners from it
-
and during this you may be able to test
-
the design of controls as well okay one
-
thing I do want to stay here before we
-
move on to the next area is that um
-
you'll go through questions should be
-
worded properly right so that you can
-
get useful responses from those that
-
you're interviewing so let me pause here
-
for a second have you guys ever asked a
-
question and then you got the wrong
-
answer back let me see you guys in the
-
chat just to make sure you guys are
-
still here with me have you ever asked
-
the question and the kind of answers
-
you're getting you're like okay maybe I
-
asked the wrong question
-
yeah okay so that's the same thing for
-
walkthroughs so uh it takes some skill
-
right you need to know what questions
-
that you should ask in order to be able
-
to get the right risk I don't want to
-
use the word right because it's not
-
really right and wrong but in order to
-
get
-
um good responses right useful responses
-
where you when you're actually testing
-
it makes sense not the kind of response
-
is that when you start testing it's like
-
okay what they said doesn't make sense
-
based on what I'm looking at right so
-
that's a skill you'll need to gain as
-
you go through your walkthroughs because
-
if you don't right uh then you run the
-
risk of not getting the responses that
-
will be useful to you in performing your
-
audience so um here is the bonus part
-
I'm going to now give you a couple of
-
examples so that you know again I like
-
practical teaching so that this can be
-
real to you okay so let's look at some
-
um sample questions and there are
-
different parts of it audits I'm going
-
to look at couple of questions and
-
logical security
-
so logical security this is around
-
access to systems we're not going to go
-
deep into logical security itself but
-
let's talk about what are some questions
-
right so you want you're going to have
-
different levels to your questions so
-
for example you start off with describe
-
the user access provisioning process
-
this is open-ended you want to give them
-
the opportunity to describe the whole
-
process for you and then you can go
-
deeper right so who has authority to
-
approve users and their privileged
-
levels so you again you're starting
-
higher getting a broader understanding
-
of the environment and their process and
-
then you can ask deeper questions based
-
on the controls that you're testing so
-
these are just a few examples for you to
-
see what you might ask during a
-
walkthrough and then
-
um again let me look at change
-
management
-
so change management again is another
-
area that we test for in I during it
-
Audits and here you might also start
-
with describe the change management
-
process right again Study High Level
-
giving them the opportunity to describe
-
the process to you end to end and then
-
you ask who's required to approve
-
changes for example so that's a little
-
bit more um you're diving deeper into
-
maybe one of the controls to get a
-
better understanding of that particular
-
control area okay so
-
um hopefully that was helpful for you
-
guys do you guys feel like you have a
-
better understanding of what
-
walkthroughs are now yep okay good good
-
I see yes uh thank you Diamond Lake con
-
thank you Ashley so that's really what I
-
wanted to cover here today again this is
-
intended to be a short training session
-
just bite size so that you understand
-
um some unique areas in the audit space
-
that would help you all right so
-
um rainbow said basically to understand
-
the yeah so to understand the IC control
-
environment and that would help you when
-
you're putting together your um
-
procedures of Performing your test for
-
your it audit all right so now let's do
-
a summary I promise you there'll be some
-
time for Q a at the end let me see if
-
you guys have any questions if you have
-
questions you can put them in the Q a
-
section and I'll take a few minutes to
-
answer them here but let me do a quick
-
summary for you guys because I know some
-
of you
-
um joined after we already started
-
um just to summarize what we talked
-
about here today we started off by just
-
going through an introduction to it
-
audits right uh again if you want more
-
information there you can watch that
-
video I have on the channel and then we
-
talked about the I.T audit faces right
-
what are the phases so let me pause
-
before I answer the question in the chat
-
can you tell me what are the phases that
-
we talked about today
-
awesome thanks Bob
-
oh second phase
-
thank you and then one more
-
reporting and follow awesome awesome on
-
what phase do we have the Ito
-
walkthroughs
-
walk through his field work so the field
-
work isn't um the ID audio walkthrough
-
happens in the field work stage and this
-
is where again you're getting a better
-
understanding of the environment you're
-
talking to the control owners and you're
-
talking to the uh all the key
-
stakeholders in the I.T space and then
-
we just walk through a few examples so
-
that you can see how
-
um how walkthroughs are conducted okay
-
so I'm going to pause now let's see if
-
you guys have any questions I did tell
-
you it's going to be about 30 minutes so
-
I want to make sure that we don't go
-
over time what questions do you guys
-
have
-
you guys have any questions or was this
-
straightforward for you guys
-
okay so great question Nick and Nick is
-
asking can walkthroughs be done
-
virtually or does he have to be in
-
person
-
um it can be done virtually so if you
-
think about the pandemic right where
-
everyone no one went out right if we
-
weren't going to the office we're all
-
working remotely a lot of those
-
walkthroughs were performed remotely
-
because you can have interviews now the
-
difference would be physical security
-
will views where you have to physically
-
walk through a data center for example
-
then you'll have to physically go there
-
but other than that for the most part
-
you can have them virtually it can be in
-
a meeting on Zoom or whatever meeting
-
software your organization uses
-
um rough is asking which video should
-
you focus on
-
um I'll say that depends on your
-
interest right because I have a lot of
-
videos on different areas so you you can
-
select the one that you want I'm trying
-
to do a better job posting I'm pretty
-
busy I have a full-time job so training
-
is not the only thing I do
-
um so I'm trying to do a better job
-
posting but I'll say watch the video
-
that makes sense to you all right so
-
um oh what she was asking walkthroughs
-
seem to be like something to be done to
-
enhance your planning how come it's in
-
the field work phase
-
um it depends on your definition of
-
enhancing your planning right because
-
planning you're not really doing any
-
work right in planning you actually
-
determine what areas you need to test
-
and that will then determine what areas
-
you need to do your walk through right
-
because you don't necessarily need to
-
test all the areas of I.T depending on
-
the scope of your audit so planning is
-
more scope focused once you identify
-
your scope and then you know the areas
-
you want to test then it's reasonable
-
that you would then go do walkthroughs
-
for that area you don't need to do
-
walkthroughs for everything definitely
-
you don't need to do a walk through for
-
an area you don't need to test okay so
-
hopefully that addressed the question
-
um the last one I see here
-
so Laker is asking what it audit
-
applications are used as a side Erp
-
systems
-
um I don't know that that question is
-
really accurate
-
um because you're talking about two
-
different things so when you say it
-
audit applications Erp systems those are
-
two different things so maybe you want
-
to reward that question let me better
-
understand if you're talking about
-
applications that the audit team uses
-
for their audit and GRC you have
-
servicenow orchard all of that and then
-
the Erp systems are not audit systems
-
Erp systems are systems that the
-
organization is using for their
-
operational needs right so those are two
-
different things so hopefully that helps
-
all right
-
um and she Iggy is asking what's the
-
name of the YouTube channel it's your
-
I.T career maybe I'll find the link hold
-
on
-
I'll put it in the record when I post
-
the recording I'll send an email out and
-
I'll just um I'll give you guys access
-
to that because I don't know that I have
-
a handy let's see
-
um
-
what's the difference between internal
-
and external audit so sure I will refer
-
you to my YouTube channel for that just
-
because I have another video that goes
-
into that in depth so I think that'll
-
probably be more beneficial to you okay
-
um Sarah is asking you missed the
-
training yes the recording is going to
-
be on YouTube so I was transparent I was
-
planning to record this for YouTube
-
anyways and instead of recording it by
-
myself I decided to invite you guys to
-
listen to me record it live so let's say
-
in the next couple of days or so you
-
guys should see it on YouTube the
-
difference is those that are here live
-
get to and ask questions okay
-
all right so let's now go to let's see
-
if there any other questions I will be
-
wrapping up in a few minutes
-
in Lincoln said got it okay good
-
so she always asking can virtual audit
-
be done for a physical Operation Center
-
um it depends on the objective it
-
depends on what you're testing but
-
typically if the con it depends on the
-
controls so if you don't understand what
-
controls are again let me see if I can
-
find that channel for you uh but it's
-
the control is what's going to determine
-
how you perform right so you can't just
-
take an audit what what are you actually
-
testing because if the control is a
-
physical control that someone needs to
-
see Right Touch or whatever then you
-
will need to do that physically but if
-
it doesn't require physical presence
-
then if that control could be tested
-
virtually okay
-
all right let's see if there's any more
-
question if there are any more questions
-
hey so good good good so thank you guys
-
for joining me here today now did you
-
guys let
-
all some media is asking do I have
-
resume workshops on it audits do you
-
mean just training on how to do your
-
your resume is that what you're asking
-
awesome media okay so I don't do
-
workshops on resume training however I
-
have covered the topic before where I
-
talked about resume mistakes that you
-
might make in it audit so if and I think
-
I actually have that on my YouTube
-
channel as well so if you go there I
-
think I have one training where I talk
-
about resume mistakes that you might be
-
making
-
um so I don't do workshops and that now
-
in my full-blown comprehensive training
-
I do provide resume training for my
-
students I bring in like a live
-
professional resume writer to come give
-
training to students in one of my
-
courses so that's something I provide
-
because you resume is not just about
-
finding a template online and putting it
-
together right your resume should
-
reflect what you know your experience I
-
think okay I'll answer one more question
-
because we have just one more minute
-
um did we do control testing in the
-
process of walkthrough only check the
-
design
-
um typically during your walkthrough
-
you're just that's where you're really
-
doing your design review depending on
-
the control you may not even be able to
-
really finish that in the walkthrough
-
but you would look at that there however
-
additional testing will be needed to
-
finish your testing procedures okay all
-
right so I think we're up on time here
-
today thank you guys for joining me if
-
you guys learned something I promise to
-
you guys you will learn something all
-
right great great great so before we go
-
let me just make sure there's a free
-
Italy career guide so this guide has
-
been downloaded so so many times by so
-
many people let me put it in the chat
-
and it's also going to be available in
-
the YouTube link when I'm done but if
-
you guys want the guide for those
-
interested in it audits go ahead and
-
download this guide
-
um and it just walks through some things
-
that you need to know so make sure you
-
download that guide um it's free I'm not
-
charging you for that at all and um I'm
-
not sure how often I'll do this free
-
training maybe once a month I don't know
-
but if you're on my email list so if you
-
get that guy for example you'll be on my
-
email list and you'll get invited to
-
this I don't publicize this small
-
meetings anywhere else it's just going
-
to be for those on my email list I think
-
I scroll too fast okay there it is all
-
right so thank you guys you guys have a
-
great rest of your day bye
