My Account
Get Started

Auditing Identity and Access Management

25 Lessons
CPEs 5.0
Information Technology

Strengthen your audit expertise with a deep dive into Identity and Access Management (IAM). Learn how to evaluate access controls, identify risks, and assess IAM processes to ensure data security and compliance across modern systems.

Course video preview

Current Status

Not Enrolled

Get Started

View Pricing & Plans
Access all courses starting at $25/m

Course Description

Course 7 of 9 in our IT Audit Learning Path! Auditing Identity and Access Management (IAM) is a critical component of any cybersecurity and IT audit program. This course provides auditors and IT professionals with a comprehensive understanding of IAM concepts, frameworks, and control testing. You’ll explore the building blocks of IAM—identification, authentication, authorization, and accountability—and learn how they safeguard organizational systems from unauthorized access and data breaches.

Through practical examples and case studies, the course guides you in assessing IAM policies, reviewing access provisioning and termination processes, and auditing role-based and privileged access management. You’ll also gain insight into common IAM tools such as Active Directory, Okta, and cloud-based solutions like AWS IAM and Azure AD. By the end of this course, you’ll be equipped to evaluate the effectiveness of IAM controls, identify weaknesses, and translate technical findings into meaningful business insights.

This course covers topics that align with concepts addressed in Domain 5 of the Certified Information Systems Auditor (CISA®) exam framework. It is not affiliated with, endorsed by, or sponsored by ISACA®, nor does it guarantee exam preparation or certification outcomes.

In this course, you'll learn...

Course Objectives

To explain the core concepts of Identity and Access Management (IAM) and why they matter in IT audit and cyber risk.

To assess the effectiveness of least privilege and role-based access models in organizations.

To evaluate access provisioning and deprovisioning processes for control gaps.

To identify and understand common IAM and privileged access management (PAM) tools.

To conduct audit walkthroughs of IAM processes, including access requests, approvals, and terminations.

To recognize common findings and remediation strategies related to IAM audits.

To apply IAM auditing concepts through case studies and scenarios relevant to finance and business operations.

How you'll apply these skills...

Evaluate Access Governance: Review IAM policies, role structures, and user listings to confirm permissions align with job responsibilities and least privilege principles.

Test User Lifecycle Controls: Examine onboarding, transfers, and terminations to ensure access is provisioned, modified, and removed promptly and accurately.

Assess Role-Based Access Models: Analyze group and role mappings in systems like Active Directory or Okta to verify proper segregation of duties.

Inspect Privileged Account Management: Review admin access controls, activity logs, and PAM configurations to confirm elevated rights are tightly restricted and monitored.

Verify Authentication and Authorization Settings: Validate password, MFA, and SSO configurations against security and compliance requirements.

Review IAM Tool Integrations: Examine how IAM connects with HR systems, cloud environments, and ticketing workflows to confirm consistent control enforcement.

Analyze Audit Evidence: Trace user access requests, approvals, and reviews to confirm documentation supports compliance and accountability.

Report Findings Effectively: Translate technical IAM control gaps into clear, risk-based audit observations and recommendations for management.

Course Instructor

Michael Carroll, CPA, CISA, CISM

Michael is an accounting and information security professional. He is also an Adjunct Professor at several higher education institutions, where he is responsible for teaching various accounting and information technology courses.

Michael earned his MBA in Accounting and B.S. in Accounting / Accounting Information Systems from Canisius University. Additionally, Michael is a Certified Public Accountant (CPA) and a Certified Information Systems Security Professional (CISSP). Michael is a current member of the NYCPA’s Education Committee and has been an Advisory Board Member for the Academy of Finance (AOF) since 2020.

Michael enjoys traveling, hiking, and watching the Buffalo Bills. He has also participated in several marathon events.

Course Content

​​Course Wrap-Up 1 Topic
Lesson Content
0% Complete 0/1 Steps
Final Exam: Auditing Identity and Access Management

Additional Info

Format

5-20 min. videos, 2 quizzes, and a final assessment

Field of study

Information Technology

CPE Credits

CPEs 3.0

Prerequisites

Completion of prior courses in Wisdify’s IT Audit Learning Path is recommended.

Corey

Corey is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Corey is a big believer in the power of online learning and community with 15 years of finance and accounting experience.

Joe

Joe is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Joe is a big believer in the power of online learning and community with 20 years of finance and accounting experience.

 

Kelsey Murphy

Kelsey is Wisdify’s expert content developer. Taking feedback from our students, Kelsey creates extremely relevant blog posts and leads the development of Wisdify’s other free resources.

Prior to Wisdify, Kelsey worked as a business technology strategy consultant for Forrester, a global research and advisory firm. While there, she acted as project manager for numerous research-based consulting projects.

Kelsey earned a BA in Economics and Mathematics from Wellesley College.

Madison Bess

Madison oversees the social media strategy at Wisdify and makes sure we stay closely connected with our students, receive their feedback, and provide our students with valuable information.

Prior to Wisdify, Madison successfully ran the social media accounts for multiple companies. She also found time to start her own personal training company (which she still runs).

Madison earned a BA in English from Brigham Young University.

Maryn Coughran

Maryn is a co-founder and leads the marketing and outreach efforts at Wisdify. She ensures we are connecting with our customers, hearing their feedback, and then implementing their suggestions.

Prior to Wisdify, Maryn co-founded (along with Nate) BostonExcel, a Microsoft Excel training company that worked with dozens of companies in virtually every industry. Maryn’s clients included numerous Fortune 1000 companies, prestigious universities, startups and everything in between. She also happened to write and illustrate a children’s book. Let’s just say she’s a woman of many talents.

Maryn earned a BA in Economics from Wellesley College.

The Buckaroos

Gwyn, Jack, and Kate are the adorable tow-heads that lead up Wisdify’s campaigns on cuteness, energy, and sleep-deprivation.