Principles of IT Audit

25 Lessons

CPEs 4.5

Auditing

Master the essentials of IT auditing with this beginner-friendly course. Learn the different types of IT audits, the audit lifecycle, and how to write clear, actionable audit reports—all with real-world case studies to connect theory to practice.

Current Status

Get Started

View Pricing & Plans

Access all courses starting at $25/m

Course Description

Course 2 of 9 in our IT Auditing Learning Path! The Principles of IT Audit course is designed to give you a complete foundation in IT auditing, whether you’re new to the field or looking to sharpen your skills. You’ll explore how IT audits support enterprise risk management, discover the roles and responsibilities of key stakeholders, and see how different types of audits apply in real-world contexts.

Through case studies, audit walkthroughs, and structured reporting examples, you’ll learn how audits are performed from start to finish and how findings are documented and communicated. The course also highlights best practices for writing clear, actionable reports and distinguishes IT audit from cyber risk advisory, giving you insight into two related but distinct career paths.

By the end of the course, you’ll have a strong understanding of IT audits, how they fit within modern organizations, and how to apply these practices in real-world scenarios.

This course covers topics that align with concepts addressed in Domain 1 of the Certified Information Systems Auditor (CISA®) exam framework. It is not affiliated with, endorsed by, or sponsored by ISACA®, nor does it guarantee exam preparation or certification outcomes.

In this course, you'll learn...

Course Objectives

To explain the scope and purpose of IT audits in a business and regulatory context.

To distinguish between various types of audits including operational, compliance, systems, and forensic audits.

To describe the phases of an IT audit lifecycle and the key activities of each.

To draft clear and actionable audit findings in line with professional standards.

To compare and contrast the IT auditing and cyber risk advisory fields.

To apply core IT audit concepts to real-world business scenarios using case studies.

How you'll apply these skills...

Scope an Audit Effectively: Define boundaries, objectives, and risk priorities to focus on the most critical areas.

Evaluate Risk Management: Identify vulnerabilities, assess control effectiveness, and connect risks to business impact.

Test and Validate Controls: Collect evidence, perform walkthroughs, and sample data to confirm processes work as intended.

Write Clear Findings: Translate technical issues into concise, business-focused audit reports with actionable recommendations.

Rank and Prioritize Risks: Use impact and likelihood to categorize risks, helping leadership focus on what matters most.

Support Compliance Efforts: Compare organizational practices against standards like SOX, HIPAA, or PCI-DSS.

Strengthen Business Resilience: Evaluate disaster recovery, continuity plans, and operational readiness for disruptions.

Bridge Technical and Business Teams: Communicate audit insights in language that executives, compliance officers, and IT staff can all act on.

Course Instructor

Michael Carroll, CPA, CISA, CISM

Michael is an accounting and information security professional. He is also an Adjunct Professor at several higher education institutions, where he is responsible for teaching various accounting and information technology courses.

Michael earned his MBA in Accounting and B.S. in Accounting / Accounting Information Systems from Canisius University. Additionally, Michael is a Certified Public Accountant (CPA) and a Certified Information Systems Security Professional (CISSP). Michael is a current member of the NYCPA’s Education Committee and has been an Advisory Board Member for the Academy of Finance (AOF) since 2020.

Michael enjoys traveling, hiking, and watching the Buffalo Bills. He has also participated in several marathon events.