Stephen K, 30 Mar 2020
San Francisco, CA
I think the course was much too long for what material was being covered. Sections went into a lot of detail about different aspects of IT systems, but had surprisingly little about actually auditing those systems. The order of the sections was sometimes confusing. For example, the course began with a section on source of criteria for IT audits, followed by a section on basic IT terminology and aspects of IT systems. I would have thought it would make sense to lay the groundwork about IT systems and THEN start talking about how to audit them and what to look for. The instructor was friendly, but he tended to go into long anecdotes and back-and-forth exchanges with a person in the physical classroom that ate up a lot of time. There were 3 people physically in the room and around 9 on the virtual session. However, the chat and ask-a-question features were not used by the instructor and the online participants were largely ignored unless we jumped in with a question. Some of the content didn't seem accurate. For example, at one point the instructor had a lengthy back-and-forth with members of the class about random sampling. He insisted that judgmental samples where he selects cases could be as representative as a random sample. This isn't correct, and goes against the whole point of random sampling. He also thought that audits should be completed within 3-4 months. This could be true of internal compliance audits, but is incredibly unlikely for performance audits. Much of the material seemed to assume that participants were using Red Book and doing internal compliance audits. That's fine, but our office is using GAGAS and it was less relevant to us. I'd suggest specifically advertising the course on internal compliance IT auditing if that's the framework being used.