Course Objectives.
1. Define the policies, procedures, practices and controls required in managing IT organizational resources.
2. Provide a conceptual framework of internal controls in a computer environment.
3. Describe the fundamental concepts associated with control evaluations.
4. Discuss the process of evaluating controls in organizational information systems.

Evaluating Information Systems Controls (EISC) is a two-day training session designed to provide an in-depth review of established guidelines for evaluating the effectiveness of controls employed in federal, state and local government information systems. With all government systems having some level of sensitivity, more emphasis is now being placed on developing and implementing adequate general and business process application controls in information systems. General controls are the policies and procedures that all to all or a large segment of an entity's information systems and are applied at the entity-wide, system, and business process application levels. Business process application level controls are those controls over the completeness, accuracy, validity, confidentiality, and availability of transactions and data during application processing. As a result of the increased emphasis in this area, a totally different approach is necessary in assessing controls in computerized information systems. Using pertinent information from the General Accountability Office (GAO) publication GAO-09-232G, "Federal Information System Controls Audit Manual" (FISCAM), selected National Institute of Standards and Technology (NIST) Special Publications in the 800 series and other relevant published guidance, the training material is structured to address the four major course objectives outlined below. All of the topics presented are designed to give the auditor and audit management a thorough understanding of the challenges facing agencies in integrating and evaluating computer controls in federal, state and local government information systems.