Video: Walkthrough of an Organization's IT Security Procedures

In this lesson, Nick Palazzolo, CPA, gives a detailed walkthrough of an organization’s IT security procedures, illustrating the necessary steps to evaluate whether a company’s practices align with established best practices and documented policies. He outlines various components, ranging from simple encrypted file tests to elaborate comprehensive risk assessments involving hypothetical disaster scenarios. Nick covers critical areas such as IT risk management, human resources protocols for employee onboarding and offboarding, and training program assessments. Throughout the lesson, he emphasizes the importance of observing, documenting deviations, conducting gap analysis, and culminating the walkthrough with a robust report and a conclusive action plan. This approach not only demonstrates the thorough testing of a system but also showcases how to document evidence and findings for accountability and improvement.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

All right, let's talk about the walkthrough. Now, again, like I said, this is something you could definitely see within audit. You could walk through a company's cash process, how they reconcile PP&A or inventory or anything like that. This is specifically a walkthrough of an organization's IT security procedures. You're gonna compare how they're actually doing things with how they should be doing things. You wanna make sure that this walkthrough, and again, this can be broken up into various components. Maybe you do a simple, small, short walkthrough where you just send an encrypted file and see if it works properly, or you do a more lengthy process where you are transferring a file from the lowest person in the organization all the way to the top. You test to see if someone falls for a phishing scam. Obviously, you create one that's not gonna actually harm the company, but testing, right? You're walking through the procedures as well. So first, preparation. You wanna review the documented policies for a benchmark, and then you wanna plan the walkthrough, cover specific areas like IT risk management, human resources, all those. You also want to have an IT risk management procedure walkthrough. So this is where you're actually gonna do the walkthrough. You're gonna observe the practices, the actual risk assessment mitigation procedures. Maybe you pretend, oh, the building got caught on fire, and what happens? How do we transfer all of the, you're gonna walk through kind of like disaster recovery. There's a lot of similarities between a lot of these topics here. Again, again, compare this to the policy that we've got on record or the best practice for the industry. We're gonna talk about specific human resources procedure walkthrough. Make sure that HR is functioning properly. If

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Security

Module: 3 Concepts, 30 Videos

Threats and Attacks - Overview

0:45

Introduction to Threats and Attacks

3:57

Threat Agents

9:08

Types of Attacks