HG55: How to Audit z/OS Applications

(2 days, 16 CPE credits, $1170 )

Currently available for in-house sessions

Please click: Here for Registration Form

For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training

This comprehensive class in mainframe application auditing shows you how to scope and plan your audit, what data to collect and how to analyze it, why mainframe applications are different from those on other types of computer, the controls that are unique to the mainframe, and how to relate your findings to the financial audit.

Click here to see what students say

(For information on how to audit the security infrastructure on the mainframe and how it supports each application, two related seminars will prove useful: HG64: How to Audit z/OS with MVS, RACF, ACF2, Top Secret, CICS, DB2, and MQ Series Security and HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet )

An application is a collection of programs that supports a single business function, such as Payroll, Order Entry, General Ledger, or Marketing. This class shows you how to select which application to audit, how to plan and scope the audit, how to conduct the audit quickly and efficiently, how to relate this all to the financial audit, and how to document your findings and recommendations.

Whether you are auditing an application for security, quality of data, reliability, user satisfaction, cost efficiency, compliance, or some other objective, you will learn a systematic approach to conducting an effective audit.

HG55: You Will Learn:

Characteristics of each application
What documentation to expect on each application
How logging is provided for each application and how to use it in the audit
How to audit the application itself
How to audit the control environment it lives in
What data to collect and how to interpret it
How to conduct the audit, from planning and scoping through follow-up
What all the related buzzwords and acronyms mean
How to conduct mainframe audits rapidly and efficiently, with maximum benefit to your organization

The workbook is a valuable reference, and includes complete audit programs.

Who Should Attend HG55?

Information Techology auditors who will be auditing applications
Financial auditors who want to learn more about IT auditing on the mainframe
Anyone who wants to understand how well the applications support financial reporting

Class Outline

     Table of Contents and Class Outline: HG55: How to Audit z/OS Applications
	
							 
I     Concepts and Keywords					  
	A.     Introduction
		Critical Mainframe Concepts for Applications Audits					  
		How Mainframe Applications are Different			
		Why Mainframe Application Audits are Becoming More Important	
		Application Support Tools That Make the Mainframe Environment Unique			 	
		Types of Application Audit		 	
		Leveraging the Financial Audit			
		Essential Middleware	
		MVS Environment versus USS Environment
		Test of Design and Test of Effectiveness
		A Working Example				
		Audit Rules
				
	B.     Application Architecture
		Online
		Batch	
		Started Task
		Networked over TCP/IP
		Networked over SNA
		Relation to Database and to Transaction Managers
		Relation to Message Queueing
		Basic Data to Gather on Any Application	

II.     Action Plan						 
	A.     Scoping and Planning the Applications Audit					 
		A1.     Mapping the Environment
			Selecting an Application	 	 
			Essential Data to Gather	
			Describing the Risk 
		A2.     Learning the Application Support Tools		
		   	Data to Gather on Support Tools
	B.     Auditing an Application for Security	
		B1.     What Data to Gather and How	
		B2.     How to Analyze it		
 	C.     Auditing an Application for Quality of Data			
		C1.     What Data to Gather and How		
		C2.     How to Analyze it	
	D.     Auditing an Application for Reliability		
		D1.     What Data to Gather and How	
		D2.     How to Analyze it	
	E.     Auditing an Application for User Satisfaction	
		E1.     What Data to Gather and How		
		E2.     How to Analyze it
 	F.     Auditing an Applications for Cost Efficiency	
		F1.     What Data to Gather and How				
		F2.     How to Analyze it	
 	G.     Auditing an Application for Compliance
		G1.     What Data to Gather and How			
		G2.     How to Analyze it	
 	H.     Auditing an Application for Disaster Recovery
		G1.     What Data to Gather and How			
		G2.     How to Analyze it	
	I.     Wrap-up, Reporting, Working Papers, and Follow-Up		

III   Forms and Reference					
	A.     Basic Security Model				
	B.     Change Control Tools
	C.     Transaction Managers
	D.     Database for Applications
	E.     Message Queuing
	F.     Tape Management Software
	G.     Problem Management
	H.     SMF (log) Data Details	
	I.     Elements of Data Quality	
 		
 INDEX

Please note that these seminars are available for In-House Sessions.

You can save more money by learning about our seminar Discounts

Return to Top of Page Return to Home Page

Stu Henderson offers MVS security audits, consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet". They also include "How to Audit TCP/IP Security" and "How to Audit UNIX and Windows Security".
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com