IT Audit: General Controls Training


Thursday, April 13, 2017 from 8:00 AM to 4:30 PM EDT
Add to Calendar 


George Mason University - Arlington Campus 
3351 Fairfax Drive
Founder's Hall Classroom 113
Arlington, VA 22201

Driving Directions 

Virginia Square Metro (Orange & SIlver lines)


Toan Do 
IIA Washington, D.C. 


IIA Member: $150
Non-Member: $175

Last day to register is April 7th, 2017

*Note – Walk-ins without prior registration cannot be accommodated due to security concerns.


8:00 to 8:20 AM - Continental Breakfast & Registration
8:20 to 10:00 AM - Session 1
10:00 to 10:15 AM - Morning Break
10:15 to 11:45 AM - Session 2
11:45 to 12:45 PM - Lunch & Networking
12:45 to 2:00 PM - Session 3
2:00 to 2:15 PM - Afternoon Break
2:15 to 4:30 PM - Session 4

IT Audit: General Controls – FULL DAY

All auditors, either financial, operational or IT come into contact with IT processes and outputs. Understanding how this impacts the area being auditing is crucial to performing a comprehensive and valuable engagement. For the new auditors (or possibly individuals pursuing a degree in accounting / auditing) this training will discuss the various aspects of being an auditor, roles and responsibilities, day in the life of an auditor and career advancement. For the more seasoned auditor, numerous companies are focusing their reviews on the latest in technology, cloud computing, cybersecurity, etc. The entire concept of general controls has been overlooked so this is a perfect primer for these individuals to get “back to basics” and remember some of things they may have “forgotten”.

After the general audit and IT overviews are completed, the training will shift to Information Technology and look at the various control models, the need for controls and risk management. This last section will be devoted to the details for the general control framework needed in any IT Organization and discuss 12 IT General controls. Each control section will describe the need for the control, how it should be developed and what the auditor should look for during any involvement in those areas.


  • Control frameworks
  • IT General Controls: Change Control, Release Management, Security, Operations, 8 other control areas

8 CPE credits will be awarded to attendees.

Lunch and a continental breakfast will be provided.

Speaker Bio

John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December, 2005 until his retirement in January, 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC.

Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit.

John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA.

Since retiring, John has spoken at the Southeastern and Southwest Intergovernmental Audit Forums, the ISACA CACS Conference and at the ISACA Chapters in South Carolina, North Carolina, Harrisburg, New Jersey, Minnesota, New Mexico and Central Florida. He is focusing on speaking on a range of topics such as PCI, BYOD, Disaster Recovery, etc. Descriptions of these sessions are available upon request.