CPE Self-Study
IT Governance, Risks and Controls
Information Technology
Online: 6.0
Provides essential competencies on the learning pathway towards understanding the principles and key components of an effective IT governance model.

CITP credential holders qualify for additional discounts

When you log into this website with your AICPA member user account, the section discount will be automatically applied during checkout. Should you have any questions or encounter any issues, please contact the AICPA Service Center at 888-777-7077 or service@aicpa.org.

CPE On-Demand
AICPA’s online CPE courses will operate in a variety of configurations, but only the configuration described below is supported by our technicians.

A stable and continuous internet connection is required
In order to record your completion of the online learning courses, please ensure you are connected to the internet at all times while taking the course. It is your responsibility to validate that CPE certificate(s) are available within your My Account after successfully completing the course and/or exam. Please contact us at 1.888.777.7077 or service@aicpa.org with any questions or concerns related to your CPE certificate(s).

Supported Operating Systems:

  • Macintosh OS X 10.10 to present
  • Windows 7 to present

Supported Browsers:

  • Apple Safari
  • Google Chrome
  • Microsoft Internet Explorer
  • Mozilla Firefox

Required Browser Plug-ins:

Note: Your course will be accessible immediately after completing your purchase. Access instructions will be shown on the Order Confirmation Screen and included in your Order Confirmation Email, or click My Account at the top of the page, select My Purchases and then My Online Learning tab.

Technical Support: Please contact service@aicpa.org or use the Contact Us Form.

Accessibility: The Association of International Certified Professional Accountants (Association) is dedicated to removing barriers to the accountancy profession and ensuring that all accountancy professionals and other members of the public with an interest in the profession or joining the profession, including those with disabilities, have access to the profession and the Association’s website, educational materials, products, and services.  The Association is committed to making professional learning accessible to all.  This commitment is maintained in accordance with applicable law.  For additional information, please refer to the Association’s Website Accessibility Policy.

If this symbol is displayed under Delivery Type on the product page, this product offers closed captioning.

For accommodation requests, please contact adaaccessibility@aicpa-cima.com and indicate the product that you are interested in (title, etc.) and the requested accommodation(s): Audio/Visual/Other. A member of our team will be in contact with you promptly to make sure we meet your needs appropriately.

Product details

Understanding the principles.

Who Will Benefit?

  • Auditors
  • Accounting professionals
  • Technology employees
  • Leaders and executives
  • Technology managers
  • Anyone with responsibilities in finance
  • Policy administrators
  • IT staff
  • CPAs interested in the CITP credential
  • Risk professionals

Key Topics

  • Elements of security policy
  • Organizational risk assessment
  • Identity and access management
  • Logical and physical access controls
  • Network and system security controls
  • Business continuity planning

Learning Objectives

  • Identify the objectives and principles of IT governance, including key components and best practices.
  • Recognize IT governance roles, responsibilities and accountabilities and various IT control frameworks.
  • Identify the process involved in implementing IT governance.
  • Identify the key components and benefits of the IT governance structure.
  • Identify IT related risks that can affect the achievement of overall enterprise objectives.
  • Recognize how to Identify and mitigate risks through effective risk management.
  • Identify risk exposures and ensure properly communicated to manage risks and avoid potential future impacts to the organization.
  • Identify strategies for assessing and recognize the impact of control deficiencies to the entity.

This CPE self-study course will give you the knowledge and tools necessary to implement and maintain an effective IT governance infrastructure that identifies and addresses IT related risks in support of organizational objectives.

If you are seeking the CITP credential, this course provides essential competencies on the learning pathway towards understanding the principles and key components of an effective IT governance model, including the roles and responsibilities of those involved.

Ratings and reviews

Khoa Huynh

Director, Digital Finance Technology at Deloitte, Melbourne, Australia

Khoa and has extensive experience with program and project delivery through inception to close out in a wide variety of Industries. From major capital projects, enterprise wide systems implementations through to complex Business and Digital Transformation Programs, he has a strong systems engineering background to complement his project experience, and utilises both a technical and business lens to successfully deliver project outcomes. Confident in leading complex transformations utilising and a range of methodologies and techniques to suit the project (from waterfall to agile and scrum) Khoa's ability to empower the team around him to both achieve results whilst growing capability has been the cornerstone of his success with clients.

Khoa’s business sector experience has varied across several different industries, including Government, Consumer and Retail, Superannuation and Financial Services, Engineering, and Health. With a passion for problem solving, Khoa drives through to successful outcomes by making considered decisions based on a logical and analytical approach, whilst also adopting a pragmatic view to resolve the issues and challenges that he has faced on engagements.


Matthew Bogusch

Member and ET Task Force Chair, Director - Deloitte & Touche LLP

Matt is a Director at Deloitte & Touche LLP, specializing in Information Technology, Security & Business Controls. Matt has over 20 years of professional experience, including 15 years of managing and performing information systems and business process control reviews spanning multiple platforms and numerous applications for clients within the Consumer Business, Real Estate, Higher Education, Public Sector, and Healthcare industries. Matt focuses on Sarbanes-Oxley 404 External Audits, as well as ERP security and controls, including SAP, Great Plains, and JD Edwards. He has extensive international experience, having served a leadership role in Deloitte's Latin American practice for several years. Prior to joining Deloitte, Matt had worked for a private company for 5 years within the Financial Reporting, Internal Audit, and Information Systems departments.

Rory Heenan

Deloitte, Manager - Advisory

Rory Heenan is a Manager and CPA within Deloitte & Touche LLP's Risk and Financial Advisory practice. He has over nine years of experience serving clients in a variety of capacities via his compliance and risk expertise, with a focus on domestic and foreign financial institutions. In this capacity, Rory has recently led teams serving large banks in responding to enforcement actions from regulatory authorities. In addition, Rory has provided counsel to clients in governance and policy & procedure consulting, forensic accounting matters, and compliance testing and reporting. He has also led teams in corporate investigations, anti-money laundering consulting, and controls audits. Rory is skilled in all aspects of project delivery and execution.


American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
CPE credits
: 6.0
NASBA Field of Study
Information Technology
Delivery Method
QAS Self-Study
Course acronym
Back to Top