Course Objectives

Internal Auditors are more and more exposed to audit evidence from a computer system. More and more internal controls are also now automated as the development in ERP systems and artificial intelligence expands. Internal Auditors are required to understand and be able to audit in the IT environment.

This training course is aimed at internal audit professionals without specific expertise in IT auditing and provides them with the tools to start conducting IT and Security audits in their organisations. The course focuses on internationally recognised auditing standards and frameworks including COBIT, ITIL, COSO and ISO27002. The training agenda covers extensive knowledge of the controls required when auditing currently installed systems, new systems under development, and various activities within the information technology department. The course participants will learn techniques for auditing automated systems and the management of application transaction activity, controls, and procedures. Delegates will master techniques that can be applied to mainframe, distributed processing, and client/server- based applications. They will gain field-tested tools for identifying, recording, assessing, and evaluating application controls and procedures.

Course Content

Pre-Assessment to determine current knowledge

• Fundamentals of IT Auditing
• What is IT auditing?
• What is the role of an IT auditor?
• New GIAS Standards related to an IT audit
  • Standard 3.1 – Competency
  • Standard 4.2 – Due Professional Care
  • Standard 9.4 – Internal Audit Plan
  • Standard 10.3 – Technological Resources
• Key components of IT
• Centralized vs distributed systems
• On-line vs batch systems
• Network concepts
• Databases
• Operating systems

  IT Control Frameworks

• COBIT
• ISO27000
• ITIL
• NIST

  IT Infrastructure

• Server
• Mainframe
• Virtual Machines
• Client-server configuration
• Gateways
• Routers
• Local Area Networks
• Wide Area Networks
• Virtual Private Networks

  General Control

• General security concepts
• Access management concepts
• Access management principles
• Common access management controls
• Incident Management

Practical Case Study

Service Desk

• Service Level Management
• Change and Patch Management
• Elements of a typical change process
• Aspects of the SDLC
• SDLC phases
• Business Continuity Management (BCM)
• Disaster Recovery (DR)
• Backup processing

Practical Case Study

Application Controls

• Application control concepts
• Input controls
• Processing controls
• Output controls
• Interface controls
• Audit trails
• Application security

Practical Case Study

Cloud Computing and Service Organization Control (SOC) Reports

• Cloud computing
• SOC reports

Emerging Technology Impacting IT Auditing

• 4th Industrial Revolution
• Artificial Intelligence
• Big Data
• Robotics
• Internet of Things (IOT)
• Smart Devices
• Blockchain
• Robotic Process Automation

Cyber Security Risks

• Hacking
• Piracy
• Tampering
• Ransomware attacks
• Phishing attacks
• Deepfakes

Auditing key information systems controls

• Procedures to audit the adequacy and effectiveness of each
• ·of the key information controls identified:
  • Perform a walkthrough
  • Defining the population to be tested for control effectiveness
  • Test procedures

Practical Case Study

Audit of data files - use of CAATs

• Purpose of CAATs
• Understanding data and meta data
• Formulating the CAAT specification
• Development, testing and implementation of CAATs

Final Case Study in using CAAT’s

Important Note:

The above content is aligned with both the current and new (March 2025) CIA Syllabus and will give delegates the necessary exposure to these topics to support their studies and preparation for the CIA Exams.

Who should attend?

Please be advised of the event terms and conditions.
Delegates are also requested to review the content and the levels of the courses presented before booking, to ensure they are attending the right course.