Course Objective

Today's heavy reliance on Information Technology (IT) requires internal auditors to

have a basic level of IT knowledge sufficient to:

• Understand the related opportunities and risks within their organisations
• Ask the right questions of the right parties and draw the right conclusions

This training course is aimed at internal audit professionals without specific expertise in IT auditing. It provides them with the tools to start conducting IT and Security audits

in their organisations.

The course focuses on internationally-recognised auditing standards and frameworks, including CobIT, ITIL, COSO and ISO27002. The training agenda covers extensive knowledge of the controls required when auditing currently installed systems, new systems under development, and various activities within the information technology department. The course participants will learn techniques for auditing automated systems and managing application transaction activity, controls, and procedures.

Delegates will master techniques for mainframe, distributed processing, and client/server-based applications. They will gain field-tested tools for identifying, recording, assessing, and evaluating application controls and procedures.

Course Content

Fundamentals of IT Auditing

• What is IT auditing?
• What is the role of an IT auditor?
• IIA standards related to an IT audit
• Key components of IT
• Centralised vs distributed systems
• On-line vs batch systems
• Network concepts
• Databases
• Operating systems

  General Control

• General security concepts
• Access management concepts
• Access management principles
• Common access management controls
• Incident Management and the Service Desk
• Service Level Management
• Change and Patch Management
• Elements of a typical change process
• Aspects of the SDLC
• SDLC phases
• Business Continuity Management (BCM)
• Disaster Recovery (DR)
• Backup processing

  Application Controls

• Application control concepts
• Input controls
• Processing controls
• Output controls
• Interface controls
• Audit trails
• Application security

  Cloud Computing and Service Organization Control (SOC) Reports

• Cloud computing
• SOC reports

  Emerging Technology Impacting IT Auditing

• 4th Industrial Revolution
• Artificial Intelligence
• Big Data
• Robotics
• Internet of Things (IOT)

  Auditing key information systems controls

• Procedures to audit the adequacy and effectiveness of each of the key information controls identified:
  • Perform a walkthrough
  • Defining the population to be tested for control effectiveness
  • Test procedures

Audit of data files - use of CAATs

• Purpose of CAATs
• Understanding data and meta data
• Formulating the CAAT specification
• Development, testing and implementation of CAATs

Case studies

A case study on identifying application and IT general controls will be completed.

Course Outcome

At the end of the workshop, the participants will be able to:

• Identify and evaluate risks in the IT environment impacting the business and
• propose solutions to address the identified risks.
• Identify IT-related risks and evaluate IT general controls and IT application
• controls impacting the business.
• Prepare an audit programme to audit an IT system that addresses both IT
• general control and IT application control objectives.
• Participate effectively in designing, developing, testing and implementing a new IT system, providing appropriate audit risks and advisory inputs from the business context.

Furthermore, internal audit professionals will develop Knowledge of basic IT audit concepts that can be used to facilitate integrated audit efforts within their organisation. They will also gain the Knowledge and understanding relating to the following key information systems control that can be applied in day-to-day audit assignments:

• Human resources and payroll processes
• Procure to pay processes
• Order to cash processes
• Financial statement close process
• Logical information security
• Segregation of duties
• User account management
• Application layer security
• Physical and environmental controls
• Controls over IT service management processes (ITIL)
• Systems development lifecycle controls.

Who should attend?

Those who need to understand rather than practice IT Auditing. This course is intended to provide an essential understanding of IT general controls to

enhance the internal auditor's proficiency and scope of work. This interactive, instructor-led course is designed for internal auditors in all sectors with limited or no IT auditing experience interested in gaining essential insight into assessing common IT

general controls.

Please be advised of the event terms and conditions.
Delegates are also requested to review the content and the levels of the courses presented before booking, to ensure they are attending the right course.