Training Workshop on IT Auditing

Event Details
IT Auditing is an essential skill for internal auditors. To be an effective IT auditor, one needs to
understand four major components of IT audit: IT Governance and Management, General IT
Controls, Applications Controls, and Development Controls. This course is an introduction to
these concepts will prepare you to pursue further training in IT Audit.
This course will introduce the fundamentals of IT auditing, core drivers behind why it is a
specialized area of auditing, evolution of IT assurance, and the principle objectives of IT auditing
and its relationship to integrated financial or operational auditing. It will introduce the role of IT
auditing and how IT audit strategies can enhance non-IT audits.

LEARNING OBJECTIVES
Gain a working understanding of IT audit concepts and practices Clarify the difference and
importance of general versus application control audits Learn how to apply internal control
fundamentals to the evaluation of IT system integrity, security and availability Gain an
understanding of the operational and control objectives of the principle areas of general
control Further your appreciation of the importance of IT in achieving organizational objectives
and in providing assurance that appropriate controls are designed, implemented and in effect
to attain system integrity, security and availability

COURSE OUTLINE
 Role of the IT Auditor
 Objectives of IT Audit
 Information Systems and its Impact on the Business
 The IT Audit Universe
 Understanding the IT Controls Frameworks
 COSO
 COBIT 4.1 & 5
 NIST Framework for Improving Critical Infrastructure Cybersecurity
 CIS Critical Security Controls
 FFIEC CyberSecurity Assessment
 Payment Card Industry Standards
 Auditing General Controls
 Objectives of the General Controls Review
 IT Governance and Management
 Information Security Management
 Configuration Management
 Network Security Management
 Identity and Access Control Management
 Data Management
 Incident Response and Business Continuity
 Cloud Computing and Other Outsourcing
 Physical Security and Media Management
 Auditing IT Applications
 Objectives of Application Systems Audits
 Key Application Processes
 Understanding the Risks and Controls in the IT Process Modules
 Planning Different Types of Application Audits
 Auditing Existing Applications
 Identifying Control Objectives
 Establishing an Audit Workplan
 Key Controls in the Application Process
 Auditing Systems in Development
 Comparing different System Development Life Cycle (SDLC) Models
 Audit Objectives and Roles in Systems Development

FOR WHOM:
Internal audit staff.

TRAINING METHODOLOGY
The training methodology combines lectures, discussions, group exercises and illustrations.
Participants will gain both theoretical and practical knowledge of the topics. The emphasis is on
the practical application of the topics and as a result participant will go back to the workplace
with both the ability and the confidence to apply the techniques learned to their duties.