Explore the future technology

LET OUR DREAM COME TRUE

Welcome
Cyber Security
Focus on
LN

IT audit
01st March 2024

2 March 2024 1
 Objective of this Webinar
• To help people to develop knowledge related to Cyber
Security, IT audit, compliance and risk management

• To highlight

• the job opportunities for fresher in the field of IT audit

• the skill development opportunities for the Cyber

security and IT audit professionals enabling them for
career advancement

2 March 2024 2
 Who will be benefitted by this webinar

IT auditors, Team Leads and Any IT / non IT graduates &

audit managers Engineers looking for a lucrative
career path

Cyber Security professionals Charted Accountants (CA) willing

to explore IT audit
Risk, Compliance & IT Service
Privacy consultants
Continuity (BCP/DR) professionals

Access managers, developers, and

other IT operations team

2 March 2024 3

s://www.linkedin.com/in/lakshmi-
asimhan-b865a963/
About the Presenter
Lakshmi Narasimhan [email protected]
Linked In
Over 30 years of Having extensive experience in
experience in IT audit, information system audits, risk
assurance, information assessments, privacy assessments,
technology and banking software development and IT project
domains. management

Conducted several in house training

sessions on IT audit and related
functions
Conducted several interviews for hiring
2 March 2024 4
 Agenda
About IT audit and its relevance to Cyber
1 Security, Compliance and Risk Management

2 Demand for IT auditors and opportunities

3 Challenges

4 How can we help you?

2 March 2024 5
 Organisation responsibilities over Information Technology

Compliance IT Risk
Management Management

IT IT Operations IT
Governance Audit

Quality Information / Cyber

Assurance Security

2 March 2024 6
 Operation Team IT Auditor
Statutory / Regulatory bodies Implements all the
Compliance requirements control requirements
(SOX/HIPAA/PCI-DSS, GDPR)
from various sources
and execute the
Governance Compliance
Organisation Policies & Standards Manager controls IT auditor
Test the
design and
Information / Cyber operating
Clients / Suppliers / Service providers
Security requirements (ISO 27001) Security effectiveness
Consolidate and of the
prepare a controls
Risk Risk Management comprehensive control
Manager Mitigation controls
framework.
Oversee
Business implementation and
Data Security and application controls monitor control
execution
Information
Security
2 March 2024 Manager 7
 Information Security
Sources of Controls Sources of audit
Cyber Security requirements
• ISO / IEC 27001:2022
• ITIL • Statutory audits
• COBIT • SOX
• NIST • SOC1, 2, 3
• Cloud Security Alliance Internet Web Network • FISMA
• CIS (Centre for Internet Security) Security Security Security • FedRAMP
• PCI / DSS • HIPAA
• GDPR • PCI / DSS
• HIPAA • GDPR
• ISO/IEC 27001:2022

8
Information Security
• Physical security, IT asset management, Human resource security, Data management, BCP and DR, Third
Party Risk Management
Cyber Security
• Security training, Security monitoring, Incidence response
Internet Security
• Firewall
• IDS & IPS
• Anti malware Network Security
• SSL & Transport layer Security
• VPN
Web Security • Network segmentation
• Secure coding (Code review) • Access Controls List
• Web application firewall • Network log monitoring
• Secure authentication • Content filter
• Data Encryption
• Application Vulnerability assessment

2 March 2024
9
2 March 2024 10
 IT audit

2 March 2024 11
 Ever increasing demand for
Information System auditors
• Increasing global presence of
Corporate and MNCs • IT auditors
• Increase in outsourcing • Demand > supply
• ITO, BPO and Cloud services • High attrition
• Shared Service Centre Consequences • High salary
• Back office operations • Switching every 18 - 30
• Increase in cyber space risks due months with 40% to 120%
to AI, IOT etc hike
• Strict privacy and other compliance
requirements

2 March 2024 12
 Career progression options
Career options
• Statutory audits
• SOX audit Consulting Services
• SOC1, SOC2, SOC 3
audit
• Internal audit Compliance Management
• SOX management
assessment
• Continuous control IT Auditor Risk Management
monitoring
• Compliance audits Business Continuity
(Data Privacy, HIPAA, Management
PCI/DSS…)
• Cyber Security audits
Data Privacy
• ISO certification audits

2 March 2024 13
 Other relevant roles available for an IT auditor
Compliance management Consulting services
• Compliance manager • IT Governance
• Compliance coordinator • Consulting for implementation of controls
• Audit coordinator in new applications / Infra set up
• ISO Certification support (ISMS)
Risk Management
• Cyber Security controls
• IT risk consultant • SOX controls
• IT risk manager • Data Privacy / BCP DR reviews
Data Privacy
• Data Privacy assessor
Business Continuity Manager
• BCM
• BCP / DR assessor

2 March 2024 14
 Where are the opportunities?

• Big 4 and other global audit firms

• Registered audit firms operating within the
country
• Product Companies
• Banking, Insurance and Finance Companies
• IT Service providers
• BPO Service providers
• Consulting firms
• Large Corporate Companies

2 March 2024 15
 Advantages of choosing IT audit career
• Technologies keep changing. Specialists are heavily technology
dependent

Audit concepts, processes and testing of controls remain almost the

same. Audit is somewhat technology independent

• Audit is a high revenue business for the audit firms. So auditors get a
handsome salary.

• During difficult times, organisations may defer the projects or downsize

workforce. Many audits are mandated and cannot be dispensed with.

• After a few years of service, IT Auditors have the opportunity to move

to a different related function without much difficulty

2 March 2024 16
 Already we are in IT audit field. We have challenges…

We are working with IT auditors. We have challenges…

Challenges are everywhere….

We have a solution

2 March 2024 17
 Let us look at some of the challenges…
Experienced auditor
Fresher / New IT auditor Internal auditor - IT
looking for opportunities

Lack of proper training.

Very small team of IT Not getting promotion. Not
Our LMS (Learning
auditors. No seniors to able to clear interviews.
Management) has audit
coach us or provide How can I bridge the
courses but they are only
clarifications. gaps?
theory. No practical exposure.
Team members help us but on
piecemeal basis - not
consistent and detailed

2 March 2024 18
Senior IT Audit Manager Chartered Accountant Person with IT background

I conducted several I conduct finance I have experience in

interviews for the post of audits. I am very much infrastructure maintenance. I
IT auditors. interested in have IT knowledge. My
conducting IT audits as colleagues in IT audit team are
Not getting the right
well. That will give me earning more. I too want to
candidates.
more career growth switch internally but I do not
Experienced in the audit opportunities know what is IT audit.
but knowledge and skills
are lacking.

2 March 2024 19
 Most common causes leading to poor performance
• Not understanding the ways of working
• Not understanding the IT processes
• Not understanding the intent of the controls
• Lack of proper prioritisation of activities
• Poor communication- Confusing evidence requests
• Multiple evidence requests for the same control
• Just accepting whatever the process owners say / provide as
evidence without analysing the risks, completeness,
effectiveness, accuracy etc.
• IT dependency (IPE) - population correctness evidence
not obtained
• Inappropriate test plans. Inadequate depth of testing
• Poor documentation – documentation not detailed enough

2 March 2024 20
 Learning IT audit helps not only the auditors
but also the persons supporting / dealing with
auditors

2 March 2024 21
 IT Team members
We are facing SOX audit for the first time. The
auditors talk about controls and ask for
evidences, I do not know what a control is and
which evidences they require. They are not
allowing me to do my regular job.
We migrated to new ERP in the mid of the
year. Old systems are decommissioned, Now
auditor asks screenshot from the old system.
2 March 2024
Access Manager
We regularly conduct user access
reviews. I was very much surprised
when the auditor tested this and
informed me that it is a deficient
process. Auditor failed the control and
we felt the wrath of the top
management. Had I known the audit
requirements early, I would have
improved the process and passed the
test.
22
Compliance Manager
Understanding audit
requirements help me to
improve the compliance level
It also helps me to effectively
coordinate between the
auditors and the IT teams. I
can communicate well and
decipher what the auditors
want.
2 March 2024
Information Security Manager
Risk manager
Understanding IT
Understanding IT audit
controls and controls and evidences and
evidence the level of the audits help
requirements gives me to implement and monitor
me a better view on controls more effectively.
IT risks and helps
me to suggest
improved risk
mitigation measures.
23
 We can help you

2 March 2024 24
 15 Days Master class on IT Audit

From: 05th March 2024 (Tuesday)

To: 21st March 2024 (Thursday)
(excluding Sundays)
Time: 7:30 p.m. To 8:30 p.m.

In the mission of helping Millions of People to

excel in their career

2 March 2024 25
You will learn on this 15 Days Workshop

• Fundamentals of compliance, risk

management, cyber security and IT audit
• Advanced audit practices and insights

2 March 2024 26
 • Seven modules
• Moving from basic level (module 1) to 1 IT audit overview
advanced level (module 6)
• Module 7 provides valuable insights, with 2 IT audit process
7 real case examples of challenging
IT environment
situations and how to analyse and come to 3
the correct conclusion
4 IT risks and controls
• Detailed guideline materials and templates
• Quality related tips Performing IT audit
5
• Training on right prioritisation
Testing key controls
• Fifteen hours of online sessions 6

• Thirteen (13) hours of training sessions

IT audit Insights
15 one hour a day
7

• Two (2) doubt clearing sessions on

Saturdays
2 March 2024 27
 Who will be benefitted by this online course
IT auditors, TLs and audit managers
Cyber Security professionals
Risk, Compliance & IT Service
Continuity (BCP/DR) professionals
Charted Accountants (CA)
Privacy consultants
2 March 2024
Access managers, developers, and
other IT operations team
CISA certified or those preparing for
CISA examinations
Any IT / non IT graduates &
Engineers looking for a lucrative
career path
ISO 27001 certified persons
28
 At the end of the course
You will gain thorough knowledge on
• Technology components,
key IT roles and key IT • How to improve the
processes effectiveness of the controls
in the processes
• How people, process and
• Various compliance technology are interlinked • Types of IT audits
requirements and with each other
security standards • End to end audit process
• Information security /
• Unified control Cyber security related
framework controls, classification of
controls and how they are
mapped to the risks

2 March 2024 29
 At the end of the course
You will develop skills on
• Performing audit scoping
exercise
• Population collection and
sample selection techniques
• Conducting design
effectiveness and operating
effectiveness assessments
and updating test documents
2 March 2024
• Effective • Insights on challenging
communications, scenarios, conducting risk
prioritisation and based audits and documenting
attention to details at re-performance standards
• Preparing effective
templates such as
project plan, risk and
control matrix, test
documents
30
 Testimonials – What our students loved about our training

2 March 2024 31
 Testimonials – What our students loved about our training

2 March 2024 32
 Testimonials – What our students loved about our training

2 March 2024 33
 We will Handhold You,
Let us be Your Partner in Success

Thank You

2 March 2024
34