Date/Time
Date(s) - 07/10/2024 - 09/10/2024
8:30 am - 3:30 pm
Location
VOCO Dubai
Course Description
Digital transformation has enabled increased market speed, superior customer satisfaction, reduced costs, and other benefits that contribute to the achievement of organizational objectives. Organizations have never had a greater need for reliable assurance over the technological capabilities that fueled, and continue to fuel their digital transformation.
Are you prepared to help internal audit deliver this assurance?
This course is a good place to start. It provides a comprehensive overview of the fundamental concepts of IT auditing, and how to apply them on the job. Learn about IT governance and the regulatory environment, general controls, application controls, and end-user computing, and how to perform various IT audits, and more.
Course Objectives
- Explore the steps to perform an audit of IT applications that support key business processes, utilizing general IT control audit concepts.
- Examine the steps for coordinating the assessment of IT risks with the evaluation of IT general controls.
- Recognize the concepts of application controls as they relate to auditing systems in development.
- Identify the steps to perform a risk assessment and an evaluation of controls over end-user computer applications, utilizing general IT control concepts.
Who will benefit from this course?
This course will benefit non-IT auditors — with 0-2 years’ IT auditing experience. It delivers a fundamental understanding of IT auditing that will help the non-IT auditor perform a traditional business process audit engagement.
Course Topics
Overview of IT Auditing Concepts and Controls
- Types of audits internal auditors perform.
- The responsibilities, objectives, and skills needed to perform IT audits.
- How COSO relates to IT auditing.
- Commonly referenced regulations affecting IT audits.
Overview of Key Technical Processes and IT General Controls
- Key technical processes.
- IT governance.
- Project management.
- Traditional IT general controls (ITGCs).
- Common physical security controls.
- Common environmental controls.
- Administrative controls.
- Computer operations controls.
Introduction to IT Change Management
- The IT change management process.
- Standard types of technology changes.
- Risks and costs of ineffective or inefficient IT change management.
- Controls by function.
- Internal Audit’s role in IT change management.
Fundamentals of Logical Security
- General system security concepts.
- The IAAA Model.
- Identification
- Authentication
- Authorization
- Primary activities regarding access management.
Availability and Corrective Controls
- Recovery objectives.
- Availability concepts.
- Business continuity.
- Disaster recovery.
- Incident response.
- Auditing availability and corrective controls recovery processes.
System Development Life Cycle
- System development life cycle concepts.
- System development life cycle frameworks.
- Auditing the system development life cycle.
 Application Controls
- Types of application controls.
- Purpose, risks, and control activities relating to:
- Input controls.
- Processing controls.
- Output controls.
- Interface controls.
- Audit trails (log files).
- General application security.
End-User Computing – Shadow IT
- Overview of end-user computing.
- User-developed applications (UDA) risks and controls.
- Dependence on spreadsheets within financial activities.
- User-acquired-systems (UAS) risks and controls.
- Auditing end-user computing.
Networking Essentials
- Key networking concepts and technologies.
- Typical networking risks.
- Traditional networking controls and tools.
 Cloud Computing
- Basics of cloud computing.
- Cloud environments.
- Benefits of cloud computing
- Cloud service risks.
- Cloud controls.
- Importance of the Statement on Standards for Attestation Engagements (SSAE) System and Organizational Controls (SOC)
Course Information
Course Duration: 3 Days
CPE Hours Available: 21
Knowledge Level: Basic
Field of Study: Auditing
Prerequisites: None
Advance Preparation: None
Delivery Format: eLearning (Group-Internet-Based); On-site Training (Group-Live); Seminar (Group-Live)
