Scribd Logo
Upload

Welcome to Scribd!

  • 48 views

    Risk Based IT Auditing Master Class: Unlocking Your World To A Sea of Opportunities

    Uploaded by

    ThilakPathirage
    Risk based IT Audit

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Risk Based IT Auditing Master Class: Unlocking Your World To A Sea of Opportunities

    Uploaded by

    ThilakPathirage
    48 views8 pages
    Risk based IT Audit

    Original Title

    Risk-Based-IT-Auditing

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Risk based IT Audit

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    48 views8 pages

    Risk Based IT Auditing Master Class: Unlocking Your World To A Sea of Opportunities

    Uploaded by

    ThilakPathirage
    Risk based IT Audit

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 8

    Risk Based IT Auditing

    Master Class

    Unlocking your World to a Sea of Opportunities


    The Digital World
    Information Technology has developed into a nerve center of every organisation. It has become an intrinsic and
    pervasive component for business, used in the sustaining and extending of enterprises’ strategies and objectives. The
    impact of emerging technology – Cloud Computing, Big Data, Mobility, Consumerisation, Social Media, Cybersecurity
    and the Internet of Things is permeating every aspect of business. Today more than ever more and more forward-
    looking organisations are using IT to build sustainable competitive advantages.

    The Changing Landscape of IT Auditing


    Whilst IT business enabled opportunities are huge and can separate winners and losers the risks if not checked are
    catastrophic. IT auditing assurance and consulting has in turn evolved from checklist reviews focused on only providing
    audit control deficiencies and recommendations to a strategic enterprise function key in the realisation of business
    strategy. Traditional approaches to IT assurance and advisory and checklist IT auditing are no longer adequate to improve
    enterprise operations and add-value to business.

    “Auditing of Business Processes enabled by IT ”


    Tichaona Zororo, CIA, CRMA, CISA, CISM, CRISC, CGEIT, COBIT 5 Certified Assessor

    1 EGIT | Enterprise Governance of IT


    Beyond Checklist Auditing
    Boards and Audit Committees are demanding more meaningful audit issues aligned to enterprise strategic and
    performance goals. Check list auditing without adequate understanding of business under review will lead to audits
    that do not add-value or improve operations of an enterprise. Auditors need to take adequate time to understand an
    enterprise’s key stakeholders; their requirements, enterprise strategy and the underlying IT environment to provide IT
    audits that add-value and improve operations.

    The Objective of Risk Based IT Auditing Master Class


    The Risk Based IT Auditing Master Class is aimed to equip providing delegates with practical approaches to auditing
    Experienced Non IT Auditors, IT Auditors, Audit Committee IT. Delegates specific business environment will be used
    Members, IT professionals, CAEs, and Business leaders with to deepen understanding of internal auditing.The course
    practical risk based IT auditing knowledge and skills to covers how to document relevant entity specific System
    provide value-adding, aligned to key strategies, objectives Description, Performing Risk Assessment Control Matrix
    and risk based IT audits that will grab the attention of Senior (RACM), Test Procedures (Audit Programs), Work Paper,
    Business Leaders (CEOs, Board of Directors, Executive Findings / Management Letter Points and Reporting. Risk
    Management, Head of Department, Municipal Managers, Based IT Auditing Master Class focus on linking IT audit
    Executive Committees, Audit & Risk Committees amongst observations to key enterprise strategy and performance
    others ). The emphasis is on linking observed IT control objectives in line with the new Internal Audit Principles.
    gaps to impact on business strategic and performance This Master Class seeks to equip delegates with IT Auditing
    goals for example aligning/linking the lack of a DRP to non Knowledge, Skills and Proven Approaches to completely
    availability of key systems linking this to non- availability perform value-add IT auditing from start to finish. It
    of core services such provision of services to residence provides auditors with the necessary knowledge required
    and collection of rates in a Municipality. The Risk Based IT to communicate insights and foresights effectively.
    Auditing Master Class is a comprehensive 3 days course

    Specific outcomes of the course includes:


    Planning an IT Audit driven by an understanding of the business environment (macro and mirco environment)
    Documentation of business processes
    Learning a pro-active audit approach to provide value-add IT auditing service to your organisation
    Introduction to COBIT®5 Principles, Goals Cascade, Enablers, Processes and Assessment
    Basic concepts of COBIT®5 for Assurance
    A business centric approach to Auditing IT General Controls
    Active Directory Auditing.
    Application Controls Review - HR and Finance Systems anchored on the understanding of Business processes.
    Auditing Outsourced IT Environments
    Value-add IT Projects Advisory & Assurance
    Introduction to Auditing Emerging Technology - Cloud Computing, Social Media, BYOD, Cybersecurity, Big Data
    & Internet of Things
    Understanding Enterprise Governance of IT Auditing

    Risk Based IT Auditing Master Class 2


    Course Outline

    Day 1
    IT Audit Planning:

    IT Auditing and Assurance Standards


    Approaches to Understanding the Business Environment
    Business Policies, Processes and Procedures
    Periodic Engagements with Business and Key Stakeholders
    IT Policies, Processes and Procedures
    Risk Assessment
    Dynamic IT Audit Plan based on business objectives

    IT Auditing Fieldwork:

    Establishing a Risk Based IT Audit Program


    Evidence Collection Methods
    Criteria for Quality Evidence
    Documenting Work Papers
    Documenting Findings - Communicating with Impact
    Follow-Up - How to carry out an IT Audit follow-Up Audit

    3 EGIT | Enterprise Governance of IT


    Day 2
    Using COBIT®5 to Perform Risk Based IT Audits

    The 5 Principles
    The 5 Domains
    The 210 Practices
    The 7 Enablers
    The 37 Processes
    The Processes Structure
    The Goals Cascade
    Introduction to COBIT5 Implementation
    Introduction to Process Assessment Model
    COBIT5 for Assurance
    COBIT5 Product Family
    COBIT5 Courses

    Business Centric Approach to Auditing IT General Controls

    How to Perform an IT Governance Audit

    Understanding IT Governance Fundamentals


    King III IT Governance Principles
    The 5 COBIT®5 Governance (EDM) Processes
    A Practical Approach to IT Governance Auditing
    Introduction to the Corporate Governance of ICT Policy Framework (DPSA)
    IT Governance Structures

    Auditing Outsourced IT Environments

    Use of the COBIT®5 Goal Cascade and Balance Scorecards to formulate and enterprises service catalogue
    Operating Level Agreements (OLA)
    Service level Agreement (SLA)

    Auditing Business Continuity Management Planning (BCMP), IT Disaster Recovery Planning (DRP)
    and Data Backup – ISO22301
    Information Processing Facilities (Data Centre) Physical and Environmental Controls
    Performance and Capacity Management
    Practical Approach to Active Directory Auditing

    How to Audit Logical Access Security Controls:


    A Holistic Approach to Password Controls Auditing
    How to Identify Segregation of Duties Control Gaps
    Identifying Toxic Combinations
    Interface and Share Folders controls
    Auditing Service Accounts
    How to Audit End of Day Processing- Focusing on High Risk Areas

    IT HR Management
    Auditing IT Change Controls
    Problem and Incident Management Auditing

    Risk Based IT Auditing Master Class 4


    Day 3
    Auditing Application (Automated Business Processes and Transactions) Controls

    Input Controls
    Processing Controls
    Interface Controls
    Master Data Controls
    Auditing HR and Payroll Systems e.g. VIP Systems
    Accounts Payable - Finance
    Introduction to SAP Auditing
    Defense In-Depth versus Single Sign-on

    Auditing IT Projects

    Advisory versus Assurance - where is value-add?


    System Development Life Cycle (SDLC)

    Requirement Definition
    Development (Business Process versus Solution)
    Testing
    Solution Implementation
    Migration - Data Clean-Up and Mapping
    Go-Live
    Performing Post-Implementation Auditing
    Governance (Gateway Process
    Risk Management
    Benefits Realisation Business Cases “ Learn about
    how to Focus on
    Using COBIT®5 auditing exceptions & errors
    in automated
    1. AP005 Manage Portfolio
    2. BAI01 Manage Programmes and projects ”
    Financial transactions

    3. BAI02 Manage requirements definition


    4. BAI03 Manage solutions identication

    Auditing Emerging Technology

    Cloud Computing
    Social Media
    Big Data
    Bring Your Own Device (BYOD) and Mobility
    Cybersecurity
    Internet of Things

    5 EGIT | Enterprise Governance of IT


    Who Should Attend
    In-house training opportunities are available, should
    your organisation have a minimum of 5 delegates
    per course or multiple sets. The cost advantage and
    the ability to discuss and resolve organisational
    issues are 2 major attractions for in-house training.

    Internal Auditors
    Experienced & Upcoming IT Auditors
    Chief Audit Executives
    Audit Managers
    IT Audit Consultants, Senior Consultants and Managers
    Risk & Audit Committee Members
    Corporate Services Managers
    IT Professionals
    Audit & Risk Committee Members
    IT Assurance, Risk, Security and Governance Professionals

    Risk Based IT Auditing Master Class 6


    Our Services
    IT Auditing
    IT Governance Advisory
    IT Projects Advisory & Assurance
    Training
    Enterprise Risk Management

    Unit 201, Block 34, The Kanyin


    Corner Leeukop & Malindi Roads
    Sunninghill, 2157
    South Africa

    +27 11 234 2597


    +27 73 298 9606
    consult@egit.co.za
    www.egit.co.za

    © EGIT | Enterprise Governance of Information Technology (Pty) Ltd. IT Advisory Firm.


    Registraion Number: 2012/188059/07 | Tax Number: 925228114

    You might also like