Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

Transcription

1 Risk Based IT Auditing Master Class Unlocking your World to a Sea of Opportunities

2 The Digital World Information Technology has developed into a nerve center of every organisation. It has become an intrinsic and pervasive component for business, used in the sustaining and extending of enterprises strategies and objectives. The impact of emerging technology Cloud Computing, Big Data, Mobility, Consumerisation, Social Media, Cybersecurity and the Internet of Things is permeating every aspect of business. Today more than ever more and more forwardlooking organisations are using IT to build sustainable competitive advantages. The Changing Landscape of IT Auditing Whilst IT business enabled opportunities are huge and can separate winners and losers the risks if not checked are catastrophic. IT auditing assurance and consulting has in turn evolved from checklist reviews focused on only providing audit control deficiencies and recommendations to a strategic enterprise function key in the realisation of business strategy. Traditional approaches to IT assurance and advisory and checklist IT auditing are no longer adequate to improve enterprise operations and add-value to business. Auditing of Business Processes enabled by IT Tichaona Zororo, CIA, CRMA, CISA, CISM, CRISC, CGEIT, COBIT 5 Certified Assessor 1 EGIT Enterprise Governance of IT

3 Beyond Checklist Auditing Boards and Audit Committees are demanding more meaningful audit issues aligned to enterprise strategic and performance goals. Check list auditing without adequate understanding of business under review will lead to audits that do not add-value or improve operations of an enterprise. Auditors need to take adequate time to understand an enterprise s key stakeholders; their requirements, enterprise strategy and the underlying IT environment to provide IT audits that add-value and improve operations. The Objective of Risk Based IT Auditing Master Class The Risk Based IT Auditing Master Class is aimed to equip Experienced Non IT Auditors, IT Auditors, Audit Committee Members, IT professionals, CAEs, and Business leaders with practical risk based IT auditing knowledge and skills to provide value-adding, aligned to key strategies, objectives and risk based IT audits that will grab the attention of Senior Business Leaders (CEOs, Board of Directors, Executive Management, Head of Department, Municipal Managers, Executive Committees, Audit & Risk Committees amongst others ). The emphasis is on linking observed IT control gaps to impact on business strategic and performance goals for example aligning/linking the lack of a DRP to non availability of key systems linking this to non- availability of core services such provision of services to residence and collection of rates in a Municipality. The Risk Based IT Auditing Master Class is a comprehensive 3 days course providing delegates with practical approaches to auditing IT. Delegates specific business environment will be used to deepen understanding of internal auditing.the course covers how to document relevant entity specific System Description, Performing Risk Assessment Control Matrix (RACM), Test Procedures (Audit Programs), Work Paper, Findings / Management Letter Points and Reporting. Risk Based IT Auditing Master Class focus on linking IT audit observations to key enterprise strategy and performance objectives in line with the new Internal Audit Principles. This Master Class seeks to equip delegates with IT Auditing Knowledge, Skills and Proven Approaches to completely perform value-add IT auditing from start to finish. It provides auditors with the necessary knowledge required to communicate insights and foresights effectively. Specific outcomes of the course includes: Planning an IT Audit driven by an understanding of the business environment (macro and mirco environment) Documentation of business processes Learning a pro-active audit approach to provide value-add IT auditing service to your organisation Introduction to COBIT 5 Principles, Goals Cascade, Enablers, Processes and Assessment Basic concepts of COBIT 5 for Assurance A business centric approach to Auditing IT General Controls Active Directory Auditing. Application Controls Review - HR and Finance Systems anchored on the understanding of Business processes. Auditing Outsourced IT Environments Value-add IT Projects Advisory & Assurance Introduction to Auditing Emerging Technology - Cloud Computing, Social Media, BYOD, Cybersecurity, Big Data & Internet of Things Understanding Enterprise Governance of IT Auditing Risk Based IT Auditing Master Class 2

4 Course Outline Day 1 IT Audit Planning: IT Auditing and Assurance Standards Approaches to Understanding the Business Environment Business Policies, Processes and Procedures Periodic Engagements with Business and Key Stakeholders IT Policies, Processes and Procedures Risk Assessment Dynamic IT Audit Plan based on business objectives IT Auditing Fieldwork: Establishing a Risk Based IT Audit Program Evidence Collection Methods Criteria for Quality Evidence Documenting Work Papers Documenting Findings - Communicating with Impact Follow-Up - How to carry out an IT Audit follow-up Audit 3 EGIT Enterprise Governance of IT

5 Day 2 Using COBIT 5 to Perform Risk Based IT Audits The 5 Principles The 5 Domains The 210 Practices The 7 Enablers The 37 Processes The Processes Structure The Goals Cascade Introduction to COBIT5 Implementation Introduction to Process Assessment Model COBIT5 for Assurance COBIT5 Product Family COBIT5 Courses Business Centric Approach to Auditing IT General Controls How to Perform an IT Governance Audit Understanding IT Governance Fundamentals King III IT Governance Principles The 5 COBIT 5 Governance (EDM) Processes A Practical Approach to IT Governance Auditing Introduction to the Corporate Governance of ICT Policy Framework (DPSA) IT Governance Structures Auditing Outsourced IT Environments Use of the COBIT 5 Goal Cascade and Balance Scorecards to formulate and enterprises service catalogue Operating Level Agreements (OLA) Service level Agreement (SLA) Auditing Business Continuity Management Planning (BCMP), IT Disaster Recovery Planning (DRP) and Data Backup ISO22301 Information Processing Facilities (Data Centre) Physical and Environmental Controls Performance and Capacity Management Practical Approach to Active Directory Auditing How to Audit Logical Access Security Controls: A Holistic Approach to Password Controls Auditing How to Identify Segregation of Duties Control Gaps Identifying Toxic Combinations Interface and Share Folders controls Auditing Service Accounts How to Audit End of Day Processing- Focusing on High Risk Areas IT HR Management Auditing IT Change Controls Problem and Incident Management Auditing Risk Based IT Auditing Master Class 4

6 Day 3 Auditing Application (Automated Business Processes and Transactions) Controls Input Controls Processing Controls Interface Controls Master Data Controls Auditing HR and Payroll Systems e.g. VIP Systems Accounts Payable - Finance Introduction to SAP Auditing Defense In-Depth versus Single Sign-on Auditing IT Projects Advisory versus Assurance - where is value-add? System Development Life Cycle (SDLC) Requirement Definition Development (Business Process versus Solution) Testing Solution Implementation Migration - Data Clean-Up and Mapping Go-Live Performing Post-Implementation Auditing Governance (Gateway Process Risk Management Benefits Realisation Business Cases Using COBIT 5 1. AP005 Manage Portfolio 2. BAI01 Manage Programmes and projects 3. BAI02 Manage requirements definition 4. BAI03 Manage solutions identication Learn about how to Focus on auditing exceptions & errors in automated Financial transactions Auditing Emerging Technology Cloud Computing Social Media Big Data Bring Your Own Device (BYOD) and Mobility Cybersecurity Internet of Things 5 EGIT Enterprise Governance of IT

7 Who Should Attend In-house training opportunities are available, should your organisation have a minimum of 5 delegates per course or multiple sets. The cost advantage and the ability to discuss and resolve organisational issues are 2 major attractions for in-house training. Internal Auditors Experienced & Upcoming IT Auditors Chief Audit Executives Audit Managers IT Audit Consultants, Senior Consultants and Managers Risk & Audit Committee Members Corporate Services Managers IT Professionals Audit & Risk Committee Members IT Assurance, Risk, Security and Governance Professionals Risk Based IT Auditing Master Class 6

8 Our Services IT Auditing IT Governance Advisory IT Projects Advisory & Assurance Training Enterprise Risk Management Unit 201, Block 34, The Kanyin Corner Leeukop & Malindi Roads Sunninghill, 2157 South Africa EGIT Enterprise Governance of Information Technology (Pty) Ltd. IT Advisory Firm. Registraion Number: 2012/188059/07 Tax Number: