Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

Similar documents
The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

A Global Look at IT Audit Best Practices

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Risk Advisory Academy Training Brochure

BRING EXPERT TRAINING TO YOUR WORKPLACE.

COPYRIGHTED MATERIAL. Index

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Achieving effective risk management and continuous compliance with Deloitte and SAP

ROLE DESCRIPTION IT SPECIALIST

Opportunities to Integrate Technology Into the Classroom. Presented by:

Position Description IT Auditor

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

COBIT 5 Assessor Certification Course

REPORT 2015/010 INTERNAL AUDIT DIVISION

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

ISO 27001:2013 certification

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Making trust evident Reporting on controls at Service Organizations

Turning Risk into Advantage

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

IT General Controls and Why We Need Them -Dennis McLaughlin, CISA (Cyber AIT) Dennis McLaughlin - Cyber AIT 1

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

COBIT 5 Foundation. Certification-led Audit, Security, Governance & Risk

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Effective COBIT Learning Solutions Information package Corporate customers

What is IT Governance and Why is it Important?

Information Technology Risks & Controls for Financial Systems PEM-PAL Treasury CoP Workshop 2011 Kristin Lado Tufan

INTELLIGENCE DRIVEN GRC FOR SECURITY

FDIC InTREx What Documentation Are You Expected to Have?

Predstavenie štandardu ISO/IEC 27005

CAPABILITY STATEMENT

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

New Zealand Government IBM Infrastructure as a Service

Implementation PREVIEW VERSION

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

COMPANY PROFILE.

Les joies et les peines de la transformation numérique

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

REPORT 2015/149 INTERNAL AUDIT DIVISION

ISACA International Perspective

BHConsulting. Your trusted cybersecurity partner

COBIT 5 With COSO 2013

Course List & Pricing Crest Advisory Africa

The secret of the service catalogue. Panel discussion 9 th April 2014

IS Audit and Assurance Guideline 2002 Organisational Independence

BHConsulting. Your trusted cybersecurity partner

ITIL Service Lifecycle Strategy

Run the business. Not the risks.

Cyber, Information Security, and Data Protection

TAN Jenny Partner PwC Singapore

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Association for International PMOs. Expert. Practitioner. Foundation PMO. Learning.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Association for International PMOs. Expert. Practitioner. Foundation PMO. Learning.

DATACENTER SERVICES DATACENTER

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

KYAUK PHYU SPECIAL ECONOMIC ZONE DEVELOPMENT. Kyauk Phyu, Rakhine State, MYANMAR

Helping you understand the impact of GDPR.

IT Audit Essentials. Date: 10 th 12 th March 2015 Time: 9 am to 5.30 pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur

Cloud Services. Infrastructure-as-a-Service

Recommendations for Implementing an Information Security Framework for Life Science Organizations

ISACA Enterprise. Solutions and Resources

building for my Future 2013 Certification

IT risks and controls

Marine Institute Job Description

Security and Privacy Governance Program Guidelines

Course List & Pricing Crest Advisory Africa

TRAINING SEMINAR COURSE OUTLINE October

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

Drive digital transformation with an enterprise-grade Managed Private Cloud

NHS Fife. 2015/16 Audit Computer Service Review Follow Up

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Auditing IT General Controls

Certified Information Security Manager (CISM) Course Overview

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

Technology Transformation. Transformation. Excellence. Governance. PMO

HCL GRC IT AUDIT & ASSURANCE SERVICES

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

COURSE BROCHURE CISA TRAINING

Three Key Challenges Facing ISPs and Their Enterprise Clients

Securing Your Digital Transformation

NERC Staff Organization Chart Budget 2019

Information Security Governance and IT Governance

IS Audit and Assurance Guideline 2001 Audit Charter

UNITED NATIONS DEVELOPMENT PROGRAMME TERMS OF REFERENCE

John Snare Chair Standards Australia Committee IT/12/4

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

Transcription:

Risk Based IT Auditing Master Class Unlocking your World to a Sea of Opportunities

The Digital World Information Technology has developed into a nerve center of every organisation. It has become an intrinsic and pervasive component for business, used in the sustaining and extending of enterprises strategies and objectives. The impact of emerging technology Cloud Computing, Big Data, Mobility, Consumerisation, Social Media, Cybersecurity and the Internet of Things is permeating every aspect of business. Today more than ever more and more forwardlooking organisations are using IT to build sustainable competitive advantages. The Changing Landscape of IT Auditing Whilst IT business enabled opportunities are huge and can separate winners and losers the risks if not checked are catastrophic. IT auditing assurance and consulting has in turn evolved from checklist reviews focused on only providing audit control deficiencies and recommendations to a strategic enterprise function key in the realisation of business strategy. Traditional approaches to IT assurance and advisory and checklist IT auditing are no longer adequate to improve enterprise operations and add-value to business. Auditing of Business Processes enabled by IT Tichaona Zororo, CIA, CRMA, CISA, CISM, CRISC, CGEIT, COBIT 5 Certified Assessor 1 EGIT Enterprise Governance of IT

Beyond Checklist Auditing Boards and Audit Committees are demanding more meaningful audit issues aligned to enterprise strategic and performance goals. Check list auditing without adequate understanding of business under review will lead to audits that do not add-value or improve operations of an enterprise. Auditors need to take adequate time to understand an enterprise s key stakeholders; their requirements, enterprise strategy and the underlying IT environment to provide IT audits that add-value and improve operations. The Objective of Risk Based IT Auditing Master Class The Risk Based IT Auditing Master Class is aimed to equip Experienced Non IT Auditors, IT Auditors, Audit Committee Members, IT professionals, CAEs, and Business leaders with practical risk based IT auditing knowledge and skills to provide value-adding, aligned to key strategies, objectives and risk based IT audits that will grab the attention of Senior Business Leaders (CEOs, Board of Directors, Executive Management, Head of Department, Municipal Managers, Executive Committees, Audit & Risk Committees amongst others ). The emphasis is on linking observed IT control gaps to impact on business strategic and performance goals for example aligning/linking the lack of a DRP to non availability of key systems linking this to non- availability of core services such provision of services to residence and collection of rates in a Municipality. The Risk Based IT Auditing Master Class is a comprehensive 3 days course providing delegates with practical approaches to auditing IT. Delegates specific business environment will be used to deepen understanding of internal auditing.the course covers how to document relevant entity specific System Description, Performing Risk Assessment Control Matrix (RACM), Test Procedures (Audit Programs), Work Paper, Findings / Management Letter Points and Reporting. Risk Based IT Auditing Master Class focus on linking IT audit observations to key enterprise strategy and performance objectives in line with the new Internal Audit Principles. This Master Class seeks to equip delegates with IT Auditing Knowledge, Skills and Proven Approaches to completely perform value-add IT auditing from start to finish. It provides auditors with the necessary knowledge required to communicate insights and foresights effectively. Specific outcomes of the course includes: Planning an IT Audit driven by an understanding of the business environment (macro and mirco environment) Documentation of business processes Learning a pro-active audit approach to provide value-add IT auditing service to your organisation Introduction to COBIT 5 Principles, Goals Cascade, Enablers, Processes and Assessment Basic concepts of COBIT 5 for Assurance A business centric approach to Auditing IT General Controls Active Directory Auditing. Application Controls Review - HR and Finance Systems anchored on the understanding of Business processes. Auditing Outsourced IT Environments Value-add IT Projects Advisory & Assurance Introduction to Auditing Emerging Technology - Cloud Computing, Social Media, BYOD, Cybersecurity, Big Data & Internet of Things Understanding Enterprise Governance of IT Auditing Risk Based IT Auditing Master Class 2

Course Outline Day 1 IT Audit Planning: IT Auditing and Assurance Standards Approaches to Understanding the Business Environment Business Policies, Processes and Procedures Periodic Engagements with Business and Key Stakeholders IT Policies, Processes and Procedures Risk Assessment Dynamic IT Audit Plan based on business objectives IT Auditing Fieldwork: Establishing a Risk Based IT Audit Program Evidence Collection Methods Criteria for Quality Evidence Documenting Work Papers Documenting Findings - Communicating with Impact Follow-Up - How to carry out an IT Audit follow-up Audit 3 EGIT Enterprise Governance of IT

Day 2 Using COBIT 5 to Perform Risk Based IT Audits The 5 Principles The 5 Domains The 210 Practices The 7 Enablers The 37 Processes The Processes Structure The Goals Cascade Introduction to COBIT5 Implementation Introduction to Process Assessment Model COBIT5 for Assurance COBIT5 Product Family COBIT5 Courses Business Centric Approach to Auditing IT General Controls How to Perform an IT Governance Audit Understanding IT Governance Fundamentals King III IT Governance Principles The 5 COBIT 5 Governance (EDM) Processes A Practical Approach to IT Governance Auditing Introduction to the Corporate Governance of ICT Policy Framework (DPSA) IT Governance Structures Auditing Outsourced IT Environments Use of the COBIT 5 Goal Cascade and Balance Scorecards to formulate and enterprises service catalogue Operating Level Agreements (OLA) Service level Agreement (SLA) Auditing Business Continuity Management Planning (BCMP), IT Disaster Recovery Planning (DRP) and Data Backup ISO22301 Information Processing Facilities (Data Centre) Physical and Environmental Controls Performance and Capacity Management Practical Approach to Active Directory Auditing How to Audit Logical Access Security Controls: A Holistic Approach to Password Controls Auditing How to Identify Segregation of Duties Control Gaps Identifying Toxic Combinations Interface and Share Folders controls Auditing Service Accounts How to Audit End of Day Processing- Focusing on High Risk Areas IT HR Management Auditing IT Change Controls Problem and Incident Management Auditing Risk Based IT Auditing Master Class 4

Day 3 Auditing Application (Automated Business Processes and Transactions) Controls Input Controls Processing Controls Interface Controls Master Data Controls Auditing HR and Payroll Systems e.g. VIP Systems Accounts Payable - Finance Introduction to SAP Auditing Defense In-Depth versus Single Sign-on Auditing IT Projects Advisory versus Assurance - where is value-add? System Development Life Cycle (SDLC) Requirement Definition Development (Business Process versus Solution) Testing Solution Implementation Migration - Data Clean-Up and Mapping Go-Live Performing Post-Implementation Auditing Governance (Gateway Process Risk Management Benefits Realisation Business Cases Using COBIT 5 1. AP005 Manage Portfolio 2. BAI01 Manage Programmes and projects 3. BAI02 Manage requirements definition 4. BAI03 Manage solutions identication Learn about how to Focus on auditing exceptions & errors in automated Financial transactions Auditing Emerging Technology Cloud Computing Social Media Big Data Bring Your Own Device (BYOD) and Mobility Cybersecurity Internet of Things 5 EGIT Enterprise Governance of IT

Who Should Attend In-house training opportunities are available, should your organisation have a minimum of 5 delegates per course or multiple sets. The cost advantage and the ability to discuss and resolve organisational issues are 2 major attractions for in-house training. Internal Auditors Experienced & Upcoming IT Auditors Chief Audit Executives Audit Managers IT Audit Consultants, Senior Consultants and Managers Risk & Audit Committee Members Corporate Services Managers IT Professionals Audit & Risk Committee Members IT Assurance, Risk, Security and Governance Professionals Risk Based IT Auditing Master Class 6

Our Services IT Auditing IT Governance Advisory IT Projects Advisory & Assurance Training Enterprise Risk Management Unit 201, Block 34, The Kanyin Corner Leeukop & Malindi Roads Sunninghill, 2157 South Africa +27 11 234 2597 +27 73 298 9606 consult@egit.co.za www.egit.co.za EGIT Enterprise Governance of Information Technology (Pty) Ltd. IT Advisory Firm. Registraion Number: 2012/188059/07 Tax Number: 925228114

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback