Advanced Information System Auditing

Information Technology continues to advance; organisations are increasingly dependent on the use of information systems (IS) to carry out their business operations and service delivery and to process, maintain and report essential information.

Such heavy reliance calls for experienced IS Auditors to give Executive Management the assurance they need to make good, well informed business decisions and to be satisfied that the myriad of risks associated with their use of technology are well and appropriately managed.

Because of this reliance, it is important that both internal and external auditors are aware of globally recognised best practices in their role at the more experienced, "Senior" level.

This course will establish the IT auditors' overall objective, like everyone else involved, to contribute to the success of the Organisation's Objectives. IT auditors are best qualified to do this by:

• Planning and managing appropriate and timely audit projects based on business risk
• Assessing the quality of IT Governance & management practices
• Addressing their role in the development and acquisition of technology
• Evaluating information systems operations, maintenance & support and
• Auditing the protection of information assets

The course will focus upon the globally recognised duties of an IS Auditor after 3 to 5 years experience in the role, as established by the Information Systems Audit & Control Association (ISACA) based on a series on international questionnaires. Delegates should note that, at this more senior level, the IS Auditors "hands on" ability with technology is less important that their understanding of the audit concepts involved and how these must be considered against the actual needs of the organisation.

Through a combination of lectures, open discussions and consideration of actual IS Audit projects, you will assist you to:

• Enhance and confirm your knowledge and experience
• Gain and maintain the level of knowledge required to meet the dynamic challenges of a modern enterprise
• Increase your value to your organization
• Achieve a competitive advantage over peers when seeking job growth
• Achieve and maintain a high professional standard

Introduction and agenda

• Review of agenda as well as course expectations
• Opportunity for Delegates to raise any specific issues

The Process of Auditing IS

• What tasks are within this area?
• Management of the IS Audit function

IS Auditing Standards

• What is expected of the Senior IS Auditor?
• An overview of Risk Based Auditing
• Types of Control

Performing an IS Audit

• IS Audit Standards
• Computer Assisted Audit Techniques (CAATs)
• Considering Control Self Assessment & Continuous Auditing

The Governance & Management of IT

• The difference between Governance & Management
• The IT Governance structure
• Auditing the IT Strategy
• Policies, Standards, Procedures & Guidelines

IS Management Practices

• Human Resource Management
• Organisational Structures & Responsibilities
• Auditing Outsourced services

Segregation of Duties

• Why this is a critical business concern
• Ensuring every aspect of business risk is addressed by IT
• Administrative issues

Technology Acquisition, Development & Implementation

• Benefits Realisation & the Business Case
• Project Management Structures
• Project Controls: the GANTT & PERT Charts
• A review of the standard development methodology and where Auditors are involved
• What the Auditor is expected to do and what must be avoided!

Business Process Reengineering and specific applications

• A look a the BPR Project and where things can go wrong!
• A brief review of some specific applications

Acquisition and how it is different from Development

• Audit concerns and business risks
• A look at a project that went very wrong because no IS Audito was involved!

IS Operations, Maintenance & Support

• Management of IS Operations
• Incident & Problem Management
• Technical Hardware

IS Operations, Maintenance & Support continued

• IS Technical Architecture & Software
• Operating Systems
• Data & Database Management
• Utility Program Problems
• Software Licensing

IS Network Infrastructure

• Network design & Resilience
• Network Media: risks and controls

Disaster Recovery & Business Continuity

• Audit's expectations during planning
• Will the technology recover? The RPO and RTO & the Auditor
• Recovery strategies
• Horror stories!

Protection of Information Assets

• Information Security Management
• Logical Access Controls & Audit Expectations
• Remote Access
• Audit issues & concerns
• The use & abuse of Encryption

Protection of Information Assets continued

• Network Security, Firewalls & The Internet
• The Demilitarized Zone (DMZ)
• Types of attack & addressing them
• The use of Intruder Detection Systems (IDS)

Physical & Environmental Security

• Physical access exposures & controls
• Environmental issues & exposures
• Fire suppressant systems: pouring water on the computer!

Auditing Information Security

• The Information Security Policy
• Penetration Testing
• Getting Management Attention!

Summing up the Course

• Introducing the Certified Information Systems Auditor designation
• Any further questions
• Key Issues of the course

Call : +6 (082) 287 737

E-mail : kevin@cia-global.com

• Implementing & Migrating to COBIT 5 in the Governance of Enterprise IT
• Risk-Based Auditing
• Project Auditing for Risk Assurance
• Certified Information Security Manager (CISM)
• ITIL® Foundation Certification Training
• More Information Technology Training Courses