top of page

Presenter:- Deon van der Westhuizen

Date:- 16 to 18 May April 2016

 

Where:- Cape Town

 

 

Price: R3000 pp ex VAT

Risk-based IT Auditing

 

 

Course Objectives

 

To provide a sound understanding of the information systems (IS) audit process from cradle to grave to those auditors wishing to improve their information systems audit technique. Specific outcomes include an unaderstanding of:

 

  • The IS audit process: planning, risk assessment, execution, reporting

  • Use of best practice publications: CobiT, ITIL, ISO17799

  • IS Governance

  • Complex IS audits:

    • Information Security

    • IT Service Continuity Management

    • Outsourced Environments and the Service Level Management Process

    • The Systems Development Lifecycle

 

 

Course Content

The IS Audit Process

  • Scoping the engagement:

  • IS Auditing in the context of the Annual Internal audit plan

  • Considering the relationship between application and general controls

  • Timing of the audit

  • Defining the population to be audited

  • Team selection and integration

  • Execution

  • Reporting to various audienes: making the results understandable

Use of best practice publications

  • CobiT, ITIL, ISO1799

  • Purpose of the publication

  • Use of the publication to the IS auditor

IS Governance

  • What is IS governance

  • IS vs. Corporate Governance

  • IS governance modelling

  • Auditing IS governance

Understanding information systems risk

  • Understanding risk related to:

  • Information security

  • IT Service continuity Management

  • Outsourced Environments and the Service Level Management process

  • The systems development lifecycle

  • Performing a risk assessment

 

Understanding the key information systems controls

  • Logical information security (based on ISO 17799)

  • Segregation of duties

  • User account management

  • Application layer security

  • Network layer security

  • Operating systems security

  • Database security

  • Outsourced Environments and the Service Level Management Process

  • The systems development lifecycle

Auditing key information systems controls

  • Procedures to audit the adequacy and effectiveness of each of the key information controls identified:

  • Performing a walkthrough

  • Defining the population to be tested for control effectiveness

  • Test procedures

.

bottom of page