Download Brochure - MIS Training
Download Brochure - MIS Training
Download Brochure - MIS Training
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The International Leader<br />
in Audit and Information<br />
Security <strong>Training</strong><br />
EARN 37 CPE CREDITS<br />
SAVE<br />
UP TO 50%<br />
WITH<br />
IN HOUSE<br />
TRAINING<br />
see the inside<br />
page for more<br />
information<br />
IT AUDIT SCHOOL<br />
A Step-by-Step Guide to the Essential Skills You Need to Perform IT Audit<br />
26th - 30th May 2008<br />
Lusaka<br />
ZAMBIA<br />
Course Director<br />
Charles Pask, CISSP<br />
Identify the business risks in automated environments<br />
and how to mitigate them<br />
Develop your knowledge of infrastructure essentials,<br />
including hardware and operating systems, the translation<br />
process, and analysing risk<br />
Explore security, operational, management, application,<br />
and systems software controls<br />
Discover what you need to know about databases,<br />
distributed systems, networks, and the Internet and<br />
e-commerce<br />
“Very useful overview and interesting<br />
topics and input worth bringing to<br />
future audit work”<br />
Internal Auditor, Euronext Liffe<br />
WWW.<strong>MIS</strong>TIEUROPE.COM/AFRICA
SEMINAR<br />
FOCUS<br />
AND<br />
FEATURES<br />
IT Audit School<br />
26th - 30th May 2008,<br />
Lusaka, Zambia<br />
This five day course is designed for financial, operational and<br />
business auditors who need to update their technical and<br />
operational knowledge to audit information technologies and<br />
automated business systems. It is also ideal for those who are<br />
new to IT Auditing who do not have a background in IT. You<br />
will explore the controls required when auditing currently<br />
installed systems, new systems under development, and the<br />
various activities within the information technology<br />
department. In addition, you will learn techniques for auditing<br />
automated systems. Then you will turn your attention to<br />
auditing the management of application transaction activity,<br />
controls, and procedures. You will master techniques that can<br />
be applied to mainframe, distributed processing, and<br />
client/server-based applications. You will gain field-tested<br />
tools for identifying, recording, assessing and evaluating<br />
application controls and procedures. A detailed case study<br />
will provide step-by-step reinforcement of what you have<br />
learned, and you will leave this high-impact seminar with<br />
testing techniques, and audit findings.<br />
COURSE DIRECTOR<br />
CHARLES PASK, CISSP<br />
Charles Pask is the Managing Director of ITSEC Associates<br />
Limited, responsible for delivering global IT security and IT<br />
audit services, including public training courses, in-house<br />
training courses, conferences, symposiums, and consulting.<br />
Previously, he was a Director with <strong>MIS</strong> <strong>Training</strong>, and Director of<br />
Information Security Institute (ISI) European and Middle East<br />
e-Security Services. Mr. Pask has over 18 years experience in<br />
IT, IT audit, and IT security, and was the Information Security<br />
Manager for Alliance & Leicester plc prior to joining <strong>MIS</strong>. Mr.<br />
Pask has been a member of the ITSEC Common Criteria team<br />
working with the DTI, and a committee member of the APACS<br />
Security Advisory Group and the LINK Security Group. He has<br />
spoken at a number of conferences, including WebSec,<br />
Compsec, the International Security Managers Symposium,<br />
and various ISACA events.<br />
Prerequisites<br />
None<br />
Learning Level<br />
Basic<br />
Who Should Attend<br />
Financial, Operational, Business Applications, and<br />
External Auditors; New Information Technology<br />
Auditors<br />
( However we recommend those with an IT background<br />
attend <strong>MIS</strong> “Making the Transition from IT to IT Audit.” )<br />
Bonus<br />
Your fee includes a copy of the Handbook of Controls<br />
for Auditing Computer Applications and a copy of <strong>MIS</strong>'<br />
Information Technology & Audit Acronym Dictionary<br />
Fee<br />
GBP £2,195<br />
EARN 37 CPEs<br />
IN-HOUSE TRAINING<br />
Save up to 50% on training when you run<br />
this course in-house<br />
In-house tailored training will enable you & your colleagues to<br />
make significant savings as we charge per day & not per<br />
participant so the cost remains the same regardless of how<br />
many people attend. We can offer any of our public courses or<br />
tailor them to your requirements. <strong>Training</strong> is available in all areas<br />
of Internal Audit, IT Audit, and IT Security<br />
If you have 6 or more colleagues who would be interested in one<br />
of our courses and you would like to make significant savings,<br />
contact us now;<br />
• What are your training objectives?<br />
• How many people require the training?<br />
• When would you like to run the training?<br />
• What level of experience do you and your colleagues have?<br />
• We will then email you a detailed proposal which addresses<br />
your unique needs.<br />
You will have complete control of the training content and decide<br />
when it is run. We guarantee that we will be able to cater for all<br />
your business needs.<br />
Email Guy Cooper at gcooper@mistieurope.com or call<br />
+44 (0) 20 7779 8975 now<br />
More Great Reasons to Choose our In-house <strong>Training</strong>:<br />
• Save money over public seminar fees<br />
• Save money on travel & accommodation<br />
• Save time on travel as the instructor will travel to you.<br />
Furthermore, the training can be held at the most convenient<br />
time for you.<br />
• Tailor the course content; ensure the relevance of the seminar<br />
for your colleagues. You can tailor the structure & methodology<br />
of your seminar or customise the seminar to meet the<br />
expertise levels of the participants.<br />
• Bring the best in the business; Instructors are hands-on, expert<br />
practitioners who are your subject matter consultants when<br />
they are not training.<br />
• Gain CPE points & certificates for the number of training hours.
AGENDA<br />
DAY ONE<br />
Fundamentals of IT Auditing<br />
■ Objectives of IT Audit<br />
■ Business risks in an automated<br />
environment<br />
■ Information systems security<br />
concerns<br />
■ Role of IT auditors and business<br />
auditors<br />
Auditing Standards<br />
■ ISACA<br />
■ The AICPA Guidance Statement on<br />
Auditing<br />
■ SAS 55: consideration of the internal<br />
control structure in a financial<br />
statement audit<br />
■ COBIT: control objectives for<br />
information and related technology<br />
■ Sarbanes-Oxley Sections 302 and<br />
404 compliance<br />
■ PCAOB<br />
■ GAO: government audit standards<br />
■ IT standards<br />
Infrastructure Essentials<br />
■ Computer hardware and operating<br />
systems<br />
■ How application systems software<br />
and systems programmes interact<br />
■ Distributed systems hardware<br />
■ The translation process from source<br />
to executable<br />
■ Audit risk in programme<br />
management<br />
■ Analysing infrastructure risk<br />
“Straight to the point and<br />
hand out is wonderful.”<br />
Electricity Company of Ghana<br />
DAY TWO<br />
Databases<br />
■ Non-database and database<br />
management environments<br />
■ Database risks on the applications,<br />
the data, and the operating<br />
environment<br />
■ Network discovery<br />
■ Address spoofing: IP and MAC<br />
addresses<br />
■ Malicious software<br />
■ Unauthorised entry<br />
■ Denial-of-service<br />
Distributed Systems<br />
■ Comparing distributed systems to<br />
centralised systems<br />
■ Fundamentals of client/server and its<br />
model<br />
■ Server functions<br />
■ Evaluating risk of distributed systems<br />
Networks<br />
■ Host-based environments<br />
■ LANs and WANs<br />
■ Data communication basics and risks<br />
■ Bridges, switches, routers, and<br />
gateways<br />
DAY THREE<br />
Internet and E-Commerce<br />
■ Understanding Internet terms and<br />
concepts<br />
■ Perimeter controls (firewalls) and<br />
security vulnerabilities<br />
■ Assessing Internet-related risk<br />
■ Confidentiality and authentication in<br />
e-commerce<br />
General Controls<br />
■ Information technology infrastructure<br />
■ Security, operational, management<br />
and system software controls<br />
■ Identifying and assessing risk<br />
■ Placing reliance on general controls<br />
Business Systems Applications<br />
■ Types of business applications<br />
■ How business applications affect the<br />
audit environment<br />
DAY FOUR<br />
Defining a Transaction<br />
■ Transaction-based application<br />
auditing<br />
■ Life cycle of a transaction<br />
■ Transaction origination and<br />
authorisation<br />
■ Processing, output, and input<br />
■ Report distribution<br />
■ Reconciliation<br />
■ Error identification<br />
General Flow of an Audit Application<br />
■ The business environment<br />
■ The technical environment<br />
■ Data risk assessment<br />
■ Transactional flow<br />
■ Test process<br />
Components of a Business<br />
Application<br />
■ Transaction origination<br />
■ Input<br />
■ Processing<br />
■ Output<br />
■ Audit impact<br />
DAY FIVE<br />
Data Input and Processing Models<br />
■ Characteristics and controls<br />
■ Batch input: batch processing<br />
■ Online input: batch processing<br />
■ Online input: online processing<br />
■ Real-time entry: real-time processing<br />
■ Internet entry<br />
“Exactly what is needed<br />
for the performance of<br />
duties and incentive to<br />
take a profession<br />
examination”<br />
Scala ( West africa) LTD<br />
Application Controls<br />
■ Categories<br />
■ Differentiating controls from<br />
procedures<br />
■ Completeness and accuracy of input<br />
and processing<br />
■ Output controls and authorisation<br />
■ Inter-relationship between application<br />
controls and general controls<br />
Beginning the Audit<br />
■ Risk assessment factors<br />
■ Quantifiable and lifiable factors<br />
■ The opening meeting<br />
■ Understanding the application<br />
“An extremely value<br />
adding course. Perfect<br />
input for my audit<br />
strategy.”<br />
Senior Internal Auditor,<br />
Ministry of Finance Planning & Econ<br />
Devt.<br />
© <strong>MIS</strong> <strong>Training</strong> 2008
IT AUDIT SCHOOL<br />
A Step-by-Step Guide to the Essential Skills You Need to Perform IT Audit<br />
37 CPES<br />
When registering for this event please quote reference WEB<br />
I would like to receive information about running this course in-house <br />
IT Audit School<br />
(please photocopy form for additional<br />
delegates) (MT2388)<br />
26th - 30th May 2008, Lusaka, Zambia<br />
£2,195* £<br />
Grand Total £<br />
*Discounts: Government, 10% off regular fees. Groups<br />
of 3 or more, 10% off regular fees. Discounts can not<br />
be used in conjunction with each other.<br />
FEES MUST BE PAID IN ADVANCE OF<br />
THE EVENT<br />
Customer Information<br />
Title First name<br />
Surname<br />
Title/Position<br />
E-Mail Address (Required)<br />
Address<br />
Country<br />
Telephone<br />
Organisation<br />
Postcode<br />
Fax<br />
The information you provide will be safeguarded by the Euromoney Institutional Investor PLC group whose subsidiaries<br />
may use it to keep you informed of relevant products and services. We occasionally allow reputable companies outside<br />
the Euromoney Institutional Investor PLC group to contact you with details of products that may be of interest to you. As<br />
an international group we may transfer your data on a global basis for the purposes indicated above. If you object to<br />
contact by telephone , fax , or email please tick the relevant box. If you do not want us to share your information<br />
with other reputable companies please tick this box .<br />
Payment Information<br />
YOU CAN NOW PAY ONLINE AT www.mistieurope.com<br />
Cheque enclosed (payable to <strong>MIS</strong> <strong>Training</strong>) Please invoice my company PO#<br />
Please debit my credit card AMEX VISA MasterCard<br />
Card Number<br />
Expiry<br />
Cardholders name<br />
Verification Code<br />
Please include billing address if different from address given<br />
Please note that in completing this booking you undertake to adhere to the cancellation and<br />
payment terms listed below<br />
Signature<br />
Approving Manager<br />
5 easy ways to register<br />
Tel: +44 (0)20 7779 8944<br />
Fax completed form to:<br />
+44 (0)20 7779 8293<br />
Email: mis@mistieurope.com<br />
Web: www.mistieurope.com<br />
Post completed form to:<br />
Carlos Doughty,<br />
<strong>MIS</strong> <strong>Training</strong>, Nestor House,<br />
Playhouse Yard,<br />
London<br />
EC4V 5EX UK<br />
Date<br />
Position<br />
Key topic areas:<br />
■ Identify the business risks in<br />
automated environments and how to<br />
mitigate them<br />
■ Develop your knowledge of<br />
infrastructure essentials, including<br />
hardware and operating systems, the<br />
translation process, and analysing<br />
risk<br />
■ Explore security, operational,<br />
management, application, and<br />
systems software controls<br />
■ Discover what you need to know<br />
about databases, distributed<br />
systems, networks, and the Internet<br />
and e-commerce<br />
Why should you attend?<br />
■ <strong>MIS</strong> <strong>Training</strong> is the global<br />
leader in IT audit and info<br />
security training, having trained<br />
over 200,000 delegates<br />
■ Course Instructors are the<br />
most reputable in the industry<br />
■ We have an impressive client<br />
list including Central Bank of<br />
Nigeria, Daimler Chrysler,<br />
Ecobank Ghana Limited, MTN,<br />
National Bank of Kenya to<br />
name a few<br />
■ Earn CPE points - which can be<br />
used to qualify/maintain a<br />
CISSP, CISA or CISM<br />
Please send me information on:<br />
In House <strong>Training</strong><br />
Risk Based Operational Auditing, 17th - 20th<br />
March 2008, Kampala<br />
Auditing The Treasury Function, 5th - 8th May<br />
2008, Johannesburg<br />
3rd Annual - Audit, Risk & Governance Africa<br />
Conference, 22nd - 25th July 2008 Ghana,<br />
Accra<br />
Registration Information<br />
(fees must be paid in advance of the<br />
event)<br />
Accommodation<br />
<strong>MIS</strong> <strong>Training</strong> has negotiated special<br />
accommodation rates for hotels in Lusaka.<br />
For further information please email<br />
mis@mistieurope.com or call + (0) 20 7779<br />
8944. If you have any other queries please visit<br />
www.mistieurope.com/FAQs.<br />
Cancellation Policy<br />
Should a delegate be unable to attend, a<br />
substitute may attend in his or her place.<br />
Cancellations received within 21 working days<br />
of the event are liable for the full seminar fee. If<br />
full payment has been received you are eligible<br />
for a 75% reduction on the next run of the<br />
seminar. This discount will be valid for one<br />
year only. <strong>MIS</strong> reserves the right to change or<br />
cancel programmes due to unforeseen<br />
circumstances.<br />
High Yield/No-Risk Guarantee<br />
Attend these workshops and receive tools and<br />
techniques that will help you do your job<br />
better. If you do not, simply tell us why on your<br />
company letterhead and we will give you a full<br />
credit toward another programme.