Download Brochure - MIS Training

The International Leader
in Audit and Information
Security Training
EARN 37 CPE CREDITS
SAVE
UP TO 50%
WITH
IN HOUSE
TRAINING
see the inside
page for more
information
IT AUDIT SCHOOL
A Step-by-Step Guide to the Essential Skills You Need to Perform IT Audit
26th - 30th May 2008
Lusaka
ZAMBIA
Course Director
Charles Pask, CISSP
Identify the business risks in automated environments
and how to mitigate them
Develop your knowledge of infrastructure essentials,
including hardware and operating systems, the translation
process, and analysing risk
Explore security, operational, management, application,
and systems software controls
Discover what you need to know about databases,
distributed systems, networks, and the Internet and
e-commerce
“Very useful overview and interesting
topics and input worth bringing to
future audit work”
Internal Auditor, Euronext Liffe
WWW.MISTIEUROPE.COM/AFRICA

SEMINAR
FOCUS
AND
FEATURES
IT Audit School
26th - 30th May 2008,
Lusaka, Zambia
This five day course is designed for financial, operational and
business auditors who need to update their technical and
operational knowledge to audit information technologies and
automated business systems. It is also ideal for those who are
new to IT Auditing who do not have a background in IT. You
will explore the controls required when auditing currently
installed systems, new systems under development, and the
various activities within the information technology
department. In addition, you will learn techniques for auditing
automated systems. Then you will turn your attention to
auditing the management of application transaction activity,
controls, and procedures. You will master techniques that can
be applied to mainframe, distributed processing, and
client/server-based applications. You will gain field-tested
tools for identifying, recording, assessing and evaluating
application controls and procedures. A detailed case study
will provide step-by-step reinforcement of what you have
learned, and you will leave this high-impact seminar with
testing techniques, and audit findings.
COURSE DIRECTOR
CHARLES PASK, CISSP
Charles Pask is the Managing Director of ITSEC Associates
Limited, responsible for delivering global IT security and IT
audit services, including public training courses, in-house
training courses, conferences, symposiums, and consulting.
Previously, he was a Director with MIS Training, and Director of
Information Security Institute (ISI) European and Middle East
e-Security Services. Mr. Pask has over 18 years experience in
IT, IT audit, and IT security, and was the Information Security
Manager for Alliance & Leicester plc prior to joining MIS. Mr.
Pask has been a member of the ITSEC Common Criteria team
working with the DTI, and a committee member of the APACS
Security Advisory Group and the LINK Security Group. He has
spoken at a number of conferences, including WebSec,
Compsec, the International Security Managers Symposium,
and various ISACA events.
Prerequisites
None
Learning Level
Basic
Who Should Attend
Financial, Operational, Business Applications, and
External Auditors; New Information Technology
Auditors
( However we recommend those with an IT background
attend MIS “Making the Transition from IT to IT Audit.” )
Bonus
Your fee includes a copy of the Handbook of Controls
for Auditing Computer Applications and a copy of MIS'
Information Technology & Audit Acronym Dictionary
Fee
GBP £2,195
EARN 37 CPEs
IN-HOUSE TRAINING
Save up to 50% on training when you run
this course in-house
In-house tailored training will enable you & your colleagues to
make significant savings as we charge per day & not per
participant so the cost remains the same regardless of how
many people attend. We can offer any of our public courses or
tailor them to your requirements. Training is available in all areas
of Internal Audit, IT Audit, and IT Security
If you have 6 or more colleagues who would be interested in one
of our courses and you would like to make significant savings,
contact us now;
• What are your training objectives?
• How many people require the training?
• When would you like to run the training?
• What level of experience do you and your colleagues have?
• We will then email you a detailed proposal which addresses
your unique needs.
You will have complete control of the training content and decide
when it is run. We guarantee that we will be able to cater for all
your business needs.
Email Guy Cooper at gcooper@mistieurope.com or call
+44 (0) 20 7779 8975 now
More Great Reasons to Choose our In-house Training:
• Save money over public seminar fees
• Save money on travel & accommodation
• Save time on travel as the instructor will travel to you.
Furthermore, the training can be held at the most convenient
time for you.
• Tailor the course content; ensure the relevance of the seminar
for your colleagues. You can tailor the structure & methodology
of your seminar or customise the seminar to meet the
expertise levels of the participants.
• Bring the best in the business; Instructors are hands-on, expert
practitioners who are your subject matter consultants when
they are not training.
• Gain CPE points & certificates for the number of training hours.

AGENDA
DAY ONE
Fundamentals of IT Auditing
■ Objectives of IT Audit
■ Business risks in an automated
environment
■ Information systems security
concerns
■ Role of IT auditors and business
auditors
Auditing Standards
■ ISACA
■ The AICPA Guidance Statement on
Auditing
■ SAS 55: consideration of the internal
control structure in a financial
statement audit
■ COBIT: control objectives for
information and related technology
■ Sarbanes-Oxley Sections 302 and
404 compliance
■ PCAOB
■ GAO: government audit standards
■ IT standards
Infrastructure Essentials
■ Computer hardware and operating
systems
■ How application systems software
and systems programmes interact
■ Distributed systems hardware
■ The translation process from source
to executable
■ Audit risk in programme
management
■ Analysing infrastructure risk
“Straight to the point and
hand out is wonderful.”
Electricity Company of Ghana
DAY TWO
Databases
■ Non-database and database
management environments
■ Database risks on the applications,
the data, and the operating
environment
■ Network discovery
■ Address spoofing: IP and MAC
addresses
■ Malicious software
■ Unauthorised entry
■ Denial-of-service
Distributed Systems
■ Comparing distributed systems to
centralised systems
■ Fundamentals of client/server and its
model
■ Server functions
■ Evaluating risk of distributed systems
Networks
■ Host-based environments
■ LANs and WANs
■ Data communication basics and risks
■ Bridges, switches, routers, and
gateways
DAY THREE
Internet and E-Commerce
■ Understanding Internet terms and
concepts
■ Perimeter controls (firewalls) and
security vulnerabilities
■ Assessing Internet-related risk
■ Confidentiality and authentication in
e-commerce
General Controls
■ Information technology infrastructure
■ Security, operational, management
and system software controls
■ Identifying and assessing risk
■ Placing reliance on general controls
Business Systems Applications
■ Types of business applications
■ How business applications affect the
audit environment
DAY FOUR
Defining a Transaction
■ Transaction-based application
auditing
■ Life cycle of a transaction
■ Transaction origination and
authorisation
■ Processing, output, and input
■ Report distribution
■ Reconciliation
■ Error identification
General Flow of an Audit Application
■ The business environment
■ The technical environment
■ Data risk assessment
■ Transactional flow
■ Test process
Components of a Business
Application
■ Transaction origination
■ Input
■ Processing
■ Output
■ Audit impact
DAY FIVE
Data Input and Processing Models
■ Characteristics and controls
■ Batch input: batch processing
■ Online input: batch processing
■ Online input: online processing
■ Real-time entry: real-time processing
■ Internet entry
“Exactly what is needed
for the performance of
duties and incentive to
take a profession
examination”
Scala ( West africa) LTD
Application Controls
■ Categories
■ Differentiating controls from
procedures
■ Completeness and accuracy of input
and processing
■ Output controls and authorisation
■ Inter-relationship between application
controls and general controls
Beginning the Audit
■ Risk assessment factors
■ Quantifiable and lifiable factors
■ The opening meeting
■ Understanding the application
“An extremely value
adding course. Perfect
input for my audit
strategy.”
Senior Internal Auditor,
Ministry of Finance Planning & Econ
Devt.
© MIS Training 2008

IT AUDIT SCHOOL
A Step-by-Step Guide to the Essential Skills You Need to Perform IT Audit
37 CPES
When registering for this event please quote reference WEB
I would like to receive information about running this course in-house
IT Audit School
(please photocopy form for additional
delegates) (MT2388)
26th - 30th May 2008, Lusaka, Zambia
£2,195* £
Grand Total £
*Discounts: Government, 10% off regular fees. Groups
of 3 or more, 10% off regular fees. Discounts can not
be used in conjunction with each other.
FEES MUST BE PAID IN ADVANCE OF
THE EVENT
Customer Information
Title First name
Surname
Title/Position
E-Mail Address (Required)
Address
Country
Telephone
Organisation
Postcode
Fax
The information you provide will be safeguarded by the Euromoney Institutional Investor PLC group whose subsidiaries
may use it to keep you informed of relevant products and services. We occasionally allow reputable companies outside
the Euromoney Institutional Investor PLC group to contact you with details of products that may be of interest to you. As
an international group we may transfer your data on a global basis for the purposes indicated above. If you object to
contact by telephone , fax , or email please tick the relevant box. If you do not want us to share your information
with other reputable companies please tick this box .
Payment Information
YOU CAN NOW PAY ONLINE AT www.mistieurope.com
Cheque enclosed (payable to MIS Training) Please invoice my company PO#
Please debit my credit card AMEX VISA MasterCard
Card Number
Expiry
Cardholders name
Verification Code
Please include billing address if different from address given
Please note that in completing this booking you undertake to adhere to the cancellation and
payment terms listed below
Signature
Approving Manager
5 easy ways to register
Tel: +44 (0)20 7779 8944
Fax completed form to:
+44 (0)20 7779 8293
Email: mis@mistieurope.com
Web: www.mistieurope.com
Post completed form to:
Carlos Doughty,
MIS Training, Nestor House,
Playhouse Yard,
London
EC4V 5EX UK
Date
Position
Key topic areas:
■ Identify the business risks in
automated environments and how to
mitigate them
■ Develop your knowledge of
infrastructure essentials, including
hardware and operating systems, the
translation process, and analysing
risk
■ Explore security, operational,
management, application, and
systems software controls
■ Discover what you need to know
about databases, distributed
systems, networks, and the Internet
and e-commerce
Why should you attend?
■ MIS Training is the global
leader in IT audit and info
security training, having trained
over 200,000 delegates
■ Course Instructors are the
most reputable in the industry
■ We have an impressive client
list including Central Bank of
Nigeria, Daimler Chrysler,
Ecobank Ghana Limited, MTN,
National Bank of Kenya to
name a few
■ Earn CPE points - which can be
used to qualify/maintain a
CISSP, CISA or CISM
Please send me information on:
In House Training
Risk Based Operational Auditing, 17th - 20th
March 2008, Kampala
Auditing The Treasury Function, 5th - 8th May
2008, Johannesburg
3rd Annual - Audit, Risk & Governance Africa
Conference, 22nd - 25th July 2008 Ghana,
Accra
Registration Information
(fees must be paid in advance of the
event)
Accommodation
MIS Training has negotiated special
accommodation rates for hotels in Lusaka.
For further information please email
mis@mistieurope.com or call + (0) 20 7779
8944. If you have any other queries please visit
www.mistieurope.com/FAQs.
Cancellation Policy
Should a delegate be unable to attend, a
substitute may attend in his or her place.
Cancellations received within 21 working days
of the event are liable for the full seminar fee. If
full payment has been received you are eligible
for a 75% reduction on the next run of the
seminar. This discount will be valid for one
year only. MIS reserves the right to change or
cancel programmes due to unforeseen
circumstances.
High Yield/No-Risk Guarantee
Attend these workshops and receive tools and
techniques that will help you do your job
better. If you do not, simply tell us why on your
company letterhead and we will give you a full
credit toward another programme.