IT Audit School - IT Auditing for Non-IT Auditors - MIS Training
IT Audit School - IT Auditing for Non-IT Auditors - MIS Training
IT Audit School - IT Auditing for Non-IT Auditors - MIS Training
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The Global Leader In<br />
<strong>Audit</strong> and In<strong>for</strong>mation Security <strong>Training</strong><br />
<strong>IT</strong> <strong>Audit</strong><br />
<strong>School</strong> - <strong>IT</strong><br />
<strong>Audit</strong>ing <strong>for</strong><br />
<strong>Non</strong>-<strong>IT</strong><br />
<strong>Audit</strong>ors<br />
The essential skills you need to<br />
per<strong>for</strong>m an <strong>IT</strong> audit and become an<br />
integrated auditor<br />
It <strong>Audit</strong><br />
5 DAY COURSE:<br />
18 - 22 February 2013<br />
London<br />
Course Director<br />
Charles Pask<br />
‘My reasons <strong>for</strong> attending this course were<br />
to gain more knowledge in <strong>IT</strong> <strong>Audit</strong>. The<br />
course gave me the global view I was<br />
looking <strong>for</strong> and I will now be able to<br />
communicate with all <strong>IT</strong> <strong>Audit</strong>ors. The<br />
course director was excellent! He was<br />
enthusiastic, and was able to keep my<br />
attention. He used some great slides and<br />
delivered everything in a clear voice.’<br />
Manager of Operational <strong>Audit</strong>,<br />
NV Nederlandse Gasunie<br />
‘Very in<strong>for</strong>mative course and well structured.<br />
With the skills I learnt and I feel I can<br />
per<strong>for</strong>m in my job more methodically.<br />
Charles is very knowledgeable and is able<br />
to provide examples of real life situations’<br />
Executive,<br />
Grant Thorton<br />
Leading <strong>IT</strong> <strong>Audit</strong>or & Security professional<br />
with over 25 years experience and <strong>for</strong>mer<br />
In<strong>for</strong>mation Security Manager at Alliance<br />
& Leicester plc.<br />
■ Identify the business risks in automated environments<br />
and how to mitigate them<br />
■ Develop your knowledge of infrastructure essentials,<br />
including hardware and operating systems, the<br />
translation process, and analysing risk<br />
■ Explore security, operational, management, application,<br />
and systems software controls<br />
■ Discover what you need to know about databases,<br />
distributed systems, networks, and the Internet and e-<br />
commerce<br />
Save up to 50%<br />
with In-House <strong>Training</strong><br />
www.mistieurope.com/inhouse<br />
Register Online at:<br />
www.mistieurope.com/208
<strong>IT</strong> <strong>Audit</strong><br />
<strong>School</strong> - <strong>IT</strong><br />
<strong>Audit</strong>ing <strong>for</strong><br />
<strong>Non</strong>-<strong>IT</strong><br />
<strong>Audit</strong>ors<br />
The essential skills you need to per<strong>for</strong>m<br />
an <strong>IT</strong> audit and become an integrated<br />
auditor<br />
Course Director<br />
Charles Pask<br />
Gain access to an experienced trainer who is still a practicing<br />
practitioner with real life examples. Mr Pask will explain the<br />
fundamental building blocks <strong>for</strong> success in an integrated audit<br />
environment.<br />
Mr. Pask has over 25 years’ experience in <strong>IT</strong>, <strong>IT</strong> audit, and <strong>IT</strong><br />
security, and was the In<strong>for</strong>mation Security Manager <strong>for</strong><br />
Alliance & Leicester plc prior to joining <strong>MIS</strong>.<br />
More recently Mr Pask was the Global Head of Strategy,<br />
Development and Globalisation <strong>for</strong> the BT Business<br />
Continuity, Security and Governance Practice.<br />
Mr Pask has been the Chairman at the prestigious Chief<br />
In<strong>for</strong>mation Security Officers (CISO) conferences in Europe <strong>for</strong><br />
the last 6 years and also <strong>for</strong> the four CISO conferences held<br />
to date in the Middle East. Mr Pask also Chaired the CISO<br />
symposiums in Dubai (Feb 2011) and Rome (June 2011).<br />
Mr. Pask has been a member of the <strong>IT</strong>SEC Common Criteria<br />
team working with the DTI, and a committee member of the<br />
APACS Security Advisory Group and the LINK Security<br />
Group. He has spoken at a number of conferences, including<br />
CISO, WebSec, Compsec, the International Security<br />
Managers Symposium, and various ISACA events.<br />
‘The course is tailored <strong>for</strong> auditors who have<br />
little or no knowledge of <strong>IT</strong>. It enables non <strong>IT</strong><br />
auditors to focus on critical <strong>IT</strong> components and<br />
practices’<br />
Chief Internal <strong>Audit</strong>or,<br />
Comesa<br />
Course focus and features<br />
This 5-day course is designed <strong>for</strong> financial, operational and<br />
business auditors who need to update their technical and<br />
operational knowledge to audit in<strong>for</strong>mation technologies<br />
and automated business systems. It is also ideal <strong>for</strong> those<br />
who are new to <strong>IT</strong> <strong>Audit</strong>ing who do not have an background<br />
in <strong>IT</strong>.<br />
You will explore auditing standards, including Sarbanes-Oxley and<br />
PCAOB. You will discuss the controls required when auditing<br />
currently installed systems, new systems under development, and<br />
the various activities within the in<strong>for</strong>mation technology<br />
department.<br />
In addition, you will learn techniques <strong>for</strong> auditing automated<br />
systems. You will then turn your attention to auditing the<br />
management of application transaction activity, controls, and<br />
procedures. You will master techniques that can be applied to<br />
mainframe, distributed processing, and client/server-based<br />
applications. You will gain field-tested tools <strong>for</strong> identifying,<br />
recording, assessing, and evaluating application controls and<br />
procedures. You will leave this high-impact seminar with testing<br />
techniques, and audit findings.<br />
By attending this course you will leave with an<br />
understanding of:<br />
• How <strong>IT</strong> risks and controls have a direct impact on business<br />
risks.<br />
• Integrated audit strategies and their focus on business risks.<br />
• <strong>IT</strong> general controls and their impact on the reliability of<br />
application controls.<br />
• Important application controls and their impact on business<br />
processes.<br />
• Methods <strong>for</strong> testing automated and manual controls.<br />
• Methods of documenting <strong>IT</strong> processes and controls.<br />
• Why end user computing audits are important due to the<br />
general lack of effective controls thus potentially having a<br />
significant impact on the business.<br />
• Network concepts and their impact on business operations and<br />
security.<br />
• The Importance of databases to the security of business<br />
in<strong>for</strong>mation.<br />
Who Should Attend<br />
Financial, Operational, Business Applications and External<br />
<strong>Audit</strong>ors; New In<strong>for</strong>mation Technology <strong>Audit</strong>ors<br />
Advanced Preparation: <strong>Non</strong>e<br />
<strong>Training</strong> Type: Group-Live<br />
Learning Level: Basic<br />
Price: GBP £2,895<br />
CPEs: 37<br />
Telephone:<br />
+44 (0)20 7779 8454<br />
Email:<br />
training@mistieurope.com
Agenda<br />
Day One:<br />
Monday 18th February<br />
Fundamentals of <strong>IT</strong> auditing<br />
• Objectives of <strong>IT</strong> audit<br />
• Business risks in an automated environment<br />
• In<strong>for</strong>mation systems security concerns<br />
• Role of <strong>IT</strong> auditors and business auditors<br />
<strong>Audit</strong>ing standards<br />
• ISACA<br />
• The AICPA guidance statement on auditing<br />
• SAS 55: consideration of the internal control<br />
structure in a financial statement audit<br />
• COB<strong>IT</strong>: control objectives <strong>for</strong> in<strong>for</strong>mation and<br />
related technology<br />
• Sarbanes-Oxley Sections 302 and 404<br />
compliance<br />
• PCAOB<br />
• GAO: government audit standards<br />
• <strong>IT</strong> standards<br />
Infrastructure essentials<br />
• Computer hardware and operating systems<br />
• How application systems software and systems<br />
programmes interact<br />
• Distributed systems hardware<br />
• The translation process from source to executable<br />
• <strong>Audit</strong> risk in programme management<br />
• Analysing infrastructure risk<br />
Day Two:<br />
Tuesday 19th February<br />
Databases<br />
• <strong>Non</strong>-database and database management<br />
environments<br />
• Database risks on the applications, the data, and<br />
the operating environment<br />
• Network discovery<br />
• Address spoofing: IP and MAC addresses<br />
• Malicious software<br />
• Unauthorised entry<br />
• Denial-of-service<br />
Distributed systems<br />
• Comparing distributed systems to centralised<br />
systems<br />
• Fundamentals of client/server and its model<br />
• Server functions<br />
• Evaluating risk of distributed systems<br />
Networks<br />
• Host-based environments<br />
• LANs and WANs<br />
• Data communication basics and risks<br />
• Bridges, switches, routers, and gateways<br />
Day Three:<br />
Wednesday 20th February<br />
Internet and e-commerce<br />
• Understanding Internet terms and concepts<br />
• Perimeter controls (firewalls) and security<br />
vulnerabilities<br />
• Assessing Internet-related risk<br />
• Confidentiality and authentication in e-commerce<br />
General controls<br />
• In<strong>for</strong>mation technology infrastructure<br />
• Security, operational, management and system<br />
software controls<br />
• Identifying and assessing risk<br />
• Placing reliance on general controls<br />
Business systems applications<br />
• Types of business applications<br />
• How business applications affect the audit<br />
environment<br />
Day Four:<br />
Thursday 21st February<br />
Defining a transaction<br />
• Transaction-based application auditing<br />
• Life cycle of a transaction<br />
• Transaction origination and authorisation<br />
• Processing, output, and input<br />
• Report distribution<br />
• Reconciliation<br />
• Error identification<br />
General flow of an audit<br />
application<br />
• The business environment<br />
• The technical environment<br />
• Data risk assessment<br />
• Transactional flow<br />
• Test process<br />
Components of a business application<br />
• Transaction origination<br />
• Input<br />
• Processing<br />
• Output<br />
Day Five:<br />
Friday 22nd February<br />
Data input and processing models<br />
• Characteristics and controls<br />
• Batch input: batch processing<br />
• Online input: batch processing<br />
• Online input: online processing<br />
• Real-time entry: real-time processing<br />
• Internet entry<br />
Application controls<br />
• Categories<br />
• Differentiating controls from procedures<br />
• Completeness and accuracy of input and<br />
processing<br />
• Output controls and authorisation<br />
• Inter-relationship between application controls<br />
and general controls<br />
Beginning the audit<br />
• Risk assessment factors<br />
• Quantifiable and lifiable factors<br />
• The opening meeting<br />
• Understanding the application<br />
Tailored and personalised In-House training<br />
Why choose our In-House training?<br />
Savings - Running an in-house course in your offices will ensure you avoid the<br />
costs of travel and accommodation. Plus we charge per day not per delegate.<br />
You can train six or sixteen people <strong>for</strong> the same price!<br />
Convenience - We can arrange a course that fits your team’s schedule. Any dates, any<br />
location, simply tell us what works best <strong>for</strong> you. Avoid the hassle of coordinating travel<br />
arrangements and accommodation <strong>for</strong> your staff<br />
Tailored training - We have over 150 existing training courses you can mould to fit your<br />
exact requirements or if you prefer we can just create a new agenda. You will have complete<br />
control over the course content<br />
Confidentiality - You can focus on potentially thorny issues that may be specific to your<br />
organisation which are best resolved in private with the expert guidance of your course director<br />
Save up to 50%<br />
with In-House <strong>Training</strong><br />
www.mistieurope.com/inhouse<br />
Some of the companies we have<br />
worked with<br />
PwC • International Labour Office • Barclays •<br />
Capital One • Legal and General • Deloitte •<br />
European Court of <strong>Audit</strong>ors • Lukoil • Credit<br />
Suisse AG • Euroclear • AIB • U.S. Steel,<br />
Corp. • Novartis • National Commercial Bank<br />
• Qatar National Bank<br />
Visit www.mistieurope.com/inhouse<br />
Call us on 0207 779 8454<br />
Email training@mistieurope.com<br />
Register Online at:<br />
www.mistieurope.com/208
The Global Leader In<br />
<strong>Audit</strong> and In<strong>for</strong>mation Security <strong>Training</strong><br />
<strong>IT</strong> <strong>Audit</strong> <strong>School</strong> -<br />
<strong>IT</strong> <strong>Audit</strong>ing <strong>for</strong><br />
<strong>Non</strong>-<strong>IT</strong> <strong>Audit</strong>ors<br />
The essential skills you need to per<strong>for</strong>m an<br />
<strong>IT</strong> audit and become an integrated auditor<br />
Register Online at: www.mistieurope.com/208<br />
IMPORTANT INFORMATION - YOUR REGISTRATION CODE:<br />
Please ensure you enter your booking<br />
code when registering and you will<br />
208-S<br />
be entered into our monthly prize draw<br />
to win £50 Visa Credit<br />
LONDON<br />
18 - 22 FEBRUARY 2013<br />
PRICE GBP £2,895 +VAT*<br />
*Delegates may be able to claim back VAT. Visit<br />
www.mistieurope.com/VAT <strong>for</strong> more in<strong>for</strong>mation.<br />
Price includes tuition, course folder with all course<br />
notes, lunch and refreshments and a prestigious<br />
certificate. Delegates are responsible <strong>for</strong> their own<br />
accommodation. You can request an invoice or pay<br />
online. Please note, payment must be received prior<br />
to course start.<br />
Travelling To London From Abroad?<br />
<strong>MIS</strong> <strong>Training</strong> has been accredited by the BAC,<br />
making your trip to London easier which should<br />
make your visa application process much smoother.<br />
We can help with your visa.<br />
Email: training@mistieurope.com<br />
Join <strong>MIS</strong> <strong>Training</strong> Institute’s LinkedIn Group<br />
Search - Global Internal <strong>Audit</strong> Forum<br />
What can you expect from the group?<br />
■<br />
■<br />
■<br />
■<br />
■<br />
■<br />
■<br />
Lively debate with other audit professionals<br />
Access to the latest audit news from across the globe<br />
<strong>Audit</strong> quizzes and questionnaires<br />
Exclusive monthly blog by our resident Fraud expert<br />
White papers and articles<br />
<strong>Training</strong> and salary surveys<br />
Exclusive <strong>MIS</strong> <strong>Training</strong> offers<br />
Group Booking Discount**<br />
2 delegates -<br />
5% discount<br />
3 delegates -<br />
10% discount<br />
4 delegates -<br />
12% discount<br />
5 delegates -<br />
15% discount<br />
**Available <strong>for</strong> delegates from one organisation attending the same course<br />
Data Protection:<br />
Use of your in<strong>for</strong>mation: The in<strong>for</strong>mation you provide on this <strong>for</strong>m will be used by<br />
Euromoney Institutional Investor PLC and its group companies (“we” or “us”) in relation<br />
to your registration <strong>for</strong> this event. We may also monitor your use of our website(s),<br />
including in<strong>for</strong>mation you post and actions you take, to improve our services to you<br />
and track compliance with our terms of use. Except to the extent you indicate your<br />
objection below, we may also use your data (including data obtained from monitoring)<br />
(a) to keep you in<strong>for</strong>med of our products and services; (b) occasionally to allow<br />
companies outside our group to contact you with details of their products/services. As<br />
an international group, we may transfer your data on a global basis <strong>for</strong> the purposes<br />
indicated above, including to countries which may not provide the same level of<br />
protection to personal data as within the European Union. By submitting your details,<br />
you will be indicating your consent to the use of your data as identified above. Further<br />
in<strong>for</strong>mation on our use of your personal data is set out in our privacy policy, which is<br />
available at www.mistieurope.com or can be provided to you separately upon request.<br />
Marketing choices: If you object to contact as identified above by telephone ❑, fax ❑,<br />
or email ❑, or post ❑, please tick the relevant box. If you do not want us to share your<br />
in<strong>for</strong>mation with other companies ❑ please tick this box.<br />
Cancellation Policy:<br />
Cancellation or transfer requests must be made in writing (letter or fax) and<br />
reach the <strong>MIS</strong> <strong>Training</strong> office 30 days be<strong>for</strong>e the course commencement<br />
date. A full refund less a £100 administration fee will be given. Delegates<br />
who cancel less than 30 days be<strong>for</strong>e the course commencement date, or<br />
who do not attend, are liable to pay the full course fee and no refunds will<br />
granted. If you wish to transfer to a different course within a six month<br />
period, you will be invoiced a 25% additional charge to transfer your<br />
registration and any difference in course prices. You will not incur any<br />
additional charges if you wish to send a replacement delegate and your<br />
registration meets the above terms.<br />
Accommodation:<br />
All training venues will be confirmed 3-4 weeks prior to the course start<br />
date. <strong>MIS</strong> <strong>Training</strong> Institute has negotiated special accommodation rates in<br />
4 star hotels in central London (Zone 1) <strong>for</strong> UK courses.<br />
VAT:<br />
All delegates attending are liable to pay VAT.<br />
Overseas delegates can claim a VAT refund under<br />
the European Union (EU) 8th and 13th Directives on<br />
all eligible business expenses such as course fees,<br />
hotel accommodation, meals, car hire<br />
etc., provided you are not registered <strong>for</strong> VAT in the<br />
UK. For more in<strong>for</strong>mation please visit<br />
www.mistieurope.com/VAT or<br />
email training@mistieurope.com.<br />
Printed on paper from a sustainable<br />
source, using vegetable oil based inks