IT Audit School - IT Auditing for Non-IT Auditors - MIS Training

The Global Leader In
Audit and Information Security Training
IT Audit
School - IT
Auditing for
Non-IT
Auditors
The essential skills you need to
perform an IT audit and become an
integrated auditor
It Audit
5 DAY COURSE:
18 - 22 February 2013
London
Course Director
Charles Pask
‘My reasons for attending this course were
to gain more knowledge in IT Audit. The
course gave me the global view I was
looking for and I will now be able to
communicate with all IT Auditors. The
course director was excellent! He was
enthusiastic, and was able to keep my
attention. He used some great slides and
delivered everything in a clear voice.’
Manager of Operational Audit,
NV Nederlandse Gasunie
‘Very informative course and well structured.
With the skills I learnt and I feel I can
perform in my job more methodically.
Charles is very knowledgeable and is able
to provide examples of real life situations’
Executive,
Grant Thorton
Leading IT Auditor & Security professional
with over 25 years experience and former
Information Security Manager at Alliance
& Leicester plc.
■ Identify the business risks in automated environments
and how to mitigate them
■ Develop your knowledge of infrastructure essentials,
including hardware and operating systems, the
translation process, and analysing risk
■ Explore security, operational, management, application,
and systems software controls
■ Discover what you need to know about databases,
distributed systems, networks, and the Internet and e-
commerce
Save up to 50%
with In-House Training
www.mistieurope.com/inhouse
Register Online at:
www.mistieurope.com/208

IT Audit
School - IT
Auditing for
Non-IT
Auditors
The essential skills you need to perform
an IT audit and become an integrated
auditor
Course Director
Charles Pask
Gain access to an experienced trainer who is still a practicing
practitioner with real life examples. Mr Pask will explain the
fundamental building blocks for success in an integrated audit
environment.
Mr. Pask has over 25 years’ experience in IT, IT audit, and IT
security, and was the Information Security Manager for
Alliance & Leicester plc prior to joining MIS.
More recently Mr Pask was the Global Head of Strategy,
Development and Globalisation for the BT Business
Continuity, Security and Governance Practice.
Mr Pask has been the Chairman at the prestigious Chief
Information Security Officers (CISO) conferences in Europe for
the last 6 years and also for the four CISO conferences held
to date in the Middle East. Mr Pask also Chaired the CISO
symposiums in Dubai (Feb 2011) and Rome (June 2011).
Mr. Pask has been a member of the ITSEC Common Criteria
team working with the DTI, and a committee member of the
APACS Security Advisory Group and the LINK Security
Group. He has spoken at a number of conferences, including
CISO, WebSec, Compsec, the International Security
Managers Symposium, and various ISACA events.
‘The course is tailored for auditors who have
little or no knowledge of IT. It enables non IT
auditors to focus on critical IT components and
practices’
Chief Internal Auditor,
Comesa
Course focus and features
This 5-day course is designed for financial, operational and
business auditors who need to update their technical and
operational knowledge to audit information technologies
and automated business systems. It is also ideal for those
who are new to IT Auditing who do not have an background
in IT.
You will explore auditing standards, including Sarbanes-Oxley and
PCAOB. You will discuss the controls required when auditing
currently installed systems, new systems under development, and
the various activities within the information technology
department.
In addition, you will learn techniques for auditing automated
systems. You will then turn your attention to auditing the
management of application transaction activity, controls, and
procedures. You will master techniques that can be applied to
mainframe, distributed processing, and client/server-based
applications. You will gain field-tested tools for identifying,
recording, assessing, and evaluating application controls and
procedures. You will leave this high-impact seminar with testing
techniques, and audit findings.
By attending this course you will leave with an
understanding of:
• How IT risks and controls have a direct impact on business
risks.
• Integrated audit strategies and their focus on business risks.
• IT general controls and their impact on the reliability of
application controls.
• Important application controls and their impact on business
processes.
• Methods for testing automated and manual controls.
• Methods of documenting IT processes and controls.
• Why end user computing audits are important due to the
general lack of effective controls thus potentially having a
significant impact on the business.
• Network concepts and their impact on business operations and
security.
• The Importance of databases to the security of business
information.
Who Should Attend
Financial, Operational, Business Applications and External
Auditors; New Information Technology Auditors
Advanced Preparation: None
Training Type: Group-Live
Learning Level: Basic
Price: GBP £2,895
CPEs: 37
Telephone:
+44 (0)20 7779 8454
Email:
training@mistieurope.com

Agenda
Day One:
Monday 18th February
Fundamentals of IT auditing
• Objectives of IT audit
• Business risks in an automated environment
• Information systems security concerns
• Role of IT auditors and business auditors
Auditing standards
• ISACA
• The AICPA guidance statement on auditing
• SAS 55: consideration of the internal control
structure in a financial statement audit
• COBIT: control objectives for information and
related technology
• Sarbanes-Oxley Sections 302 and 404
compliance
• PCAOB
• GAO: government audit standards
• IT standards
Infrastructure essentials
• Computer hardware and operating systems
• How application systems software and systems
programmes interact
• Distributed systems hardware
• The translation process from source to executable
• Audit risk in programme management
• Analysing infrastructure risk
Day Two:
Tuesday 19th February
Databases
• Non-database and database management
environments
• Database risks on the applications, the data, and
the operating environment
• Network discovery
• Address spoofing: IP and MAC addresses
• Malicious software
• Unauthorised entry
• Denial-of-service
Distributed systems
• Comparing distributed systems to centralised
systems
• Fundamentals of client/server and its model
• Server functions
• Evaluating risk of distributed systems
Networks
• Host-based environments
• LANs and WANs
• Data communication basics and risks
• Bridges, switches, routers, and gateways
Day Three:
Wednesday 20th February
Internet and e-commerce
• Understanding Internet terms and concepts
• Perimeter controls (firewalls) and security
vulnerabilities
• Assessing Internet-related risk
• Confidentiality and authentication in e-commerce
General controls
• Information technology infrastructure
• Security, operational, management and system
software controls
• Identifying and assessing risk
• Placing reliance on general controls
Business systems applications
• Types of business applications
• How business applications affect the audit
environment
Day Four:
Thursday 21st February
Defining a transaction
• Transaction-based application auditing
• Life cycle of a transaction
• Transaction origination and authorisation
• Processing, output, and input
• Report distribution
• Reconciliation
• Error identification
General flow of an audit
application
• The business environment
• The technical environment
• Data risk assessment
• Transactional flow
• Test process
Components of a business application
• Transaction origination
• Input
• Processing
• Output
Day Five:
Friday 22nd February
Data input and processing models
• Characteristics and controls
• Batch input: batch processing
• Online input: batch processing
• Online input: online processing
• Real-time entry: real-time processing
• Internet entry
Application controls
• Categories
• Differentiating controls from procedures
• Completeness and accuracy of input and
processing
• Output controls and authorisation
• Inter-relationship between application controls
and general controls
Beginning the audit
• Risk assessment factors
• Quantifiable and lifiable factors
• The opening meeting
• Understanding the application
Tailored and personalised In-House training
Why choose our In-House training?
Savings - Running an in-house course in your offices will ensure you avoid the
costs of travel and accommodation. Plus we charge per day not per delegate.
You can train six or sixteen people for the same price!
Convenience - We can arrange a course that fits your team’s schedule. Any dates, any
location, simply tell us what works best for you. Avoid the hassle of coordinating travel
arrangements and accommodation for your staff
Tailored training - We have over 150 existing training courses you can mould to fit your
exact requirements or if you prefer we can just create a new agenda. You will have complete
control over the course content
Confidentiality - You can focus on potentially thorny issues that may be specific to your
organisation which are best resolved in private with the expert guidance of your course director
Save up to 50%
with In-House Training
www.mistieurope.com/inhouse
Some of the companies we have
worked with
PwC • International Labour Office • Barclays •
Capital One • Legal and General • Deloitte •
European Court of Auditors • Lukoil • Credit
Suisse AG • Euroclear • AIB • U.S. Steel,
Corp. • Novartis • National Commercial Bank
• Qatar National Bank
Visit www.mistieurope.com/inhouse
Call us on 0207 779 8454
Email training@mistieurope.com
Register Online at:
www.mistieurope.com/208

The Global Leader In
Audit and Information Security Training
IT Audit School -
IT Auditing for
Non-IT Auditors
The essential skills you need to perform an
IT audit and become an integrated auditor
Register Online at: www.mistieurope.com/208
IMPORTANT INFORMATION - YOUR REGISTRATION CODE:
Please ensure you enter your booking
code when registering and you will
208-S
be entered into our monthly prize draw
to win £50 Visa Credit
LONDON
18 - 22 FEBRUARY 2013
PRICE GBP £2,895 +VAT*
*Delegates may be able to claim back VAT. Visit
www.mistieurope.com/VAT for more information.
Price includes tuition, course folder with all course
notes, lunch and refreshments and a prestigious
certificate. Delegates are responsible for their own
accommodation. You can request an invoice or pay
online. Please note, payment must be received prior
to course start.
Travelling To London From Abroad?
MIS Training has been accredited by the BAC,
making your trip to London easier which should
make your visa application process much smoother.
We can help with your visa.
Email: training@mistieurope.com
Join MIS Training Institute’s LinkedIn Group
Search - Global Internal Audit Forum
What can you expect from the group?
■
■
■
■
■
■
■
Lively debate with other audit professionals
Access to the latest audit news from across the globe
Audit quizzes and questionnaires
Exclusive monthly blog by our resident Fraud expert
White papers and articles
Training and salary surveys
Exclusive MIS Training offers
Group Booking Discount**
2 delegates -
5% discount
3 delegates -
10% discount
4 delegates -
12% discount
5 delegates -
15% discount
**Available for delegates from one organisation attending the same course
Data Protection:
Use of your information: The information you provide on this form will be used by
Euromoney Institutional Investor PLC and its group companies (“we” or “us”) in relation
to your registration for this event. We may also monitor your use of our website(s),
including information you post and actions you take, to improve our services to you
and track compliance with our terms of use. Except to the extent you indicate your
objection below, we may also use your data (including data obtained from monitoring)
(a) to keep you informed of our products and services; (b) occasionally to allow
companies outside our group to contact you with details of their products/services. As
an international group, we may transfer your data on a global basis for the purposes
indicated above, including to countries which may not provide the same level of
protection to personal data as within the European Union. By submitting your details,
you will be indicating your consent to the use of your data as identified above. Further
information on our use of your personal data is set out in our privacy policy, which is
available at www.mistieurope.com or can be provided to you separately upon request.
Marketing choices: If you object to contact as identified above by telephone ❑, fax ❑,
or email ❑, or post ❑, please tick the relevant box. If you do not want us to share your
information with other companies ❑ please tick this box.
Cancellation Policy:
Cancellation or transfer requests must be made in writing (letter or fax) and
reach the MIS Training office 30 days before the course commencement
date. A full refund less a £100 administration fee will be given. Delegates
who cancel less than 30 days before the course commencement date, or
who do not attend, are liable to pay the full course fee and no refunds will
granted. If you wish to transfer to a different course within a six month
period, you will be invoiced a 25% additional charge to transfer your
registration and any difference in course prices. You will not incur any
additional charges if you wish to send a replacement delegate and your
registration meets the above terms.
Accommodation:
All training venues will be confirmed 3-4 weeks prior to the course start
date. MIS Training Institute has negotiated special accommodation rates in
4 star hotels in central London (Zone 1) for UK courses.
VAT:
All delegates attending are liable to pay VAT.
Overseas delegates can claim a VAT refund under
the European Union (EU) 8th and 13th Directives on
all eligible business expenses such as course fees,
hotel accommodation, meals, car hire
etc., provided you are not registered for VAT in the
UK. For more information please visit
www.mistieurope.com/VAT or
email training@mistieurope.com.
Printed on paper from a sustainable
source, using vegetable oil based inks