IT Audit School - IT Auditing for Non-IT Auditors - MIS Training

More documents

Recommendations

Info

IT Audit School - IT Auditing for Non-IT Auditors The essential skills you need to perform an IT audit and become an integrated auditor Course Director Charles Pask Gain access to an experienced trainer who is still a practicing practitioner with real life examples. Mr Pask will explain the fundamental building blocks for success in an integrated audit environment. Mr. Pask has over 25 years’ experience in IT, IT audit, and IT security, and was the Information Security Manager for Alliance & Leicester plc prior to joining MIS. More recently Mr Pask was the Global Head of Strategy, Development and Globalisation for the BT Business Continuity, Security and Governance Practice. Mr Pask has been the Chairman at the prestigious Chief Information Security Officers (CISO) conferences in Europe for the last 6 years and also for the four CISO conferences held to date in the Middle East. Mr Pask also Chaired the CISO symposiums in Dubai (Feb 2011) and Rome (June 2011). Mr. Pask has been a member of the ITSEC Common Criteria team working with the DTI, and a committee member of the APACS Security Advisory Group and the LINK Security Group. He has spoken at a number of conferences, including CISO, WebSec, Compsec, the International Security Managers Symposium, and various ISACA events. ‘The course is tailored for auditors who have little or no knowledge of IT. It enables non IT auditors to focus on critical IT components and practices’ Chief Internal Auditor, Comesa Course focus and features This 5-day course is designed for financial, operational and business auditors who need to update their technical and operational knowledge to audit information technologies and automated business systems. It is also ideal for those who are new to IT Auditing who do not have an background in IT. You will explore auditing standards, including Sarbanes-Oxley and PCAOB. You will discuss the controls required when auditing currently installed systems, new systems under development, and the various activities within the information technology department. In addition, you will learn techniques for auditing automated systems. You will then turn your attention to auditing the management of application transaction activity, controls, and procedures. You will master techniques that can be applied to mainframe, distributed processing, and client/server-based applications. You will gain field-tested tools for identifying, recording, assessing, and evaluating application controls and procedures. You will leave this high-impact seminar with testing techniques, and audit findings. By attending this course you will leave with an understanding of: • How IT risks and controls have a direct impact on business risks. • Integrated audit strategies and their focus on business risks. • IT general controls and their impact on the reliability of application controls. • Important application controls and their impact on business processes. • Methods for testing automated and manual controls. • Methods of documenting IT processes and controls. • Why end user computing audits are important due to the general lack of effective controls thus potentially having a significant impact on the business. • Network concepts and their impact on business operations and security. • The Importance of databases to the security of business information. Who Should Attend Financial, Operational, Business Applications and External Auditors; New Information Technology Auditors Advanced Preparation: None Training Type: Group-Live Learning Level: Basic Price: GBP £2,895 CPEs: 37 Telephone: +44 (0)20 7779 8454 Email: training@mistieurope.com
Agenda Day One: Monday 18th February Fundamentals of IT auditing • Objectives of IT audit • Business risks in an automated environment • Information systems security concerns • Role of IT auditors and business auditors Auditing standards • ISACA • The AICPA guidance statement on auditing • SAS 55: consideration of the internal control structure in a financial statement audit • COBIT: control objectives for information and related technology • Sarbanes-Oxley Sections 302 and 404 compliance • PCAOB • GAO: government audit standards • IT standards Infrastructure essentials • Computer hardware and operating systems • How application systems software and systems programmes interact • Distributed systems hardware • The translation process from source to executable • Audit risk in programme management • Analysing infrastructure risk Day Two: Tuesday 19th February Databases • Non-database and database management environments • Database risks on the applications, the data, and the operating environment • Network discovery • Address spoofing: IP and MAC addresses • Malicious software • Unauthorised entry • Denial-of-service Distributed systems • Comparing distributed systems to centralised systems • Fundamentals of client/server and its model • Server functions • Evaluating risk of distributed systems Networks • Host-based environments • LANs and WANs • Data communication basics and risks • Bridges, switches, routers, and gateways Day Three: Wednesday 20th February Internet and e-commerce • Understanding Internet terms and concepts • Perimeter controls (firewalls) and security vulnerabilities • Assessing Internet-related risk • Confidentiality and authentication in e-commerce General controls • Information technology infrastructure • Security, operational, management and system software controls • Identifying and assessing risk • Placing reliance on general controls Business systems applications • Types of business applications • How business applications affect the audit environment Day Four: Thursday 21st February Defining a transaction • Transaction-based application auditing • Life cycle of a transaction • Transaction origination and authorisation • Processing, output, and input • Report distribution • Reconciliation • Error identification General flow of an audit application • The business environment • The technical environment • Data risk assessment • Transactional flow • Test process Components of a business application • Transaction origination • Input • Processing • Output Day Five: Friday 22nd February Data input and processing models • Characteristics and controls • Batch input: batch processing • Online input: batch processing • Online input: online processing • Real-time entry: real-time processing • Internet entry Application controls • Categories • Differentiating controls from procedures • Completeness and accuracy of input and processing • Output controls and authorisation • Inter-relationship between application controls and general controls Beginning the audit • Risk assessment factors • Quantifiable and lifiable factors • The opening meeting • Understanding the application Tailored and personalised In-House training Why choose our In-House training? Savings - Running an in-house course in your offices will ensure you avoid the costs of travel and accommodation. Plus we charge per day not per delegate. You can train six or sixteen people for the same price! Convenience - We can arrange a course that fits your team’s schedule. Any dates, any location, simply tell us what works best for you. Avoid the hassle of coordinating travel arrangements and accommodation for your staff Tailored training - We have over 150 existing training courses you can mould to fit your exact requirements or if you prefer we can just create a new agenda. You will have complete control over the course content Confidentiality - You can focus on potentially thorny issues that may be specific to your organisation which are best resolved in private with the expert guidance of your course director Save up to 50% with In-House Training www.mistieurope.com/inhouse Some of the companies we have worked with PwC • International Labour Office • Barclays • Capital One • Legal and General • Deloitte • European Court of Auditors • Lukoil • Credit Suisse AG • Euroclear • AIB • U.S. Steel, Corp. • Novartis • National Commercial Bank • Qatar National Bank Visit www.mistieurope.com/inhouse Call us on 0207 779 8454 Email training@mistieurope.com Register Online at: www.mistieurope.com/208
Page 1: The Global Leader In Audit and Info

IT Audit School - IT Auditing for Non-IT Auditors - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?