Risk Based IT AuditingMaster Class

Unlocking your World to a Sea of Opportunities

Information Technology has developed into a nerve center of every organisation. It has become an intrinsic and pervasive component for business, used in the sustaining and extending of enterprises’ strategies and objectives. The impact of emerging technology – Cloud Computing, Big Data, Mobility, Consumerisation, Social Media, Cybersecurity and the Internet of Things is permeating every aspect of business. Today more than ever more and more forward-looking organisations are using IT to build sustainable competitive advantages.

The Digital World

Whilst IT business enabled opportunities are huge and can separate winners and losers the risks if not checked are catastrophic. IT auditing assurance and consulting has in turn evolved from checklist reviews focused on only providing audit control deficiencies and recommendations to a strategic enterprise function key in the realisation of business strategy. Traditional approaches to IT assurance and advisory and checklist IT auditing are no longer adequate to improve enterprise operations and add-value to business.

The Changing Landscape of IT Auditing

1 EGIT | Enterprise Governance of IT

“Auditing of Business Processes enabled by IT ”Tichaona Zororo, CIA, CRMA, CISA, CISM, CRISC, CGEIT, COBIT 5 Certified Assessor

Boards and Audit Committees are demanding more meaningful audit issues aligned to enterprise strategic and performance goals. Check list auditing without adequate understanding of business under review will lead to audits that do not add-value or improve operations of an enterprise. Auditors need to take adequate time to understand an enterprise’s key stakeholders; their requirements, enterprise strategy and the underlying IT environment to provide IT audits that add-value and improve operations.

Beyond Checklist Auditing

The Risk Based IT Auditing Master Class is aimed to equip Experienced Non IT Auditors, IT Auditors, Audit Committee Members, IT professionals, CAEs, and Business leaders with practical risk based IT auditing knowledge and skills to provide value-adding, aligned to key strategies, objectives and risk based IT audits that will grab the attention of Senior Business Leaders (CEOs, Board of Directors, Executive Management, Head of Department, Municipal Managers, Executive Committees, Audit & Risk Committees amongst others ). The emphasis is on linking observed IT control gaps to impact on business strategic and performance goals for example aligning/linking the lack of a DRP to non availability of key systems linking this to non- availability of core services such provision of services to residence and collection of rates in a Municipality. The Risk Based IT Auditing Master Class is a comprehensive 3 days course

providing delegates with practical approaches to auditing IT. Delegates specific business environment will be used to deepen understanding of internal auditing.The course covers how to document relevant entity specific System Description, Performing Risk Assessment Control Matrix (RACM), Test Procedures (Audit Programs), Work Paper, Findings / Management Letter Points and Reporting. Risk Based IT Auditing Master Class focus on linking IT audit observations to key enterprise strategy and performance objectives in line with the new Internal Audit Principles. This Master Class seeks to equip delegates with IT Auditing Knowledge, Skills and Proven Approaches to completely perform value-add IT auditing from start to finish. It provides auditors with the necessary knowledge required to communicate insights and foresights effectively.

The Objective of Risk Based IT Auditing Master Class

Specific outcomes of the course includes: Planning an IT Audit driven by an understanding of the business environment (macro and mirco environment) Documentation of business processes Learning a pro-active audit approach to provide value-add IT auditing service to your organisation Introduction to COBIT®5 Principles, Goals Cascade, Enablers, Processes and Assessment Basic concepts of COBIT®5 for Assurance A business centric approach to Auditing IT General Controls Active Directory Auditing. Application Controls Review - HR and Finance Systems anchored on the understanding of Business processes. Auditing Outsourced IT Environments Value-add IT Projects Advisory & Assurance Introduction to Auditing Emerging Technology - Cloud Computing, Social Media, BYOD, Cybersecurity, Big Data & Internet of Things Understanding Enterprise Governance of IT Auditing

2Risk Based IT Auditing Master Class

Course Outline

Day 1IT Audit Planning:

IT Auditing and Assurance Standards Approaches to Understanding the Business Environment Business Policies, Processes and Procedures Periodic Engagements with Business and Key Stakeholders IT Policies, Processes and Procedures Risk Assessment Dynamic IT Audit Plan based on business objectives

IT Auditing Fieldwork:

Establishing a Risk Based IT Audit Program Evidence Collection Methods Criteria for Quality Evidence Documenting Work Papers Documenting Findings - Communicating with Impact Follow-Up - How to carry out an IT Audit follow-Up Audit

3 EGIT | Enterprise Governance of IT

Day 2Using COBIT®5 to Perform Risk Based IT Audits

The 5 Principles The 5 Domains The 210 Practices The 7 Enablers The 37 Processes The Processes Structure The Goals Cascade Introduction to COBIT5 Implementation Introduction to Process Assessment Model COBIT5 for Assurance COBIT5 Product Family COBIT5 Courses

Business Centric Approach to Auditing IT General Controls

How to Perform an IT Governance Audit

Understanding IT Governance Fundamentals King III IT Governance Principles The 5 COBIT®5 Governance (EDM) Processes A Practical Approach to IT Governance Auditing Introduction to the Corporate Governance of ICT Policy Framework (DPSA) IT Governance Structures

Auditing Outsourced IT Environments

Use of the COBIT®5 Goal Cascade and Balance Scorecards to formulate and enterprises service catalogue Operating Level Agreements (OLA) Service level Agreement (SLA)

Auditing Business Continuity Management Planning (BCMP), IT Disaster Recovery Planning (DRP) and Data Backup – ISO22301 Information Processing Facilities (Data Centre) Physical and Environmental Controls Performance and Capacity Management Practical Approach to Active Directory Auditing

How to Audit Logical Access Security Controls: A Holistic Approach to Password Controls Auditing How to Identify Segregation of Duties Control Gaps Identifying Toxic Combinations Interface and Share Folders controls Auditing Service Accounts How to Audit End of Day Processing- Focusing on High Risk Areas

IT HR Management Auditing IT Change Controls Problem and Incident Management Auditing

4Risk Based IT Auditing Master Class

Day 3

Auditing Application (Automated Business Processes and Transactions) Controls

Input Controls Processing Controls Interface Controls Master Data Controls Auditing HR and Payroll Systems e.g. VIP Systems Accounts Payable - Finance Introduction to SAP Auditing Defense In-Depth versus Single Sign-on

Auditing IT Projects

Advisory versus Assurance - where is value-add? System Development Life Cycle (SDLC)

Requirement Definition Development (Business Process versus Solution) Testing Solution Implementation Migration - Data Clean-Up and Mapping Go-Live Performing Post-Implementation Auditing Governance (Gateway Process Risk Management Benefits Realisation Business Cases Using COBIT®5 1. AP005 Manage Portfolio 2. BAI01 Manage Programmes and projects 3. BAI02 Manage requirements definition 4. BAI03 Manage solutions identication

Auditing Emerging Technology

Cloud Computing Social Media Big Data Bring Your Own Device (BYOD) and Mobility Cybersecurity Internet of Things

5 EGIT | Enterprise Governance of IT

“Learn abouthow to Focus on

auditing exceptions & errorsin automated

Financial transactions ”

Who Should Attend

6

Internal Auditors

Experienced & Upcoming IT Auditors

Chief Audit Executives

Audit Managers

IT Audit Consultants, Senior Consultants and Managers

Risk & Audit Committee Members

Corporate Services Managers

IT Professionals

Audit & Risk Committee Members

IT Assurance, Risk, Security and Governance Professionals

Risk Based IT Auditing Master Class

In-house training opportunities are available, should your organisation have a minimum of 5 delegates per course or multiple sets. The cost advantage and the ability to discuss and resolve organisational issues are 2 major attractions for in-house training.

© EGIT | Enterprise Governance of Information Technology (Pty) Ltd. IT Advisory Firm.Registraion Number: 2012/188059/07 | Tax Number: 925228114

Unit 201, Block 34, The KanyinCorner Leeukop & Malindi RoadsSunninghill, 2157South Africa

+27 11 234 2597+27 73 298 9606consult@egit.co.zawww.egit.co.za

IT AuditingIT Governance AdvisoryIT Projects Advisory & AssuranceTrainingEnterprise Risk Management

Our Services