1
Risk Based ITAuditing for Non-IT Auditors The GOLD Winner of Information Security Training Profession in Sri Lanka (ISACA Sri Lanka Chapter Awards- 2008 Annul Convention) +94 0765377471 L: +94 11 2825177 +94 777 372697 Web: www.itgrc.lk Email:[email protected] IT Governance and Risk Consulting (Pvt) Ltd. # 11/24,1/1, | Melder Place | Nugegoda | Colombo | Sri Lanka Mobile: +94 (0) 777 372697 Office Tel: +94 011 2825177 | Fax: +94 011 2810188 [email protected] I www.itgrc.lk For More Info Call: Mrs Rupasinghe or Ms Gayanika 0772300268/0765377471 IT Audit Consulting, Contact 0777372697 THILAK PATHIRAGE: MBA, B.Com FIB CISS CISA CISM CRISC CGEIT CBCP ITIL(V3) CCSE CCSA OpRisk- DIR/CEO and Senior ITGovernance and Risk Consultant of ITGRC Ltd. In his 35 years of long service in the Banking and Financial services industry, Thilak has held Senior Positions in Seylan Bank in IS Assurances, Information Risk Management, IT Governance, Business Continuity Planning Information Security (CISO) and Operational Risk Management. Being the first CISA in the Country, he was pioneered in developing IT Assurance and security Processional practices for the Banking sector in Sri Lanka. He is a workshop leader in Information Security, Business Continuity and GRC topics and won Prestigious Information security Gold Medal awarded by ISACA Sri Lanka Chapter in 2008. Thilak is also ITIL v3 authorized trainer (EXIN) in Sri Lanka. Thilak conducts CISSP CISA ITIL CISM CGEIT CRISC certification courses for last several years and has achieved world best results. Currently he is the President of ISSA Chapter Sri Lanka and the DIR/CEO of ITGRC Ltd. He owns diverse and multi disciplinary academics and industry leading certifications. He conduct Lectures in UCSC and Sri Japure Universities on Information Security topics. The Risk Based IT Auditing for Non-IT Auditors (Basics of IT Auditing) with Thilak is a unique and rewarding experience and he brings a vast amount of experience into the class for everyone to learn from. To read his full Linked profile: http://www.linkedin.com/in/thilakjayasenapathir age www.itgrc.lk Date, Duration and Venue: Date: 9th & 10th July, 2015 Time: 9.00am - 5.00pm. Duration: 2 days Venue: Global Tower, Colombo 5, Sri Lanka. Course Fee: eCopy of the manual and Refreshment are provided LKR 30,000 LEARNING OBJECTIVE Delegates will develop an understanding of IT audit, technology risks and controls delivered from a non-technical perspective. Specific outcomes include a basic understanding of: ? Information systems risk ? Application controls ? The systems development life cycle ? Logical security at the application, database, network and operating systems levels ? IT general controls (non security) COURSE CONTENT: DAY 1 SESSION 1: Introduction to IS Auditing IT Audit: A 21st Century Perspective. Topics to be discussed include: ? Evaluation of Internal Auditing and IT Auditing ? Emergence of corporate governance and IT Auditing ? Three key elements of success ? Key Leadership Attributes for Success ? Origin of IT Audit and CHANGE ? Nature of IT Audit ? What are the Most Powerful Audit Questions? ? Challengers of IT Audit in 21 century WHO SHOULD ATTEND? Those who need to have basic understanding of IT Risk Base audit practices: Level 1: The course will be of benefit to internal auditors, operational risk managers and others those who requiring a fundamental understanding of the subject and do not always have the use of a technical IT support team to assist in their review. Level 2: The program would also be of value to financial and operational audit professionals who are already practicing internal audit and considering a career move into IT auditing as well as non-IT audit professionals tasked with the responsibility for assessing their organization's IT operations and infrastructure. Prerequisites: There is no prerequisite for this course. SESSION 4: Discussions on partnership between audit and IT management. The IT auditing process, the current auditing framework & its challenges. This Session will address: ? The IT Auditing Process ? 2015 CISA Job Practices: Defining the Audit Scope ? IT Audit Planning ? The Major Elements of an IT Audit ? Organization and Management ? IT Audit Standards and Practices ? Policies and Procedures ? IT Infrastructure and Data bases ? System Development and change ? System Operations and Support ? Application Systems Reviews SESSION 5: Understanding key information systems control- Application based ? Key automated controls of on-line transactions ? Core Banking Operations ? Human resources and payroll processes ? Procure to pay processes ? Order to cash processes ? Logical information security ? Segregation of duties ? User account management ? Application layer security ? Physical and environmental controls ? Controls over IT service management processes (ITIL-based) ? General Controls DAY 2 SESSION 6: Auditing key information systems controls Procedures to audit the adequacy and effectiveness of each of the key information controls identified: ? Perform a walkthrough ? Defining the population to be tested for control effectiveness ? Testing procedures SESSION 7: Auditing SDLC and System Controls Employing the best practices of SDLC is not just a good idea in the IT industry; it serves as a control over systems development process:. ? IT Project Management and Governance ? Development methodologies ? Eight Phases of SDLC and Control implementation ? Auditors role in SDLC Process ? Quality Assurance and User acceptance Testing SESSION 8 : Corpoarate Governance, IT Governance, and compliance. The role of IT governance and its connection to IT auditing and the key issues facing organizations globally. Specifically, this session will address: ? Governance, Risk and Compliance- GRC ? IT Governance and IT-GRC ? How should an enterprise most effectively and efficiently govern its IT activities? ? What is Compliance? and IT's Contribution to Compliance ? Best Practices for Security and SOX Compliance ? How Can IT Systems Assist Management of Compliance Issues? ? Putting IT GRC into action SESSION 9: ? COBIT 5 and GTAG guideline: ? COBIT 5 Principles and Framework ? COBIT 5 Process Reference Model ? COBIT5 for IT Assurance and Security ? IIA Global Technology Assurances Guides(GTAG) SESSION 10: ? IT audit profiling and reporting ? Audit Charter and Independence ? Reporting ? Supporting financial or operational audits ? Communicating audit findings SESSION 11: Audit of data files - Application of CAATs ? Purpose of CAATs ? Understanding data and meta data ? Formulating the CAAT specification ? Development, testing and implementation of CAATs ? SESSION 3: Risk through effective risk profiling and management in IT auditing. Session topics address the following: ? Risk management principles and practices ? IS Risk assessment and analysis methodologies ? Information threats, vulnerabilities and exposures ? Information assets valuation methodologies ? Risk Management Standards COSO,ISO31000,COBIT and ISO 27001) ? Methods used to determine sensitivity and criticality of information resources ? Baseline modeling and risk-based assessments of control requirements ? The Nine Primary Steps of a Risk Assessment Methodology ? Information security controls and countermeasures and their effectiveness ? Risk mitigation strategies for information resources ? Cost benefit analysis - mitigating risks to acceptable levels INTRODUCTION This is a practical workshop in nature that will empower participants to immediately use the knowledge imparted in real scenarios. The methodology employed is very effective and interactive whereby case studies and group discussions will be used. It guides internal auditors into the realm of system based auditing and examines IS audit techniques and procedures in a non-technical way. Upon completion of this training, the participants should be able to perform a fair amount of IS audit right away and be ready to move to the next level. SESSION 2: ? Understanding the information systems environment ? Centralised vs distributed systems vs cloud computing ? On-line vs batch systems ? Network concepts ? Databases ? Operating systems ? The systems development life cycle ? Risk in an outsourced environment and Cloud Computing ? Key IT service Management Processess-ITIL

Risk based it auditing for non it auditors (basics of it auditing) final 12

Embed Size (px)

Citation preview

Page 1: Risk based it auditing for non it auditors (basics of it auditing) final 12

Risk Based

ITAuditing for Non-IT Auditors

M: +94 77 2300268 L: +94 11 2825177 +9411 2810188 Email: [email protected]

Web: www.itgrc.lk

The GOLD Winner of Information Security Training Profession in

Sri Lanka (ISACA Sri Lanka Chapter Awards- 2008

Annul Convention)

+94 0765377471 L: +94 11 2825177 +94 777 372697 Web: www.itgrc.lk

Email:[email protected]

Our Benchmark is Unmatchable to any other Training Organization !

IT Governance and Risk Consulting (Pvt) Ltd.# 11/24,1/1, | Melder Place | Nugegoda| Colombo | Sri LankaMobile: +94 (0) 777 372697Office Tel: +94 011 2825177 | Fax: +94 011 [email protected] I www.itgrc.lk

For More Info Call: Mrs Rupasinghe or Ms Gayanika

0772300268/0765377471

IT Audit Consulting,

Contact0777372697

THILAK PATHIRAGE: MBA, B.Com FIB CISS CISA CISM CRISC CGEIT CBCP ITIL(V3) CCSE CCSA OpRisk- DIR/CEO and Senior ITGovernance and Risk Consultant of ITGRC Ltd. In his 35 years of long service in the

Banking and Financial services industry, Thilak has held Senior Positions in Seylan Bank in IS Assurances, Information Risk Management, IT Governance, Business Continuity Planning Information Security (CISO) and Operational Risk Management. Being the first CISA in the Country, he was pioneered in developing IT Assurance and security Processional practices for the Banking sector in Sri Lanka.

He is a workshop leader in Information Security, Business Continuity and GRC topics and won Prestigious Information security Gold Medal awarded by ISACA Sri Lanka Chapter in 2008. Thilak is also ITIL v3 authorized trainer (EXIN) in Sri Lanka. Thilak conducts CISSP CISA ITIL CISM CGEIT CRISC certification courses for last several years and has achieved world best results. Currently he is the President of ISSA Chapter Sri Lanka and the DIR/CEO of ITGRC Ltd. He owns diverse and multi disciplinary academics and industry leading certifications. He conduct Lectures in UCSC and Sri Japure Universities on Information Security topics.

The Risk Based IT Auditing for Non-IT Auditors (Basics of IT Auditing) with Thilak is a unique and rewarding experience and he brings a vast amount of experience into the class for everyone to learn from.To read his full Linked profile: http://www.linkedin.com/in/thilakjayasenapathirage

www.itgrc.lk

Date, Duration and Venue: Date: 9th & 10th July, 2015 Time: 9.00am - 5.00pm. Duration: 2 daysVenue: Global Tower, Colombo 5, Sri Lanka.Course Fee:eCopy of the manual and Refreshment are provided

LKR 30,000

LEARNING OBJECTIVEDelegates will develop an understanding of IT audit, technology risks and controls delivered from a non-technical perspective. Specific outcomes include a basic understanding of:

?Information systems risk

?Application controls

?The systems development life cycle

?Logical security at the application, database, network and operating systems levels

?IT general controls (non security)

COURSE CONTENT:DAY 1SESSION 1: Introduction to IS Auditing IT Audit: A 21st Century Perspective. Topics to be discussed include:? Evaluation of Internal Auditing and IT

Auditing?Emergence of corporate governance and IT

Auditing ?Three key elements of success ?Key Leadership Attributes for Success?Origin of IT Audit and CHANGE?Nature of IT Audit?What are the Most Powerful Audit Questions??Challengers of IT Audit in 21 century

WHO SHOULD ATTEND?Those who need to have basic understanding of IT Risk Base audit practices:Level 1:The course will be of benefit to internal auditors, operational risk managers and others those who requiring a fundamental understanding of the subject and do not always have the use of a technical IT support team to assist in their review. Level 2:The program would also be of value to financial and operational audit professionals who are already practicing internal audit and considering a career move into IT auditing as well as non-IT audit professionals tasked with the responsibility for assessing their organization's IT operations and infrastructure.

Prerequisites: There is no prerequisite for this course.

SESSION 4:Discussions on partnership between audit and IT management. The IT auditing process, the current auditing framework & its challenges. This Session will address:?The IT Auditing Process ?2015 CISA Job Practices: Defining the Audit Scope ?IT Audit Planning ?The Major Elements of an IT Audit ?Organization and Management ?IT Audit Standards and Practices ?Policies and Procedures ?IT Infrastructure and Data bases?System Development and change?System Operations and Support?Application Systems Reviews

SESSION 5:Understanding key information systems control- Application based?Key automated controls of on-line transactions?Core Banking Operations?Human resources and payroll processes?Procure to pay processes?Order to cash processes?Logical information security?Segregation of duties?User account management?Application layer security?Physical and environmental controls?Controls over IT service management processes (ITIL-based)?General Controls

DAY 2SESSION 6:Auditing key information systems controls Procedures to audit the adequacy and effectiveness of each of the key information controls identified:?Perform a walkthrough?Defining the population to be tested for control effectiveness?Testing procedures

SESSION 7: Auditing SDLC and System Controls Employing the best practices of SDLC is not just a good idea in the IT industry; it serves as a control over systems development process:.?IT Project Management and Governance?Development methodologies?Eight Phases of SDLC and Control implementation?Auditors role in SDLC Process ?Quality Assurance and User acceptance Testing

SESSION 8 : Corpoarate Governance, IT Governance, and compliance. The role of IT governance and its connection to IT auditing and the key issues facing organizations globally. Specifically, this session will address:?Governance, Risk and Compliance- GRC?IT Governance and IT-GRC?How should an enterprise most effectively and efficiently govern

its IT activities??What is Compliance? and IT's Contribution to Compliance?Best Practices for Security and SOX Compliance?How Can IT Systems Assist Management of Compliance Issues??Putting IT GRC into action

SESSION 9: ?COBIT 5 and GTAG guideline:?COBIT 5 Principles and Framework?COBIT 5 Process Reference Model?COBIT5 for IT Assurance and Security?IIA Global Technology Assurances Guides(GTAG)

SESSION 10: ?IT audit profiling and reporting?Audit Charter and Independence?Reporting?Supporting financial or operational audits? Communicating audit findings

SESSION 11:Audit of data files - Application of CAATs ?Purpose of CAATs?Understanding data and meta data?Formulating the CAAT specification?Development, testing and implementation of CAATs?

SESSION 3: Risk through effective risk profiling and management in IT auditing. Session topics address the following:?Risk management principles and practices? IS Risk assessment and analysis methodologies ?Information threats, vulnerabilities and exposures?Information assets valuation methodologies?Risk Management Standards COSO,ISO31000,COBIT and

ISO 27001)?Methods used to determine sensitivity and criticality of

information resources?Baseline modeling and risk-based assessments of control

requirements?The Nine Primary Steps of a Risk Assessment

Methodology?Information security controls and countermeasures and

their effectiveness?Risk mitigation strategies for information resources?Cost benefit analysis - mitigating risks to acceptable

levels

INTRODUCTIONThis is a practical workshop in nature that will empower participants to immediately use the knowledge imparted in real scenarios. The methodology employed is very effective and interactive whereby case studies and group discussions will be used. It guides internal auditors into the realm of system based auditing and examines IS audit techniques and procedures in a non-technical way. Upon completion of this training, the participants should be able to perform a fair amount of IS audit right away and be ready to move to the next level.

SESSION 2:?Understanding the information systems

environment?Centralised vs distributed systems vs cloud

computing?On-line vs batch systems?Network concepts?Databases?Operating systems?The systems development life cycle?Risk in an outsourced environment and Cloud

Computing?Key IT service Management Processess-ITIL

Auditing the Auditors: An International Analysis of the ...3 Auditing the Auditors: An International Analysis of the Effectiveness of National Inspection Regimes on Audit Quality ABSTRACT:

Auditing the Auditors: An International Analysis of the ...3 Auditing the Auditors: An International Analysis of the Effectiveness of National Inspection Regimes on Audit Quality ABSTRACT:

Documents
Differences in auditors’ materiality assessments when ...mams.rmit.edu.au/xhc5rqb7lhvw1.pdf · Differences in auditors’ materiality assessments when auditing financial and non

Differences in auditors’ materiality assessments when ...mams.rmit.edu.au/xhc5rqb7lhvw1.pdf · Differences in auditors’ materiality assessments when auditing financial and non

Documents
IT AUDITING FOR NON-IT AUDITORS - Chapters Site - Home · PDF fileoperating systems and systems software, and ... technologies • Areas for consideration include: ... Designing, implementing,

IT AUDITING FOR NON-IT AUDITORS - Chapters Site - Home · PDF fileoperating systems and systems software, and ... technologies • Areas for consideration include: ... Designing, implementing,

Documents
ERP Auditing Concepts for Financial Auditors · ERP Auditing Concepts for Financial Auditors ... This approach can severely limit the value ... Learn key concepts about a four-pronged

ERP Auditing Concepts for Financial Auditors · ERP Auditing Concepts for Financial Auditors ... This approach can severely limit the value ... Learn key concepts about a four-pronged

Documents
WFA auditing the auditors

WFA auditing the auditors

Marketing
IT AUDITING FOR NON-IT AUDITORS€¦ · IIA Standards and IT Auditing • 1210.A3 – Proficiency – Internal auditors must have sufficient knowledge of ... operating systems and

IT AUDITING FOR NON-IT AUDITORS€¦ · IIA Standards and IT Auditing • 1210.A3 – Proficiency – Internal auditors must have sufficient knowledge of ... operating systems and

Documents
Auditing IT Governance - iia.nl 17 Auditing IT Governance.pdf · Auditing, Supplemental ... Information Technology ... The objective of this guidance is to assist internal auditors

Auditing IT Governance - iia.nl 17 Auditing IT Governance.pdf · Auditing, Supplemental ... Information Technology ... The objective of this guidance is to assist internal auditors

Documents
Tender for Appointment of Auditors for Pre Auditing of Bills

Tender for Appointment of Auditors for Pre Auditing of Bills

Documents
Auditing Apache Windows Web Server Auditors Perspective

Auditing Apache Windows Web Server Auditors Perspective

Documents
STOP ACTING LIKE AUDITORS! - TİDE - Türkiye İç Denetim ... Acting Like Auditors - Istanbul May... · STOP ACTING LIKE AUDITORS! THE HUMAN SIDE OF AUDITING ... internal auditing

STOP ACTING LIKE AUDITORS! - TİDE - Türkiye İç Denetim ... Acting Like Auditors - Istanbul May... · STOP ACTING LIKE AUDITORS! THE HUMAN SIDE OF AUDITING ... internal auditing

Documents
SAS 600 - STATEMENT OF AUDITING STANDARDS 600 AUDITORS

SAS 600 - STATEMENT OF AUDITING STANDARDS 600 AUDITORS

Technology
List of WSH auditing organisations and WSH auditors

List of WSH auditing organisations and WSH auditors

Documents
Reportable Irregularities in terms of the Auditing ... Guide for Registered Auditors... · REVISED GUIDE FOR REGISTERED AUDITORS: REPORTABLE IRREGULARITIES IN TERMS OF THE AUDITING

Reportable Irregularities in terms of the Auditing ... Guide for Registered Auditors... · REVISED GUIDE FOR REGISTERED AUDITORS: REPORTABLE IRREGULARITIES IN TERMS OF THE AUDITING

Documents
Appreciative Auditing - Instituut van Internal Auditors Auditing/0. aip-aug10... · Appreciative auditing by no means implies that non-conformities are being ... development training

Appreciative Auditing - Instituut van Internal Auditors Auditing/0. aip-aug10... · Appreciative auditing by no means implies that non-conformities are being ... development training

Documents
Guide for Auditors - Auditing Summary Financial Statements STANDARD DISCUSSED.pdf

Guide for Auditors - Auditing Summary Financial Statements STANDARD DISCUSSED.pdf

Documents
The Institute of Internal Auditors: Serving the Global Internal Auditing Profession

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession

Documents
An Introduction to Computer Auditingfaculty.usfsp.edu/gkearns/Articles_Fraud/Introduction_to_Computer... · An Introduction to Computer Auditing 1.6 Computer Auditors It was not until

An Introduction to Computer Auditingfaculty.usfsp.edu/gkearns/Articles_Fraud/Introduction_to_Computer... · An Introduction to Computer Auditing 1.6 Computer Auditors It was not until

Documents
Study on the Economic Impact of Auditors' Liability Regimesec.europa.eu/internal_market/auditing/docs/liability/auditors... · September 2006 Study on the Economic Impact of Auditors’

Study on the Economic Impact of Auditors' Liability Regimesec.europa.eu/internal_market/auditing/docs/liability/auditors... · September 2006 Study on the Economic Impact of Auditors’

Documents
Auditing Small Internet Business Hosted Internet Service Provider Auditors Perspective 103

Auditing Small Internet Business Hosted Internet Service Provider Auditors Perspective 103

Documents
Auditing IT Governance - Instituut van Internal Auditors 17... · Cadbury Report OECD Corporate Governance ... IT governance consists of the organizational structure, leadership,

Auditing IT Governance - Instituut van Internal Auditors 17... · Cadbury Report OECD Corporate Governance ... IT governance consists of the organizational structure, leadership,

Documents
HUMANIORA PENGARUH DIMENSI-DIMENSI PENGAWASAN … · “Auditing as a systematic proses ... dibedakan atas independent auditors, internal auditors, dan goverment auditors (p. 6-7)

HUMANIORA PENGARUH DIMENSI-DIMENSI PENGAWASAN … · “Auditing as a systematic proses ... dibedakan atas independent auditors, internal auditors, dan goverment auditors (p. 6-7)

Documents
MANUAL ON INTERNAL AUDITING INDEX · 1.1 What is internal auditing? 1.2 History and background 1.3 Purpose of internal auditing 1.4 Scope of internal auditing 1.5 Role of auditors

MANUAL ON INTERNAL AUDITING INDEX · 1.1 What is internal auditing? 1.2 History and background 1.3 Purpose of internal auditing 1.4 Scope of internal auditing 1.5 Role of auditors

Documents
INTERNAL AUDITORS' CHARACTERISTICS AND … · Internal auditors' characteristics were represented by demographic profile, regulation compliance awareness, adoption of internal auditing

INTERNAL AUDITORS' CHARACTERISTICS AND … · Internal auditors' characteristics were represented by demographic profile, regulation compliance awareness, adoption of internal auditing

Documents
The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing Institute of Internal Auditors defines internal auditing as: “Internal auditing

The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing Institute of Internal Auditors defines internal auditing as: “Internal auditing

Documents
IT AUDITING FOR NON-IT AUDITORS - Chapters Site - Home · © goldcal llc 2017 1 the standard in staffing, recruiting and professional development it auditing for non-it auditors danny

IT AUDITING FOR NON-IT AUDITORS - Chapters Site - Home · © goldcal llc 2017 1 the standard in staffing, recruiting and professional development it auditing for non-it auditors danny

Documents
Mothering or Auditing? The French Big 4’s Desperate Auditors

Mothering or Auditing? The French Big 4’s Desperate Auditors

Documents
Auditing the auditors - The Australia Institute |tai.org.au/sites/defualt/files/PB 61 Auditing the...Policy Brief Auditing the auditors The People’s Commission of Audit Policy Brief

Auditing the auditors - The Australia Institute |tai.org.au/sites/defualt/files/PB 61 Auditing the...Policy Brief Auditing the auditors The People’s Commission of Audit Policy Brief

Documents
Standards on Auditing SA 700,701,705,706 and &20€¦ · Appointment, Powers and duties of Auditors (Sec 139-144) Accounting Standards Auditing Standards Audit Approach Auditors Report

Standards on Auditing SA 700,701,705,706 and &20€¦ · Appointment, Powers and duties of Auditors (Sec 139-144) Accounting Standards Auditing Standards Audit Approach Auditors Report

Documents
Auditing Competency Standard for Registered Company Auditors · The following standard “Auditing Competency Standard for Registered Company Auditors” is a revision of the prior

Auditing Competency Standard for Registered Company Auditors · The following standard “Auditing Competency Standard for Registered Company Auditors” is a revision of the prior

Documents
Behavioral Dimensions of Internal Auditing: Behavioral ... · of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing, a guide for internal auditors

Behavioral Dimensions of Internal Auditing: Behavioral ... · of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing, a guide for internal auditors

Documents