IT Auditing For Non-I.T. Auditors (Basic of I.T. Auditing) (BITA)

This training course is aimed at internal audit professionals without specific expertise in IT auditing and provides them with the tools to start conducting IT and Security audits in their organisations. The course focuses on internationally-recognised auditing standards and frameworks including CobIT, ITIL, COSO and ISO27002.

The training agenda covers extensive knowledge of the controls required when auditing currently installed systems, new systems under development, andvarious activities within the information technology department.

The course participants will learn techniques for auditing automated systems and the management of application transaction activity, controls, and procedures.

Delegates will master techniques that can be applied to mainframe, distributed processing, and client/server-based applications. They will gain field-tested tools for identifying, recording, assessing, and evaluating application controls and procedures.

Course Content:

• Fundamentals of IT Auditing
  • What is IT auditing?
  • What is the role of an IT auditor?
  • IIA standards related to an IT audit
  • Key components of IT
  • Centralised vs distributed systems
  • On-line vs batch systems
  • Network concepts
  • Databases
  • Operating systems
• General Control
  • General security concepts
  • Access management concepts
  • Access management principles
  • Common access management controls
  • Incident Management and the Service Desk
  • Service Level Management
  • Change and Patch Management
  • Elements of a typical change process
  • Aspects of the SDLC
  • SDLC phases
  • Business Continuity Management (BCM)
  • Disaster Recovery (DR)
  • Backup processing
• Application Controls
  • Application control concepts
  • Input controls
  • Processing controls
  • Output controls
  • Interface controls
  • Audit trails
  • Application security
• Cloud Computing and Service Organization Control (SOC) Reports
  • Cloud computing
  • SOC reports
• Emerging Technology Impacting IT Auditing
  • 4th Industrial Revolution
  • Artificial Intelligence
  • Big Data
  • Robotics
  • Internet of Things (IOT)
• Auditing key information systems controls
  • Procedures to audit the adequacy and effectiveness of each of the key information controls identified:
    • Perform a walkthrough
    • Defining the population to be tested for control effectiveness
    • Test procedures
• Audit of data files - use of CAATs
  • Purpose of CAATs
  • Understanding data and meta data
  • Formulating the CAAT specification
  • Development, testing and implementation of CAATs