I.T. Auditing Techniques &
Control
Introduction:
This comprehensive
course outlines the concepts of information technology you need to know in
order to understand the audit concerns in the IT environment. You will learn
the necessary controls for application systems - the program pinpoints specific
controls to evaluate when auditing currently installed systems, new systems
under development, and the various activities within the information technology
department. In addition, you will learn techniques for auditing automated
systems and examine the impact of Sarbanes-Oxley on IT audit. You will leave
this session with a solid foundation in the basics of information technology as
they apply to audit and security concerns.
Course
Objectives:
By the end of
this course delegates will be able to:
Who
Should Attend?
Internal Auditors, Auditors-in-Charge,
Financial & Operational Auditors, Finance Personnel, External Auditors,
Audit Managers and Supervisors, IT Auditors, Team Leaders and Directors,
Operations Managers, Audit Managers
Course
Outline:
Introduction to IT Audit
· Audit objectives and requirements
· Role of IT within the organization
· Management and security risks in an automated environment
· What is a control?
· Internal control defined
· Processes and control points
· Physical space vs. Logical space
· Identifying control points
Planning the IT Audit
· Definition of internal audit
· Objectives of an it audit
· IT audit strategies
· What is an application
· Application vs. General controls
· IT audit control reviews
· IT control categories
· The audit deliverable
· Building the audit team
Auditing Organizations and
Standards
· Maintaining audit objectivity
· What is a standard?, AICPA and SAS
· GAO and other certification organizations
· The Institute of Internal Auditors (IIA)
· The Treadway Commission
· COSO Integrated Framework
· ISACA and the IT Governance Institute
· COBIT®: Control Objectives for Information and Related Technology
· ISO 27002 security standard
IT Governance and Controls
· What is IT governance?
· Information security governance
· IT policies and procedures
· Separation of duties and outsourcing
· Governance and control
Information Technology Basics
· Why learn about technology?
· Computer hardware and CPU operation
· Two different classes of computers
· Software, programs and processing
· Distributed systems and client/server technology
· The Open Systems Interconnection (OSI) model
· Maintenance and security
Network Technology and Controls
· Networking risks, Auditing networks
· What is a network?
· LANs, WANs and MANs
· Physical network media (cables)
· Cabling audit objectives
· LAN Protocols
· WAN connectivity and protocols
· MAN protocols
· LAN/WAN/MAN audit objectives
· Network devices
· Network device audit objectives
· Complete networks
· The internet
· Intranets and extranets
· Risks of internet use for business
· Using firewalls
· Internet communications
· Internet Protocol (IP) addressing
· Service (process) addressing
· Internet applications
· The World Wide Web (www)
· Web page technologies
· Internet audit objectives
Shared General and Application
Controls
· Logical security
· Data classification
· Logical access controls: system access
· Encryption: information access
· Remote access, PCS and mobile devices
· Information security management
· Change management
· Change management objectives
· Program change control
· Patch management
· Software licensing
· Business continuity/disaster recovery
· Bcp/drp defined
· Business Impact Analysis (BIA)
· Disaster recovery strategy
· Maintaining the plan
· System development technologies
· SDLC, RAD, ERP purchases
· Internal audit involvement, Audit strategy
Application Controls
· What is an application?
· Business application risks
· Application auditing
· Transactions: the audit focus
· Transaction life cycle controls, End
· User computing
· Data warehouses
· The future of applications
Database Technology and Controls
· Managing information
· The program
· Centric model
· Program
· Centric audit concerns
· The data
· Centric model
· What is a database?
· Database terminology
· Database management systems
· Types of databases
· Database audit concerns
Infrastructure General Controls
· Operations controls
· IT operations
· Operating system controls
· System utilities
· System software controls: a review
· Physical security
· Environmental controls
| Code | From | To | City | Fee | |
|---|---|---|---|---|---|
| AP14 | 10 Feb 2020 | 21 Feb 2020 | Istanbul | US$ 7500 | Book |
| AP14 | 27 Apr 2020 | 08 May 2020 | California | US$ 9000 | Book |
| AP14 | 22 Jun 2020 | 03 Jul 2020 | London | US$ 8000 | Book |
| AP14 | 26 Jul 2020 | 06 Aug 2020 | Amman | US$ 7000 | Book |
| AP14 | 28 Sep 2020 | 09 Oct 2020 | Bangkok | US$ 7500 | Book |
| AP14 | 08 Nov 2020 | 19 Nov 2020 | Dubai | US$ 7000 | Book |
|
DUBAI OFFICE
Ittihad Deira Building, |
USA OFFICE 642 E14 Street,10009-13 Manhattan, New York (NY) USA info@petrogas-training.com |
EGYPT OFFICE 52 General Kamal Hejab Street,Suez Bridge, Cairo, Egypt info@petrogas-training.com |
Certificate of Completion will be provided to the candidate(s) who successfully attend and complete the course. Training hours attendance percentage of 75% is required.
Standard course hours: 8:30 A.M. to 3:30 P.M. Informal discussions: 4:30 P.M. to 5:30 P.M.
We use a blend of interactive and hands-on methods, active participation, a variety of instructional techniques, dynamic presentations, individual and group exercises, in depth discussion, DVD’s, role-plays, case studies, examples. All of the information, competencies, knowledge and skills acquired within our training programs, are 100% transferrable to the participants’ workplace.
Pre-Test and Post-Test Assessment are applied on 5-day and 10-day programs. Also, post course evaluation and candidate’s evaluation are applied to add another level of quality measurement. Candidates’ feedback is highly appreciated to elevate the training service quality.
A- Have staff trained in the latest training and development approaches
B- Support nationalization and talent management initiatives
C- Have properly trained and informed people who will be able to add value
D- Gain relevant technical knowledge, skills and competencies
A- Develop job related skills
B- Develop personal skills in subject matter
C- Have a record of your growth and learning results
D- Bring proof of your progress back to your organization
F- Become competent, effective and productive
G- Be more able to make sound decisions
H- Be more effective in day to day work by mastering job-related processes
I- Create and develop competency to perform job well
A- 10% discount after 05 candidates’ registration.
B- 15% discount after 10 candidates’ registration.
C- 20% discount after 20 candidates’ registration.
D- 25% discount after 25 candidates’ registration.
E- 30% discount after 30 candidates’ registration
F- Higher discount rates will be offered based on work volume with different clients.
A- One extra free seat is offered on 4 candidates on the same course and dates.
B- Two extra free seats are offered on 6 candidates on the same course and dates.
C- Three extra free seats are offered on 8 candidates on the same course and dates.
D- Four extra free seats are offered on 10 candidates on the same course and dates.
E- Five extra free seats are offered on 12 candidates on the same course and dates.
Nominations to our public courses are to be processed by the client’s Training and/or HR departments. A refund will be issued back to the client in the event of course cancellation or seat unavailability. A confirmation will be issued to the relevant department official(s).
If a confirmed registration is cancelled less than 5 working days prior to the course start date, a substitute participant may be nominated to attend the same course or a 20% cancellation charge is applied. In case of a no-show, a 100% fee will be charged.
PAYMENT POLICY
Payment is due upon receiving the course confirmation, invoice and/or proforma invoice. However; the fee due can be wire transferred to our bank account directly after course completion. Our bank details are illustrated on the confirmation, invoice and proforma invoice, as well. The above documents can be communicated electronically, i.e., in a soft copy or/and in hard copy based on customer’s request.
COPYRIGHT
© 2017. Material published by PETROGAS shown here is copyrighted. © 2017. All rights reserved. Any unauthorized copying, distribution, use, dissemination, downloading, storing in any medium, transmission, reproduction or reliance in whole or any part of this course outline is prohibited and will constitute an infringement of copyright.
2015 © Copyrights Petrogas
