IT AUDIT SCHOOL

SEMINARFOCUSANDFEATURESIT Audit School12th - 16th March 2007NairobiThis five-day course is designed for financial, operational, business, and ITauditors who need to update their technical and operational knowledge toaudit information technologies and automated business systems. You willexplore auditing standards, including Sarbanes-Oxley and PCAOB. You willdiscuss the controls required when auditing currently installed systems, newsystems under development, and the various activities within the informationtechnology department. In addition, you will learn techniques for auditingautomated systems. You will then turn your attention to auditing themanagement of application transaction activity, controls, and procedures. Youwill master techniques that can be applied to mainframe, distributedprocessing, and client/server-based applications. You will gain field-testedtools for identifying, recording, assessing, and evaluating application controlsand procedures. You will leave this high-impact seminar with real-worldexamples of audit programmes, testing techniques, and audit findings.“Very very focussed course. 10 out of 10”Audit Manager,Banco de Comercio IndustriaCOURSE DIRECTORCHARLES PASK, CISSPCharles Pask is the Managing Director of ITSEC AssociatesLimited, responsible for delivering global IT security and ITaudit services, including public training courses, in-housetraining courses, conferences, symposiums, and consulting.Previously, he was a Director with MIS Training, and Director ofInformation Security Institute (ISI) European and Middle Easte-Security Services. Mr. Pask has over 18 years’ experience inIT, IT audit, and IT security, and was the Information SecurityManager for Alliance & Leicester plc prior to joining MIS. Mr.Pask has been a member of the ITSEC Common Criteria teamworking with the DTI, and a committee member of the APACSSecurity Advisory Group and the LINK Security Group. He hasspoken at a number of conferences, including WebSec,Compsec, the International Security Managers Symposium,and various ISACA events.PrerequisitesNoneLearning LevelBasicWho Should AttendFinancial, Operational, Business Applications, andExternal Auditors; new Information Technology AuditorsBonusYour fee includes a copy of the Handbook of Controlsfor Auditing Computer Applications and a copy of MIS'Information Technology & Audit Acronym DictionaryFeeGBP £2,095EARN 37 CPEs“Very useful overview and interestingtopics and input worth bringing to futureaudit work”Internal Auditor, Euronext Liffe© MIS Training 2006The programme may change due to unforeseen circumstances. MIS Training reservesthe right to alter the venue and/or speakers.

AGENDADAY ONEFundamentals of IT Auditing■ Objectives of IT Audit■ Business risks in an automatedenvironment■ Information systems securityconcerns■ Role of IT auditors and businessauditorsAuditing Standards■ ISACA■ The AICPA Guidance Statement onAuditing■ SAS 55: consideration of the internalcontrol structure in a financialstatement audit■ COBIT: control objectives forinformation and related technology■ Sarbanes-Oxley Sections 302 and404 compliance■ PCAOB■ GAO: government audit standards■ IT standardsInfrastructure Essentials■ Computer hardware and operatingsystems■ How application systems softwareand systems programmes interact■ Distributed systems hardware■ The translation process from sourceto executable■ Audit risk in programmemanagement■ Analysing infrastructure risk“Extremely useful. Goodopportunity to listen andtalk to smart people.”Auditor,Philip MorrisDAY TWODatabases■ Non-database and databasemanagement environments■ Database risks on the applications,the data, and the operatingenvironment■ Network discovery■ Address spoofing: IP and MACaddresses■ Malicious software■ Unauthorised entry■ Denial-of-serviceDistributed Systems■ Comparing distributed systems tocentralised systems■ Fundamentals of client/server and itsmodel■ Server functions■ Evaluating risk of distributed systemsNetworks■ Host-based environments■ LANs and WANs■ Data communication basics and risks■ Bridges, switches, routers, andgatewaysDAY THREEInternet and E-Commerce■ Understanding Internet terms andconcepts■ Perimeter controls (firewalls) andsecurity vulnerabilities■ Assessing Internet-related risk■ Confidentiality and authentication ine-commerceGeneral Controls■ Information technology infrastructure■ Security, operational, managementand system software controls■ Identifying and assessing risk■ Placing reliance on general controlsBusiness Systems Applications■ Types of business applications■ How business applications affect theaudit environmentDAY FOURDefining a Transaction■ Transaction-based applicationauditing■ Life cycle of a transaction■ Transaction origination andauthorisation■ Processing, output, and input■ Report distribution■ Reconciliation■ Error identificationGeneral Flow of an Audit Application■ The business environment■ The technical environment■ Data risk assessment■ Transactional flow■ Test processComponents of a BusinessApplication■ Transaction origination■ Input■ Processing■ Output■ Audit impactDAY FIVEData Input and Processing Models■ Characteristics and controls■ Batch input: batch processing■ Online input: batch processing■ Online input: online processing■ Real-time entry: real-time processing■ Internet entry“It has been a step-by-stepguide to the essentialskills one needs toperform IT Audits, asrightly indicated on thecourse brochure”NAL Bank PlcApplication Controls■ Categories■ Differentiating controls fromprocedures■ Completeness and accuracy of inputand processing■ Output controls and authorisation■ Inter-relationship between applicationcontrols and general controlsBeginning the Audit■ Risk assessment factors■ Quantifiable and lifiable factors■ The opening meeting■ Understanding the application“Very Educational, shedlight on the IT World”Senior Internal Auditor,Mobile Telephones Network [MTN]

REGISTRATION FORMIT Audit School(please photocopy form for additionaldelegates) 12th - 16th March 2007, Nairobi(MT2069)£2,095* £Grand Total £FEES MUST BE PAID IN ADVANCE OFTHE EVENTCustomer InformationTitle First name SurnameTitle/PositionE-Mail Address (Required)AddressCountryTelephoneOrganisationPostcodeThe information you provide will be safeguarded by the Euromoney Institutional Investor PLC group whose subsidiariesmay use it to keep you informed of relevant products and services. We occasionally allow reputable companies outsidethe Euromoney Institutional Investor PLC group to contact you with details of products that may be of interest to you. Asan international group we may transfer your data on a global basis for the purposes indicated above. If you object tocontact by telephone , fax , or email please tick the relevant box. If you do not want us to share your informationwith other reputable companies please tick this box .Payment InformationYOU CAN NOW PAY ONLINE AT - www.mistieurope.com Cheque enclosed (payable to MIS Training) Please invoice my company PO#Please debit my credit cardCard NumberCardholders nameFax AMEX VISA MasterCardExpiryPlease include billing address if different from address givenVerification CodePlease note that in completing this booking you undertake to adhere to the cancellation andpayment terms listed belowSignatureApproving ManagerPlease Quote Ref: 206 WEB5 easy ways to registerTel: +44 (0)20 7779 8944Fax completed form to:+44 (0)20 7779 8293Email: mis@mistiemea.comWeb: www.mistieurope.comPost completed form to:Lisa Davies,MIS Training, Nestor House,Playhouse Yard,LondonEC4V 5EX UKDatePositionIN-HOUSETRAININGSave up to 50% on trainingTailored Training for your team and Saveup to 50% If you have to comply withSarbanes-Oxley, just installed a new ERPsystem, recruited new staff - or maybeyou are keen to secure your network, takepreventative measures to counteract fraudor comply with the latest legislation. Eitherway if you have 5 or more people whorequire training on the same topic, MIScan tailor training courses to meet yourexact needs and budget, saving you up to50%. We charge per day and NOT perparticipant so the cost remains the sameregardless of how many people you havein your team.With In-House Training YouWill:Save money over public seminar fees inaddition to savings on travel andaccommodation costs.Save time on travel as the instructor willtravel to you. Furthermore, the training canbe held at the most convenient time foryou.Ensure the relevance of the seminar foryour organisation and industry. You maywish to tailor the structure andmethodology of your seminar or customisethe seminar to meet the expertise levels ofyour attending employees.EMAIL: gcooper@mistiemea.com for moreinformationPlease send me information on:In House TrainingPreventing Fraud & Corruption, 20th-24thNovember 2006, NairobiRisk Based IT Auditing, 12th - 15th February2007, LagosRegistration Information(fees must be paid in advance of theevent)AccommodationMIS Training has negotiated specialaccommodation rates at hotels in Nairobi. Forfurther information please call IBR on +44 (0)1332 285521 or fax 0845 3304982 (UK only) or+44 (0) 1332 287613 (Outside UK) or go towww.ibr.co.uk/mis.Cancellation PolicyShould a delegate be unable to attend, asubstitute may attend in his or her place.Cancellations received within 21 working daysof the event are liable for the full seminar fee. Iffull payment has been received you are eligiblefor a 75% reduction on the next run of theseminar. This discount will be valid for oneyear only. MIS reserves the right to change orcancel programmes due to unforeseencircumstances.High Yield/No-Risk GuaranteeAttend these workshops and receive tools andtechniques that will help you do your jobbetter. If you do not, simply tell us why on yourcompany letterhead and we will give you a fullcredit toward another programme.