IT AUDIT SCHOOL

More documents

Recommendations

Info

SEMINARFOCUSANDFEATURESIT Audit School12th - 16th March 2007NairobiThis five-day course is designed for financial, operational, business, and ITauditors who need to update their technical and operational knowledge toaudit information technologies and automated business systems. You willexplore auditing standards, including Sarbanes-Oxley and PCAOB. You willdiscuss the controls required when auditing currently installed systems, newsystems under development, and the various activities within the informationtechnology department. In addition, you will learn techniques for auditingautomated systems. You will then turn your attention to auditing themanagement of application transaction activity, controls, and procedures. Youwill master techniques that can be applied to mainframe, distributedprocessing, and client/server-based applications. You will gain field-testedtools for identifying, recording, assessing, and evaluating application controlsand procedures. You will leave this high-impact seminar with real-worldexamples of audit programmes, testing techniques, and audit findings.“Very very focussed course. 10 out of 10”Audit Manager,Banco de Comercio IndustriaCOURSE DIRECTORCHARLES PASK, CISSPCharles Pask is the Managing Director of ITSEC AssociatesLimited, responsible for delivering global IT security and ITaudit services, including public training courses, in-housetraining courses, conferences, symposiums, and consulting.Previously, he was a Director with MIS Training, and Director ofInformation Security Institute (ISI) European and Middle Easte-Security Services. Mr. Pask has over 18 years’ experience inIT, IT audit, and IT security, and was the Information SecurityManager for Alliance & Leicester plc prior to joining MIS. Mr.Pask has been a member of the ITSEC Common Criteria teamworking with the DTI, and a committee member of the APACSSecurity Advisory Group and the LINK Security Group. He hasspoken at a number of conferences, including WebSec,Compsec, the International Security Managers Symposium,and various ISACA events.PrerequisitesNoneLearning LevelBasicWho Should AttendFinancial, Operational, Business Applications, andExternal Auditors; new Information Technology AuditorsBonusYour fee includes a copy of the Handbook of Controlsfor Auditing Computer Applications and a copy of MIS'Information Technology & Audit Acronym DictionaryFeeGBP £2,095EARN 37 CPEs“Very useful overview and interestingtopics and input worth bringing to futureaudit work”Internal Auditor, Euronext Liffe© MIS Training 2006The programme may change due to unforeseen circumstances. MIS Training reservesthe right to alter the venue and/or speakers.
AGENDADAY ONEFundamentals of IT Auditing■ Objectives of IT Audit■ Business risks in an automatedenvironment■ Information systems securityconcerns■ Role of IT auditors and businessauditorsAuditing Standards■ ISACA■ The AICPA Guidance Statement onAuditing■ SAS 55: consideration of the internalcontrol structure in a financialstatement audit■ COBIT: control objectives forinformation and related technology■ Sarbanes-Oxley Sections 302 and404 compliance■ PCAOB■ GAO: government audit standards■ IT standardsInfrastructure Essentials■ Computer hardware and operatingsystems■ How application systems softwareand systems programmes interact■ Distributed systems hardware■ The translation process from sourceto executable■ Audit risk in programmemanagement■ Analysing infrastructure risk“Extremely useful. Goodopportunity to listen andtalk to smart people.”Auditor,Philip MorrisDAY TWODatabases■ Non-database and databasemanagement environments■ Database risks on the applications,the data, and the operatingenvironment■ Network discovery■ Address spoofing: IP and MACaddresses■ Malicious software■ Unauthorised entry■ Denial-of-serviceDistributed Systems■ Comparing distributed systems tocentralised systems■ Fundamentals of client/server and itsmodel■ Server functions■ Evaluating risk of distributed systemsNetworks■ Host-based environments■ LANs and WANs■ Data communication basics and risks■ Bridges, switches, routers, andgatewaysDAY THREEInternet and E-Commerce■ Understanding Internet terms andconcepts■ Perimeter controls (firewalls) andsecurity vulnerabilities■ Assessing Internet-related risk■ Confidentiality and authentication ine-commerceGeneral Controls■ Information technology infrastructure■ Security, operational, managementand system software controls■ Identifying and assessing risk■ Placing reliance on general controlsBusiness Systems Applications■ Types of business applications■ How business applications affect theaudit environmentDAY FOURDefining a Transaction■ Transaction-based applicationauditing■ Life cycle of a transaction■ Transaction origination andauthorisation■ Processing, output, and input■ Report distribution■ Reconciliation■ Error identificationGeneral Flow of an Audit Application■ The business environment■ The technical environment■ Data risk assessment■ Transactional flow■ Test processComponents of a BusinessApplication■ Transaction origination■ Input■ Processing■ Output■ Audit impactDAY FIVEData Input and Processing Models■ Characteristics and controls■ Batch input: batch processing■ Online input: batch processing■ Online input: online processing■ Real-time entry: real-time processing■ Internet entry“It has been a step-by-stepguide to the essentialskills one needs toperform IT Audits, asrightly indicated on thecourse brochure”NAL Bank PlcApplication Controls■ Categories■ Differentiating controls fromprocedures■ Completeness and accuracy of inputand processing■ Output controls and authorisation■ Inter-relationship between applicationcontrols and general controlsBeginning the Audit■ Risk assessment factors■ Quantifiable and lifiable factors■ The opening meeting■ Understanding the application“Very Educational, shedlight on the IT World”Senior Internal Auditor,Mobile Telephones Network [MTN]
Page 4: REGISTRATION FORMIT Audit School(pl

IT AUDIT SCHOOL

Create successful ePaper yourself

Delete template?

Save as template?