SlideShare a Scribd company logo

Risk based it auditing for non it auditors (basics of it auditing) final 12

Thilak Pathirage -Senior IT Gov and Risk Consultant
Thilak Pathirage -Senior IT Gov and Risk Consultant

Workshop on Risk based IT Auditing for Non-IT auditors

Presentations & Public Speaking
1 of 1
Download to read offline
Risk Based ITAuditing for Non-IT Auditors The GOLD Winner of Information Security Training Profession in Sri Lanka (ISACA Sri Lanka Chapter Awards- 2008 Annul Convention) +94 0765377471 L: +94 11 2825177 +94 777 372697Web: www.itgrc.lkEmail:info@itgrc.lk IT Governance and Risk Consulting (Pvt) Ltd. # 11/24,1/1, | Melder Place | Nugegoda | Colombo | Sri Lanka Mobile: +94 (0) 777 372697 Office Tel: +94 011 2825177 | Fax: +94 011 2810188 info@sltnet.lk I www.itgrc.lk For More Info Call: Mrs Rupasinghe or Ms Gayanika 0772300268/0765377471 IT Audit Consulting, Contact 0777372697 THILAKPATHIRAGE: MBA,B.Com FIB CISSCISACISM CRISC CGEIT CBCP ITIL(V3) CCSE CCSA OpRisk- DIR/CEO and Senior ITGovernance and Risk Consultant of ITGRC Ltd. In his 35 years of long service in the Banking and Financial services industry, Thilak has held Senior Positions in Seylan Bank in IS Assurances, Information Risk Management, IT Governance, Business Continuity Planning Information Security (CISO) and Operational Risk Management. Being the first CISA in the Country, he was pioneered in developing IT Assurance and security Processional practices for the Banking sector in Sri Lanka. He is a workshop leader in Information Security, Business Continuity and GRC topics and won Prestigious Information security Gold Medal awarded by ISACA Sri Lanka Chapter in 2008. Thilak is also ITIL v3 authorized trainer (EXIN) in Sri Lanka. Thilak conducts CISSP CISA ITIL CISM CGEIT CRISC certification courses for last several years and has achieved world best results. Currently he is the President of ISSA Chapter Sri Lanka and the DIR/CEO of ITGRC Ltd. He owns diverse and multi disciplinary academics and industry leading certifications. He conduct Lectures in UCSC and Sri Japure Universities on Information Security topics. The Risk Based IT Auditing for Non-IT Auditors (Basics of IT Auditing) with Thilak is a unique and rewarding experience and he brings a vast amount of experience into the class for everyone to learn from. To read his full Linked profile: http://www.linkedin.com/in/thilakjayasenapathir age www.itgrc.lk Date, Duration and Venue: Date: 9th & 10th July, 2015 Time: 9.00am - 5.00pm. Duration: 2 days Venue: Global Tower, Colombo 5, Sri Lanka. Course Fee: eCopy of the manual and Refreshment are provided LKR 30,000 LEARNING OBJECTIVE Delegates will develop an understanding of IT audit, technology risks and controls delivered from a non-technical perspective. Specific outcomes include a basic understanding of: ?Information systems risk ?Application controls ?The systems development life cycle ?Logical security at the application, database, network and operating systems levels ?IT general controls (non security) COURSE CONTENT: DAY 1 SESSION 1: Introduction to IS Auditing IT Audit: A 21st Century Perspective. Topics to be discussed include: ?Evaluation of Internal Auditing and IT Auditing ?Emergence of corporate governance and IT Auditing ?Three key elements of success ?Key Leadership Attributes for Success ?Origin of IT Audit and CHANGE ?Nature of IT Audit ?What are the Most Powerful Audit Questions? ?Challengers of IT Audit in 21 century WHO SHOULD ATTEND? Those who need to have basic understanding of IT Risk Base audit practices: Level 1: The course will be of benefit to internal auditors, operational risk managers and others those who requiring a fundamental understanding of the subject and do not always have the use of a technical IT support team to assist in their review. Level 2: The program would also be of value to financial and operational audit professionals who are already practicing internal audit and considering a career move into IT auditing as well as non-IT audit professionals tasked with the responsibility for assessing their organization's IT operations and infrastructure. Prerequisites: There is no prerequisite for this course. SESSION 4: Discussions on partnership between audit and IT management. The IT auditing process, the current auditing framework & its challenges. This Session will address: ?The IT Auditing Process ?2015 CISA Job Practices: Defining the Audit Scope ?IT Audit Planning ?The Major Elements of an IT Audit ?Organization and Management ?IT Audit Standards and Practices ?Policies and Procedures ?IT Infrastructure and Data bases ?System Development and change ?System Operations and Support ?Application Systems Reviews SESSION 5: Understanding key information systems control- Application based ?Key automated controls of on-line transactions ?Core Banking Operations ?Human resources and payroll processes ?Procure to pay processes ?Order to cash processes ?Logical information security ?Segregation of duties ?User account management ?Application layer security ?Physical and environmental controls ?Controls over IT service management processes (ITIL-based) ?General Controls DAY 2 SESSION 6: Auditing key information systems controls Procedures to audit the adequacy and effectiveness of each of the key information controls identified: ?Perform a walkthrough ?Defining the population to be tested for control effectiveness ?Testing procedures SESSION 7: Auditing SDLC and System Controls Employing the best practices of SDLC is not just a good idea in the IT industry; it serves as a control over systems development process:. ?IT Project Management and Governance ?Development methodologies ?Eight Phases of SDLC and Control implementation ?Auditors role in SDLC Process ?Quality Assurance and User acceptance Testing SESSION 8 : Corpoarate Governance, IT Governance, and compliance. The role of IT governance and its connection to IT auditing and the key issues facing organizations globally. Specifically, this session will address: ?Governance, Risk and Compliance- GRC ?IT Governance and IT-GRC ?How should an enterprise most effectively and efficiently govern its IT activities? ?What is Compliance? and IT's Contribution to Compliance ?Best Practices for Security and SOX Compliance ?How Can IT Systems Assist Management of Compliance Issues? ?Putting IT GRC into action SESSION 9: ?COBIT 5 and GTAG guideline: ?COBIT 5 Principles and Framework ?COBIT 5 Process Reference Model ?COBIT5 for IT Assurance and Security ?IIA Global Technology Assurances Guides(GTAG) SESSION 10: ?IT audit profiling and reporting ?Audit Charter and Independence ?Reporting ?Supporting financial or operational audits ?Communicating audit findings SESSION 11: Audit of data files - Application of CAATs? Purpose of CAATs? Understanding data and meta data? Formulating the CAAT specification? Development, testing and implementation of CAATs? SESSION 3: Risk through effective risk profiling and management in IT auditing. Session topics address the following: ?Risk management principles and practices ?IS Risk assessment and analysis methodologies ?Information threats, vulnerabilities and exposures ?Information assets valuation methodologies ?Risk Management Standards COSO,ISO31000,COBIT and ISO 27001) ?Methods used to determine sensitivity and criticality of information resources ?Baseline modeling and risk-based assessments of control requirements ?The Nine Primary Steps of a Risk Assessment Methodology ?Information security controls and countermeasures and their effectiveness ?Risk mitigation strategies for information resources ?Cost benefit analysis - mitigating risks to acceptable levels INTRODUCTION This is a practical workshop in nature that will empower participants to immediately use the knowledge imparted in real scenarios. The methodology employed is very effective and interactive whereby case studies and group discussions will be used. It guides internal auditors into the realm of system based auditing and examines IS audit techniques and procedures in a non-technical way. Upon completion of this training, the participants should be able to perform a fair amount of IS audit right away and be ready to move to the next level. SESSION 2: ?Understanding the information systems environment ?Centralised vs distributed systems vs cloud computing ?On-line vs batch systems ?Network concepts ?Databases ?Operating systems ?The systems development life cycle ?Risk in an outsourced environment and Cloud Computing ?Key IT service Management Processess-ITIL

Recommended

Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-managementAmit Bhargava
 
Mindtree agile offering.
Mindtree agile offering.Mindtree agile offering.
Mindtree agile offering.Mindtree Ltd.
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT Happiest Minds Technologies
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 

Recommended

Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-managementAmit Bhargava
 
Mindtree agile offering.
Mindtree agile offering.Mindtree agile offering.
Mindtree agile offering.Mindtree Ltd.
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT Happiest Minds Technologies
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-UsabilityLarry Wilson
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016patmisasi
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber SecurityVivianMarcello3
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber Security Infotech
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
Practice case legal for data professional
Practice case legal for data professionalPractice case legal for data professional
Practice case legal for data professionalNovita Sari
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytestingThilak Pathirage -Senior IT Gov and Risk Consultant
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 

More Related Content

What's hot

Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-UsabilityLarry Wilson
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016patmisasi
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Practice case legal for data professional
Practice case legal for data professionalPractice case legal for data professional
Practice case legal for data professionalNovita Sari
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 

What's hot (20)

SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss prevention
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltd
 
Cyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical ServicesCyber Security - Maintaining Operational Control of Critical Services
Cyber Security - Maintaining Operational Control of Critical Services
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
Practice case legal for data professional
Practice case legal for data professionalPractice case legal for data professional
Practice case legal for data professional
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
 

Similar to Risk based it auditing for non it auditors (basics of it auditing) final 12

ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deckddcomeau
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiAuditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiYeffry Handoko
 
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...360 BSI
 
ICT Governance for Enterprise Control & Value Creation - Day1
ICT Governance for Enterprise Control & Value Creation - Day1ICT Governance for Enterprise Control & Value Creation - Day1
ICT Governance for Enterprise Control & Value Creation - Day1Jenny Tsuboyama energizIN
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyonesammart93
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
Part II Cyber Security Governance, Audit, and the COBIT 5 Framework
Part II Cyber Security Governance, Audit, and the COBIT 5 FrameworkPart II Cyber Security Governance, Audit, and the COBIT 5 Framework
Part II Cyber Security Governance, Audit, and the COBIT 5 FrameworkRd. R. Agung Trimanda
 
Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictabilitytlknecht
 
2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressedpromediakw
 
Dr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressedDr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressedpromediakw
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Databricks
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811faau09
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 

Similar to Risk based it auditing for non it auditors (basics of it auditing) final 12 (20)

ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiAuditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
 
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...
 
ICT Governance for Enterprise Control & Value Creation - Day1
ICT Governance for Enterprise Control & Value Creation - Day1ICT Governance for Enterprise Control & Value Creation - Day1
ICT Governance for Enterprise Control & Value Creation - Day1
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
Part II Cyber Security Governance, Audit, and the COBIT 5 Framework
Part II Cyber Security Governance, Audit, and the COBIT 5 FrameworkPart II Cyber Security Governance, Audit, and the COBIT 5 Framework
Part II Cyber Security Governance, Audit, and the COBIT 5 Framework
 
Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
 
2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed2015 05-kuwait-log maturity-compressed
2015 05-kuwait-log maturity-compressed
 
Dr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressedDr. Almerindo Graziano - log maturity-compressed
Dr. Almerindo Graziano - log maturity-compressed
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditing
 
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
Trust, Context and, Regulation: Achieving More Explainable AI in Financial Se...
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 

More from Thilak Pathirage -Senior IT Gov and Risk Consultant

More from Thilak Pathirage -Senior IT Gov and Risk Consultant (11)

Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterprise
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Capability_Assessment_of_IT_Governance_Using_the_2.pdf
Capability_Assessment_of_IT_Governance_Using_the_2.pdfCapability_Assessment_of_IT_Governance_Using_the_2.pdf
Capability_Assessment_of_IT_Governance_Using_the_2.pdf
 
cobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publicationcobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publication
 
Introduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdfIntroduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdf
 
Social media-assessment
Social media-assessmentSocial media-assessment
Social media-assessment
 
Cissp nda
Cissp ndaCissp nda
Cissp nda
 
314
314314
314
 
Composite indicators
Composite indicatorsComposite indicators
Composite indicators
 

Recently uploaded

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 

Recently uploaded (20)

Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 

Risk based it auditing for non it auditors (basics of it auditing) final 12

  • 1. Risk Based ITAuditing for Non-IT Auditors The GOLD Winner of Information Security Training Profession in Sri Lanka (ISACA Sri Lanka Chapter Awards- 2008 Annul Convention) +94 0765377471 L: +94 11 2825177 +94 777 372697Web: www.itgrc.lkEmail:info@itgrc.lk IT Governance and Risk Consulting (Pvt) Ltd. # 11/24,1/1, | Melder Place | Nugegoda | Colombo | Sri Lanka Mobile: +94 (0) 777 372697 Office Tel: +94 011 2825177 | Fax: +94 011 2810188 info@sltnet.lk I www.itgrc.lk For More Info Call: Mrs Rupasinghe or Ms Gayanika 0772300268/0765377471 IT Audit Consulting, Contact 0777372697 THILAKPATHIRAGE: MBA,B.Com FIB CISSCISACISM CRISC CGEIT CBCP ITIL(V3) CCSE CCSA OpRisk- DIR/CEO and Senior ITGovernance and Risk Consultant of ITGRC Ltd. In his 35 years of long service in the Banking and Financial services industry, Thilak has held Senior Positions in Seylan Bank in IS Assurances, Information Risk Management, IT Governance, Business Continuity Planning Information Security (CISO) and Operational Risk Management. Being the first CISA in the Country, he was pioneered in developing IT Assurance and security Processional practices for the Banking sector in Sri Lanka. He is a workshop leader in Information Security, Business Continuity and GRC topics and won Prestigious Information security Gold Medal awarded by ISACA Sri Lanka Chapter in 2008. Thilak is also ITIL v3 authorized trainer (EXIN) in Sri Lanka. Thilak conducts CISSP CISA ITIL CISM CGEIT CRISC certification courses for last several years and has achieved world best results. Currently he is the President of ISSA Chapter Sri Lanka and the DIR/CEO of ITGRC Ltd. He owns diverse and multi disciplinary academics and industry leading certifications. He conduct Lectures in UCSC and Sri Japure Universities on Information Security topics. The Risk Based IT Auditing for Non-IT Auditors (Basics of IT Auditing) with Thilak is a unique and rewarding experience and he brings a vast amount of experience into the class for everyone to learn from. To read his full Linked profile: http://www.linkedin.com/in/thilakjayasenapathir age www.itgrc.lk Date, Duration and Venue: Date: 9th & 10th July, 2015 Time: 9.00am - 5.00pm. Duration: 2 days Venue: Global Tower, Colombo 5, Sri Lanka. Course Fee: eCopy of the manual and Refreshment are provided LKR 30,000 LEARNING OBJECTIVE Delegates will develop an understanding of IT audit, technology risks and controls delivered from a non-technical perspective. Specific outcomes include a basic understanding of: ?Information systems risk ?Application controls ?The systems development life cycle ?Logical security at the application, database, network and operating systems levels ?IT general controls (non security) COURSE CONTENT: DAY 1 SESSION 1: Introduction to IS Auditing IT Audit: A 21st Century Perspective. Topics to be discussed include: ?Evaluation of Internal Auditing and IT Auditing ?Emergence of corporate governance and IT Auditing ?Three key elements of success ?Key Leadership Attributes for Success ?Origin of IT Audit and CHANGE ?Nature of IT Audit ?What are the Most Powerful Audit Questions? ?Challengers of IT Audit in 21 century WHO SHOULD ATTEND? Those who need to have basic understanding of IT Risk Base audit practices: Level 1: The course will be of benefit to internal auditors, operational risk managers and others those who requiring a fundamental understanding of the subject and do not always have the use of a technical IT support team to assist in their review. Level 2: The program would also be of value to financial and operational audit professionals who are already practicing internal audit and considering a career move into IT auditing as well as non-IT audit professionals tasked with the responsibility for assessing their organization's IT operations and infrastructure. Prerequisites: There is no prerequisite for this course. SESSION 4: Discussions on partnership between audit and IT management. The IT auditing process, the current auditing framework & its challenges. This Session will address: ?The IT Auditing Process ?2015 CISA Job Practices: Defining the Audit Scope ?IT Audit Planning ?The Major Elements of an IT Audit ?Organization and Management ?IT Audit Standards and Practices ?Policies and Procedures ?IT Infrastructure and Data bases ?System Development and change ?System Operations and Support ?Application Systems Reviews SESSION 5: Understanding key information systems control- Application based ?Key automated controls of on-line transactions ?Core Banking Operations ?Human resources and payroll processes ?Procure to pay processes ?Order to cash processes ?Logical information security ?Segregation of duties ?User account management ?Application layer security ?Physical and environmental controls ?Controls over IT service management processes (ITIL-based) ?General Controls DAY 2 SESSION 6: Auditing key information systems controls Procedures to audit the adequacy and effectiveness of each of the key information controls identified: ?Perform a walkthrough ?Defining the population to be tested for control effectiveness ?Testing procedures SESSION 7: Auditing SDLC and System Controls Employing the best practices of SDLC is not just a good idea in the IT industry; it serves as a control over systems development process:. ?IT Project Management and Governance ?Development methodologies ?Eight Phases of SDLC and Control implementation ?Auditors role in SDLC Process ?Quality Assurance and User acceptance Testing SESSION 8 : Corpoarate Governance, IT Governance, and compliance. The role of IT governance and its connection to IT auditing and the key issues facing organizations globally. Specifically, this session will address: ?Governance, Risk and Compliance- GRC ?IT Governance and IT-GRC ?How should an enterprise most effectively and efficiently govern its IT activities? ?What is Compliance? and IT's Contribution to Compliance ?Best Practices for Security and SOX Compliance ?How Can IT Systems Assist Management of Compliance Issues? ?Putting IT GRC into action SESSION 9: ?COBIT 5 and GTAG guideline: ?COBIT 5 Principles and Framework ?COBIT 5 Process Reference Model ?COBIT5 for IT Assurance and Security ?IIA Global Technology Assurances Guides(GTAG) SESSION 10: ?IT audit profiling and reporting ?Audit Charter and Independence ?Reporting ?Supporting financial or operational audits ?Communicating audit findings SESSION 11: Audit of data files - Application of CAATs? Purpose of CAATs? Understanding data and meta data? Formulating the CAAT specification? Development, testing and implementation of CAATs? SESSION 3: Risk through effective risk profiling and management in IT auditing. Session topics address the following: ?Risk management principles and practices ?IS Risk assessment and analysis methodologies ?Information threats, vulnerabilities and exposures ?Information assets valuation methodologies ?Risk Management Standards COSO,ISO31000,COBIT and ISO 27001) ?Methods used to determine sensitivity and criticality of information resources ?Baseline modeling and risk-based assessments of control requirements ?The Nine Primary Steps of a Risk Assessment Methodology ?Information security controls and countermeasures and their effectiveness ?Risk mitigation strategies for information resources ?Cost benefit analysis - mitigating risks to acceptable levels INTRODUCTION This is a practical workshop in nature that will empower participants to immediately use the knowledge imparted in real scenarios. The methodology employed is very effective and interactive whereby case studies and group discussions will be used. It guides internal auditors into the realm of system based auditing and examines IS audit techniques and procedures in a non-technical way. Upon completion of this training, the participants should be able to perform a fair amount of IS audit right away and be ready to move to the next level. SESSION 2: ?Understanding the information systems environment ?Centralised vs distributed systems vs cloud computing ?On-line vs batch systems ?Network concepts ?Databases ?Operating systems ?The systems development life cycle ?Risk in an outsourced environment and Cloud Computing ?Key IT service Management Processess-ITIL