Effective IT Audit for Non-IT Auditor

Programme Objective

With the extensive use of systems to process and store information, a lot of information today are being digitized and form part of the Big Data. A basic understanding of IT and systems is no longer the privilege of the selected few IT auditors. The day of vouching the manual ledger book and purely ticking the manual invoices are long gone. All auditors today, IT auditor or not, should have a working experience on IT systems, associated risks and controls to achieve a good and effective audits.

Highly sophisticated systems, IT infrastructure and databases require strong technical knowledge to perform a meaning audit. However, many organziations are either fully or partially operating in a relatively less sophisticated systems environment which do not demand deep IT skills for basic auditing. Various controls are now automated into systems, hence it is only effective and efficient the non-IT auditor to also verify such application and general controls. Overly relying on IT auditors not only incur more cost and time but may also causing undetected control gaps.

This course is designed to provide non-IT professional and non-IT auditors a basic IT audit overview. It will explain some fundamentals about IT environments, concepts, terminologies that allow them to have a working knowledge, able to speak the same language of IT people, and have the confidence to walk into the server room! The course will also discuss the IT auditing on IT General Control (ITGC) and IT Application Control (ITAC), IT purchases and operational management.

On completion of this course participants will: - Gain an overall understanding on IT systems - Acquire the skills to perform basic IT auditing - Know the step-b-step guide in performing IT audit on ITGC and ITAC - Understand the common IT structures, concept and terminology - Be confidence to deal with IT professionals to discuss IT related issues

Programme Outline

1. Overview of IT environment and systems IT departmental structure, role and responsibility IT environment, system structure, networks, security terminologies Data center, share service center, client terminal COSO – Internal control, COBIT – IT control, ISO27001 and ISO27002 – security control ISACA IT Audit Standards IIA GTAG (Global Technology Audit Guides

2. IT Audit Planning Guide to the Assessment of IT Risk (GAIT) Defining the IT Audit Universe Developing a Risk-based IT Audit Strategy

3. IT General Controls Common IT weaknesses and issues System development and changes (SDLC) Access control, privilege superuser ID control Physical environment control

4. Backup and Disaster Recovery Plan

5. IT security and data protection IT policy IT Technical audit and Security audit Firewall, Antivirus, Routers, Remote Access, Network, Access Controls

6. Database controls

7. IT Application Controls Access, Input, Process and Output controls System validations and weaknesses Centralized common system settings

8. IT project review

9. IT vendor and outsource service provider management Procurement control Quality control Sustainability control

10. IT daily operation and future expansion

Target Audience

• Internal auditor, audit manager, audit directors
• Control and compliance officers, risk manager,
• Forensic auditor, loss prevention and fraud investigator
• Accounting, finance, procurement, HR managers
• External auditors, regulatory agency staff

Training Methodology

Presentation, group discussion, case study. Multimedia and template sharing

Programme Facilitator

Kent Hoh is a prolific trainer in audit, fraud investigation, corporate governance and personal effectiveness. Kent Hoh has wide ranging experience in leading compliance and audit functions in Asia Pacific as well as forensic investigation team globally.

View Full Profile