Making a difference

IT Audit

Information technology (IT) is firmly embedded in all aspects of the operations of modern organisations. The use of technology is not only key to the continuing success of those organisations but it continues to evolve and become ever more sophisticated. All internal auditors need to consider the use of technology in every aspect of their audits.

This IT Audit course examines the whole range of IT issues that need to be considered and will provide the opportunity to look at some of the IT audit tools and techniques designed to meet these challenges. It will provide practical guidance on how to plan and carry out audits of the key aspects and critical risks of IT systems including hardware, software and the environment.

Who should attend
Internal auditors, audit managers and others in the public, private and NGOsectors who need to apply existing knowledge of audit principles in an IT-enabled environment.

How you will benefit
By the end of the course you will be able to:

• review and assess the organisation and management of IT facilities
• identify areas of risk in IT systems and infrastructures
• perform audits on systems under development
• conduct IT security and controls reviews

Course profile
The principles and environment of internal audit

• Nature, objectives and value of internal audit
• Essential internal audit principles
• Risk-based auditing and the systems approach

IT audit planning

• The role of the computer auditor
• Planning, ascertaining and documenting the system, risks/controls, test
• Essential IT terminology, practices and skills

IT security policy and organisation

• The framework and BS 7799/ISO 17799
• Common threats
• Personnel, assets and applications

New systems and modifications

• Process and methodology of developing systems, setting up project teams
• Modifying and maintaining existing systems, change control management
• Database management systems

Software management

• Access control, configurations
• Auditing application systems and end user involvement

Computer and Network Management

• Physical and environmental security
• Network management and risks

Using the Internet and CAATs to Audit

• Using Microsoft software as an audit tool
• Using the Internet to help audit
• The role and value of computer assisted audit techniques (CAATs)

Auditing e-commerce and the Internet

• The Internet and the World Wide Web
• Electronic Commerce
• Privacy and Security on the Internet