Auditing IT and Information Security Controls – Practical Approach also for non-IT Auditors

Kurssi

Aika

14.11.2017 09:00 - 15.11.2017 17:00

Paikka

Radisson Blu Seaside, Helsinki

Hinta

Jäsenet: Early bird 30.9. mennessä 750 € + alv
1.10. lähtien 900 € + alv
(toinen tai useampi osallistuja samasta organisaatiosta 500 € alv/2pv/hlö)

Muut: 1100 € + alv

Kurssin kuvaus

The proven and sustainable approach to prevent and prepare for  IT incidents, including information security breaches and failing IT-project is to assure the appropriateness of IT  controls.

The objective of this training is to provide the basic knowledge for non-IT auditors to allow them to do also a basic IT audit during a financial or an operational audit. The COBiT V5 (Control Objectives for Information and related Technologies) framework will be discussed briefly to demonstrate the benefits which can be derived from using an authoritative control framework which is worldwide. When participants leave they will have a good grounding for IT and information audit fundamentals within an IT Governance approach.

This course will also benefit the IT-auditors to deepen their skills in general- and application controls. They will obtain a better understanding of a risk management approach and the appropriate required comprehensive control framework foundation. This will allow them to better evaluate and obtain assurance also for advanced technology controls, in order to mitigate all information related risks.

Agenda of the training:

  •         IT Audit Overview: Managing the information and IT environment, IT governance based on the COSO foundation for Corporate Governance
  •         General Controls, including business objectives as drivers for IT objectives, information related risk management, roles and responsibilities of key functions, management of IT and information security, hardware as well as software acquisition and maintenance , business continuity planning, incident management, operations management, change management , management of outsourcing
  •         Application Controls throughout the information transaction life cycle
  •         Testing internal controls with Computer Assisted Audit Techniques (CAAT’s)

Some comments received from previous trainings, when this course was held in Finland 2015 and 2016.

  •         Thanks for organizing this training! This was, without no doubt, one of the very best trainings I’ve ever attended
  •         Very good for me, not too IT-focused. Lecturer with views ++++. I can recommend for persons like me!
  •         Best regards and thanks to Hendrik, excellent lecturer, inspiring!

In addition to lecturing, the course includes discussion and brief reflections to the handled themes in order to ensure efficient learning. The approach to the subject is practical and various real-life examples are presented in connection with the discussed topics. The course is held in English.

Trainer: Hendrik Ceulemans, CGEIT, CISA, MCA, MBA InfoGovernance bvba

Registrations by 1st of November 2017.

Aikataulu

14.11.2017

09:00 - 10:30

·  Introductions
·  How do I convince myself and my management of the criticality to audit our Information Governance properly?
·  Do our management and the Board of Directors really know what is at stake in this area?
·  Could the lessons of some of these real world information related catastrophes help to improve the awareness?
·   Is our risk management sufficiently covering Information and IT risks?
·   Do we and IT sufficiently talk the language of the management?
·   IT Audit Overview, Managing the information and IT environment, IT governance based on the COSO and CobiT foundation for Corporate Governance
·   Is IT governance sufficiently integrated as a vital part in the corporate governance of our organisation?

10:30 - 10:45

Break

10:45 - 12:30

·   IT governance and IT audit continued.
·   How can the organization provide reasonable assurance to its stakeholders that it is adequately in control of its information?
·   What can and should non IT auditors audit during their operational and financial audits?
·   General controls: introduction: What they are and how they help to optimize the balance between risks and controls?

12:30 - 13:30

Lunch

13:30 - 15:00

·   General controls:
·   Business objectives as drivers for IT objectives, information related risk management.
·   Roles and responsibilities of key functions in the management, the business and in IT.

15:00 - 15:15

Break

15:15 - 17:00

·   General controls:
·   Incident management and operations management.

15.11.2017

09:00 - 10:30

·   General controls:
·   Software and hardware acquisition and maintenance.
·   Business continuity planning

10:30 - 10:45

Break

10:45 - 12:30

·   General controls:
·   Incident management and operations management.
·   Change management.
·   Management of externalisation of information and IT management (outsourcing,…)

12:30 - 13:30

Lunch

13:30 - 15:00

·   Application Controls throughout the information transaction life cycle:
·   What are application controls and how are they different from general controls?
·   Who should be responsible for what related to application controls?
·   And who should audit them and when?
·   Why is it vital that auditors should be involved during the development/acquisition project?

15:00 - 15:15

Break

15:15 - 16:30

·   Application controls continued.
·   Testing internal controls with Computer Assisted Audit Techniques (CAAT’s)
·   Do we know and can we use the IT techniques which should be used in the organisation?
·   And during our audit work?
·   Conclusions
·   Are we marketing information governance?
·   Do we communicate on the vital contribution auditors can make to assist the management to be able to provide reasonable assurance?

Puhujat

Hendrik Ceulemans

Hendrik Ceulemans

Hendrik Ceulemans (CGEIT, CISA, MBA and MCA) is a lecturer and consultant, having an extensive experience in more than 30 countries on 4 continents, in the areas of information and IT governance, risk management and information security. Since more than 10 years he lectures very frequently in a variety of EU organizations, including for the auditors of the Internal Audit Service and of the European Court of Audit in Luxembourg. Previously he has worked e.g. in the AG Insurance Group in Belgium, in the fields of corporate planning, performance measurement and Seven years in IT audit.