IT Auditing for Banks

Information technology is a critical enabler of business processes employed by organizations to implement strategies, achieve goals, accomplish missions, and realize visions. Serveral  recent  surveys indicate that  the line separating “IT” and Non”IT”, audit  is beginning to disappear. Assuring an organization’s governace,Risk management, and control process  requires  all internal auditors to  understand  the role of technology within their organization and begin developing the basic IT

knowledge to do their job.

The premise of this course is that internal auditors can learn to audit IT by applying their operational audit skill in IT area. Through group discussion, practical team exercise and individual activity

participants  gain the skill  necessary to assess IT general controls and application  controls. Successful completion  of this course  enables  participants to  bring IT  into the scope of their organization.

CONTENT

IT Controls Concepts

• Definitions and classification of IT controls
• Objective for IT controls
• Roles and responsibilities related to IT controls
• Assessing IT related risks
• Reviewing the frames of work of IT controls

IT Audit Planning

• Annual planning process
• Define IT universe
• Adoption of a formal control framework
• Perform risk assessment

Information Security

• The IT infrastructure
• Data security and information integrity
• Elements of an IT security program
• Assessing and monitoring IT security

IT General Controls

• Access management
• Auditing identifying and access management
• Disaster recovery planning business continuity management
• IT operations
• Complexity of the environment

Application Controls

• Application systems
• Application controls objectives
• Impact of IT general control on application controls
• Assessing application controls
• Integrated audits

Wrap-Up

• Seminar objectives re-visited

FOR WHOM:

• Audit Managers and Lead Auditors who want to be including reviews of IT Controls in their operational audits.
• IT who want to begin applying their operational audit skills to reviews of IT areas.

TRAINING METHODOLOGY

The training methodology combines lectures, discussions, group exercises and illustrations. Participants will gain both theoretical and practical knowledge of the topics. The emphasis is on the practical application of the topics and as a result participant will go back to the workplace with both the ability and the confidence to apply the techniques learned to their duties.