Leading organizations understand that a good control environment where risk is managed is a source of operational effectiveness and efficiency and subsequently service value realization.

By implementing an effective internal control framework, organizations unleash their full-service delivery potential, creating and protecting value for all their stakeholders. The essence of risk based Auditing is to ensure a customer focused assessment of  your control framework, starting with the objectives of the activity being audited then moving onto the inherent risks in the performance of said activity and then to the procedures or lack thereof  in place to mitigate those risks.

The IT Systems Audit Masterclass aims to build the IT Auditor’s capacity to assess the risks in the organization’s implementation of information systems, and make recommendations on how to mitigate the risks by proper IS Controls.  The course focuses on IS Audit procedures and how they are applied to providing assurance in the modern Information Systems and IT environment. During the course, we will also introduce emerging IT trends and technologies and how they are impacting the role of IT audit.

To enable the participant acquire knowledge and comprehensive understanding of key IS Audit concepts and activities to enable independent assessment of Information Systems and IT controls, strategic leadership of IS Audit engagements that provide assurance and support decision making with regards to Information Systems and Information Technology.

Day 1

Fundamentals of IT Auditing

  • Definitions; Auditing, Information Systems
  • Management of IS Audit Function – Organization of the IS Audit Function, Resource Management, Audit Scoping and Planning

Auditing Standards

  • Effects of Laws and Regulations on the IS Audit Function – Requirements for Data Protection (National Laws around Data Protection and Privacy e.g. Regional and International Privacy Laws such as Kenya Data Protection Law 2019, Uganda Data Protection and Privacy Act 2019 , GDPR, ISO 27701, Access to Information Act etc.)

Overview of Information System Controls

  • Internal Controls – Objectives, Internal Control Model, Components of Internal Controls, Types of Internal Controls
  • Risk Management
  • General IT Controls, ISO 27001 Controls
  • IS Specific Controls – Application Controls

Day 2

IS Audit Procedures

  • Audit Objectives
  • Types of Audits
  • Audit Methodology
  • Risk-Based Auditing
  • Audit Risk and Materiality
  • Risk Assessment and Treatment
  • Audit Programs
  • Fraud Detection
  • Compliance versus Substantive Testing
  • Evidence
  • Using the Services of other Auditors and Experts
  • Computer-Assisted Audit Techniques CAATs
  • Evaluation of the Control Environment – Traditional versus Control Self Assessments

Performing an IS Audit

  • Overview of IT Infrastructure
  • Databases
  • Networks
  • Distributed Systems
  • Business Systems Applications
  • Data input and processing models

Day 3

Impact of Trends and Technologies on Internal Audit

  • Cloud Computing
  • Big Data
  • Blockchain Technology
  • Robotic Process Automation (RPA)
  • Machine Learning and Artificial Intelligence
  • 5G
  • Internet of Things(IoT)

Evolving IS Audit Process

  • Continuous Monitoring and Auditing
  • Integrated Audits