|
INTRODUCTION TO
INFORMATION SYSTEMS AUDITING |
PLEASE NOTE: This
course is run in partnership with the Institute of Internal Auditors (IIA).
Please visit the IIA's
website
or call the IIA's Training &
Events Department on 0207 498 0101 for course cost and details of how to book.
______________________________________________________________
COURSE
OVERVIEW
This intensive course,
developed over a fourteen year period by professional auditors, provides the
perfect starting point for someone new to the field of IS Auditing.
COURSE
BENEFITS
Skills:
After completion of this
course, you will be able to:
-
Explain the roles
required of an information systems auditor
-
Identify laws that
impact the organisation’s information processing
-
Perform a review of an
operational application system
-
Identify the risks
involved in new systems
-
Employ techniques to
help appraise systems under development
-
Perform an audit of IT
Service Delivery and Support functions
-
Comprehend BS:7799 /
ISO:17799
-
Review physical
security within the organisation
-
Review logical access
control within the organisation
-
Explain core network
terminology
-
Understand how basic
network defences are structured
-
Perform a simple
network review
-
Appreciate the use of
software assistance to accelerate IT auditing
Support Materials:
The course is accompanied by a
150 page manual containing detailed briefing notes, reference materials and
a set of work programmes (including one to assess ISO:17799 compliance) to
form a powerful and practical personal resource on return to work.
WHO SHOULD
ATTEND
Those entering computer audit
work who need basic knowledge to underpin their new career. To ensure a
practical grounding throughout the course, contrasts and similarities will
be drawn from common business systems and issues. Major steps of the course
are accompanied by practical work, re-enforcing taught facts and helping
delegates to develop skills.
COURSE Programme
IT/IS auditing
-
Terms of reference for
computer auditors
-
Auditing existing systems
(hindsight reviews)
-
Auditing new developments
(proactive reviews)
-
Auditing infrastructure
(technical reviews)
-
IT and risk based auditing –
an integrated approach
Risks associated with systems
Auditing
existing systems
Auditing new systems and
developments
-
Large scale
software/hardware procurements
-
Outsourcing systems and
services; contracts and SLAs
-
Project management and SDLCs
-
Drawing out risk by mapping
and exploring systems proposals
-
Auditing a system under
development – a holistic approach
Auditing the building
blocks of IT control
-
Working to best practices:
ITIL
-
Service level management;
capacity management; service continuity management; availability
management
-
Service/help desk; incident
management; problem resolution; configuration management; release
management
-
Working to standards: the
ISO:17799 work-programme
-
IT security – security and
acceptable use policies
-
Physical security – IT
working environments; location, structure and people control;
environmental control; common threats
-
The physical review – how to
perform a physical security review
-
Logical security –
registration, identification, authentication (single and multi-factor
systems), authorisation and logging
-
The access control review –
performing a logical security review
Networks
-
Networks and risk – the five
commonest problems
-
Understanding network
diagrams
-
Network management
-
Monitoring and control – the
auditor’s perspective
-
Network resilience
-
Performing a basic network
audit
Active computer
assistance for audit activities
PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd. |
