Introduction to Information Systems Auditing

This intensive course developed over fifteen years by professional auditors provides the perfect starting point for someone new to Information Systems Auditing. Fully revised for 2009 to align to the latest standards and best practice approaches.

 

Suitability and duration

Suitability: Beginner

Duration: 4 days

 

Who should attend

Those entering information technology audit that need a practical primer to underpin their new career. This course is suited to all comers but an understanding of basic audit terminology and sequence is assumed. All major steps of the course are accompanied by explanations of technology and case work helping delegates to decode technical jargon and develop practical skills.

 

Benefits

Skills

After completion of this course, you will be able to:

• Comprehend relevant best practices such as ITIL/ISO 20000/ISO 27000/COBIT

• Understand the need to relate technology issues to risk

• Identify laws, risks and controls that impact an organisation’s information processing

• Perform reviews of live application systems

• Perform reviews of systems under development

• Review information security policies and physical security within the organisation

• Review contingency and business resumption plans

• Review logical security and access controls

• Explain core network terminology and perform elementary network reviews

 

Support Materials

This course is accompanied by an extensive and indexed manual for use on return to work.

 

Programme

IT/IS Auditing

• Auditing existing systems (hindsight reviews); new developments (proactive reviews); and auditing infrastructure (technical reviews)
• Working to best practices: ITIL/ISO 20000/ISO 27000/COBIT
• Risks associated with information technology systems

 

IT operations and the law

• Confidentiality, availability and integrity and the common findings that emerge from audit reviews

 

Auditing existing systems

• IT directive, preventative, detective and corrective controls
• Applications and key controls
• Additional controls made available by technology
• Auditing an operational system – an approach that links found risk to business in an intelligible way

 

Auditing new systems and developments

• Software procurement – creating the right requirement
• Software development life cycles – formal and informal methods
• Identifying high level risks in systems proposals
• Auditing systems under development – an approach that tracks the evolving solution

 

Auditing the building blocks of IT control

• Information security (InfoSec) and acceptable use policies
• Performing a review of InfoSec and acceptable use policies
• Physical security – working environments; location, structure and staff control; environmental control
• Performing a physical security review
• Contingency and disaster avoidance
• Auditing business continuity and preparedness arrangements
• Logical security – registration, identification, authentication, biometrics, authorisation, permissions
• structures and logging
• Performing a logical security review
• Simple network diagrams and basic network terminology
• Network management, monitoring and resilience
• Protecting data that is flowing across a network
• Performing a basic network audit

 

Assistance for audit activities

• Ways of getting answers to IT Audit problems

 

 

Course designed, developed and presented by MindGrove.