Course Information
What You Will Learn
Course Curriculum
– Analysis of the IT Audit function and its contribution to the company’s mission and strategy
– Definition of the roles and responsibilities of the IT Audit function
– Relationships with governance and risk management
– Differences between internal and external auditing.
– In-depth analysis of the role of IT Audit within the company and how it collaborates with other auditors and experts.
– An in-depth look at establishing, managing, and monitoring internal and IT controls
– The purpose of IT internal controls and their contribution to achieving business objectives
– Identifying the different types of controls and distinguishing between IT risk and related controls
– Differences between preventive, detective, and corrective controls
– Evaluating controls and defining the benefits of a risk-based audit
– The Agile approach to auditing
– Defining audit risks and how to reduce them
– Conducting IT audits: the different types and related procedures, objectivity, and professional care
– Specialized assessments (e.g., vulnerability) and related scanning and testing activities (e.g., penetration).
– Audit Advisory, consulting roles, and services to improve the value, quality, and control of IT systems
– Purposes of independent third-party assurance or attestation and their use
– Planning and conducting IT audits in compliance with professional standards
– Collecting and evaluating different types of audit evidence
– Using data analysis tools to streamline audit processes
– Collecting reports, findings, and recommendations for stakeholders
– Audit follow-up and evaluating how risk has been addressed
– Description and assessment of the most common IT infrastructure components
– Identifying concerns related to hardware, software, operating systems, and networks
– Conducting periodic IT infrastructure reviews
– Evaluating database structures and their management
– Cloud Computing: characteristics, risks, and control
– Evaluating change, configuration, release, and patch management policies and practices
– Business Continuity, Disaster Recovery, and Data Backup
– Perimeter network security: protecting data, assets, and company information
– Risks and controls related to Windows and UNIX®/Linux operating systems
– Description of security vulnerabilities and risks of mobile (web) apps
– Security and risk assessment related to the use of Windows Active Directory and Oracle
– Analysis of corporate information security and privacy policies and practices
– Assessing the protection of corporate media and mobile devices
– AI (Artificial Intelligence): basic concepts, expert systems, and associated risks
– Big Data: technical/operational risks for the company and approaches for adequate risk management
– Blockchain: corporate use of methodologies and assessment of the blockchain technology control environment
– IoT: device types, value, and risks for the company
– Cybersecurity: key processes and associated controls.
Get the Full Syllabus as a PDF
Curriculum, exam format & everything included — sent straight to your inbox.
All You Need to Know
IT Auditors, Security Professionals, CISOs, Audit/Assurance professionals, IT Risk professionals, IT Risk Managers. The course is aimed at both those starting a career in IT Auditing and wishing to acquire a solid foundation of knowledge, as well as more experienced professionals wishing to expand their skills in the field.
Attendance at the ISO 19011 and ISO17021 – AUDITING TECHNIQUES course is recommended for those who are not already certified Auditors / Lead Auditors.
The course fee includes only the electronic documentation supporting the lessons (course slides), but not the study materials described below, which can be purchased separately.
The cost of the materials includes:
– Practice exercises
– IT Audit Fundamentals Official Study Guide