Information Systems Audit for Beginners

Course Description:

The Information Systems (IS) Audit for Beginners Course is primarily for new IS auditors or those working in other types of audits that would like to learn the foundation concepts and practices of IS audits. This Course aims to discuss the objectives, frameworks/principles, and practices of IS audits particularly the different areas or domains such as:

• IS audit process
• Governance and management of IT
• Systems development and acquisition
• IS Service Delivery and Support

Course Objectives:

1. To understand the basic framework and principles of IS audit
2. To know the different areas or domains of IS audit
3. To learn practical approaches to conducting IS audits

Target Participants:

1. Auditors (financial, operations, or beginner IS auditors)
2. Risk and compliance managers

Course Outline:

Day 1:

Topics:

• Information Systems (IS) Audit Process

❑ Auditing and IS Auditing

❑ Purpose and Scope of IS Audits

❑ Roles of IS Auditors

❑ Organization of IS Audit Function

❑ IS Audit Phases

❑ IS Audit Standards

❑ Performing IS Audits

o Audit Planning

o Risk Analysis

o Control Objectives and Classifications

o Compliance and Substantive Testing

o Audit Evidence and Sampling

o Audit Documentation

o Concluding the Audit

• IT Governance Domains and Focus Areas

❑ Roles and Responsibilities in IT Governance

❑ IT Governance Framework

❑ IS Management Practices

o Strategic Planning

o Performance Measurement

o Policies and Procedures

o Personnel Management

o Sourcing Practices

o Quality Management

o Risk Management

o IS Roles and Responsibilities

❑ Business Resilience

o Business Continuity Management Process o Business Impact Analysis

o Risk Assessment

o Risk Management

o Risk Monitoring

❑ Conducting IT Governance Audits

Day 2:

Topics:

• Systems Development and Acquisition

❑ Systems Development Life Cycle (SDLC) overview

❑ SDLC Stakeholders

❑ Auditors' roles in SDLC

❑ Common issues and pitfalls with SDLC

❑ SDLC Approaches/Methodologies

o Traditional or Waterfall Approach

o Agile Development

❑ Auditing SDLC

• IS Service Delivery and Support

❑ Data Center Management

o Physical and Environmental Security

o Critical Infrastructure Maintenance and Monitoring

o Configuration Management

o IT Service Quality

o Incident Reporting and Response

❑ Data Center Operations

o Roles and Responsibilities

o Segregation of Duties

o Skills and Competencies

o Personnel Availability

o Change Management

❑ Information Security Management (ISM)

o Key elements to ISM

o Information Security Governance

o Cybercrime and Issues

o IT General and Application Controls

o Audit considerations in IT General and Application Controls

o Cloud computing Basics, Risks, and Safeguards

o Auditing Computerized Transactions

Resource Speaker:

Mr. Dickenson Y. Africa, CPA, CISA, MBA, CBCLA, CDPP

Deputy Director

Business Continuity Management Group Risk and Compliance Office

Bangko Sentral ng Pilipinas

Schedule:

Day 1: April 15, 2023

Day 2: April 22, 2023

Saturdays, 9:00 AM - 5:00 PM

Training Fee per Participant:

From Member Institution – P 5,600.00

From Non-Member Institution – P 7,840.00

**VAT inclusive