Advanced Concept of IT Auditing

Role of the IT Auditor
• Objectives of IT Audit
• Information Systems and its Impact on the Business
• The IT Audit Universe

Understanding the IT Controls Frameworks
• COSO
• COBIT 4.1 & 5
• NIST Framework for Improving Critical Infrastructure Cybersecurity
• CIS Critical Security Controls
• FFIEC CyberSecurity Assessment
• Payment Card Industry Standards

Auditing General Controls
• Objectives of the General Controls Review
• IT Governance and Management
• Information Security Management
• Configuration Management
• Network Security Management
• Identity and Access Control Management
• Data Management
• Incident Response and Business Continuity
• Cloud Computing and Other Outsourcing
• Physical Security and Media Management

Auditing IT Applications
• Objectives of Application Systems Audits
• Key Application Processes
• Understanding the Risks and Controls in the IT Process Modules
• Planning Different Types of Application Audits

Auditing Existing Applications
• Identifying Control Objectives
• Establishing an Audit Workplan
• Key Controls in the Application Process

Auditing Systems in Development
• Comparing different System Development Life Cycle (SDLC) Models
• Audit Objectives and Roles in Systems Development

FOR WHOM:
Internal audit staff.

1ST BATCH: Tuesday, April 14, 2026 — Friday, April 17, 2026.

2ND BATCH: Tuesday, August 4, 2026 — Friday, August 7, 2026.

3RD BATCH: Tuesday, December 1, 2026 — Friday, December 4, 2026.

The training methodology integrates lectures, interactive discussions, collaborative group exercises, and
illustrative examples. Participants will acquire a blend of theoretical insights and hands-on practical
experience, emphasizing the application of learned techniques. This approach ensures that attendees return
to their professional environments equipped with both the competence and self-assurance to effectively
implement the acquired skills in their responsibilities.