IT Auditing and the Internal Auditor

Explaining the IT Audit Process
• IT Audit Objectives
• Role of the IT Auditor
• IT Audit Projects

IT Audit and Information Security Standards
• ISACA: COBIT, Risk IT, Val IT
• AICPA/CCPA
• Information Technology Infrastructure Library (ITIL)
• OECD, ISO, and other international standards

Dealing with IT Risks
• Materiality and effects on financial reporting
• Identifying high-risk applications and IT components
• Tools and techniques for assessing and measuring risk

Tools and Techniques for the IT Auditor
• Work programs and checklists
• Maturity models
• Flowcharting
• Audit software

Understanding and Auditing IT Governance and Infrastructure: General Controls Reviews
• IT Governance and Management
• Separation of Duties, Least Privilege, and other Organziational Controls
• Incident Response: Disaster Recovery, Computer Crime, and other Breaches of Security
• Physical and Environmental Security
• Hardware and Software Asset Management
• Configuration Management, Change Control, and Problem Reporting
• System Software Security and Patch Management
• Software Development Tools and Library Management
• Network Infrastructure Security: Internal, External
• Information Security
• Identity and Access Control Management
• Cryptography and Public Key Infrastructure (PKI)
• Cloud Computing and Other Outsourcing

Getting Your Arms Around IT Application Audits
• Understanding, Scoping, and Documenting an Application
• Reliance on General Controls
• IT Computing Process Models Up Close: Operational, Risk, and Control Considerations
o Batch processing
o Distributed client/server
o Web-based
o Mobile computing
• Service oriented architecture (SOA)
• Cloud computing

System Development Life Cycle (SDLC)
• SDLC process models: internally developed, off-the-shelf
• Defining IT Audit, Information Security, and other control agency role(s) in SDLC
• On-going application change management

Key Application Processes, Risks, and Controls
• Batch data input: collection, authorization, entry
• Web-based and other types of real-time data input
• Transaction authentication, authorization, and logging
• Data editing and input validation
• Processing and interfaces to other applications
• Outputs
• Data Management and Protection

Audit Data Collection and Testing
• Application testing tools and techniques
• Sampling
• Working in support of an integrated or operational audit team

FOR WHOM:
IT auditors and other Internal auditors.

1ST BATCH: Tuesday, February 17, 2026 — Friday, February 20, 2026.

2ND BATCH: Tuesday, June 9, 2026 — Friday, June 12, 2026.

3RD BATCH: Tuesday, October 6, 2026 — Friday, October 9, 2026.

The training methodology integrates lectures, interactive discussions, collaborative group exercises, and
illustrative examples. Participants will acquire a blend of theoretical insights and hands-on practical
experience, emphasizing the application of learned techniques. This approach ensures that attendees return
to their professional environments equipped with both the competence and self-assurance to effectively
implement the acquired skills in their responsibilities.