Course Objective:
To strengthen participants’ ability to provide independent, risk-based assurance over complex IT environments, digital transformation initiatives, cybersecurity frameworks, and automated business systems.
Target Audience:
•IT Internal & External Auditors
•Information Security & Cybersecurity Professionals
•IT Risk & Compliance Officers
•Audit Managers and Team Leaders
Learning Outcomes:
Participants will be able to:
- Apply structured, risk-based IT audit planning methods
- Evaluate governance and cybersecurity maturity
- Test and rely on ITGC and automated application controls
- Assess cloud and third-party risk environments
- Utilize data analytics to enhance audit coverage
- Lead and supervise IT audit engagements effectively
- Deliver impactful, executive-level IT audit reports
Course Outline:
DAY 1 – Digital Risk Environment & Strategic IT Audit Planning
Session 1: The Evolving Digital Risk Landscape
- Technology-driven business transformation
- Cyber threats, data privacy, and regulatory pressure
- ESG and digital governance considerations
- Role of IT assurance in enterprise resilience
Interactive Discussion: Identifying top IT risks in participants’ organizations
Session 2: IT Governance & Oversight Structures
- Enterprise governance of IT (EGIT principles)
- Oversight responsibilities of boards and audit committees
- Three Lines Model and assurance coordination
- Aligning IT risk reporting with executive expectations
Exercise: Mapping governance gaps to audit focus areas
Session 3: Risk-Based IT Audit Planning
- Developing and maintaining an IT audit universe
- Risk scoring methodologies
- Prioritizing high-risk systems and processes
- Defining scope and materiality in IT audits
- Integrating IT into enterprise audit plans
Workshop: Designing a risk-driven annual IT audit plan
DAY 2 – Core IT Control Domains & Infrastructure Assurance
Session 4: Advanced IT General Controls (ITGC)
Access governance and identity lifecycle management
Privileged account monitoring
Segregation of duties risk assessment
IT change governance in Agile/DevOps
Operational controls and job processing oversight
Hands-On Review: Analyzing access and change reports
Session 5: Technology Infrastructure & Cloud Assurance
- Cloud service models and control accountability
- Reviewing third-party assurance reports (SOC 1/SOC 2)
- Virtualization and containerization risk areas
- Encryption, key management, and data protection
- IT asset and configuration management audits
Group Activity: Building a cloud audit work program
Session 6: Cybersecurity Control Evaluation
- Cyber risk governance maturity
- Security monitoring and SOC effectiveness
- Vulnerability and patch management audits
- Incident management & response testing
- Business continuity & disaster recovery validation
Scenario Exercise: Evaluating an organization’s cyber readiness
DAY 3 – Business Applications, Data & Technology Innovation
Session 7: Application & ERP Control Reviews
Automated controls and system-enforced validations
ERP configuration risk areas
Integration and interface control risks
Financial audit reliance on IT controls
Continuous controls monitoring concepts
·
Case Exercise: Reviewing ERP control reliability
Session 8: Data Analytics & Technology-Enabled Auditing
- Audit analytics lifecycle
- Extracting and validating system data
- Identifying anomalies and red flags
- Continuous auditing vs periodic audits
- Visualization for audit reporting
Practical Lab: Performing basic anomaly detection logic
Session 9: Auditing Digital Innovation & Emerging Technologies
- Governance risks in AI and machine learning
- Robotic Process Automation (RPA) controls
- Blockchain and distributed ledger assurance concerns
- Digital transformation project risk oversight
- Third-party and outsourcing risks
Discussion: Key audit questions for new technology implementations
DAY 4 – Audit Execution Excellence & Leadership
Session 10: Managing and Supervising IT
Audit Engagements
- Engagement planning and resource allocation
- Audit documentation best practices
- Reviewing and challenging audit evidence
- Coordination between internal and external auditors
- Quality assurance and improvement programs
Session 11: Investigation & Technology-Enabled Fraud Risks
- Common IT-related fraud schemes
- Red flags in access and transaction data
- Digital evidence handling basics
- Collaboration with legal and compliance functions
- Insider threat risk indicators
Simulation: Assessing suspicious system activity
Session 12: Reporting, Communication & Impact
- Structuring clear, risk-focused audit findings
- Root cause and impact articulation
- Risk rating methodologies
- Executive dashboards and board reporting
- Monitoring remediation and follow-up reviews
Final Exercise: Presenting findings to a mock Audit Committee
