|
|
|
|
|
|
|
|
|
|
|
• To equip the participants with the best practices and contemporary principles
of auditing in an IT environment and to discuss issues and challenges being faced
by various SAls in integrating IT audits with other audits
• To take participants on a step by step journey through the process of IT audit
and to equip them with the necessary knowledge and skill set to be able to conduct
and supervise IT audits
• To provide a forum to the participants for sharing their ideas and experience
with various experts in the field of IT audit.
|
|
|
|
|
|
Lectures, Group Discussions, Case Studies
Field Visits.
|
|
|
|
|
|
(a) Auditing in Information Technology
• Comparative study of Information Technology audit practices in the participating
SAls
• Impact of IT on Controls and Audit
• Overview of IT Auditing, and
• Need and scope of changes required
(b) IT Organisation and Management
• IT strategies to achieve business objectives
• Policies and Procedures
• IT organisational structure, and
• IT environment:
• Hardware platform
• Software platform
• Networking infrastructure
(c) Auditing IT System under Development
• Requirements definition
• Feasibility study
• System specification
• System design and development
• Testing, and
• Implementation
(d) General Controls
• Management controls
• Personnel controls
• IT operations
• Physical controls
• Environmental controls, and
• Logical access controls
(e) Application Controls
• Input controls
• Processing controls
• Output controls, and
• Audit trail
(f) IT Security
• Security objectives
• Security policy
• Management of security
• Risk analysis, and
• Risk management
(g) Business Continuity Planning
• Impact analysis
• Recovery strategy, and
• Implementing, testing and maintaining the plan
(h) VFM Audit of IT Systems
(i) Frameworks for IT Audit, especially on COBIT
(j) Use of Computer Assisted Audit Techniques
(k) Case Studies
(I) Project Work
|
|
|
|
|
|
A broad framework for the case study could be as follows:
• Use of Information Technology (IT) in the respective SAl and organisation of the
IT Department
• Future plans regarding Information Systems Audit in the respective SAl, and
• A case study either on the computerisation of any financial system in any audited
organisation, or on how a computerised systems audit was undertaken
|
|
|