IT Audit |
5. The Process of Auditing Information Systems |
• Audit Mission and planning, |
• Role and responsibilities of Internal. external and IT Auditors, |
• risk assessment and analysis. |
• risk based audit approach, |
• compliance and substantive testing, |
• internal Controls and their types, objectives and procedures. |
• Performing an IT audit, |
• CAATs, |
• Control self assessment. |
6. Governance and Management of IT |
• Corporate and IT Governance, |
• IT Governance Frameworks, |
• Roles and responsibilities of senior management |
• Steering committee & chief information officer, |
• Policies and procedures, |
• Human resource management |
• Sourcing practices, |
• Change management |
• IS roles and Responsibilities, |
• Segregation of duties and controls within IS |
• Auditing IT Governance structure and implementations |
7. Auditing Infrastructure and Operations |
• Hardware review; |
• Operating systems reviews; |
• Data-base local area network, network operating, |
• Control, information system operations reviews, |
• Lights out operations, |
• Application controls and their objectives, |
• File creation, |
• Data conversion; |
• Input and output |
• Problem management reporting reviews, |
• Hardware availability |
• Utilizing reporting reviews, scheduling reviews. |
8. Auditing Systems Acquisition / Development Process |
• Risk of inadequate system development life cycle (SDLC) and review of development procedures and methodologies, |
• Review of acquisition process for outsourcing, |
• Information system maintenance practices |
• Change management |
• Library control software, review of the practice of project management tools and techniques |
9. Information Security Management (ISM) |
• Importance of ISM, |
• Understanding of Facilities (Data centres, outsourced facilities, Storage, media libraries, backup vaults, UPS & Disaster recovery sites), |
• Antivirus Software implementation Strategies), |
• Program and data security techniques, |
• Monitoring and surveillance techniques, |
• Environment Controls |
• Smoke detectors, |
• Fire Suppression Access management controls, |
• Physical design and access controls, |
• Logical access controls (user authorization matrix & Password managements / password change procedures). |
• Network security (encryption, firewalls System and Humidity / Temperature), |
• Media Sanitization. |
• Auditing Information Security Management |
10. Business Continuity and Disaster Recovery |
• Defining a Disaster, |
• BCP and DRP. |
• BCP Process. |
• Business Continuity Policy and Planning |
• Incident Management |
• Business Impact Analysis, |
• Development of BCP. |
• Insurance, |
• Plan Testing |
• Auditing Business Continuity |