Ideagen advert Workiva advert TeamMate

IT Auditing - basecamp

Presented By
Stan Dormer CFIIA Stan is a recognised expert in the field of governance, auditing, business and project risk and IT. He is the author of numerous articles and was the author of the distance learning materials and revision schools supporting IIA qualifications.

If you haven’t conducted an IT audit before, or you’ve only been involved in a couple of IT audits, then this course is the ideal starting point. It aligns to the latest standards and best practice approaches and is updated each year to keep pace with emerging technology. This course will enable you to confidently perform a review of the impact of technology on your organisation.

Who should attend?

This course is open to all.

What will I learn?

Upon completion you will be able to:

  • understand relevant best practices
  • identify laws, risks and controls that impact an organisation’s information processing
  • perform reviews of live application systems
  • perform reviews of systems under development
  • review information security policies
  • review physical security
  • review logical security
  • review contingency and continuity plans
  • perform elementary network reviews.

Course programme

First beginnings

  • introduction to IT auditing - backdrop
  • the computer auditor and risk based auditing how they fit together
  • the classic (high level) IT risks
  • low level risks connecting to high level risks
  • creating an audit plan for IT.

Working to common best practices and within the law

  • Governance: ISO/IEC 38500:2008, what should be reviewed?
  • COBIT (4.1 / 5.0)
  • ITIL v2 / ITIL v3 and ISO/IEC 20000, what should be reviewed?
  • ISO/IEC 27001 - The Plan-Do-Check-Act Model and ISO/IEC 27002 - The Key Controls
  • finances - PCI standard, what should be reviewed?
  • Data Protection Act 1998 and the GDPR changes, what should be reviewed?
  • Copyright and Patents Act 1988 and the implications for software
  • Freedom of Information Act 2000 impact on public bodies
  • Regulations of Investigatory Powers Act 2000, what should be reviewed?

Auditing live systems – using a risk based approach

  • applications and the distribution of controls
  • IT directive, preventative, detective and corrective controls
  • user constraint and managerial oversight controls
  • information security and acceptable use policies.

Auditing new systems and change

  • software development life cycles, what should be reviewed?
  • prototyping - rapid application development – agile development methods
  • change control, patching and change management, what should be reviewed?

Auditing key building blocks of IT control

  • physical and environmental security, what should be reviewed?
  • logical access control - registration, identification, authentication, authorisation and logging, what should be reviewed?
  • the user community – finding them, extracting them             
  • passwords and biometrics, what should be reviewed?
  • systems administration, granting permissions, rights and privileges
  • common handling procedures related to logical access – discussion and demonstration
  • event logging – journals – trails - reporting on user activity, what should be reviewed?
  • contingency and disaster avoidance including ISO 27031, what should be reviewed?
  • support options to supplement organisational capacity
  • insurance and maintaining the plan.

Simple networking terminology and concepts

  • network terminology – short and long haul
  • switches, routers and firewalls to control access, what should be reviewed?
  • encryption - protecting data flowing across a network           
  • VPNs
  • simple approaches to auditing networks, what should be reviewed?

CPE competency areas covered

  • Business acumen
  • Governance, risk and control

21 CPE points

Full price

Member: £1600 + VAT
Non-member: £1805 + VAT

SAVE £300 when you book this course 3 months in advance

IT Auditing - basecamp

Duration: 3 days

12-14 March 2018


Start: 09:00
End: 17:00


London Venue TBC


Member price:
Non-member price:
Save !

IIA Members save per person - Join Us or Login above

Book your place
Book now to secure your place
Group booking: Group booking form