IT Audit – next steps

Presented By
Stan Dormer CFIIA Stan is a recognised expert in the field of governance, auditing, business and project risk and IT. He is the author of numerous articles and was the author of the distance learning materials and revision schools supporting IIA qualifications.

IT knowledge is complex, expires quickly, and developing expertise in IT audit, beyond basics, is challenging. This course is designed to lift your understanding of IT audit to the next level. Most importantly, it will focus on what is ‘doable’ by any auditor approaching the field of IT Audit and will be driven by delegates’ interests and prior experience.

Who should attend?

Internal auditors who have attended the ‘IT Audit – Basecamp’ course or those who have equivalent knowledge.

What will I learn?

Upon completion you will be able to:

  • understand the value of hardening operating systems and operating environments and be able to review configuration, vulnerability, patch and fix regimes
  • deploy analytical software products, tools and techniques to find system weaknesses or evaluate security
  • analyse and evaluate critical control processes within systems
  • analyse and evaluate key control architectures for data, in and between networks and for database systems.

Course programme

The programme will be driven by delegates’ interests and will draw topics from the following content:

The bedrock – operating systems and operating environments – preventing problems before they begin

  • hardening of key software – what should be reviewed?
  • configuring applications/services – what should be reviewed?
  • configuring server-side applets/scripts – what should be reviewed?
  • configuring the user community – what should be reviewed?
  • vulnerability, patching and fixing systems – what should be reviewed?
  • penetration testing – what should be reviewed?
  • possible internal audit led penetration tests.

Tools and strategies for auditors – letting software do the work

  • validation of security in systems – ways to go about it
  • verification of software version and builds – how to go about it
  • inventory, software base and licensing – how to go about it
  • is your organisation configuring best practice security? How would you know?
  • locating weaknesses in applications, tools and techniques – ways to go about it
  • automated exploit testing, tools and techniques – how to go about it.

Networks, data control and database technologies – auditing key control structures

  • the big three – confidentiality, integrity and accountability
  • identifying data domains, domain-based planning – what should be reviewed?
  • deliver assurance between domains – what should be reviewed?
  • identifying and defining data assets and ownership – what should be reviewed?
  • reviewing the inter-domain interfaces for hazards and risks
  • determine inter-domain data asset protection requirements – define protection attributes
  • defining advanced control architectures using formal methods
  • encryption what type of encryption?
  • roles and role-based access control – what should be reviewed?
  • tokenisation – what should be reviewed?
  • biometrics – new forms of access control
  • how databases function with respect to data
  • data instances, data dictionaries and thesaurus, data ACLs – what should be reviewed?
  • ERP on top of databases – what should be reviewed?
  • what can be audited within database systems.

Presented by

Mindgrove Ltd

CPE competency areas covered

  • Business acumen
  • Governance, risk and control

14 CPE points

Full price

Member: £1175 + VAT
Non-member: £1390 + VAT

SAVE £200 when you book 3 months in advance for a face to face course

All training courses are subject to our Fair Collection Notice and Privacy Policy


IT Audit – next steps

Duration: 2 days

9-10 March 2021


Start: 09:00
End: 17:00


Manchester venue TBC


Member price:
Non-member price:
Save !

IIA Members save per person - Join Us or Login above

Book your place
Book now to secure your place
Group booking: Group booking form