Description
Course Description/Course Outline
OBJECTIVES: The participants will be introduced to and gain a better appreciation of the standards, frameworks, actual and “best practices”, challenges, insights, references, various tips and techniques, and trends in managing the IT Audit Functions.
1. Understanding the Mission, Requirements and Challenges of the IT Audit Functions
- General Standards
- Audit Committee and Audit Charter
- IT Steering Committee, CAE and Management Expectations
- Regulatory Requirements
2. Strategic IT Audit Planning
I. Establishing the Audit Universe
- IT Asset Inventory
- Application Controls (IT and EUC)
- General IT Controls
- Planned and Ongoing Projects (Pre-implementation Reviews)
II. IT Strategy
- Short Term Audit Schedule
- Long Term Audit Schedule
- IT Audit Engagements (types, challenges and implications)
- Traditional (or Cyclical) versus Continuous Auditing
III. Conducting Risk Assessment and Determining the Priorities
- Risk Factors
- Rating Criteria
3. Resource Management
I. Matching IT Audit Plan versus Resources
II. Attracting, Screening, Hiring and Retaining Talents
III. Training the IT Auditors (self-study, formal, virtual, face-to-face, and on-the job)
IV. Equipping the IT Auditors
- IT Tools (CAATs, VA, etc.)
- IT Audit Manual
- Library of References
-ISACA’s COBIT 2019
-ISACA’s ITAF 4th Edition
-ISACA’s Code of Ethics, Control Journals, free online courses, Whitepapers and Audit Programs
-NIST Guidelines
-PMI’s Foundational Standards (including PMBook 7th Edition, Risk Management, Business Analysis, etc.), Practice Standards, and Practice Guides
-IIA’s IPPF, ISPPIA, and GTAG
-(ISC2)’s Continuing Education Programs
V. Outsourcing or Co-sourcing Considerations
4. Engagement Management
I. Performance Standards
II. Initial Planning and Risk Assessment
- Review of Previous Audit Working Papers
- Survey – Gather Additional Information from Auditees
- Develop or Revise Audit Programs
- Objectives
- Risks and Controls Matrix
- Scope / Coverage
III. Fieldwork
- Kick-off Meeting
- Staff Assignment and Supervision
- Walkthrough Activities
- Risk and Control Assessments (SIPOC Analysis)
- Follow-up of Previous Audit Issues and Recommendations
- Determining the Initiatives and Improvements made by the Auditee
- Using the Work of Other Experts
- Irregularities and Illegal Acts
IV. Reporting
- Standards and Guidelines
- Exit Conference
- Overall Audit Rating Criteria
- Initial Conclusion (Tentative) and Final Rating
5. Follow-up Activities
- Open Issues Monitoring (Aging)
- Validation of Resolutions
- Frequency of Reporting
6. Consulting and Other IT Audit Services
7. Emerging Trends (Artificial Intelligence, Machine Learning, Data Science, Robotics, etc.) Agile Auditing and Audit Management Automation
8. Career Challenges, Issues, Insights and Personal Guiding Principles
9. Question and Answer Session
Resource Speaker:
MR. REGINALD C. NERY
CIA, CPA, CISA, CRMA, CFSA, CCSA, COBIT (F/I)
SVP, Chief Audit Executive, Bank of Commerce
Former IRM Partner of a Top 4 Auditing Firm
Past President & Chairman IIA-Philippines
Past President, Board Member and Founding Member of ISACA – Manila
About our Speaker:
Mr. Reginald C. Nery is the Chief Audit Executive and Head of Internal Audit Division of Bank of Commerce with the rank of Senior Vice President. He directly reports to the Audit Committee. Prior to joining BOC, he was a Partner and Head of Technology Performance and Governance group and IT Committee Chairman of Diaz Murillo Dalupan, and Company, CPAs. He’s a former Risk Advisory Service partner, Chief Information Officer and National IT Security Officer of KPMG Philippines. He is credited with more than 35 years of business exposure in external and internal audit, IT audit, corporate governance, risk management, project management, business process improvement, IT security, compliance and AML management, and IT governance and management.
As such, Mr. Reggie Nery is thoroughly exposed in all the technical and administrative aspects of internal audit; information systems audit; system development project; and IT security management and advisory
He has dealt with a wide spectrum of clients, auditees, users as well as all levels of management, including board members and c-level executives from a wide spectrum of industries, including banking, insurance, oil, manufacturing, retail, real estate and property development, communications, and so forth.
Mr. Nery has been very active for the past several years in the three professional associations, namely the Institute of Internal Auditors – Philippines (IIA-P), Information Systems Audit and Control Association (ISACA) – Manila Chapter, and Project Management Institute (PMI) – Philippine Chapter.
Mr. Nery is a Certified Public Accountant, Certified Internal Auditor, Certified Information System Auditor, Certified Information Systems Security Professional, Certified Financial Service Auditor, Certification in Control Self-Assessment holder, Certified Information Security Manager, Certified Risk Management Assurance, a holder of COBIT® 5 Foundation qualification, a holder of COBIT® 5 Implementation qualification, an accredited Quality Assessment Validator of IIA, and the first accredited training provider of COBIT 5 Foundation and Implementation (Certification) courses in the Philippines. He also completed and passed the one-year course on “Trust Operations and Investment Management” by the Trust Institute Foundation of the Philippines. He completed recently (in November 2021) a certification course on “Data Science and Machine Learning: Making Data-Driven Decisions” by Massachusetts Institute of Technology (MIT) – Institute for Data, Systems, and Society.
Date/Time Schedule:
July 27, 2024 (Saturday)
9:00 AM to 5:00 PM
Training Fee per Participant:
Member Institution – P 2,800.00
Non-Member Institution – P 3,920.00
**VAT Inclusive