Managing the IT Audit Function


Course Description/Course Outline

OBJECTIVES: The participants will be introduced to and gain a better appreciation of the standards, frameworks, actual and “best practices”, challenges, insights, references, various tips and techniques, and trends in managing the IT Audit Functions.

1. Understanding the Mission, Requirements and Challenges of the IT Audit Functions

  • General Standards
  • Audit Committee and Audit Charter
  • IT Steering Committee, CAE and Management Expectations
  • Regulatory Requirements

2. Strategic IT Audit Planning

I. Establishing the Audit Universe

  • IT Asset Inventory
  • Application Controls (IT and EUC)
  • General IT Controls
  • Planned and Ongoing Projects (Pre-implementation Reviews)

II. IT Strategy

  • Short Term Audit Schedule
  • Long Term Audit Schedule
  • IT Audit Engagements (types, challenges and implications)
  • Traditional (or Cyclical) versus Continuous Auditing

III. Conducting Risk Assessment and Determining the Priorities

  • Risk Factors
  • Rating Criteria

3. Resource Management

I. Matching IT Audit Plan versus Resources

II. Attracting, Screening, Hiring and Retaining Talents

III. Training the IT Auditors (self-study, formal, virtual, face-to-face,  and on-the job)

IV. Equipping the IT Auditors

  • IT Tools (CAATs, VA, etc.)
  • IT Audit Manual
  • Library of References


-ISACA’s ITAF 4th Edition

-ISACA’s Code of Ethics, Control Journals, free online courses, Whitepapers and Audit Programs

-NIST Guidelines

-PMI’s Foundational Standards (including PMBook 7th Edition, Risk Management, Business Analysis, etc.),  Practice Standards, and Practice Guides


-(ISC2)’s Continuing Education Programs

V. Outsourcing or Co-sourcing Considerations

4. Engagement Management

I. Performance Standards

II. Initial Planning and Risk Assessment

  • Review of Previous Audit Working Papers
  • Survey – Gather Additional Information from Auditees
  • Develop or Revise Audit Programs
  • Objectives
  • Risks and Controls Matrix
  • Scope / Coverage

III. Fieldwork

  • Kick-off Meeting
  • Staff Assignment and Supervision
  • Walkthrough Activities
  • Risk and Control Assessments (SIPOC Analysis)
  • Follow-up of Previous Audit Issues and Recommendations
  • Determining the Initiatives and Improvements made by the Auditee
  • Using the Work of Other Experts
  • Irregularities and Illegal Acts

IV. Reporting

  • Standards and Guidelines
  • Exit Conference
  • Overall Audit Rating Criteria
  • Initial Conclusion (Tentative) and Final Rating

5. Follow-up Activities

  • Open Issues Monitoring (Aging)
  • Validation of Resolutions
  • Frequency of Reporting

6. Consulting and Other IT Audit Services

7. Emerging Trends (Artificial Intelligence, Machine Learning, Data Science, Robotics, etc.) Agile Auditing and Audit Management Automation

8. Career Challenges, Issues, Insights and Personal Guiding Principles

9. Question and Answer Session

Resource Speaker:



SVP, Chief Audit Executive, Bank of Commerce

Former IRM Partner of a Top 4 Auditing Firm

Past President & Chairman IIA-Philippines

Past President, Board Member and Founding Member of ISACA – Manila

Date/Time Schedule:

October 21, 2023 (Saturday)

9:00 AM to 5:00 PM

Training Fee per Participant:

Member Institution – P 2,800.00

Non-Member Institution – P 3,920.00

**VAT Inclusive

Register to Absorb LMS Now