Description
Course Description/Course Outline
OBJECTIVES: The participants will be introduced to and gain a better appreciation of the standards, frameworks, actual and “best practices”, challenges, insights, references, various tips and techniques, and trends in managing the IT Audit Functions.
1. Understanding the Mission, Requirements and Challenges of the IT Audit Functions
- General Standards
- Audit Committee and Audit Charter
- IT Steering Committee, CAE and Management Expectations
- Regulatory Requirements
2. Strategic IT Audit Planning
I. Establishing the Audit Universe
- IT Asset Inventory
- Application Controls (IT and EUC)
- General IT Controls
- Planned and Ongoing Projects (Pre-implementation Reviews)
II. IT Strategy
- Short Term Audit Schedule
- Long Term Audit Schedule
- IT Audit Engagements (types, challenges and implications)
- Traditional (or Cyclical) versus Continuous Auditing
III. Conducting Risk Assessment and Determining the Priorities
- Risk Factors
- Rating Criteria
3. Resource Management
I. Matching IT Audit Plan versus Resources
II. Attracting, Screening, Hiring and Retaining Talents
III. Training the IT Auditors (self-study, formal, virtual, face-to-face, and on-the job)
IV. Equipping the IT Auditors
- IT Tools (CAATs, VA, etc.)
- IT Audit Manual
- Library of References
-ISACA’s COBIT 2019
-ISACA’s ITAF 4th Edition
-ISACA’s Code of Ethics, Control Journals, free online courses, Whitepapers and Audit Programs
-NIST Guidelines
-PMI’s Foundational Standards (including PMBook 7th Edition, Risk Management, Business Analysis, etc.), Practice Standards, and Practice Guides
-IIA’s IPPF, ISPPIA, and GTAG
-(ISC2)’s Continuing Education Programs
V. Outsourcing or Co-sourcing Considerations
4. Engagement Management
I. Performance Standards
II. Initial Planning and Risk Assessment
- Review of Previous Audit Working Papers
- Survey – Gather Additional Information from Auditees
- Develop or Revise Audit Programs
- Objectives
- Risks and Controls Matrix
- Scope / Coverage
III. Fieldwork
- Kick-off Meeting
- Staff Assignment and Supervision
- Walkthrough Activities
- Risk and Control Assessments (SIPOC Analysis)
- Follow-up of Previous Audit Issues and Recommendations
- Determining the Initiatives and Improvements made by the Auditee
- Using the Work of Other Experts
- Irregularities and Illegal Acts
IV. Reporting
- Standards and Guidelines
- Exit Conference
- Overall Audit Rating Criteria
- Initial Conclusion (Tentative) and Final Rating
5. Follow-up Activities
- Open Issues Monitoring (Aging)
- Validation of Resolutions
- Frequency of Reporting
6. Consulting and Other IT Audit Services
7. Emerging Trends (Artificial Intelligence, Machine Learning, Data Science, Robotics, etc.) Agile Auditing and Audit Management Automation
8. Career Challenges, Issues, Insights and Personal Guiding Principles
9. Question and Answer Session
Resource Speaker:
MR. REGINALD C. NERY
CIA, CPA, CISA, CRMA, CFSA, CCSA, COBIT (F/I)
SVP, Chief Audit Executive, Bank of Commerce
Former IRM Partner of a Top 4 Auditing Firm
Past President & Chairman IIA-Philippines
Past President, Board Member and Founding Member of ISACA – Manila
Date/Time Schedule:
October 21, 2023 (Saturday)
9:00 AM to 5:00 PM
Training Fee per Participant:
Member Institution – P 2,800.00
Non-Member Institution – P 3,920.00
**VAT Inclusive