Description
Risks, Controls and Audit of IT Projects – an Introduction
By Reginald C. Nery, CPA, CIA, CFSA, CRMA, CCSA, CISSP, CISA, CISM, COBIT5 (5), COBIT5 (I)
The goal is to provide a comprehensive overview of controls, risks, and audit in IT projects and how they contribute to project success and overall organizational performance. Specifically, he course is intended to introduce to the participants the common risks, controls and best practices in IT project management, strategies and procedures in conducting IT Project Audits, insights and lessons learned from successful and failed projects, and the importance of a Comprehensive Approach to Controls, Risks, and Audit using the generally accepted framework for project management and the governance and management of Information and Technology.
I. Introduction
A. Overview of IT Projects
1. Project Terms and Concepts
2. Project Principles
B. Importance of Controls, Risks, and Audit
C. Purpose and Objectives of the Presentation
II. Risks in IT Projects
A. Common IT Project Risks
1. Scope Creep
2. Resource Constraints
a) People (availability, skill sets, experience, retention and attrition)
b) Tools and equipment
c) Time
d) Budget
3. Schedule Delays
4. Technical Challenges
5. Data Security and Privacy Risks
6. Regulatory Compliance Risks
7. Stakeholders Risks
B. Risk Assessment and Mitigation
1. Identifying Project Risks
2. Assessing Risk Impact and Probability
3. Developing Risk Mitigation Strategies
4. Risk Monitoring and Response Planning
III. Controls in IT Projects
A. Definition of Controls
B. Types of Controls
1. Project Management Controls (Scope, schedule, resource)
2. Security Controls
3. Quality Controls
4. Change Management Controls
5. Procurement Management Controls
6. Cost Management Controls
C. Implementing Effective Controls
1. Identifying Control Objectives
2. Designing Control Mechanisms
3. Roles and Responsibilities for Controls
4. Monitoring and Enforcement of Controls
D. The Relationship between Controls and Risks
E. Integrating Controls into the Project Management Process
F. Applying ISACA’s COBIT and PMI’s PMBOK 7th Edition
IV. IT Project Audit
A. Importance of IT Project Audit
B. Types of IT Project Audits
1. Internal Audits
2. External Audits
C. Audit Planning and Execution
1. Defining Audit Scope and Objectives
2. Conducting Risk-Based Audits
3. Gathering Evidence and Data 4. Audit Testing and Analysis
D. Assessing Control Effectiveness
1. Evaluating Compliance with Policies and Procedures
2. Reviewing IT Project Documentation (Deliverables)
3. Assessing Control Design and Implementation
E. Reporting Audit Findings
1. Documenting Audit Results
2. Communicating Findings to Stakeholders
3. Providing Recommendations for Improvement
V. Case Studies and Examples
A. Real-Life Examples of IT Project Controls and Risks
B. Lessons Learned from Successful IT Projects
C. Lessons Learned from IT Project Failures
VI. Conclusion
A. Summary of Key Points
B. Importance of Continuous Improvement
C. Q&A and Discussion
Resource Speaker:
MR. REGINALD C. NERY
CIA, CPA, CISA, CRMA, CFSA, CCSA, COBIT (F/I)
SVP, Chief Audit Executive, Bank of Commerce
Former IRM Partner of a Top 4 Auditing Firm
Past President & Chairman IIA-Philippines
Past President, Board Member and Founding Member of ISACA – Manila
About our Speaker:
Mr. Reginald C. Nery is the Chief Audit Executive and Head of Internal Audit Division of Bank of Commerce with the rank of Senior Vice President. He directly reports to the Audit Committee. Prior to joining BOC, he was a Partner and Head of Technology Performance and Governance group and IT Committee Chairman of Diaz Murillo Dalupan, and Company, CPAs. He’s a former Risk Advisory Service partner, Chief Information Officer and National IT Security Officer of KPMG Philippines. He is credited with more than 35 years of business exposure in external and internal audit, IT audit, corporate governance, risk management, project management, business process improvement, IT security, compliance and AML management, and IT governance and management.
As such, Mr. Reggie Nery is thoroughly exposed in all the technical and administrative aspects of internal audit; information systems audit; system development project; and IT security management and advisory
He has dealt with a wide spectrum of clients, auditees, users as well as all levels of management, including board members and c-level executives from a wide spectrum of industries, including banking, insurance, oil, manufacturing, retail, real estate and property development, communications, and so forth.
Mr. Nery has been very active for the past several years in the three professional associations, namely the Institute of Internal Auditors – Philippines (IIA-P), Information Systems Audit and Control Association (ISACA) – Manila Chapter, and Project Management Institute (PMI) – Philippine Chapter.
Mr. Nery is a Certified Public Accountant, Certified Internal Auditor, Certified Information System Auditor, Certified Information Systems Security Professional, Certified Financial Service Auditor, Certification in Control Self-Assessment holder, Certified Information Security Manager, Certified Risk Management Assurance, a holder of COBIT® 5 Foundation qualification, a holder of COBIT® 5 Implementation qualification, an accredited Quality Assessment Validator of IIA, and the first accredited training provider of COBIT 5 Foundation and Implementation (Certification) courses in the Philippines. He also completed and passed the one-year course on “Trust Operations and Investment Management” by the Trust Institute Foundation of the Philippines. He completed recently (in November 2021) a certification course on “Data Science and Machine Learning: Making Data-Driven Decisions” by Massachusetts Institute of Technology (MIT) – Institute for Data, Systems, and Society.
Date/Time Schedule:
June 8, 2024 (Saturday)
9:00 AM to 5:00 PM
Training Fee per Participant:
Member Institution – P 2,800.00
Non-Member Institution – P 3,920.00
**VAT Inclusive