Risk Based IT Auditing Master Class

The Digital World

Information Technology has developed into a nerve center of every organisation. It has become an intrinsic and pervasive component for business, used in the sustaining and extending of enterprises’ strategies and objectives. The impact of emerging technology – Cloud Computing, Big Data, Mobility, Consumerisation, Social Media, Cybersecurity and the Internet of Things is permeating every aspect of business. Today more than ever more and more forward-looking organisations are using IT to build sustainable competitive advantages.

The Changing Landscape of IT Auditing

Whilst IT business enabled opportunities are huge and can separate winners and losers the risks if not checked are catastrophic. IT auditing assurance and consulting has in turn evolved from checklist reviews focused on only providing audit control deficiencies and recommendations to a strategic enterprise function key in the realisation of business strategy. Traditional approaches to IT assurance and advisory and checklist IT auditing are no longer adequate to improve enterprise operations and add-value to business.

Beyond Checklist Auditing

Boards and Audit Committees are demanding more meaningful audit issues aligned to enterprise strategic and performance goals. Check list auditing without adequate understanding of business under review will lead to audits that do not add-value or improve operations of an enterprise. Auditors need to take adequate time to understand an enterprise’s key stakeholders; their requirements, enterprise strategy and the underlying IT environment to provide IT audits that add-value and improve operations.

About the workshop

The Risk Based IT Auditing Master Class is aimed to equip Experienced Non IT Auditors, IT Auditors, Audit Committee Members, IT professionals, CAEs, and Business leaders with practical risk based IT auditing knowledge and skills to provide value-adding, aligned to key strategies, objectives
and risk based IT audits that will grab the attention of Senior Business Leaders (CEOs, Board of Directors, Executive Management, Head of Department, Municipal Managers, Executive Committees, Audit & Risk Committees amongst others ). The emphasis is on linking observed IT control
gaps to impact on business strategic and performance goals for example aligning/linking the lack of a DRP to non availability of key systems linking this to non- availability of core services such provision of services to residence and collection of rates in a Municipality. The Risk Based IT Auditing Master Class is a comprehensive 5 days course providing delegates with practical approaches to auditing IT.

 Delegates specific business environment will be used to deepen understanding of internal auditing. The course covers how to document relevant entity specific System Description, Performing Risk Assessment Control Matrix (RACM), Test Procedures (Audit Programs), Work Paper, Findings / Management Letter Points and Reporting. 

Risk Based IT Auditing Advanced Class focus on linking IT audit observations to key enterprise strategy and performance objectives in line with the new Internal Audit Principles. This Master Class seeks to equip delegates with IT Auditing Knowledge, Skills and Proven Approaches to completely perform value-add IT auditing from start to finish. It provides auditors with the necessary knowledge required to communicate insights and foresights effectively.

Workshop Benefits

  • Planning an IT Audit driven by an understanding of the business environment (macro and mirco environment)
  • Documentation of business processes
  • Learning a pro-active audit approach to provide value-add IT auditing service to your organisation
  • Introduction to COBIT®5 Principles, Goals Cascade, Enablers, Processes and Assessment
  • Basic concepts of COBIT®5 for Assurance
  • A business centric approach to Auditing IT General Controls
  • Active Directory Auditing.
  • Application Controls Review – HR and Finance Systems anchored on the understanding of Business processes.
  • Auditing Outsourced IT Environments
  • Value-add IT Projects Advisory & Assurance
  • Introduction to Auditing Emerging Technology – Cloud Computing, Social Media, BYOD, Cybersecurity, Big Data & Internet of Things
  • Understanding Enterprise Governance of IT Auditing

Day 1

IT Audit Planning:

  • Preliminary assessment and information gathering
  • Approaches to Understanding the Business Environment
  • Risk assessment to define audit objective and scope
  • Evidence collection and evaluation
  • Tools of evidence collection
  • Risk Assessment
  • Structure of the Audit report

IT Auditing Fieldwork:

  • Establishing a Risk Based IT Audit Program
  • Evidence Collection Methods
  • Criteria for Quality Evidence
  • Documenting Work Papers
  • Documenting Findings – Communicating with Impact
  • Follow-Up – How to carry out an IT Audit follow-Up Audit

Day 2

Using COBIT®2019 to Perform Risk Based IT Audits

  • New COBIT 2019 framework introduction
  • Key concepts and terminology
  • Governance and Framework Principles
  • Governance system and components
  • Governance and management objectives
  • Performance management
  • Designing a tailored governance system
  • Developing the IT Audit Plan Using COBIT 2019
  • Enhancing the IT Audit Report Using COBIT 2019

Day 3

Auditing IT Governance

  • How to Perform an IT Governance Audit

Understanding IT Governance Fundamentals
King III IT Governance Principles

Engagement Planning

  • Understand the context and purpose of the engagement
  • Gather information
  • Conduct a preliminary risk assessment
  • Form engagement objectives
  • Establish engagement scope
  • Allocate resources
  • Document the plan

Day 4

Auditing IT General Controls

  • IT Operations Control
  • Physical Control (Access and Environment)
  • Auditing Business Continuity Management Planning (BCMP), IT Disaster Recovery Planning (DRP) and Data Backup – ISO22301
  • Practical Approach to Active Directory Auditing
  • How to Audit Logical Access Security Controls
  • Network and Internet Control Auditing
  • Problem and Incident Management Auditing

Day 5

Auditing Application Controls(Automated Business Processes and Transactions)

  • Input Controls
  • Processing Controls
  • Interface Controls
  • Master Data Controls
  • Auditing HR and Payroll Systems e.g. VIP Systems
  • Accounts Payable – Finance
  • Introduction to SAP Auditing
  • Defense In-Depth versus Single Sign-on

Auditing IT Projects

  • Advisory versus Assurance – where is value-add?
  • System Development Life Cycle (SDLC)
  • Requirement Definition
  • Development (Business Process versus Solution)
  • Testing
  • Solution Implementation
  • Migration – Data Clean-Up and Mapping
  • Go-Live
  • Performing Post-Implementation Auditing
  • Governance (Gateway Process
  • Risk Management
  • Benefits Realisation Business Cases
  • Using COBIT®5
    1. AP005 Manage Portfolio
    2. BAI01 Manage Programmes and projects
    3. BAI02 Manage requirements definition
    4. BAI03 Manage solutions identication


  • Auditing Emerging Technology
  • Cloud Computing
  • Social Media
  • Big Data
  • Bring Your Own Device (BYOD) and Mobility
  • Cybersecurity
  • Internet of Things
audit, inspection, examination-4189560.jpg

Who Should Participate This Training?

  • Internal Auditors
  • Experienced &
  • Upcoming IT
  • Auditors
  • Chief Audit
  • Executives
  • Audit Managers
  • IT Audit Consultants, Senior Consultants and Managers
  • Risk & Audit Committee Members
  • Corporate Services Managers
  • IT Professionals
  • Audit & Risk Committee Members
  • IT Assurance, Risk, Security and Governance Professionals

Register now for a special discount!

Event Option: 1  Face to Face Hotel Exc.

5 days summit = USD 2,500.00 include, round trip airport transfer, conference documentation, tours, lunch, Certification and limited refreshments.

Event options: 1 Face to Face Hotel Inc.

5 days summit = USD 3,550.00 per delegate include 6 nights bed & breakfast, round trip airport transfer, tours, lunch, dinner, conference documentation, Certification and limited refreshments.

 Event options: 2 Per Day Virtual

This option is designed for delegates that cannot manage to attend the full 5 days as option 1, for your convenience option 2 allows you to pick days suitable to your schedule. Per 1-day virtual instructor-led training  = USD 130.00 per delegate.

Event Option: 2  Full 5 Days Virtual

5-days virtual instructor-led training discounted = USD 500.00 per delegate.