Introduction
Whether you are in IT area or not, you often hear about Cloud computing, Cybersecurity, Internet of Things, and all sorts of tech trending terms, wondering what they exactly mean. As the rapid moving world of information and technology encompasses every business process, it is inevitable to not get triggered and involved by its dynamic.
Information Technology is a critical enabler of business. In today’s world, company operation is no longer possible without the use of IT. Assuring an enterprise’s governance, including risk management and control processes, requires auditors to understand the role of IT within their organizations and to develop adequate knowledge and skills to audit IT systems as the line separating “IT,” and “non-IT” audits are beginning to dissolve.
Course objective
Participants will become familiar with IT audit function, IT frameworks, most relevant IT processes and particular audit tests. Moreover, they will become aware of current key risks and how to address them, focusing mainly in cybersecurity.
Target audience
This course has been designed for Non-IT Auditors who are willing to execute a list of basic tasks and know their definition like IT Governance (e.g. IT Projects, Resource and Portfolio Management) or IT Security (User Access Review, Incident Management, BCM/DR, IT Risk Management), Agile Management (Manifest breakdown).
Content
Day 1
IT Audit function
- Terminology
- Objectives
- Qualifications
- IT Audit methods
- IT Audit Universe
Regulations, Standards & Best Practices (IT & IT Security)
- GDPR
- NIS 2 or DORA
- EBA Guidelines
- ITIL
- ISO
- COBIT
- NIST etc.
IT Processes & Basic Audit Tests
- Selection of IT Processes
- Basic Audit Tests
Day 2
IT Risks 2023
- Current research results
- Risk outlook
Process of an attack & examples
- Structure of an attack
- Techniques
- 3 examples
IT Security Controls & Basic Audit tests
- Selection of IT Security Controls
- Basic Audit Tests
INSTRUCTOR BIO
Gerhard Schreihans is Head of Audit IT & Data Analytics at UNIQA Insurance Group AG and previously held the same position at UniCredit Bank Austria AG.
In addition to this he founded the IT Audit Consulting Company Aubotics to provide tailor-made IT & cybersecurity trainings as well as consulting services for Internal Audit functions. Gerhard has an
academic background in business informatics and holds certifications like CISA, CISSP, CRISC and CDPSE.
Leave a comment