COURSE OUTCOME
Upon completion of this programme, participants will be able to:
- Understand the role and purpose of IT auditing.
- Apply IIA and ISACA principles to IT audits.
- Evaluate IT governance, risk management and control frameworks.
- Understand core technology environments and architectures.
- Identify cybersecurity and data protection risks.
- Assess business continuity and disaster recovery controls.
- Understand penetration testing and vulnerability assessments.
- Evaluate operating systems, databases and network controls.
- Apply COBIT principles during audit planning.
- Participate effectively in technology-focused audit assignments.
DAY 1 – FOUNDATIONS OF IT AUDITING
Course Outcome: Understand the role of IT auditing and the technology environment that supports business operations.
| Session | Objective | Key Deliverables |
| Session 1 | Understand the role of IT auditing within governance and assurance | Explain IT auditing concepts; Differentiate financial and IT audits; Understand technology risks |
| Session 2 | Understand the role of the IT Auditor | Define auditor responsibilities; Understand assurance activities; Understand stakeholder expectations |
| Session 3 | Apply Global Internal Audit Standards to IT audits | Interpret relevant standards; Understand evidence requirements; Apply audit planning principles |
| Session 4 | Understand IT governance and COBIT principles | Understand governance structures; Explain COBIT domains; Identify governance weaknesses |
| Session 5 | Understand key technology components within organisations | Identify hardware, software and networks; Understand business applications; Map technology to business processes |
Practical Exercise: Technology Landscape Assessment
DAY 2 – INFORMATION SYSTEMS AND TECHNOLOGY ENVIRONMENTS
Course Outcome: Develop a practical understanding of technology architectures and business systems.
| Session | Objective | Key Deliverables |
| Session 1 | Understand centralized and distributed systems | Compare architectures; Assess associated risks; Evaluate control implications |
| Session 2 | Understand online and batch processing systems | Differentiate processing methods; Identify risks; Evaluate controls |
| Session 3 | Understand operating systems and infrastructure controls | Identify operating system functions; Understand access controls; Evaluate configuration risks |
| Session 4 | Understand database concepts and controls | Explain database structures; Understand data integrity controls; Evaluate database risks |
| Session 5 | Understand cloud computing and digital platforms | Identify cloud service models; Assess cloud risks; Understand shared responsibility models |
Practical Exercise: Audit Review of a Payroll Processing System
DAY 3 – CYBERSECURITY AND INFORMATION SECURITY
Course Outcome: Understand cybersecurity threats and evaluate information security controls.
| Session | Objective | Key Deliverables |
| Session 1 | Understand cybersecurity fundamentals | Identify cyber threats; Understand attack vectors; Evaluate business impacts |
| Session 2 | Evaluate information security controls | Assess confidentiality controls; Assess integrity controls; Assess availability controls |
| Session 3 | Understand network concepts and security | Understand network architecture; Identify network vulnerabilities; Evaluate network controls |
| Session 4 | Understand penetration testing and vulnerability assessments | Explain penetration testing; Differentiate vulnerability assessments; Interpret test reports |
| Session 5 | Understand cyber incident management | Assess incident response processes; Understand breach management; Evaluate reporting protocols |
Practical Exercise: Cybersecurity Incident Investigation
DAY 4 DATA GOVERNANCE, PRIVACY AND RESILIENCE
Course Outcome: Evaluate information management, privacy, business continuity and disaster recovery controls.
| Session | Objective | Key Deliverables |
| Session 1 | Understand data governance principles | Assess data ownership; Evaluate data quality controls; Assess data lifecycle management |
| Session 2 | Evaluate POPIA compliance requirements | Understand lawful processing; Assess privacy risks; Evaluate compliance controls |
| Session 3 | Understand business continuity management | Evaluate continuity frameworks; Identify critical business processes; Assess recovery strategies |
| Session 4 | Understand disaster recovery planning | Evaluate recovery objectives; Assess recovery testing; Review disaster recovery plans |
| Session 5 | Understand digital resilience and operational continuity | Assess resilience controls; Understand crisis management; Evaluate recovery capabilities |
Practical Exercise: Business Continuity and Disaster Recovery Assessment
DAY 5 – IT RISK, CONTROLS AND AUDIT APPLICATION
Course Outcome: Apply IT auditing techniques to assess technology risks and controls.
| Session | Objective | Key Deliverables |
| Session 1 | Understand IT risk management principles | Identify technology risks; Assess risk exposure; Evaluate mitigation strategies |
| Session 2 | Evaluate IT general controls (ITGCs) | Assess access controls; Assess change management; Assess backup controls |
| Session 3 | Evaluate application controls | Assess input controls; Assess processing controls; Assess output controls |
| Session 4 | Conduct a risk-based IT audit | Develop audit scope; Identify audit procedures; Document audit findings |
| Session 5 | Integrate COBIT, Cybersecurity and IT Assurance | Apply COBIT controls; Evaluate cyber risks; Develop assurance recommendations |
Practical Exercise: End-to-End IT Audit Simulation
