IT Audit and Risk Management Training Workshop

April 14-16, 2019, City Centre Rotana, Doha, Qatar

Training Objectives

Learning Objectives

  • Understand the need for IT Audit Standards as the foundation for a high quality audit
  • Understand IT Governance and audit’s role in the evaluation of IT Governance
  • Provide stakeholders assurance that the enterprise’s information is properly protected
  • Assure that the correct controls are in place and effective in order to achieve business goals
  • Understand the principles of Enterprise Risk Management and IT risk management
  • Maintain an operational risk profile, assess and respond to risk
  • Collect event data, monitor risk and report exposures and opportunities
  • Understand organizational risks and how to mitigate them to provide assurance
  • Develop effective and results-oriented assurance practices on which management can rely
Register Now Download Brochure

Instructor of this course

Mr. Bernard Wanyama

CCNA, JNCIA, VSP, CISA, CISM, CRISC, CGEIT
Founder & Managing Director of SYNTECH Associates Ltd
Instructor: Cyber Security, IT Audit, IT Risk Management
APMG Accredited Trainer for CISA & CISM Courses
Cyber Security Expert

More Detail

IT and OT are undoubtedly at the center of every modern organization and information is by far the most important asset.
Audit and risk management professionals are required to provide assurance over complex, inter-connected information systems and processes in a fluid, environment of change - be it compliance requirements, disruption or digital transformation.
This course will provide the knowledge and strategic approach for today’s IT Audit and Risk Management professionals as well as cover emerging trends to prepare the participant for the tomorrow’s challenges.

  • Participants who complete the course will get an opportunity to:
  • Understand IT audit and assurance standards, guidelines and frameworks 
  • Understand how to plan and perform a risk-based IT audit
  • Understand IT Risk Management Principles
  • Discuss audit and control issues in different IT architecture components such as networks, databases, web application systems
  • Discuss audit and control issues around cyber security
  • Discuss risk, audit and control issues around emerging technologies such as cloud computing, virtualization, robotic process automation, machine learning and artificial intelligence
  • Understand how to cultivate an atmosphere of shared responsibility for risk management across the enterprise
  • Review case studies of major cyber security breaches to learn lessons
  • C-Level Executives:
    • Chief IT Auditor, Chief Audit & Risk Officers, Chief Audit Officer, Chief Risk Officer, etc
  • Directors, Heads, Partners, Managers, Officers & coordinators of:
    • IT Audit
    • IT Risk
    • IT Security Audit
    • Audit
    • Risk
    • IT Audit and Controls
    • IT Audit - Data Analytics
    • IT Audit - Applications
  • Presentations & lectures
  • Group discussion
  • Exercises & use cases
  • Certificate of achievement
  • Course material
  • USB with all material
  • International buffet lunch with coffee/tea breaks

Course Fee $1,800/Participant

Individual
Book & pay on or before Mar. 14th, 2019
& get 10% discount USD 1,620/participant

2 + 1 Exclusive offer
$ 3,600 for 3 participants

*ALL PRICES ARE EXCLUDING OF ANY TAX (IF APPLICABLE)


IT Audit and Risk Management - Course Schedule

Day 1 - Sunday 14 April, 2019
Opening Session

 Registration & Introduction

Session One
  • IT Audit and Assurance Standards
    • IT Audit Framework
    • External Standards & Frameworks
    • Privacy & Regulatory Compliance IT Governance  
  • Understand IT Governance
    • Understand audit’s role in the evaluation of IT Governance
    • Develop and analyze a risk management program
    • Identify Information Security roles and responsibilities
 Morning Break & Networking
Session Two
  • IT Systems Development Life Cycle
    • Identify and determine controls around a project management plan
    • Understand traditional and modern SDLC approaches to business application development
    • DevOps and DevSecOps
    • Continuous Development & Continuous Integration (CI/CD)
    • Understand key risks and controls relevant to application development
  • IT General Controls: Logical Security
    • Identity and Access Management
    • User Behaviour Analytics 
    • Privileged Account Management
    • Multi Factor Authentication
  • IT General Controls: Resiliency
    • Business Continuity Planning (BCP) 
    • Disaster Recovery (DR)
Lunch Break & Networking
Session Three
  • IT General Controls: Change and Patch Management
    • Application Code Version Control
    • Release Management: System Upgrades
    • Managing Infrastructure & Application Changes
    • Balancing the need to patch software and the potential for incidents arising from patches
  • IT Application & Interface Controls
    • Authentication & Authorization
    • APIs
    • Encryption 
    • Logging
    • Fraud & Anomaly Detection
 Evening Break & Networking
Session Four

End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk‐based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:

  • Perform a Risk Assessment
  • Determining the Audit Scope
  • Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
  • Documenting findings
Day 2 - Monday 15 April, 2019
Session One
  • Cloud Computing 
    • Cloud Computing Architecture
    • Cloud Computing Security
    • Cloud Computing Audit & Assurance
    • Shadow IT
Morning Break & Networking
Session Two
  • Cyber Security Auditing 
    • Perimeter
    • Database
    • Web Applications
Lunch Break & Networking
Session Three
  • Writing Effective IT Audit Reports to drive positive Management & Board responses
    • Addressing Challenges
    • Adding Value
    • Discussion
Evening Break & Networking
Session Four

End of day whiteboard working session
With case study of a prominent organization which has suffered two serious privacy breaches that leaked citizens’ medial data. We shall review the incident management and remedial measures.

Day 3 - Tuesday 16 April, 2019
Session One
  • IT Risk Management
    • Overview of Enterprise Risk Management
    • Principles of IT Risk Management
    • Frameworks & Standards
    • Develop and analyze a risk management program
    • Responsibilities and Accountability for IT Risk
  • IT Risk Identification
    • Collect event data, monitor risk and report exposures and opportunities
    • Understand organizational risks and how to mitigate them to provide assurance
       
Morning Break & Networking
Session Two
  • IT Risk Assessment 
    • Develop a risk assessment process and related mitigation strategies
    • Develop an audit or internal assessment plan 
    • Risk Response and Mitigation
    • Risk Response Strategies
    • A consultative approach to developing effective risk response
    • Selection of appropriate, effective controls
    • Case Study
Lunch Break & Networking
Session Three
  • Risk and Control Monitoring and Reporting
    • Collect event data, monitor risk and report exposures and opportunities
    • How to build up awareness across the enterprise 
    • How to communicate risk scenarios, business impact and key risk indicators.
  • Practical Toolkit for IT Risk Management 
    • Control Self Assessment
    • Risk Register Template
    • Risk Management Report Template
Evening Break & Networking
Session Four

Closing Remarks/Certificate Distribution

Course Program
Time Topic
Day 1
08:00 to 08:30Registration & Introduction
Day 1-3
08:30 to 10:00Session One
10:00 to 10:15 Morning Break & Networking
10:15 to 12:15Session Two
12:15 to 13:15Lunch Break & Networking
13:15 to 14:45Session Three
14:45 to 15:00 Evening Break & Networking
15:00 to 16:30Session Four