Course Schedule
Day 1 - Wednesday 10 November, 2021
Opening Session (10:40 To 11:00)
Opening Remarks & Introduction
Session One (11:00 AM To 1:00 PM)
IT Governance
- Understand IT Governance
- How Digital Transformation is Impacting Governance
- Understand audit’s role in supporting IT Governance
- Develop and analyze a risk management program
- Identify Information Security roles and responsibilities
IT Governance Frameworks: the case of COBIT 2019
IT Resource Planning & Optimization
IT Benefits Realization
Quiz
Break
Session Two (01:20 PM To 03:20 PM)
IT Audit and Assurance Standards
- IT Audit Framework
- External Standards & Frameworks
- Privacy & Regulatory Compliance
IT Systems Development Life Cycle
- Identify and determine controls around a project management plan
- Understand traditional and modern SDLC approaches to business application development
- DevOps and DevSecOps
- Continuous Development & Continuous Integration (CI/CD)
- Understand key risks and controls relevant to application development
IT General Controls: Logical Security
- Identity and Access Management
- User Behaviour Analytics
- Privileged Account Management
- Multi Factor Authentication
IT General Controls: Resiliency
- Business Continuity Planning (BCP)
- Disaster Recovery (DR)
Quiz
End of Day Group Interactive Discussion
Day 2 - Thursday 11 November, 2021
Session One (11:00 AM To 01:00 PM)
IT Risk Management
- Overview of Enterprise Risk Management
- Principles of IT Risk Management
- Frameworks & Standards
- Develop and analyze a risk management program
- Responsibilities and Accountability for IT Risk
IT Risk Identiï¬cation
- Collect event data, monitor risk and report exposures and opportunities
- Understand organizational risks and how to mitigate them to provide assurance
IT Risk Assessment
- Develop a risk assessment process and related mitigation strategies
- Develop an audit or internal assessment plan
Risk Response and Mitigation
- Risk Response Strategies
- A consultative approach to developing effective risk response
- Selection of appropriate, effective controls
- Case Study
Quiz
Break
Session Two (01:20 PM To 03:20 PM)
End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:
- Perform a Risk Assessment
- Determining the Audit Scope
- Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
- Documenting ï¬ndings
Cumulative Exams
| Course Program | |
|---|---|
| Time | Topic |
| TIMINGS | Day 1 |
| 10:40 to 11:00 | Registration & Introduction |
| Day 1-2 | |
| 11:00 to 13:00 | Session One |
| 13:00 to 13:20 | Break |
| 13:20 to 15:20 | Session Two |
| 15:20 to 16:00 | End of Day Group Interactive Discussion |