Day 1 - Thursday 13 January, 2022
Opening Session (10:40 AM To 11:00 AM)
Opening Remarks & Introduction
Session One (11:00 AM To 01:00 PM)
IT Governance
- Understand IT Governance
- How Digital Transformation is Impacting Governance
- Understand audit’s role in supporting IT Governance
- Develop and analyze a risk management program
- Identify Information Security roles and responsibilities
IT Governance Frameworks: the case of COBIT 2019
IT Resource Planning & Optimization
IT Benefits Realization
Quiz
Break (20 Minutes)
Session Two (01:20 PM To 03:20 PM)
IT Audit and Assurance Standards
- IT Audit Framework
- External Standards & Frameworks
- Privacy & Regulatory Compliance
IT Systems Development Life Cycle
- Identify and determine controls around a project management plan
- Understand traditional and modern SDLC approaches to business application development
- DevOps and DevSecOps
- Continuous Development & Continuous Integration (CI/CD)
- Understand key risks and controls relevant to application development
IT General Controls: Logical Security
- Identity and Access Management
- User Behaviour Analytics
- Privileged Account Management
- Multi Factor Authentication
IT General Controls: Resiliency
- Business Continuity Planning (BCP)
- Disaster Recovery (DR)
Quiz
End of Day Group Interactive Discussion
End of Day Group Interactive Discussion
Day 2 - Friday 14 January, 2022
Session One (11:00 AM To 01:00 PM)
IT Risk Management
- Overview of Enterprise Risk Management
- Principles of IT Risk Management
- Frameworks & Standards
- Develop and analyze a risk management program
- Responsibilities and Accountability for IT Risk
IT Risk Identification
- Collect event data, monitor risk and report exposures and opportunities
- Understand organizational risks and how to mitigate them to provide assurance
IT Risk Assessment
- Develop a risk assessment process and related mitigation strategies
- Develop an audit or internal assessment plan
Risk Response and Mitigation
- Risk Response Strategies
- A consultative approach to developing effective risk response
- Selection of appropriate, effective controls
- Case Study
Quiz
Break (20 Minutes)
Session Two (01:20 AM To 03:20 AM)
End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:
- Perform a Risk Assessment
- Determining the Audit Scope
- Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
- Documenting findings
Cumulative Exams