Course Schedule

Day 1 - Thursday 13 January, 2022
Opening Session (10:40 AM To 11:00 AM)

Opening Remarks  & Introduction

Session One (11:00 AM To 01:00 PM)

IT Governance

  • Understand IT Governance
  • How Digital Transformation is Impacting Governance
  • Understand audit’s role in supporting IT Governance
  • Develop and analyze a risk management program
  • Identify Information Security roles and responsibilities

IT Governance Frameworks: the case of COBIT 2019
IT Resource Planning & Optimization
IT Benefits Realization

Break (20 Minutes)
Session Two (01:20 PM To 03:20 PM)

IT Audit and Assurance Standards

  • IT Audit Framework
  • External Standards & Frameworks
  • Privacy & Regulatory Compliance

IT Systems Development Life Cycle

  • Identify and determine controls around a project management plan
  • Understand traditional and modern SDLC approaches to business application development
  • DevOps and DevSecOps
  • Continuous Development & Continuous Integration (CI/CD)
  • Understand key risks and controls relevant to application development

IT General Controls: Logical Security

  • Identity and Access Management
  • User Behaviour Analytics
  • Privileged Account Management
  • Multi Factor Authentication

IT General Controls: Resiliency

  • Business Continuity Planning (BCP)
  • Disaster Recovery (DR)


End of Day Group Interactive Discussion

End of Day Group Interactive Discussion

Day 2 - Friday 14 January, 2022
Session One (11:00 AM To 01:00 PM)

IT Risk Management

  • Overview of Enterprise Risk Management
  • Principles of IT Risk Management
  • Frameworks & Standards
  • Develop and analyze a risk management program
  • Responsibilities and Accountability for IT Risk

IT Risk Identification

  • Collect event data, monitor risk and report exposures and opportunities
  • Understand organizational risks and how to mitigate them to provide assurance

IT Risk Assessment

  • Develop a risk assessment process and related mitigation strategies
  • Develop an audit or internal assessment plan

Risk Response and Mitigation

  • Risk Response Strategies
  • A consultative approach to developing effective risk response
  • Selection of appropriate, effective controls
  • Case Study


Break (20 Minutes)
Session Two (01:20 AM To 03:20 AM)

End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:

  • Perform a Risk Assessment
  • Determining the Audit Scope
  • Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
  • Documenting findings
Cumulative Exams

Cumulative Exams

Course Program
Time Topic
Day 1
10:40 to 11:00Registration & Introduction
Day 1-2
11:00 to 13:00Session One
13:00 to 13:20Break (20 Minutes)
13:20 to 15:20Session Two
15:20 to 16:00Session Three