Course Description
ISACA recently published its 2nd edition of Top Business/Technology Issues Survey Results. This document provides IT and Internal Audit assurance professionals with an understanding of senior IT management’s concerns. Using supporting surveys and status reports, as well as good business practices, we will discuss management’s top issues. This will permit us to build an audit response to their top technology issues that improves our relevance, develops confidence with our client/customer, and provides a necessary service.
You will discuss IT Management’s top issues:
- Regulatory compliance
- Enterprise-based IT management and IT governance
- Information security management
- Disaster recovery/business continuity
- Challenges of managing IT risks
We will approach each issue by:
- Defining the issue
- Exploring the relationship of the issue to assurance
- Using IT frameworks such as the IT Assurance Framework and CobiT to provide a baseline for addressing the issue
- Exploring how Internal Audit can respond to these management concerns through either integrating these issues into the existing audit universe or establishing narrowly focused assessments to provide appropriate assurance
Learning Objectives:
- Understand current IT management issues
- Establish a basis for assigning assurance risk to IT’s top concerns
- Define a strategy for incorporating IT management’s requirements into your audit universe
- Identifty an approach to incorporate objective maturity model assessment into the evaluation
Course Outline
Regulatory compliance
- Identifying compliance requirements
- Building a compliance inventory
- Integrating the compliance requirements into the audit universe
- Building continuous monitoring/auditing practices into the regulatory compliance function
- Normalizing regulatory compliance
- Establishing operating efficiencies
Enterprise-Based IT Management and Governance
- Identifying the scope and components of IT governance
- Sources of IT governance best-practices
- Minimizing IT project risk
- Managing the IT portfolio
Information security management
- Understanding current information security management gaps
- Assessing the risks introduced by mobile assets and applications
- Evaluating cloud computing risks
- Reputational risk and social networking – the next frontier
Disaster recovery/business continuity
- Gaps in business continuity ownership
- Transforming the focus from recovery to continuity management
- Business continuity as a management function
Challenges of managing IT risks
- Establishing management risk assessment best practices
- Integrating risk assessments into the IT management process
- Understanding the different objectives of audit and IT management risk assessments
- Integrating management risk assessments into the audit risk assessment
- Establishing audit scope based upon the results of both management and audit risk assessments
Internal Audit as a Team Player with IT Management
- Providing value as part of the audit process
- Finding a middle ground between management “cheerleader” and “enforcer”
- Using maturity models to provide objective reporting
Additional Information
Who Should Attend
- Internal Audit and IT Audit Managers and Directors
- Internal Audit departments seeking to establish a focused and responsive presence with their audit customers
Learning Level
Intermediate
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Basic understanding of IT management, internal audit management, and audit frameworks
Session Duration
Online: Two 3-hour sessions
On Site: 1 Days
CPE Credits: 8