Course Outline
Benefits
In the UK, risk auditing has become a key aspect of the statutory audit driven by
the Turnbull Report in the UK and the COSO framework and Sarbanes Oxley legislation
in the US. Auditors need to understand the inherent risks in any business before they
can assess what kind of controls are required and their effectiveness.
This course is
designed to help the auditor to identify ICT risks and to assess the control regime.
The course uses a case study and checklists to help the auditor to draw up appropriate
audit tests designed to test the effectiveness of controls.
Content
The course includes:
|
|
Where are the inherent risks in ICT?
|
|
|
The role of BS7799-2/ISO27001 standards on the security of information
|
|
|
Risk workshops – identifying risks and their impact
|
|
|
How to document ICT risks and the consequences for the business
|
|
|
Categorising risks
|
|
|
Risk mitigation
|
|
|
Controlling risks
|
|
|
Documenting the controls over risks
|
|
|
Designing the audit testing programme
|
Skills you will gain
|
|
The ability to recognise and assess IT risks and their impacts
|
|
|
Risk mitigation techniques
|
|
|
How to establish and assess the control regime
|
|
|
How to adapt the audit programme to examine the control regime and
assess its effectiveness
|
Who Should Attend?
Internal and external auditors involved in organisations that invest in ICT
Level of Knowledge Assumed
Some experience of managing businesses or involvement of financial performance reporting.Some experience of IT will be of value but not essential.
Duration of Course
I day
For more information, please contact
Sandy Pratt
Back to Training Courses
|
4-consulting
15 Palmerston Road,
Edinburgh, EH9 1TL
Tel 0131 668 2112
Copyright © Copyright © 2004-2008 4-consulting Ltd |
| 
