I.T. Auditing Techniques & Control
Course Description
This comprehensive course outlines the concepts of information technology you need to know in order to understand the audit concerns in the IT environment. You will learn the necessary controls for application systems - the program pinpoints specific controls to evaluate when auditing currently installed systems, new systems under development, and the various activities within the information technology department.
The Training Course Will Highlight ?

In addition, you will learn techniques for auditing automated systems and examine the impact of Sarbanes-Oxley on IT audit. You will leave this session with a solid foundation in the basics of information technology as they apply to audit and security concerns

Training Objective

By the end of this course delegates will be able to:

  • Develop an understanding of IT project management
  • Gain experience using project management tools and techniques
  • Apply the concepts of Risk Management to IT audit project
  • Learn about how to audit organizations and audit standards

Target Audience

Internal Auditors, Auditors-in-Charge, Financial & Operational Auditors, Finance Personnel, External Auditors, Audit Managers and Supervisors, IT Auditors, Team Leaders and Directors, Operations Managers, Audit Managers

Training Methods

Daily Agenda

Introduction to IT Audit

  •  Audit objectives and requirements
  •  Role of IT within the organization
  •  Management and security risks in an automated environment
  •  What is a control?
  • Internal control defined
  •  Processes and control points
  •  Physical space vs. Logical space
  •  Identifying control points

Planning the IT Audit

  • Definition of internal audit
  • Objectives of an it audit
  •  IT audit strategies
  •  What is an application
  •  Application vs. General controls
  • IT audit control reviews
  • IT control categories
  •  The audit deliverable
  • Building the audit team

Auditing Organizations and Standards

  •  Maintaining audit objectivity
  • What is a standard?, AICPA and SAS
  • GAO and other certification organizations
  • The Institute of Internal Auditors (IIA)

The Treadway Commission

  • COSO Integrated Framework
  • ISACA and the IT Governance Institute
  •  COBIT®: Control Objectives for Information and Related Technology
  • ISO 27002 security standard

IT Governance and Controls

  • What is IT governance?
  • Information security governance
  • IT policies and procedures
  •  Separation of duties and outsourcing
  • Governance and control

Information Technology Basics

  •  Why learn about technology?
  • Computer hardware and CPU operation

Two different classes of computers

  • Software, programs and processing
  • Distributed systems and client/server technology
  • The Open Systems Interconnection (OSI) model
  • Maintenance and security

Network Technology and Controls

  • Networking risks, Auditing networks
  • What is a network?
  • LANs, WANs and MANs
  • Physical network media (cables)
  •  Cabling audit objectives
  • LAN Protocols
  •  WAN connectivity and protocols
  •  MAN protocols
  • LAN/WAN/MAN audit objectives
  •  Network devices
  •  Network device audit objectives
  • Complete networks
  • The internet
  • Intranets and extranets
  •  Risks of internet use for business
  • Using firewalls
  •  Internet communications
  •  Internet Protocol (IP) addressing
  • Service (process) addressing
  • Internet applications
  • The World Wide Web (www)
  •  Web page technologies
  • Internet audit objectives

Shared General and Application Controls

  • Logical security
  • Data classification
  • Logical access controls: system access
  • Encryption: information access
  • Remote access, PCS and mobile devices
  •  Information security management
  • Change management
  •  Change management objectives
  •  Program change control
  •  Patch management
  • Software licensing
  • Business continuity/disaster recovery
  • Bcp/drp defined
  •  Business Impact Analysis (BIA)
  • Disaster recovery strategy
  • Maintaining the plan
  • System development technologies
  • SDLC, RAD, ERP purchases
  • Internal audit involvement, Audit strategy

Application Controls

  •  What is an application?
  • Business application risks
  • Application auditing
  •  Transactions: the audit focus
  • Transaction life cycle controls, End
  •  User computing
  •  Data warehouses
  • The future of applications

Database Technology and Controls

  • Managing information
  • The program
  •  Centric model
  • Program
  • Centric audit concerns
  • The data
  • Centric model
  • What is a database?
  • Database terminology
  • Database management systems
  • Types of databases
  • Database audit concerns

Infrastructure General Controls

  • Operations controls
  • IT operations
  • Operating system controls
  • System utilities
  • System software controls: a review
  • Physical security
  • Environmental controls

BTS attendance certificate will be issued to all attendees completing minimum of 75% of the total course duration.

Quick Enquiry

Request Info

Download Brochure Request In house Proposal

Course Rounds : (5 -Days)

Code Date Venue Fees Register
AUD113-02 18-08-2024 Dammam USD 5450
AUD113-03 13-10-2024 Dubai USD 5450
AUD113-04 22-12-2024 Manama USD 5450
Prices doesn't include VAT

UpComing Date

  • Start date 18-08-2024
  • End date 22-08-2024

  • Country Saudi Arabia
  • Venue Dammam

Quality Policy

 Providing services with a high quality that are satisfying the requirements
 Appling the specifications and legalizations to ensure the quality of service.
 Best utilization of resources for continually improving the business activities.

Technical Team

BTS keen to selects highly technical instructors based on professional field experience

Strengths and capabilities

Since BTS was established, it considered a training partner for world class oil & gas institution

Search For Available Course

Abu Dhabi, UAE

1st floor, Incubator Buildingو Masdar City, Abu Dhabi, UAE


Sun to Fri 09:00 AM to 06:00 PM


Contact Us anytime!