Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee Breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00

Day 1: Foundations of Configuration Management Audit – 07:30–15:30
Module 1: Introduction to Configuration Management – 07:30–09:30
● Key concepts of configuration management
● Role of CIs, CMDBs, and documentation standards
● Relationship between CM, ITSM, and audit

Module 2: Frameworks and Guidelines – 09:45–11:15
● ITIL, COBIT, ISO/IEC 20000, and NIST SP 800-128
● Industry benchmarks and audit criteria
● Role of configuration audits in IT governance

Module 3: Configuration Item Identification – 11:30–01:00
● Identifying hardware, software, network, and documentation CIs
● Version control and baseline management
● Establishing criticality and relationships

Module 4: Workshop – CI Mapping Exercise – 02:00–03:30
● Hands-on task to map sample CIs and assess their documentation status

Day 2: Auditing Configuration Processes and Records – 07:30–15:30
Module 1: Audit Planning and Scoping – 07:30–09:30
● Defining audit objectives and boundaries
● Accessing CMDBs and records
● Identifying audit stakeholders and interview planning

Module 2: Evaluating CMDB Accuracy – 09:45–11:15
● Common data integrity issues and reconciliation practices
● Tools for automated discovery and validation
● Sampling techniques and spot checks

Module 3: Control Testing for CIs – 11:30–01:00
● Change tracking, unauthorized modifications, and rollback readiness
● CI lifecycle and decommissioning procedures
● Documenting and testing controls

Module 4: Workshop – CMDB Audit Simulation – 02:00–03:30
● Review and test a sample CMDB for integrity, completeness, and compliance

Day 3: Configuration Controls and Integration – 07:30–15:30
Module 1: Integrating with Change and Incident Management – 07:30–09:30
● Linking CIs to change tickets and incidents
● Tracing unauthorized or unrecorded changes
● Ensuring CM supports problem resolution

Module 2: Security and Access Controls – 09:45–11:15
● Role-based access to CMDB and CI modification
● Audit trail management and segregation of duties
● Protecting configuration data from tampering

Module 3: Risk Identification and Reporting – 11:30–01:00
● Risk indicators for configuration failures
● Prioritizing findings based on impact and likelihood
● Formulating audit recommendations

Module 4: Workshop – Configuration Risk Assessment – 02:00–03:30
● Analyze real-world scenarios to identify configuration risks and control gaps

Day 4: Audit Reporting and Stakeholder Communication – 07:30–15:30
Module 1: Audit Documentation and Report Writing – 07:30–09:30
● Effective audit documentation structure
● Evidence logs and audit trails
● Drafting clear and actionable audit reports

Module 2: Presenting Findings to Management – 09:45–11:15
● Report formatting for executives and IT teams
● Communicating risk and control impacts
● Handling resistance or lack of cooperation

Module 3: Third-Party and Cloud Configuration Audits – 11:30–01:00
● Auditing external service providers’ configurations
● Reviewing SLAs and vendor audit rights
● Risks in cloud-based CM systems

Module 4: Workshop – Drafting an Audit Report – 02:00–03:30
● Practice compiling audit findings and recommendations for stakeholders

Day 5: Final Integration and Assurance – 07:30–15:30
Module 1: Configuration Assurance and Governance – 07:30–09:30
● Establishing continuous CM audit practices
● Audit follow-up and remediation tracking
● Integrating with IT governance frameworks

Module 2: Lessons Learned from Configuration Failures – 09:45–11:15
● Real-life incidents caused by poor configuration control
● Root cause analysis and preventive measures
● Role of audit in continuous improvement

Module 3: Final Case Study and Team Presentation – 11:30–01:00
● Group simulation to present audit findings for a fictional IT environment

Module 4: Feedback and Certification – 02:00–03:30
● Course review and feedback
● Q&A session
● Certificate distribution