IDENTITY AND ACCESS MANAGEMENT (IAM) AUDIT: EVALUATES THE ORGANIZATION'S PRACTICES FOR MANAGING USER IDENTITIES AND ACCESS PRIVILEGES
“Evaluating Identity and Access Controls to Safeguard Digital Assets and Ensure Regulatory Compliance”
Course Schedule
| Date | Venue | Fees (Face-to-Face) |
|---|---|---|
| 14 – 18 Sep 2026 | London, UK | USD 3495 per delegate |
Course Introduction
Identity and Access Management (IAM) plays a pivotal role in ensuring that the right individuals access the right resources at the right time—and for the right reasons. However, without strong oversight, IAM systems can become sources of security vulnerabilities, data breaches, and compliance failures.
This 5-day training provides auditors, IT security professionals, and risk managers with the skills to evaluate IAM processes, systems, and policies. The course combines best practices from frameworks such as ISO 27001, NIST, and COBIT with real-world audit techniques. Participants will learn to assess user provisioning, privilege management, authentication controls, segregation of duties, and access certification programs.
Course Objectives
By the end of this course, participants will be able to:
• Understand IAM components and the risks associated with poor identity governance
• Plan and execute IAM audits for applications, systems, and cloud environments
• Evaluate access controls, provisioning practices, and role-based access models
• Identify control weaknesses, misconfigurations, and excessive access rights
• Develop audit reports with actionable insights and risk-based remediation
Key Benefits of Attending
• To mitigate insider threats, data leakage, and privilege misuse
• To verify IAM processes align with regulatory and cybersecurity standards
• To strengthen governance of digital identities across hybrid IT environments
• To support audits related to ISO 27001, GDPR, HIPAA, SOX, and NIST CSF
• To build audit-readiness for IAM solutions including Active Directory, Azure AD, and Okta
Intended Audience
This program is designed for:
• IT and cybersecurity auditors
• Information security managers and IAM administrators
• Compliance and risk professionals
• IT governance officers and internal control analysts
• Anyone responsible for user access governance and policy enforcement
Individual Benefits
Key competencies that will be developed include:
• Auditing user lifecycle management and access controls
• Reviewing privilege escalation, admin access, and MFA enforcement
• Evaluating access review and recertification programs
• Documenting findings and reporting IAM risks
• Using audit tools for directory services, cloud IAM, and identity workflows
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Improved oversight of identity systems and entitlements
• Reduced exposure to unauthorized access, data breaches, and fraud
• Stronger internal controls and regulatory alignment
• Better documentation for audits, certification, and compliance reporting
• A foundation for Zero Trust and least-privilege access strategies
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – IAM governance, security frameworks, and audit mandates
• Case Studies – Privilege abuse, data leakage, and access control breakdowns
• Workshops – Role modeling, SoD conflict checks, and access review simulations
• Peer Exchange – Cross-industry IAM audit challenges and success stories
• Tools – Audit checklists, access review templates, system logs, and IAM dashboards
Course Outline
Detailed 5-Day Course Outline
Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00
Day 1: Foundations of IAM and Audit Scope
- Module 1: IAM Concepts and Risk Areas (07:30 – 09:30)
• Core IAM components: authentication, authorization, and administration
• Common vulnerabilities and audit implications - Module 2: IAM Architecture and System Integration (09:45 – 11:15)
• On-premise vs. cloud IAM systems
• Directory services, SSO, and federation - Module 3: Planning an IAM Audit (11:30 – 01:00)
• Scope definition, audit objectives, and risk prioritization
• Key systems and stakeholders - Module 4: Workshop – Drafting an IAM Audit Plan (02:00 – 03:30)
• Define controls and metrics for a case organization
Day 2: User Lifecycle Management and Access Provisioning
- Module 1: Identity Creation and Role Assignment (07:30 – 09:30)
• Joiner, mover, leaver processes
• HR feeds, ticketing systems, and automation - Module 2: Role-Based Access Control (RBAC) and Policies (09:45 – 11:15)
• Role modeling and conflict resolution
• Least privilege and role explosion risks - Module 3: Access Request, Approval, and Provisioning (11:30 – 01:00)
• Workflow audits and segregation of duties checks - Module 4: Simulation – Analyze Provisioning Records (02:00 – 03:30)
• Review logs for gaps in approvals or excess access
Day 3: Authentication, Privilege Management, and Monitoring
- Module 1: Authentication and Credential Controls (07:30 – 09:30)
• MFA, password management, session timeout
• Directory services and SSO - Module 2: Privileged Access Management (PAM) (09:45 – 11:15)
• Admin access tracking and shared accounts audit
• Break-glass access and session recording - Module 3: Logging, Monitoring, and Alerting (11:30 – 01:00)
• Event correlation, failed login review, and alert thresholds - Module 4: Workshop – PAM Risk Review (02:00 – 03:30)
• Assess admin access across IT systems
Day 4: Access Reviews, SoD, and Compliance Testing
- Module 1: Periodic Access Reviews (07:30 – 09:30)
• Recertification cycles, reviewer accountability
• Automated vs. manual reviews - Module 2: Segregation of Duties (SoD) and Conflict Analysis (09:45 – 11:15)
• SoD conflict matrices
• Risk of fraud and control overrides - Module 3: Third-Party and Cloud Access Reviews (11:30 – 01:00)
• Contractors, vendors, and federated identity management - Module 4: Group Exercise – Conduct an Access Review Audit (02:00 – 03:30)
• Identify and report on SoD violations
Day 5: Reporting, Follow-Up, and IAM Maturity
- Module 1: IAM Audit Reporting and Communication (07:30 – 09:30)
• Documenting findings and recommendations
• Risk ranking and management engagement - Module 2: Corrective Actions and Audit Follow-Up (09:45 – 11:15)
• CAPAs and audit readiness indicators - Module 3: IAM Program Maturity and Continuous Improvement (11:30 – 01:00)
• IAM governance, roadmap development, and metrics - Module 4: Final Presentations and Certification (02:00 – 03:30)
• Group presentations, Q&A, and certificate distribution
Certification
Participants will receive a Certificate of Completion in Identity and Access Management (IAM) Audit, confirming their ability to assess, monitor, and report on IAM controls in complex organizational environments.