INFORMATION SYSTEMS AUDIT: EVALUATING CONTROLS & SECURITY MEASURES
Assessing IT Risks, Compliance, and Controls to Strengthen Enterprise Information Security
Course Schedule
| Date | Venue | Fees (Face-to-Face) |
|---|---|---|
| 06 – 10 Oct 2025 | London, UK | USD 3495 per delegate |
Course Introduction
Information systems audits are critical in today’s digitally driven organizations where systems integrity, data security, and compliance with global standards are paramount. This course provides an in-depth framework for auditing IT systems, applications, infrastructure, and security controls—ensuring operational continuity, data protection, and regulatory compliance.
Through real-world scenarios and hands-on workshops, participants will learn how to evaluate technical controls, identify system vulnerabilities, assess governance frameworks, and deliver actionable audit findings aligned with standards such as COBIT, ISO 27001, NIST, and ISACA best practices.
Course Objectives
By the end of this course, participants will be able to:
• Plan and execute effective audits of information systems and related IT functions
• Evaluate the adequacy of IT governance, risk management, and control frameworks
• Assess controls around system development, change management, and data integrity
• Identify weaknesses in cybersecurity, access controls, and third-party systems
• Report audit results with evidence-based findings and remediation plans
Key Benefits of Attending
• Improve visibility into your organization’s IT risk and control environment
• Gain practical skills to audit core IT domains, including security, infrastructure, and applications
• Support compliance with ISO 27001, GDPR, COBIT, NIST, and internal audit mandates
• Enhance coordination between audit, IT, cybersecurity, and compliance teams
• Prepare for external audits and demonstrate strong digital risk oversight
Intended Audience
This program is designed for:
• Internal and IT auditors
• Information security and risk management professionals
• IT governance, compliance, and assurance officers
• IS/IT managers and system administrators
• Professionals preparing for CISA or similar certifications
Individual Benefits
Key competencies that will be developed include:
• IT audit planning, scoping, and fieldwork execution
• Control assessment in applications, networks, and databases
• Understanding of risk-based audit methodology for IT systems
• Cybersecurity audit readiness and vulnerability identification
• Reporting findings and tracking remediation for information systems
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Improved control over enterprise IT environments
• Early detection of IT risks and security gaps
• Enhanced preparedness for internal and regulatory audits
• Stronger alignment between IT performance and compliance goals
• Consistent application of IT audit standards and best practices
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – IS audit frameworks, control objectives, and standards
• Case Studies – Breaches, audit failures, and recovery strategies
• Workshops – IT risk assessments, control testing, and report development
• Peer Exchange – Cross-industry experiences in IT assurance and governance
• Tools – Audit checklists, scoring templates, and IT control catalogs
Course Outline
Detailed 5-Day Course Outline
Training Hours: 7:30 AM – 3:30 PM
Daily Format: 3–4 Learning Modules | Coffee breaks: 09:30 & 11:15 | Lunch Buffet: 01:00 – 02:00
Day 1: Foundations of Information Systems Audit
- Module 1: Purpose and Scope of IS Auditing (07:30 – 09:30)
• Objectives, standards, audit lifecycle
• Internal audit vs. external audit roles - Module 2: Risk-Based IS Audit Planning (09:45 – 11:15)
• Identifying critical systems, threats, and vulnerabilities
• Risk prioritization and materiality - Module 3: IT Governance & Frameworks (11:30 – 01:00)
• COBIT, ISO 27001, NIST, and ITIL overview
• Governance structures and accountability - Module 4: Workshop – IS Audit Scope Definition (02:00 – 03:30)
• Define objectives and risk focus for a sample IS audit plan
Day 2: Application and Infrastructure Control Auditing
- Module 1: Application Controls Assessment (07:30 – 09:30)
• Input validation, process controls, output accuracy
• Auditing ERP, HR, and financial systems - Module 2: Network and Infrastructure Controls (09:45 – 11:15)
• Firewalls, VPNs, endpoint security, and server configurations
• IT asset inventory and network segmentation - Module 3: Change and Configuration Management (11:30 – 01:00)
• Change logs, version control, configuration standards - Module 4: Workshop – Application Control Testing (02:00 – 03:30)
• Simulated walkthrough of testing business logic and input validation
Day 3: Security, Privacy & Access Control Auditing
- Module 1: Identity and Access Management (07:30 – 09:30)
• User provisioning, segregation of duties (SoD), least privilege - Module 2: Data Security and Privacy Controls (09:45 – 11:15)
• Encryption, backup, retention, and GDPR compliance - Module 3: Cybersecurity Incident Management (11:30 – 01:00)
• Threat detection, response plans, and security awareness - Module 4: Workshop – IAM and Privacy Audit Simulation (02:00 – 03:30)
• Evaluate access rights, logging, and data security posture
Day 4: Systems Development, Outsourcing & Cloud Audits
- Module 1: Auditing SDLC and Project Governance (07:30 – 09:30)
• Requirements, testing, deployment, and documentation review - Module 2: Cloud Services and Vendor Risk Auditing (09:45 – 11:15)
• SaaS, PaaS, IaaS audit strategies and third-party controls - Module 3: Outsourced IT and SLA Monitoring (11:30 – 01:00)
• Assessing vendors, contracts, SOC reports, compliance terms - Module 4: Workshop – Cloud Risk Audit (02:00 – 03:30)
• Develop an audit checklist for AWS or Microsoft Azure usage
Day 5: Reporting, Communication & Certification
- Module 1: Reporting Findings and Recommendations (07:30 – 09:30)
• Structure, scoring, evidence, and action plans - Module 2: Communicating with IT, Audit Committees & Leadership (09:45 – 11:15)
• Presentation techniques, dashboards, and follow-up - Module 3: Final Group Audit Presentation (11:30 – 01:00)
• Teams present findings from a sample IS audit scenario - Module 4: Certification & Wrap-Up (02:00 – 03:30)
• Participant action planning and certificate distribution
Certification
Participants will receive a Certificate of Completion in Information Systems Audit, validating their capabilities in assessing the design and effectiveness of IT controls, cybersecurity measures, and governance structures.