Enrol for this course

Course Description

Based on COBIT and IEEE Standards

(4 day course)

This course is for auditors, IT managers, project managers, consultants, information security staff, risk managers,

procurement/purchasing professionals, and executive managers. Delegates should have worked on at least one major IT system in a development, operational, procurement or audit capacity.

The aim of the course is to enable delegates to conduct both high level and detailed audits of the non-coding activities of an IT operation including high level general practice, business continuity management, information security, software risk and software acquisition audits.

It applies equally to in-house IT operations, software houses, outsourcing institutions etc.

On completion of the course delegates will:

 Be able to scope and tailor an IT audit to address specific IT operational issues,

know what complementary standards are available,

 be able to model audits on international best practice, be able to assess results based on documented evidence and be able to create a remediation plan.

Creating the Audit

• Benefits of an IT Audit,
• Standards available,
• Audit Questionnaires,
• Customising the questions.

Specialist Subjects

• High Level IT Functions including standards for
• COBIT 4.0 et seq, IEEE,
• ISO 27001, BS25999 etc.
• Business Continuity
• Management based on BS 25999-1 and BS 25999-2
• Information Security based on ISO 17799 and ISO 27001
• Software Risk Management based on IEEE Software Engineering Standard 1540 – 2001
• Software Acquisition audit on IEEE Standard 1062 – 1998

Implementing the Audit

• Scoring systems,
• Supporting evidence,
• Developing a Remediation Plan,
• Implementing the Remediation Plan, Continuous Improvement
• Programme.