COURSE CONTENT
1. Audit:
·
What
is IT Audit
·
Types
of Auditors (Internal and External)
·
Different
phases of IT Audit
·
Audit
Opinions
·
Absolute
vs Reasonable assurance
·
Types
of Audits
2. Risk
·
Risk
Management
·
Stages
of Risk Management
·
Risk
Identification
·
Risk
Assessment
·
Risk
Monitoring
·
Risk
Strategy
3.
Audit
Phases
·
Planning
·
Fieldwork
(TOD& TOE)
·
Review
& Reporting
·
Follow-up
4.
Control
Life Cycle
5.
Type
& Nature of Internal Controls
6.
Risk
& Control
7.
Audit
frameworks & Standards
8.
Walkthrough:
·
How
WT Conducted
·
Test
Of Design (TOD)
·
Walkthrough
Questionnaire
9. Audit Population,
Audit Techniques, TOE
10.
Sampling
Methodology:
·
How
many samples need to pick while doing TOE
·
Different
sampling techniques
·
Automatic
Tools for sampling
11.
Identity and Access Management Business Process
·
User Access Provisioning
·
User Access De-provisioning
·
User Access Reviews (Access Re-certification)
·
Privileged User Access
·
Password Configurations/ System Authentication
·
Segregation of Duties check, SSO, MFA, Authentication
& Authorization
12.
Change Management Business Process
·
SDLC, STLC
·
Change Authorization
·
Change Approval
·
Risk Control Matrix (RCM) of Change Management
·
Critical/Emergency Changes and how to handle those?
·
SoD – Segregation of Duties
·
Version Management/Source Code Management
·
What is Production, test and development environments?
What is the difference?
·
UAT/System testing/Integrated testing
·
Post Implementation Review
·
Check
list auditor has to verify while conducting audit
13.
Incident
Management:
·
Types of Incidents
·
Incident Management process
·
Auditor Check list while doing audit
·
Problem Management
·
Incident vs Problem Management
14.
Patch Management
15.
Back
up Management
·
What
is Back-up
·
Backup
Restoration periodicity
·
Different
types of Backups
·
Preferable
Backup method in case of cyber attack
·
Backup
retention period
·
How
to maintain Backup register (To track status of backup)
·
Re-run
procedures
·
Audit
check list while verifying backup controls
16.
Job Scheduling and Job monitoring
17.
Business Continuity Management System
·
BCP
·
DR
18.
SOX
Sections & Types of SOC Reports
19.
Physical
Security Controls
20.
Endpoint
Security
No comments:
Post a Comment
Note: only a member of this blog may post a comment.