IT Audit training course

The training course will help participants to gain a wide set of knowledge to plan, perform IT audit and manage IT audit enterprise programs. You will learn how to face the most difficult problems such as audit planning and reporting, business continuity audit, software development and system implementation lifecycle audit and operating systems, databases, network equipment configuration audit.


Our training course "IT Audit" is designed for companies and organisations that are concerned about IT security, intrusion detection and prevention measures and seek to develop and improve IT security on a regular basis. The training is adapted for an audience with various levels of knowledge. The experience gained after the training will definitely increase the value of the students for their organisations and their confidence in their own professional skills.

The target audience of this course is:
  • IT auditors
  • IT security specialists
  • IT security specialists
  • IT managers.
The course duration is 3 days.

The course syllabus below can be adopted according to company/organisation's needs.

Please write us your requirements and questions that are critical for you. We will update the training program accordingly.

Course syllabus

Section 1. IT audit
  1. It assurance framework (ITAF)
  2. Audit charter/mandate for hte audit
  3. Auditor independence
  4. Professional due care
  5. Audit assertions
  6. Audit criteria
    • ISACA audit programs
    • IIA audit guidelines
    • Trust services principles and criteria
    • COBIT
    • ISO 27001
    • Ohter sources of criteria
  7. Audit planning. Risk-based planning
  8. Audit performance
  9. Materiality of audit findings
  10. Audit evidence
  11. Evidence collection methods
  12. Audit sampling
  13. Using the work of other experts
  14. Reporting
  15. Handling illegal acts
  16. Audit follow-up
  17. Control environment
  18. Control design
  19. Control effectiveness
  20. Control monitoring
  21. Practical workshop.
Section 2. IT governance and management
  1. IT strategy
  2. IT architecture
  3. IT metrics
  4. IT organisation
  5. IT service management
  6. Service catalogue
  7. Incident management
  8. Change management
  9. Release management
  10. Problem management
  11. IT investments
  12. IT risks
  13. End-user computing
  14. Shadow IT
  15. Cloud IT
  16. BYOD (Bring your own device)
  17. IT outsourcing
  18. Practical workshop.
Section 3. Information systems development and implementation
  1. System implementation and development lifecycle
  2. Project management control frameworks
  3. System development methodologies
  4. Project business case
  5. Feasibility study
  6. Requirements' specification
  7. Design and architecture
  8. Procurement process
  9. Coding
  10. Implementation
  11. Testing
  12. Handover to production
  13. operational support
  14. Decommissioning
  15. Migrations
  16. Project closure
  17. Practical workshop.
Section 4. IT operations
  1. Inventory and asset management
  2. Patch management
  3. Hardware maintenance
  4. Licensing
  5. Capacity planning
  6. Performance and availability monitoring
  7. Utilities
  8. Datacenter management
  9. Network physical infrastructure
  10. Practical workshop.
Section 5. Business continuity and disaster recovery
  1. Business continuity management
  2. Business continuity project initiaition and management
  3. Business impact assessment
  4. RTO (Recovery Time Objective)/RPO (Recovery Point Objective)
  5. Recovery strategies
  6. Business continuity plan testing
  7. Disaster phases:
    • Preparation
    • Initial response
    • Restoration
    • Recovery
    • Post-incident activities
  8. Practical workshop.
Section 6. Information security assurance
  1. Information security policies, standards, and procedures
  2. Information security roles and organisational structures
  3. Human resources security
  4. Data classification and handling
  5. Key processes
  6. Information security risk management
  7. Incident handling
  8. Awareness programs
  9. Identity and access management
  10. IDS (Intrusion detection system)/IPS (Intrusion prevention system)
  11. DLP (Data loss prevention)
  12. SIEM (Security information and event management)
  13. PKI (Public key infrastructure)
  14. 802.11x, NAP (Network access protection) and network access control
  15. Remote access and teleworking risks
  16. Rights management
  17. Antimalware solutions
  18. Physical security controls
  19. Fraud controls
  20. Practical workshop.
Section 7. Audit considerations
  1. ERP (Enterprise resource planning) audit
  2. CRM (Customer Relationship Management) audit
  3. VOIP (Voice over IP)
  4. Virtualization
  5. Practical workshop.
  • Windows audit
  • Linux audit
  • Networking, VPN (Virtual Private Network) and Firewall audit
  • PKI audit
  • Database audit (MySQL and Oracle)
  • Web application adudit (PHP)
  • Mobile application audit (Android).

For ease of use, you can download the program of the training course "IT Audit" from the link. Click to download

This website uses cookies to give you the best experience. Terms & Conditions