Three Day Seminar: General IT Audit for Business Auditors

Course Code:
CPE Hours:
Course Start Date:
October 01, 2019
Course End Date:
October 03, 2019
9.00 AM - 5.00 PM
Registration Deadline :
October 03, 2019
Level of course:
Level 2
Abdul Hamid Bin Abdullah
Competency areas:
Internal Audit Delivery [IAD]
Course venue:

M Hotel Singapore

Course fee (IIA/ ISACA member):
(Inclusive of GST)
Course fee (non-member):
(Inclusive of GST)
Other Memberships valid for discount:
10% off non-member rate for ISCA and ACCA member
Lunch Provided:
Tea Break:
Course Overview:

Information Technology (IT) is a critical enabler of business. Assuring an organisation’s governance, risk management, compliance and control processes requires internal auditors to understand the role of IT within their organisations and to develop adequate knowledge and skills to audit IT systems as the line separating “IT” and “non-IT” audits is beginning to disappear, except in the very technical IT areas.

As technology gets increasingly fused with business processes, business auditors need to be better prepared to provide integrated audit services that encompass process and technology audit areas. This course is specially designed to equip business auditors with skills and knowledge to assess IT risks and related controls, IT governance and management controls, and is aligned with the updated syllabus of the CIA exam Part 3 (Information Security and Information Technology).

Business auditors, as well as other professionals who have an interest in general IT audit

Course description :

• Ability to identify and evaluate business risks in the IT environment and propose solutions to address the identified risks.
• Ability to identify IT-related business risks and evaluate IT general controls and IT application controls in a business context.
• Ability to prepare an audit programme for the audit of an IT system which addresses both IT general control and IT application control objectives
• Ability to participate effectively in the design, development, testing and implementation of a new IT system, providing appropriate audit advisory and consultancy services from the business context.

Module 1: Fundamentals of Information Security for Business Auditors

Overview of Information Security
• Objectives and Scope of Information Security
• The CIA Triage (Confidentiality, Integrity and Availability)

Security Policies, Standards and Guidelines
• Cybersecurity and information security-related policies
• Security standards and procedures
• Security guidelines
• Security governance
• Continuous assurance

Physical Security Controls
• Common physical security controls
• Biometrics, e.g. fingerprints, retina scan, facial recognition

Logical Access Security
• User authentication and authorisation controls
• Access control principles
• Types of access controls, e.g. role-based security vs rules-based security
• Segregation of Duties (SoD) controls
• Public Key Infrastructure (PKI) system

Information Security Controls
• Encryption, firewalls, anti-virus, etc.
• ISMS (Info Security Management System)
• ISO27001 Standards
• Types of Information Security Controls
• Combating IT Fraud

Data Protection and Privacy
• Data privacy laws
• Personal Data Protection Act (PDPA)
• General Data Protection Regulations (GDPR)
• Impact on data security policies and practices
• Reasonable security procedures for data collection, processing and use of data, data storage, retention and disposal

Emerging Technologies – Impact on Security
• Bring Your Own Devices (BYOD)
• Smart Devices
• Internet of Things (IoT)
• Global Positioning System (GPS)
• Cloud
• Mobile Computing
• Drones
• Robotics
• Artificial Intelligence (AI) System
• Expert System
• Block Chain
• Bitcoins (digital currency)
• Social Media (Facebook, Twitter, Instagram, etc.)

Cybersecurity Risks and Controls
• IT Infrastructure (computer network, operating system, DBMS, etc.)
• Network concepts
• Existing and emerging cybersecurity risks
• Threat models, e.g. social engineering, malware, Advanced Persistent Threat (APT), Denial of Service (DoS)
• Stages of cybersecurity attacks (infiltration, propagation, aggregation, and exfiltration)
• Cybersecurity controls

Module 2: Fundamentals of IT Audit for Business Auditors

Overview of IT Audit
• Definition and scope of IT audit

IT Control Environment
• Database terms and internet terms
• Basic IT infrastructure
• Network concepts
• Types of IT controls

IT Audit Process
• IT audit planning
• Conduct of IT audit fieldwork
• Reporting of IT audit observations
• Audit guidelines (GTAG)

General Controls and Application Controls
• Software systems (CRM, ERP, GRC)
• Operational roles of network administrator, database administrator, and helpdesk
• Disaster recovery
• Systems development and delivery
• Physical security controls
• Logical access controls
• IT infrastructure controls
• Systems maintenance
• Computer operations
• SANS Top 20 critical security controls
• Application systems controls (input, process, storage, and output controls)

IT Governance, Risk Management and Compliance (GRC)
• Objectives and scope of GRC
• Business and IT Alignment
• Third-party risk management
• GRC systems – Desired Outcomes

Regulatory and Control Frameworks
• COBIT – A framework for IT Governance
• ISO27001 – Information Security Management System (ISMS)
• ITIL – A Framework for IT Services
• Other frameworks (MAS TRM, ISF, etc.)

IT Audit Tools and Techniques
• Computer-Assisted Audit Techniques (CAATs), e.g. Integrated Test Facility, Embedded Data Collection, Generalised Audit Software

Disaster Recovery and Business Continuity
• Disaster recovery planning site concepts
• Systems and data backup
• Systems and data recovery procedures
• BCP/DRP planning considerations
• Crisis management

Module 3: Fundamentals of Systems Development Audit for Business Auditors

Overview of Systems Development Life Cycle
• Core activities in systems development and delivery

Auditor’s Role
• IIA guidelines on role of auditors in systems development

IT Project Management
• Business case justification
• Cost-benefit analysis
• Feasibility study
• Procurement (tender)
• Requirements definition
• Design
• Developing, testing, debugging
• Post-implementation review

Design of Controls in Systems under Development
• User authentication controls
• Authorisation controls
• Information security controls
• Data protection and privacy controls
• Application system controls

Patch Management
• Infrastructure changes
• System upgrades
• Software amendments
• Change controls throughout the process

End-User Computing
• End-user computing environment
• Controls over end-user computing

Outsourcing of Systems Development
• Procurement and contracts
• Controls over outsourcing

Assessment Test
Course Summary and Evaluation

Mr Abdul Hamid Bin Abdullah is a Certified Information Systems Auditor (CISA), a Chartered Accountant of Singapore (CA Singapore) and a Fellow of the Institute of Internal Auditors (FIIA) Singapore. He has retired from an audit director’s role in the Auditor-General’s Office Singapore with 38 years of public sector audit experience. His professional knowledge and work experiences include IT audits of public sector organisations.

He is a Past President of the Information Systems Audit and Control Association (ISACA) Singapore Chapter and a Past International Vice-President, ISACA Board of Directors and the IT Governance Institute. He was also an Adjunct Lecturer in the Institute of Systems Science, National University of Singapore (NUS), an Associate Professor in the Department of Accountancy, NUS Business School and an Adjunct Faculty of the Singapore Institute of Technology.Line

Payment by PayNow/PayLah! transfer


Make the payment of your registration fees via PayNow/PayLah! transfer by following the steps below:

1. Upon completing your registration, proceed to payment and select the “Cheque/Fund Transfer” option.
2. Login to Internet Banking or Mobile Banking.
3. Scan our corporate PayNow/PayLah! QR code.
4. Verify our UEN number (S76SS0058D) and release funds.
NOTE: Kindly include the details below under the UEN/Bill Reference Number (text limit of up to 25 characters).


5. Once payment is made, please print screen the transaction and email to for our tracking purposes.

Please refer to PayNow and PayLah! for more information.line2

Group Discount
Register as a group of 4 or more participants for the same course and enjoy a 10% group discount!
Applicable for participants from the same company registered within the same day. Discount will be indicated and processed on a single invoice.

Terms and Conditions
1. Group discount is available for employers not eligible for SSG funding. Please contact IIA Academy for more details.
2. All participants will be liable for the full course fee upfront, even in the case of non-attendance.
3. A processing fee of $100 will be imposed for any cancellation. Cancellation must be submitted in writing 7 days prior to the event date and subject to IIAS’s approval. Substitutions will be permitted and conditions will apply.
4. Participant/contact person will be notified via email on the outcome of the application for enrolment within three working days after the registration deadline.
5. Registration is on a first-come-first-served-basis and complimentary parking will be provided only on a first-come-first-served-basis.
6. IIAS reserves the right to revise the programme as necessary.
7. IIAS reserves the right to cancel or postpone the training should the minimum class size is not met.line3


A system generated email will be sent upon successful registration of the mentioned seminar.
Once the course is confirmed, an email confirmation will be sent to the registrants’ contact email addresses 1 week prior to the course commencement date
If you do not receive any email notification regarding your course registrations, please call IIA Academy at 6324 9029

Registration Closed.