• Ability to identify and evaluate business risks in the IT environment and propose solutions to address the identified risks.
• Ability to identify IT-related business risks and evaluate IT general controls and IT application controls in a business context.
• Ability to prepare an audit programme for the audit of an IT system which addresses both IT general control and IT application control objectives
• Ability to participate effectively in the design, development, testing and implementation of a new IT system, providing appropriate audit advisory and consultancy services from the business context.
Module 1: Fundamentals of Information Security for Business Auditors
Overview of Information Security
• Objectives and Scope of Information Security
• The CIA Triage (Confidentiality, Integrity and Availability)
Security Policies, Standards and Guidelines
• Cybersecurity and information security-related policies
• Security standards and procedures
• Security guidelines
• Security governance
• Continuous assurance
Physical Security Controls
• Common physical security controls
• Biometrics, e.g. fingerprints, retina scan, facial recognition
Logical Access Security
• User authentication and authorisation controls
• Access control principles
• Types of access controls, e.g. role-based security vs rules-based security
• Segregation of Duties (SoD) controls
• Public Key Infrastructure (PKI) system
Information Security Controls
• Encryption, firewalls, anti-virus, etc.
• ISMS (Info Security Management System)
• ISO27001 Standards
• Types of Information Security Controls
• Combating IT Fraud
Data Protection and Privacy
• Data privacy laws
• Personal Data Protection Act (PDPA)
• General Data Protection Regulations (GDPR)
• Impact on data security policies and practices
• Reasonable security procedures for data collection, processing and use of data, data storage, retention and disposal
Emerging Technologies – Impact on Security
• Bring Your Own Devices (BYOD)
• Smart Devices
• Internet of Things (IoT)
• Global Positioning System (GPS)
• Mobile Computing
• Artificial Intelligence (AI) System
• Expert System
• Block Chain
• Bitcoins (digital currency)
• Social Media (Facebook, Twitter, Instagram, etc.)
Cybersecurity Risks and Controls
• IT Infrastructure (computer network, operating system, DBMS, etc.)
• Network concepts
• Existing and emerging cybersecurity risks
• Threat models, e.g. social engineering, malware, Advanced Persistent Threat (APT), Denial of Service (DoS)
• Stages of cybersecurity attacks (infiltration, propagation, aggregation, and exfiltration)
• Cybersecurity controls
Module 2: Fundamentals of IT Audit for Business Auditors
Overview of IT Audit
• Definition and scope of IT audit
IT Control Environment
• Database terms and internet terms
• Basic IT infrastructure
• Network concepts
• Types of IT controls
IT Audit Process
• IT audit planning
• Conduct of IT audit fieldwork
• Reporting of IT audit observations
• Audit guidelines (GTAG)
General Controls and Application Controls
• Software systems (CRM, ERP, GRC)
• Operational roles of network administrator, database administrator, and helpdesk
• Disaster recovery
• Systems development and delivery
• Physical security controls
• Logical access controls
• IT infrastructure controls
• Systems maintenance
• Computer operations
• SANS Top 20 critical security controls
• Application systems controls (input, process, storage, and output controls)
IT Governance, Risk Management and Compliance (GRC)
• Objectives and scope of GRC
• Business and IT Alignment
• Third-party risk management
• GRC systems – Desired Outcomes
Regulatory and Control Frameworks
• COBIT – A framework for IT Governance
• ISO27001 – Information Security Management System (ISMS)
• ITIL – A Framework for IT Services
• Other frameworks (MAS TRM, ISF, etc.)
IT Audit Tools and Techniques
• Computer-Assisted Audit Techniques (CAATs), e.g. Integrated Test Facility, Embedded Data Collection, Generalised Audit Software
Disaster Recovery and Business Continuity
• Disaster recovery planning site concepts
• Systems and data backup
• Systems and data recovery procedures
• BCP/DRP planning considerations
• Crisis management
Module 3: Fundamentals of Systems Development Audit for Business Auditors
Overview of Systems Development Life Cycle
• Core activities in systems development and delivery
• IIA guidelines on role of auditors in systems development
IT Project Management
• Business case justification
• Cost-benefit analysis
• Feasibility study
• Procurement (tender)
• Requirements definition
• Developing, testing, debugging
• Post-implementation review
Design of Controls in Systems under Development
• User authentication controls
• Authorisation controls
• Information security controls
• Data protection and privacy controls
• Application system controls
• Infrastructure changes
• System upgrades
• Software amendments
• Change controls throughout the process
• End-user computing environment
• Controls over end-user computing
Outsourcing of Systems Development
• Procurement and contracts
• Controls over outsourcing
Course Summary and Evaluation
ABOUT THE TRAINER
Mr Abdul Hamid Bin Abdullah is a Certified Information Systems Auditor (CISA), a Chartered Accountant of Singapore (CA Singapore) and a Fellow of the Institute of Internal Auditors (FIIA) Singapore. He has retired from an audit director’s role in the Auditor-General’s Office Singapore with 38 years of public sector audit experience. His professional knowledge and work experiences include IT audits of public sector organisations.
He is a Past President of the Information Systems Audit and Control Association (ISACA) Singapore Chapter and a Past International Vice-President, ISACA Board of Directors and the IT Governance Institute. He was also an Adjunct Lecturer in the Institute of Systems Science, National University of Singapore (NUS), an Associate Professor in the Department of Accountancy, NUS Business School and an Adjunct Faculty of the Singapore Institute of Technology.
Payment by PayNow/PayLah! transfer
Make the payment of your registration fees via PayNow/PayLah! transfer by following the steps below:
1. Upon completing your registration, proceed to payment and select the “Cheque/Fund Transfer” option.
2. Login to Internet Banking or Mobile Banking.
3. Scan our corporate PayNow/PayLah! QR code.
4. Verify our UEN number (S76SS0058D) and release funds.
NOTE: Kindly include the details below under the UEN/Bill Reference Number (text limit of up to 25 characters).
5. Once payment is made, please print screen the transaction and email to firstname.lastname@example.org for our tracking purposes.
Please refer to PayNow and PayLah! for more information.
Register as a group of 4 or more participants for the same course and enjoy a 10% group discount!
Applicable for participants from the same company registered within the same day. Discount will be indicated and processed on a single invoice.
Terms and Conditions
1. Group discount is available for employers not eligible for SSG funding. Please contact IIA Academy for more details.
2. All participants will be liable for the full course fee upfront, even in the case of non-attendance.
3. A processing fee of $100 will be imposed for any cancellation. Cancellation must be submitted in writing 7 days prior to the event date and subject to IIAS’s approval. Substitutions will be permitted and conditions will apply.
4. Participant/contact person will be notified via email on the outcome of the application for enrolment within three working days after the registration deadline.
5. Registration is on a first-come-first-served-basis and complimentary parking will be provided only on a first-come-first-served-basis.
6. IIAS reserves the right to revise the programme as necessary.
7. IIAS reserves the right to cancel or postpone the training should the minimum class size is not met.
A system generated email will be sent upon successful registration of the mentioned seminar.
Once the course is confirmed, an email confirmation will be sent to the registrants’ contact email addresses 1 week prior to the course commencement date
If you do not receive any email notification regarding your course registrations, please call IIA Academy at 6324 9029