Not only is a large percentage of internal controls essential to today's organisation’s proper operations, but possible control deficiencies in the IT systems will also exert a greater impact on the company’s operations (especially in highly automated environments).
Thus, it is vital for internal auditors to cover IT risk in the audit universe - in particular, testing the IT General Controls and Application Controls to ensure confidentiality, integrity and availability of IT systems and data. Testing those controls also allow to improve effectiveness and efficiency of IT systems and processes, as well as, to provide IT-related assurance to Management.
In this respect, as Internal Audit (“IA”), you are likely to face the following challenges:
- You have to integrate IT Risks within your audit plan,
- You realise the benefits of an integrated audit approach but do not know how to implement it
- In case of a significant update of the IT infrastructure or a new application, you know that this will represent a key aspect of your annual plan, but you don’t know how to approach it to provide sufficient assurance
- If your company launches a new service through the web or will start Electronic Data Interchange with key suppliers, how will you be involved to be able to provide an assessment before the go-live?
To assist you in facing these challenges, PwC's Academy offers this dedicated training programme designed to provide internal auditors with the concepts and practical tools on IT General and Application Controls necessary to scope, execute and report on an IT audit.
Upon completion of the course, the participants will be able to:
- Describe how an IT audit can be integrated with other audit reviews
- Develop an IT audit plan
- Refer to and use well-known frameworks and existing materials to scope, execute and report on an IT audit
- Assess an IT control environment
- Identify key IT risks and test key controls in relation to information security, systems development, program changes and computer operations
- Identify the different types of application controls, their related objectives, and how to test them
- Analyse and report IT exceptions
Introduction – IT audit in perspective
- Relevance of Information Technology
- IT environment
- IT audit definition and objectives
- The COSO framework
- Information Technology General Controls (ITGCs)
IT auditing standards
- IT Assurance Framework (ITAFTM)
- Standards: COBIT, ITIL and ISO
- IT Assurance Guide Using COBIT®
Developing the IT audit plan
- Types of IT audits
- Developing the IT audit plan
- Integrating IT audits in other audits
- Common pitfalls
- Controls testing strategies
- Treatment of exceptions
ITGC in details- IT control environment
- The COSO framework
- Applying COSO to IT
ITGC in details – Information Security, program changes, systems development and computer operations
- Main points of focus (key risks)
- Types of tests
- Examples of controls / tests
- Application Controls vs. ITGC
- Types of Application Controls
- Flowcharting of business processes
- Control Matrix
- Sample audit plan
- Junior and experienced internal auditors with no or limited experience in IT audit, who want to understand how they can make the link with work done at IT level and how they can contribute to the scoping of IT audits
- Junior and experienced IT specialists, recently integrated into an internal audit department and with no or limited experience in audit who need to be able to define IT audit plan and execute audit assignment, fully aligned with the company audit universe.
This training will be coordinated by Pierre François Wery, Partner of Risk Assurance Services, PwC Luxembourg.
Pierre Françcois Wery,
Responsible for Governance, Risk and Controls, Pierre-François is Réviseur d’Entreprises Agréé, Master in Law and Certified Fraud Examiner.
He is a Board Member of the Institute of Internal Auditors Luxembourg (IIA) and he is a member of the Luxembourg association of Compliance Officers (ALCO).
He has 22-years experience in Internal and External Audit, Forensic and Advisory services in the financial, commercial and industrial sectors in Luxembourg.
This course can also be delivered in French.
Number of participants
Limited to 15 participants to ensure the right level of interactivity.