Super Early Bird Fee

Register and Pay
by 1 Jun '18

Early Bird Fee

Register and Pay
by 29 Jun '18

Regular Fee

Register and Pay
after 29 Jun '18

$1,349.00(USD) $1,499.00(USD) $1,649.00(USD)

Group Discount! Enjoy 10% off when you register for 3 or more
or
For groups of 3, 4th comes for free

IMPORTANT NOTES
  1. Super Early Bird and Early Bird promotion: Discount will only be valid if payment is received by stipulated date.
  2. Group Discount only applies to registrations from the same company registering at the same time, issued in a single invoice and of the same billing source.
  3. Only corporate registrations will be accepted.
  4. Bank charges & taxes are to be borne by registrants, if applicable.
  5. Full payment is mandatory upon registration for admission to the event.
  6. Walk-in delegates will only be admitted on the basis of space availability at the event and with immediate full payment.
  7. Fee includes lunch, refreshments and documentation.
  8. The organiser reserves the right to make any amendments that it deems to be in the interests of the event without any notice.
  9. Information provided will be used for event administration and updates on upcoming events. For more details, please visit: http://www.conferences.com.sg/personal-data-protection-statement/

CANCELLATION & REPLACEMENT

A replacement is welcome if you are unable to attend. A full refund less 10% administrative charge will be issued for cancellation received in writing by 6 Jul 2018. A 50% refund and a set of documentation will be issued for cancellation received by 20 Jul 2018. Regrettably, no refund will be issued for cancellation received after 20 Jul 2018 or for “no show” participant. You will however receive a set of documentation.

Can you Identify Technology Risks, Implement Critical Controls?

Rapid digitalisation is forcing businesses to embrace new technologies to scale up and outperform competitors. Yet this opens the doors to cyber and data security risks. To keep pace with emerging technologies, Internal Auditors need to broaden their skillsets to identify critical technology risks and implement appropriate controls to mitigate them.

Join this 2-day practical workshop to acquire the latest approaches and framework in IT auditing. Learn how to evaluate common IT audit standards and guidelines to meet organisational and audit objectives. Find out how to define an IT audit scope and apply Computer Assisted-Audit Techniques (CAATs). Discover how to design effective IT general and automated controls and evaluate control deficiencies. Analyse the implications of emerging technologies and evolving threats to existing IT audit approaches.


Programme Highlights

IT and cybersecurity landscape

Key risks challenging IT and cybersecurity

Role of an IT auditor

IT audit skillsets needed in different nature of audits

IT audit framework

COBIT 5, NIST, ISO, COSO

IT audit standards and guidelines

Audit objectives, regulatory requirements

Co-sourcing, outsourcing, in-sourcing

Key considerations, pros and cons

IT audit approach, methodology and nature

Types of IT audit – do you see what an IT auditor sees?

IT general controls

4 key domains, methodology

IT application/automated controls

5 key classification, defining scope

Often neglected IT audit areas

System reports, physical security related, ticketing system

IT audit reporting

What to look out for when you perform a review

Emerging technology and evolving threats

Can tools alone help to mitigate such risks?

Benefits of Attending

  • Understand what cybersecurity means and the difference between IT and cybersecurity
  • Gain insights into an IT auditor’s job scope and challenges facing internal audit and IT audit today
  • Hear case studies of real-life applications of the IT audit framework: COBIT 5, NIST, ISO, COSO
  • Determine the applicability of IT audit standards and guidelines based on audit objectives
  • Find out the key considerations when selecting an IT audit service provider
  • Analyse the 4 key domains of IT general controls and the methodology
  • Learn how to design effective IT general controls and evaluate IT general control deficiencies
  • Discover how to define scope to audit IT application/automated controls
  • Define the 5 key classification of IT application/automated controls
  • Examine what and how to write an IT audit report, how to grade and present it
  • Assess what to look out for in emerging technologies and how to be ready for evolving threats
 

Workshop Leader

Jenny Tan

Partner, Risk Assurance,

PwC

IA21-pwc

 

Jenny is a Partner with more than 18 years of experience in providing and managing assurance and consultancy services. Her expertise includes Business Continuity Management, Internal Audit & Risk Management, IT Audit & Advisory, Outsourcing Standards and non-profit organisation services. Prior to joining PwC, Jenny was leading the Technology Risk Management and Internal Audit Practice of Singapore’s largest mid-tier professional organisation.

 

Jenny, whom is currently leading the IT Audit Support Practice of PwC Singapore, has led and managed numerous IT audit and internal audit jobs. Her portfolio included regional work in the Asia Pacific region. Jenny also played an internal role as COO in her practice as such, she can through her practical experience in leading operations and complex global engagements, she brings an appreciation of the approach and dedication required to deliver a consistent, high quality global audit. Jenny is also a regular trainer on her risk assurance subjects to internal and external professionals.

 

Jenny holds a Master of Accountancy, Master of Business Administration, Bachelor of Science in Business Computing (Hons), Graduate Diploma in Human Resource & Talent Management, Graduate Diploma in eCommerce and Graduate Diploma in Information Technology Security.  She has several professional certifications such as CGEIT, CISA, PMP, CITPM, BCCE and ISO 9000. She has served on the board of a non-profit organizations such as ISACA and IIA Advocacy Committee.

Who Should Attend

Internal Auditors, Process Auditors, Compliance Executives, Risk Managers, Process Owners, Business Executives

 

Agenda

  • Session 1: An overview of IT and cybersecurity landscape

    • The developments of IT
    • Understanding what cybersecurity means
    • The differences between IT and cybersecurity
    • The key risks challenging IT and cybersecurity
  • Session 2: Understanding the role of an IT auditor

    • IT auditor’s job scope
    • IT audit skillsets needed in different nature of audits e.g. financial audit, operational audit, compliance audit, third party audit, etc.
    • Challenges facing internal audit and IT audit
  • Session 3: Introducing the IT audit framework

    • COBIT 5
    • NIST
    • ISO
    • COSO
  • Session 4: Understanding the applicability of IT audit standards and guidelines

    • Identification of audit objectives
    • Identification of regulatory requirements
    • Evaluating each common IT audit standards and guidelines to meet organisational and audit objectives
  • Session 5: Considerations for co-sourcing, outsourcing and in-sourcing

    • Understanding the pros and cons of the following models, including quality of work, existing competencies, audit responsibilities, costs, Board and Audit Committee’s expectations, etc:
      • Co-sourcing model
      • Outsourcing model
      • In-sourcing model
    • Key considerations when selecting an IT audit service provider
  • Session 6: IT audit approach, methodology and nature

    • Determination of audit approach and methodology
    • Types of IT audit – do you see what an IT auditor sees?
    • How to define an IT audit scope
    • Application of Computer Assisted-Audit Techniques (CAATs)
    • Appreciation of IT security & forensic
  • Session 7: Perception of IT general controls

    • Understanding the 4 key domains of IT general controls
    • Understanding the methodology
    • How to design effective IT general controls
    • How to evaluate IT general controls deficiencies
  • Session 8: Exploring IT application/automated controls

    • Understanding the 5 key classification of IT application/automated controls
    • How to define scope to audit IT application/automated controls
    • Understanding the methodology
    • How to evaluate control deficiencies
  • Session 9: Often neglected IT audit areas

    • System reports
    • Physical security related
    • Ticketing system
  • Session 10: IT audit reporting

    • What and how to report
    • What to look out for when you perform a review
    • How to rate/grade an IT audit report
    • How to present an IT audit report
  • Session 11: Emerging technology and evolving threats

    • What to look out for
    • Implications to existing IT audit approach and consideration
    • What are the risks facing the profession
    • Can tools alone help to mitigate such risks?
    • How to be ready