Webinars: De-mystifying IT audit for business auditors
Webinar series: De-mystifying IT audit for business auditors - stop being afraid of the black box.
ACCA UK's Internal Audit Network held a series of seven webinars on de-mystifying IT audit for business auditors in 2017. The series started in May and concluded in November with a webinar about the General Data Protection Regulation (GDPR). It featured three main presenters - Vincent Mulligan FCCA (IT Audit Consultant at Eisteoir Consulting Ltd), Mike Hughes CISA, SGEIT, CRISC and Steve Connors CISM, FIPA, FFA (both partners at Haines Watts).
You can watch any of these on demand - get 7 CPD units if you watch them all - by registering here.
The webinars covered:
As accountants and auditors, we recognise the importance of Information technology (IT) on organisations and that the examination of the management controls over IT and the management of information is an essential part of a review of those organisations. In this introductory session, we will consider some of the ways we organise ourselves and the approaches we adopt to conduct these reviews.
IT general controls
ITGC or General Computer Controls (GCC) are controls which relate to the environment that supports our IT applications and which are therefore applicable to all applications. In this session, we will consider the nature of these ITGC, the challenges we face reviewing them and the approaches we can use to audit them.
Application audit review
Application controls are controls that we have implemented over our application systems to ensure they operate as intended and ensure the accuracy and completeness of the data, calculations and records. In this session, we will consider the types of these controls and the approaches we can use to audit them.
Infrastructure audit review
IT infrastructure consists of the hardware, software, network resources and IT management services that we leverage to deliver the IT environment that supports our organisations. As the complexity of our IT environment increases and our dependence on IT grows, providing assurance on the effectiveness of the controls over these assets and services is critical to management and other key stakeholders. In this session, we will consider how we can effectively review IT infrastructure and the organisations and processes we have put in place to manage it.
Integrating IT audit into the business audit
We use our Information Technology to support our business processes, therefore it is logical that we consider the key controls we have implemented to manage the financial, operational, organisation, IT and other key risks that impact on that business process or function. Integrated reviews which leverage the skills and experience of multi-discipline teams allow us to provide assurance across these key risks. In this session, we will consider how we can effectively organise and implement integrated audits.
How to audit cybersecurity
As our organisations take advantage of the opportunities of the internet and digital technologies and implement ever-greater connectivity with our customers, vendors and other stakeholders our exposure to a wide range of cyber threats grows. As the expectations grow of our key stakeholders, including our boards, management and regulators, for assurance over the effectiveness of the controls managing these risks, we will consider how we can deliver the cybersecurity audits.
General Data Privacy Regulations
The EU general data privacy regulations (GDPR) were adopted on 27 April 2016 and will become effective in 25 May 2018 after a two-year transition period. This will replace the current 1995 directive and will affect organisations that process EU citizens' data. As the deadline for compliance approaches we will consider how you can understand the impact of this regulation on your organisation and assess your organisation’s compliance readiness.
To register to watch any of the webinars in this completed series, click here.