IT Auditing
If you want to become an IT auditor or learn more about the IT audit, a solid body of knowledge is essential. Participating at this event will give you an opportunity for strengthening your understanding of the IT audit and improving your skills for performing IT audits.
About this learning event
Nowadays, the extent of governmental and budgeting processes that depend on IT systems, is rising. Solid IT systems are also vital for the continuous improvements and innovation of processes in public sector organizations. Managers demand reliable IT systems and because the increasing extent of information comes out of IT systems, managers ask for assurance that IT risks are controlled. Thus, it is essential to identify IT risks, review IT controls or in other words assure that IT systems work well and contribute to the organizational objectives while protecting resources.
Because management is responsible for the performance of IT processes they also require an objective and high quality standards from their IT operations. With the in-depth knowledge of IT systems, IT auditors are able to perform tailor made audits and assessments in which risks are identified. To reduce these identified risks IT auditors play a crucial role in providing management with key recommendations that aim to help improve the overall quality and performance of IT systems. In short, IT auditing is becoming increasingly important.
What you have learned:
The main objective of this workshop was to familiarize participants with the underlying principles and standards, methodology and stages of IT audit execution.
During the workshop we discussed the following topics:
- Important IT knowledge for IT auditors
- Application controls and IT general controls
- IT audit approaches and tools
- IT security tools
- IT audit stages
How you have benefited
The three-day learning event was facilitated by two experts from the Central Government Audit Service, the Ministry of Finance of the Netherlands. This workshop focused on developing participants’ capacities in IT auditing and to allow them to apply the acquired knowledge in their daily work. Special attention was put to the demonstration of audit tools.
By the end of the course, participants were expected to:
- Have improved basic IT knowledge important for IT auditors
- Have improved understanding of IT risks
- Have learned about principles and common methodology of IT audit
- Be familiar with the utilization of audit tools
- Have gained insights in the process of performing an IT audit, from start-up to filling of the report.
Who should attend
The workshop was designed primarily for IT auditors working in public sector organizations. This workshop was also recommended for (internal and external) auditors who are interested in conducting IT-audits, as well as financial, quality and IT managers, IT project leaders, system analysts, and supervisors.
Your contributions
The workshop was highly participatory. Participants had the opportunity to share experience and knowledge.
Event was in ENGLISH only. No Translation was provided.
Faculty
Mr. Arjen Thijssen MSc CISSP, Senior IT Auditor at the Dutch Central Government Audit Service
Arjen is a Senior IT Auditor with over 10 years of experience in IT auditing. He is employed at the Dutch Central Audit service where he conducts IT audits. This year he has been appointed Cybersecurity lead. In this role his prime responsibilities are skills improvement, knowledge sharing and innovation in the field of cybersecurity.
He has worked with most ministries at the central government level and the Dutch Tax Administration but recently he mostly worked with the Ministry of the Interior and Kingdom Relations and IT shared service centers.
His main fields of expertise are performing (security) audits on IT-infrastructures, e-government, identity & access management as well as IT general controls. More recently he has been involved in a large audit on both physical and logical access security where he used an audit approach based on data analytics.
Some of his personal interests are finding innovative methods for conducting IT-security audits (e.g. by using security logging and tooling) and setting up labs for hands-on practice.
Ms. Ruurdje Procee MSc, Senior IT Auditor at the Dutch Central Government Audit Service
Ruurdje is a Senior IT Auditor with 4 years of experience as an IT auditor at the Dutch Central Government Audit Service where she conducts IT audits and security assessments. She works with various ministries and also worked briefly at the security office of the Department of Public Works.
Her main fields of expertise are performing security audits and IT-project evaluations. More recently, she has been involved in several security assessments on web applications that allow secure and reliable data communications between citizens and the Dutch government through e-government networks.
One of her personal interests is researching the human factor in information security and how to apply this in IT-audit.
Ms. Maja Hmelak MSc, CISA, CIA, PRIS, IT Auditor at the Court of Audit of the Republic of Slovenia
Maja is an IT auditor with over 15 years of experience in IT auditing, both in the Big4 as well as in public sector environments. She is currently employed at the Court of Audit of the Republic of Slovenia where she conducts performance audits, primarily focusing on the effectiveness and efficiency of information system support of various public organizations and services.
Since joining the ranks of Slovenian public sector auditors, she has audited a number of public projects and services, including implementations of eHealth services, a new Slovenian tax management system, the central Slovenian blood transfusion information system, IT support of public health services payments, central vegetation protection information system and many others.
For a number of years Maja has also been working as a lecturer for the Slovenian institute of auditors and other institutions.
Partners
This learning initiative was supported by: