What was it about

The workshop addressed the following topics:

• Performing an IT audit from start to finish
• Fundamental principles and methodology
• Types of IT audit
• Computer-Assisted Audit Tools (CAATS)

What were the benefits

The three-day learning event was be facilitated by two experts from the Central Government Audit Service, the Ministry of Finance of the Netherlands. This workshop focused on developing participants’ capacities in IT audit to allow them to apply the acquired knowledge in their daily work. Special attention was on audit tools demonstration. The workshop also provided a real case of an IT audit performed at the Bank of Slovenia.

The following were the learning objectives:

• Have improved basic IT knowledge important for IT auditors
• Have improved understanding of IT risks
• Have learned about principles and common methodology of IT audit
• Be familiar with the utilization of audit tools
• Have gained insights in the process of performing an IT audit, from start-up to filling of the report

Who was it for

The workshop was designed primarily for IT auditors working in public sector organizations. Internal auditors, interested in conducting IT audits, also attended the workshop as well as financial, quality and IT managers, IT project leaders, system analysts, and supervisors.

Faculty

Robin Gelhard, MSc, Senior IT Auditor at the Dutch Central Government Audit Service

Robin is a Senior IT Auditor with 3 years of experience as an IT auditor at the Dutch Central Government Audit Service where he conducts IT audits and advises clients on IT control issues.

He works with various ministries; focus clients include the Ministry of Infrastructure and the Environment, the Ministry of Health, Welfare and Sport, the Ministry of Security and Justice, the Ministry of Foreign Affairs, and the Ministry of Defense. He has also worked briefly within the control department of the Ministry of General Affairs, where focused on identifying and controlling IT risks.

His main fields of expertise are performing audits on ERP Systems and other end-user applications, as well as audits on IT General Controls such as IT Change Management and Access Management. Where possible he tries to make use of data analysis techniques.

Some of his personal interests are studying effective means of IT Governance structures and processes, and exploring the possibilities of new technology and gadgets.

Jasper Veneman, MSc, Senior IT Auditor at the Dutch Central Government Audit Service

Jasper is a Senior IT Auditor with 2 years of experience in Information Security Consulting and over 7 years of experience in IT auditing. Since 2009, he has been employed at the Dutch Central Government Audit service where he conducts IT audits and security assessments. 

He works with the Ministry of Security and Justice, the Ministry of Defense, the Ministry of the Interior and Kingdom Relations, National Police Corps, Medicines Evaluation Board and the Dutch Tax Administration.

His main fields of expertise are performing security audits on Network & IT-Infrastructures, High Secure environments, Data & Information security as well as IT General Controls. More recently, he has been involved in several security assessments on web applications that allow secure and reliable data communications between citizens and the Dutch government through e-government networks.

Some of his personal interests are finding innovative methods of auditing by using IT tooling and new ways of data analysis.

Darko Dolinar, Bank of Slovenia

Mr. Dolinar's current position is the Internal Audit Department Director at the Bank of Slovenija, the Slovenian central bank. Before heading the department, he worked as an IT auditor in the same institution. He is familiar with evaluating policies, risk assessment, and business process design and analysis. Experiences include the local audit as well as joint international audit engagements together with peers from other central banks members of ESCB (European System of Central Banks). He started his career as an IT staff member – programmer, moved through information system and database administration, and then he moved into banking industry as an IT auditor and now CAE.

In recent years, Bank of Slovenia on its own and as a member of the Eurosystem has played an important role in providing technical support to central banks in the Western Balkans. Within this framework, Mr Dolinar has provided technical assistance to the central banks of Albania, Kosovo, Montenegro, Serbia and FYR Macedonia. Occasionally he gives presentations at the professional events.

He obtained a Bachelor Degree in Organisational Sciences, with specialisation in Organisational Informatics. During his professional career, he has attended many courses in the IT field, information security (ISO27001), project management, and internal auditing. He passed the CISA exam in 2005 and CIA in 2011.

Partners

This learning initiative was supported by: