IT Auditing
The main objective of this workshop was to familiarize participants with the underlying principles and standards, methodology and stages of IT audit execution.
About this learning event
Nowadays, the extent of governmental and budgeting processes that depend on IT systems, is rising. Solid IT systems are also vital for the continuous improvements and innovation of processes in public sector organizations. Managers demand reliable IT systems and because the increasing extent of information comes out of IT systems, managers ask for assurance that IT risks are controlled. Thus, it is essential to identify IT risks, review IT controls or in other words assure that IT systems work well and contribute to the organizational objectives while protecting resources.
Because management is responsible for the performance of IT processes they also require an objective and high quality standards from their IT operations. With the in-depth knowledge of IT systems, IT auditors are able to perform tailor made audits and assessments in which risks are identified. To reduce these identified risks IT auditors play a crucial role in providing management with key recommendations that aim to help improve the overall quality and performance of IT systems. In short, IT auditing is becoming increasingly important.
The workshop addressed the following topics:
- Important IT knowledge for IT auditors
- Application controls and IT general controls
- IT audit approaches and tools
- IT security tools
- IT audit stages
What were the benefits
The three-day learning event was facilitated by two experts from the Central Government Audit Service, the Ministry of Finance of the Netherlands. This workshop focused on developing participants’ capacities in IT audit to allow them to apply the acquired knowledge in their daily work. Special attention was put to the demonstration of audit tools. The workshop also provided a real case of an IT audit performed at the Bank of Slovenia.
The workshop aimed at:
- Improving basic IT knowledge important for IT auditors
- Improving understanding of IT risks
- Learning about principles and common methodology of IT audit
- Increasing familiarity with the utilization of audit tools
- Gaining insights in the process of performing an IT audit, from start-up to filling of the report.
Who was it for
The workshop was designed primarily for IT auditors working in public sector organizations. It was also attended by (internal and external) auditors with an interest in conducting IT audits.
Faculty
Jasper Veneman and Arjen Thijssen, IT audit experts, both from the Central Government Audit Service, the Ministry of Finance of the Netherlands
Darko Dolinar, Bank of Slovenia
Mr. Dolinar's current position is the Internal Audit Department Director at the Bank of Slovenija, the Slovenian central bank. Before heading the department, he worked as an IT auditor in the same institution. He is familiar with evaluating policies, risk assessment, and business process design and analysis. Experiences include the local audit as well as joint international audit engagements together with peers from other central banks members of ESCB (European System of Central Banks). He started his career as an IT staff member – programmer, moved through information system and database administration, and then he moved into banking industry as an IT auditor and now CAE.
In recent years, Bank of Slovenia on its own and as a member of the Eurosystem has played an important role in providing technical support to central banks in the Western Balkans. Within this framework, Mr Dolinar has provided technical assistance to the central banks of Albania, Kosovo, Montenegro, Serbia and FYR Macedonia. Occasionally he gives presentations at the professional events.
He obtained a Bachelor Degree in Organisational Sciences, with specialisation in Organisational Informatics. During his professional career, he has attended many courses in the IT field, information security (ISO27001), project management, and internal auditing. He passed the CISA exam in 2005 and CIA in 2011.
Partners
This learning initiative was supported by: