aboutnewsprogrammembershipeducationcertificationsponsorship
Overview and Audit Concepts for IT Professionals
[ BACK ]
Date: 2018-07-07
Time: 9:30am - 5:30pm
Venue: TBC
PDU: 7
Speaker: Mr. Song-Boon Teng
Fee:
PMI-HK Member: HKD 1,800
Non-PMI-HK Member: HKD 2,100
Status: Available
Synopsis
 
Do IT managers implement project or system in a secure and control manner? Will your systems pass the auditing rating? Do you know what IT auditors do during an audit? What do IT auditors ACTUALLY audit? If these questions intrigue you, then this course will help increase your general understanding of IT auditing.
 
Ever since the global financial crisis and the increasing risks of hacking, there has been a great focus placed on IT Risks and Controls Management. IT auditors, among other risk functions such as business auditors, Accountants, Compliance, Credit/Market risk specialists, also play a key part of this journey to improve the overall risk management framework of the company.
 
In the current world that we live in, there is an increasing reliance on technology and application systems to perform our daily activities such as banking, stock trading, wi-fi internet access, transportation system, and etc. To provide assurance for people (or consumers) to feel safe and secure to use these application systems, there should exist an independent party with the required IT technical knowledge to verify works and deliverables of IT professionals. IT auditors play this role to provide an independent second opinion and assessment to Management on works performed by IT professionals. They will review IT processes, control measures, operations, methodology, practices, and system settings to make sure IT developers and technologists are working in conformance to the prescribed IT policies, standards and procedures.
 
Course Objectives
 
This course aims to provide participants an overview and understanding of the following:
  • sharing of common IT audit issues, control weaknesses and frauds
  • what IT auditors do during IT audit, and how to assess High, Medium, Low findings
  • how IT audit fits in Audit Committee (AC) and the overall company governance structure
  • how IT auditors decide what and when to perform audits
  • what types of IT audit (project audit, BCP audit, general IT control audit, technical audit, special investigations) they perform

Topics to be covered include:
  • Basics IT auditing concepts
  • Different types of IT audits and general audit risk assessment and ranking process (high medium, low)
  • Audit Committee and Company Corporate Governance Structure (e.g. Three Lines of Defense Model)
  • Overall IT Audit Methodology in Inherent Risk, Residual Risk and Controls
  • Case Studies, IT frauds, and group exercises
 
Audience
  • Project managers
  • PMPs aiming at gaining PDU
  • People who would like to understanding basic concepts of IT auditing
 
Format
  • Interactive classroom Instruction
  • Group discussions
  • Role play

Instructor’s Profile - Mr. Song-Boon Teng
 
Mr. Teng, a seasoned ex-banking and insurance IT auditor and now a part-time IT lecturer in one of the Hong Kong Universities, graduated with a Bachelor degree in Computer Science and then MBA (Technology Management) from Australia universities. Since his graduation, he has worked in many places (Australia, Singapore, Hong Kong, Malaysia, Holland). Professionally, he is a member of Hong Kong Securities Institute (HKSI), a Certified Information System Auditor (CISA), a QA reviewer of IIA (Institute of Internal Auditors), and a member of Information Systems Audit & Control Association (ISCAA).
 
Mr Teng started his early career as programmer, system analyst, system programmer, and IT Security Officer. Later he moved to Audit industry performing IT audits as well as providing advisory/consultancy service and training for senior management. He is well known among his friends and peers as "change agent" who like to keep things simple and easier. He is also a strong believer in Straight-thru-Processing (STP) using IT to automate all processes to achieve operation efficiency.