Technology Assurance Certificate

Changing Role of Auditors in the Technological Era:

The role of auditors has been changing rapidly in the era of technology. Technological advancements have made it possible for businesses to automate many of their processes, which has led to increased efficiency and accuracy in financial reporting. However, it has also created new risks and challenges that auditor must address. To address such risks and challenges auditors need to upskill themselves in the following areas:

In summary, technology has had a significant impact on the role of auditors. Auditors must now have a solid understanding of IT systems, cybersecurity risks, and data analytics to perform their duties effectively in today's digital age.

Program Overview:

Digital Assurance and Accounting Board of ICAP has designed first of its kind, Technology Assurance Certificate, program to provide nexus between finance and evolving needs of Information Technology.

Technology Assurance Certificate, is specifically tailored to acquaint and equip professionals with the skills and knowledge required to effectively assess and improve the security and risk management of their organization's technology systems.

The Program is designed to provide an understanding of the concepts, principles, and best practices associated with technology assurance. The program covers a wide range of topics, including cybersecurity, risk management, auditing, compliance, and information governance.

Upon completion of the course, participants will be able to identify and evaluate potential risks to their organization's technology systems, implement effective security controls, and ensure compliance with relevant regulations and standard.

Program Format:

Technology Assurance Certificate course is delivered by experienced professionals both onsite and online. The course spans over 48 hours and includes a combination of pre-class reading material, handouts, quizzes, case studies and hands-on exercises followed by mock exam and final assessment.

Course Objectives:

Understand the role of IT in organizations and the importance of IT Audit and Assurance.
In-depth knowledge of IT governance, IT risk management, and IT controls.
Understand IT security, IT compliance, and the regulations that govern them.
Learn about the technology and tools used in IT audit and assurance.
Gain practical experience in IT audit and assurance through case studies and hands-on exercises.

Skills and Knowledge Gained:

Understand the principles and practices of Information Technology and Audit.
Identify and evaluate potential risks to organization's Information Technology systems.
Implement effective security controls.
Ensure compliance with relevant regulations and standards.
Conduct IT Audit and prepare reports.
Understand IT governance.

Course Content and Learning Outcomes:

Prepare an IT Audit Program in accordance with IT Audit standards & framework and a risk-based 2S audit strategy
Conduct the annual and periodic risk assessments and plan risk-based IT, audit engagements, considering effects of Laws and Regulations on IT Audit Planning.
Understand the concept of risk based 2T auditing including inherent, control, and detection risks.
Know the definitions of different types of audits, including integrated IT audits, and how to determine whether information systems are protected, controlled, and provide value to the organization.
Understand the difference between continuous monitoring and continuous auditing in 2T audits
Appreciate the role of IT auditor in the audit team
Appreciate the role of financial auditors in communication of IT audit progress, findings, results, and recommendations to stakeholders.
Understand the management of IT audit function, IT Audit Charter and its contents.
Understand IT General Controls, and how to test them using sampling and data analytics, evidence collection and analysis.
Managing the audit project – planning, reporting, communications, documentation, quality assurance.
Know Global IT Audit Standards, Frameworks (IIA, ISACA, etc.), Regulatory Guidelines, Codes of Ethics.
Understand the difference between IT compliance/design testing and IT substantive/operational effectiveness testing.
Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.

Understand the role of Governance function in creating value for the organization

Comprehend GRC and IT Governance, its relationship to Corporate Governance, know what drives IT governance and who is responsible for it.

Understand the IT governance structures and the Three Lines of Defense (3LoD), including the role of the Board, senior management, internal/external auditors and regulators in IT assurance practices.

Gain familiarity with the different global IT Governance frameworks & standards (COBIT, 2SO Standards, ITIL).

Understand the importance of IT strategic planning, alignment with business strategies and the responsibilities of the IT Strategy Committee and the 2T Steering Committee.

Gain knowledge of different IT Policies and Procedures, and the important points to look for when reviewing IT and related security policies

Gain understanding of SBP and SECP requirements for IT governance, including overview of SBP’s Enterprise Technology Governance & Risk Management Framework for Financial institutions.

Know alternative forms of system development methodologies – SCRUM, Agile, Incremental and alternative development, prototyping.

Understand the major risk of any software development project.

Understand the phases of the traditional SDLC approach and what should be an auditor’s focus be in SDLC

Understand the types of backups, related storage options and how to audit them.

Know how to audit software licensing and why is that important.

Know IT Network Infrastructure and different options like fiber optic, copper.

Auditing Infrastructure and Operations and relevant documentation.

Appreciate the complexity of Network Infrastructure Security.

Understand the difference between routers, switches and modems.

Understand VPNs and virtualization, the rationale for remote access and their risks for an organization.

Understand the security threats and risk mitigation techniques for wireless networking.

Understand ERP fundamentals, concepts, principles and when to use 1RPs.

Analyze the adequacy of ERPs processes, key application controls, integration controls and security controls and identify improvements.

Understand the difference between Business Continuity plan (BCP) and Disaster Recovery Plan (DRP).

Comprehend Business Impact Analysis of the business functions, and the classification of risks for systems (Critical, Vital, Sensitive, Non-sensitive) memorize the definitions of each of the four

Know the criticality to auditing Business Continuity, how to review BCP and the test drills.

Understand Disaster Recovery Planning process and test drills

Understand the Importance of Information Security Management for confidentiality, integrity and availability, Physical Access and Environmental Controls, Identity and Access Management, Network and End-point Security.

Learn the Key Elements in Information Security Management and their key controls.

Understand Information Security Management roles and responsibilities

Comprehend logical Access and its criticality as primary means used to manage and protect information assets.

Learn access control models such as Mandatory access controls (MACs) and discretionary access controls (DACs)

Learn Common cyber-crime issues and exposures.

Information System Attack Methods and Techniques.

Information Security Event management: Security Testing Tools and Techniques, Security Monitoring Tools and Techniques, Incident Response Management, Evidence Collection and Forensics.

Trainers/Mentors for the Program:

Mr. Hussein Hassanali

Zainab Hameed

EdTech – Founder TeeSquare – Co FounderIT Governance Chair – ISACA

Naushad Siddiqui

Head of Technology Audits Sui Southern Gas Company

Aamir Shaukat Hussain

Founder & Partner Value Source LLP Public Speaker and Certified Trainer

Register Now