Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorEvaluating IT Security Management
Course Description Course Outline Bring Us On Site  

Evaluating IT Security Management

Course Description

Print-friendly Course Description and Outline

Most development projects include financial, operational, and IT components. These projects tend to go off track when the project controls fail or are not enforced adequately. The involvement of the internal audit function is an additional management practice to ensure appropriate project governance, risk management, and realization of asset value.

The process is often subject to financial, operational, and political constraints and pressures. The results can be devastating if not properly addressed. Internal auditing can provide major value in reviewing the process by phase. Internal auditing’s contribution can be both in content (internal controls) and governance oversight. Using COBIT as a framework, internal auditors (IT, operational, and financial) will learn to develop an audit approach that achieves both objectives and incorporates the full resources of the internal audit function into the process.​

This approach is a complement to the Auditing Systems Development and Project Management Audit/Assurance Program available on the Information Systems Audit and Control Association website. We utilize maturity models and management reporting mechanisms to evaluate and report the progress of a project routinely as it proceeds through its life cycle.​

In this course, we will discuss the:

  •  Objectives of the IT-enabled project audit.
  • Use of COBIT as a resource for control objectives.
  • Reliance on the standard audit universe.
  • Key phases in the project life cycle.
  • Key control components by phase.
  • Audit process by phase.​
Course Duration: 1 day(s)
CPE Hours Available: 7
Knowledge Level: Intermediate
Field of Study: Auditing
Advance Preparation: 
Delivery Format: On-site Training (Group-Live)

​Understanding the Project​

  • The components of a business project
  • Business impact of developed product
  • Business risks associated with the project
  • Systems development approaches
  • Components of systems development

Design Methodology

  • Top-down vs. bottom-up

Establishing a Development Framework

  • Typical activities at each phase
  • COBIT as a systems development framework

Assurance Framework

Three Objectives of the IT-enabled Project Management Review

Audit Scope Attributes and Their Components at Each Project Phase

  • Governance
  • Project management
  • Budget
  • Internal controls
  • Business process
  • Third-party providers and other external influences

Audit Approach

Auditing Internal Controls

The Auditor as a Project Customer

Reliance on the Audit Universe

  • General controls
  • Application controls
  • Financial interfaces

Reporting Process

Using a Maturity Model to Establish Objective Assessment

Key Points for Success

​ ​​

​​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to​​