The Institute of internal Auditors Advanced Technology Committee has identified 2 categories of IT knowledge for Internal Auditors;

1. All auditors from new recruits to Chief Audit Executive

“Basic” IT knowledge encompasses understanding concepts such as difference in software used in applications,operating systems,database and networks. It includes understanding basic IT Security and Control components such as perimeter defences, intrusion protection, and authentication and application system controls.

2. Audit Supervisors

Must have basic knowledge, but must also understand IT issues and elements sufficiently to address them in audit planning, testing, analysis, reporting, follow up and the assignment of auditor skills to the elements of audit projects. The Audit Supervisor essentially must:

1) Understand the threats and vulnerabilities associated with automated business processes.
Understand business controls and risk mitigation that is provided by IT.
3) Plan and supervise Audit tasks to address IT-related vulnerabilities and providing controls for business applications and environments.
4) Ensure the audit team has sufficient competence, including IT proficiency, for audits.
5) Ensure the know-how and effective use of IT tools in audit assessments and testing.
6) Approve plans and techniques for testing of controls and information.
7) Analyse symptoms detected,and relate them to causes that may have their sources in business or IT; planning,execution,operations,change management,intrusion protection,authentication,or other risk areas.
8) Provide audit recommendations based on business assurance objectives appropriate to the sources of problems noted rather than reporting on problems or errors detected.

We have been granted approval by the Ministry of Higher Education, to conduct in association with the Cybernetics College of Technology, the following Certification courses:

1) Certificate Course in Information Systems Management and Audit I
Certificate Course in Information Systems Management and Audit II
3) Certificate Course in Information Systems Management and Audit III
4) Introduction to ICT Auditing (Executive Certificate Training Program)

These courses focus on enhancing the capabilities of the Internal Auditors and other Commerce Graduates to take up audit of commercial operations being carried out through in the computerised environment.

We have adequate resources and infrastructure to train the Internal Auditors in improving their skill sets to tackle problems of technology cropping up in their day to day operations and help them overcome such issues and discharge their functions efficiently by using the IT environment effectively for collecting and analysing the required information for better decision making.

In this regard, we have to state that we have the specific skill sets of senior auditors in the field of Financial, Operational and ICT Audits ably supported by trained faculties capable of presenting to the participants lucidly all topics so that after the sessions the participants are made to feel the value addition in attending the training.

Our resource persons are also experienced in various aspects of Audit, both Internal and Information Systems (IS) Audits of Banks, Insurance and other Financial establishments.

Accordingly, in this direction we have formulated Training Modules to address the following areas of concern for the Internal Auditors:

1) Understanding and implementing the various accounting standards that have become mandatory
Improving the analysis, appraisal and evaluation methodology of the Internal auditors in the background of the automated working environment.
3) Improving the report preparation and presentation techniques of the Internal auditors.
4) Formulation, review and modification of the security policies of the organisation especially in the area of information security.
5) Audit of the Bank’s network – safeguarding and appraising the environment to provide an assurance that the systems are functioning and delivering as per the requirements of the business goal of the organization.
6) Auditing the database of the organisation to retrieve the required information and testing the security environment to ensure that the data is made available only on a need to know basis.
7) Reviewing the configuration of the firewall of the organisation to ensure that their communication structure is properly safeguarded from unauthorised intruders.
8) Helping the usage of CAATs (Computer Assisted Audit Techniques) in their audit environment.
9) Auditing the ATMs and the challenges faced in the ATM Audit
10) Credit Card administration audit and challenges
11) MIS Audit
12) I.T. Administration audit
13) I.T. Security audit
14) Review the critical appraisal of the existing access control mechanism and the implementation of the User ID and Password mechanism.
15) Electronic Funds transfer audit.

Electronic Banking

17) Basel II

We design and develop customised Training courses as per the specific requirements of the Management to focus on the concerns to be addressed as per your specifications.