Skip to Main Content

October Program - Expanding Your IT Audit Horizons - Audit and Risk Management

Expanding Your IT Audit Horizons – Audit and Risk Management

Course Overview:

In this full day course, we will cover off 4 distinct training sessions broadly covering enterprise risks, the linkage back to technology risk management, and implications for technology auditors.  The goal of this session is to expose risk management and audit professionals to enterprise risk management concepts, and the need to consider these risks during times of disruption and strategies for auditing controls in situations where processes span multiple areas of an organization (i.e., crisis mgmt, business resumption, third party reliance, etc.).



Individual Session Descriptions:

 ·         Enterprise Risk Management (ERM) and Internal Audit - This session will review the risks associated with ERM, the interaction between ERM and Internal Audit, and how best to ensure there is alignment.  Key highlights include: (1) the definition and key risk areas for ERM, (2) the need for ERM, (3) obstacles for implementing ERM, and (4) how Internal Audit can help ERM.

·         Crisis and Change Management – Internal Audit Involvement - This session will cover the implications and impacts of crisis management and organizational change management and what the internal auditor may need to do.  Key highlights include: (1) Crisis Management Planning, (2) Crisis Management Execution, (3) Audit’s Role in Crisis Management, and Organizational Change Management (definition, impacts, and Audit’s role).

·         Auditing Disaster Recovery / Business Resumption Planning - This session will cover the various components of a disaster recovery plan, the ten critical things the auditor should be considering when reviewing the plan, the different types of DR exercise approaches the auditor may encounter, and the detailed steps to follow when doing this type of audit.   Key highlights include: (1) the seven key categories within the DR plan that need to be in place and reviewed, (2) the makeup of a DR Plan / Exercise, (3) Audit focus points during the review, (4) risk identification and mitigation, (5) the benefits of doing a DR review, and (6) understanding how Business Continuity and DR are interweaved.

·         Outsourcing and the Need for Supplier Audits – This session will cover the reasons why companies use third party suppliers, either as in an outsourced arrangement or in a true vendor arrangement, the risks involved, and what audit should be doing in response.  Key highlights include: (1) understanding the risks from a security and privacy perspective, (2) contract elements, (3) minimum security requirements that should be put in contracts, and (4) supplier audit techniques.



CPE Certificate for 8 Hours will be provided.


7:30 AM - Registration Opens (Complimentary Breakfast included)
8:00 AM - Program Begins
10:00 AM - 15 minute break
12:00 PM  - Lunch Opens (one hour)
2:15 PM - 15 minutes break with snacks
5:00 PM - Program End

(CPE Certificates will be provided by e-mail within 7 business days)

  • When

  • Tuesday, October 17, 2017
    7:30 AM - 5:00 PM
    Eastern Time Zone

  • Where

  • Regional Learning Alliance (RLA)
    850 Cranberry Woods Drive
    Cranberry Township, Pennsylvania 16066
    (724) 741-1000

  • Capacity

  • 70 (20 remaining)

Additional Information

Registration Closes at 2:00 PM on Tuesday, October 10, 2017 as per our Cancellation Policy for 2016-2017, this is also the deadline to cancel your attendance and obtain a refund. After this date, you may send a substitution at no charge.

Please be aware, As per our 2017-2018 cancellation policy, You may only send another ISACA member as a substitution for your registration at any time without penalty (please notify the Registrar).

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!