Online Course on General IT Audit

Online Course on General IT Audit

July 29, 2022

Online Course on General IT Audit

1709 1709 people viewed this event.

Introduction :

Information Technology (IT) is a critical enabler of business. Assuring an organization’s governance, risk management, compliance and control processes requires internal auditors to understand the role of IT within their organizations and to develop adequate knowledge and skills to audit IT systems as the line separating “IT” and “non-IT” audits is beginning to disappear, except in the very technical IT areas.

As technology gets increasingly fused with business processes, business auditors need to be better prepared to provide integrated audit services that encompass process and technology audit areas. This course is specially designed to equip business auditors with skills and knowledge to assess IT risks and related controls, IT governance and management controls.

Learning Outcomes :

  • Ability to identify and evaluate business risks in the IT environment and propose solutions to address the identified risks.
  • Ability to identify IT-related business risks and evaluate IT general controls and IT application controls in a business context.
  • Ability to prepare an audit programme for the audit of an IT system which addresses both IT general control and IT application control objectives
  • Ability to participate effectively in the design, development, testing and implementation of a new IT system, providing appropriate audit advisory and consultancy services from the business context.

Who should attend ?

Business auditors, as well as other professionals who have an interest in general IT audit

Course Outline :

Day – I


Definition and scope of IT audit

The CIA Triage (Confidentiality, Integrity and Availability

IT Audit Process

  • IT audit planning
  • Conduct of IT audit fieldwork
  • Reporting of IT audit observations
  • IT Audit Risks
  • Assessing IT Risk
  • Designing IT Controls
  • Business Process Controls

IT Governance, Risk Management and Compliance (GRC)

  • Objectives and scope of GRC
  • Business and IT Alignment
  • Third-party risk management
  • GRC systems – Desired Outcomes


  • ISO/IEC 27001
  • NIST SP-800s
  • SANS
  • Center for Internet Security (CIS)


  • Sarbanes-Oxley
  • Privacy & GDPR & CCPA

Disaster Recovery and Business Continuity

  • Disaster recovery planning site concepts
  • Systems and data backup
  • Systems and data recovery procedures
  • BCP/DRP planning considerations
  • Crisis management


Day – II

Database terms and internet terms

Basic IT infrastructure

Network concepts

  • Defining types of networks
  • OSI model
  • TCP/IP

Networking Risks & Controls

  • Remote access and authentication
  • Common vulnerabilities

Threat models, e.g., social engineering, malware, Advanced Persistent Threat (APT), Denial of Service (DoS)

Network security Tools & resources

Understanding Vulnerability Assessment and Penetration Testing (VAPT)

Web application testing methodology, tools & demos of OWASP top 10

Darknet & deep web

General IT audit checklist

Understanding cyber security framework of RBI, SEBI, IRDAI

Speaker Profile :

Sachin Dedhia (CISA, CEH, CEI, ISO 27001 LA)

He is an independent Cyber Crime Investigator & also a Certified Ethical Hacker (EC-Council, USA). He is also a certified international trainer in the field of Cyber Security, Ethical Hacking, Cyber Crime Investigations & Digital forensics. Since many years he has been working as an Independent Cyber Crime Investigator and also as a IT security expert for various MNC’s, SME’s, Govt depts., Corporate & individuals. He has also provided training to Mumbai, various other State Police Departments. He has also been assisting various other Govt Departments of India with respect to their Cyber Crime queries.

Since 2010, he has been successfully conducting various seminars & workshops across numerous Schools, Colleges, Universities, Chartered Accountants Chapters, Rotary clubs, Hospitals Etc. Overall, it covered all the sectors of the society. He is one of the most popular speaker in Mumbai University for the Refresher & Orientation courses In 2010, he was privileged to give seminar in the Rajbhavan i.e. in Governor’s office of Mumbai. 9 years of experience in vulnerability Assessment and Penetration Testing (VAPT), ISO 27001 Network VAPT, Web Application VAPT. He has conducted numerous audits for various International as well as national clients, Corporate & Govt. depts.

He has been conducting Corporate Workshops at and is associated with various prestigious associations like Indo-American society, Princeton academy, ICAI and Bankers Training college.

He has successfully conducted over 1000+ seminars & workshops across India, & enlightened over 75,000 participants.

Participation Fee :

Members Rs. 7,000 + 18% GST
Non-Members Rs. 8,000 + 18% GST
Bank Details for NEFT
Account No. 10996680930
Bank Name State Bank of India
Branch Address Mumbai Main Branch

Cheque /Demand Draft should be drawn in favor of “BOMBAY CHAMBER OF COMMERCE AND INDUSTRY”

Contact Details :

Revati Khare || Assistant Director – Information & Communication Technology Committee
Email :
Tel. (D) + 91 22 6120 0231; (M) + 91 9892029473

Additional Details

Event Fees Type - Paid Event

Event or Seminar - workshop

Event registration closed.

Date And Time

August 17, 2022 11:00 AM to
August 18, 2022 05:00 PM

Registration End Date

August 16, 2022
Paid Event
Online Event


Share With Friends

instagram default popup image round
Follow Me
502k 100k 3 month ago