About this learning event

This online learning initiative will engage participants in a discussion of how IT risks can be properly identified and assessed, and how internal auditors can assure the management that the organization’s data processing systems are adequately controlled and secured, and function as intended, as the later contributes to the organizational objectives while also safeguarding resources. Since IT auditing skills in the government sector are scarce, the event will be a unique occasion for the exchange of experiences in the area of IT practices of public sector auditors.

Overview agenda

What will you learn

During the online course we will go deep in important practices and topics that any auditor needs to know. Topics will be practical and will give you a look in to experience of our faculty. We will also look at IT developments and latest technology and imposed risks connected with it.

Some general topics we will look at are:

• IT Controls: Application controls, general controls, IT risks, control objectives
• Different frameworks that can be used for conducting an IT Audit such as:ISO27001, ISO27002, Cobit, ITIL, BIZL
• How to perform an IT Audit: fieldwork examples,How to do evaluation and analysis
• Latest developments in IT: the changing word of IT and IT Auditing

Please note topics are subject to smaller changes. The course will be organized through CEF Online Learning Campus. You will be required to register an account. It will feature two learning units, one week of online learning per each. Units will feature several webinars on the Cisco Webex platform.

Who should attend

This learning initiative has been designed for IT specialists / project leaders, operational risk and information security professionals who monitor information technology and security and are tasked with providing assurance and consultancy services to the management.

Faculty

The online course will be delivered under the guidance of:

Gerie Gerritse RE CISA

About 15 years ago, Gerie started his career as an IT-auditor at the audit department of the Dutch Tax- and customs administration. There he performed information system audits and security audits at the datacenter in the Netherlands and the Dutch Caribbean. From 2010 until 2016 he was involved in the IT-audits for the European Union as part of the Dutch Audit Authority for the ERDF, ESF and EMFF funds. During that period, Gerie participated as expert in several twinning projects in various countries in the Balkan. Gerie is educated in IT-auditing at the Tilburg University in the Netherlands and is certified IT-auditor at ISACA and the Dutch IT-auditor organization NOREA. Next to his work at the Central Government Audit Service, he teaches IT-auditing and IT-risk management and is a speaker at conferences and seminars.

 

Mr. Erwin den Bak bc. EMITA RE CISSP, Senior IT Auditor at the Dutch Central Government Audit Service

Erwin is a Senior IT auditor with 10 years of experience in IT auditing. He is employed at the Dutch Central Audit service where he conducts IT audits. Besides his IT audit experience he has over 19 years of experience as a system and network administrator for the Dutch Research Council. He is educated in IT auditing at the Amsterdam University in the Netherlands and is certified IT auditor at the Dutch IT-audit organization NOREA. He is also a Certified System Security Professional at (ISC)2. He has worked with most ministries at the central government level and the Dutch Tax Administration but as of 2014 he worked mostly with the Ministry of Foreign Affairs and the Ministry of Infrastructure and Water Management. His main fields of expertise are performing (security) audits on IT-systems and infrastructures, e-government, identity & access management as well as IT general controls. More recently he has been involved in a large audit on both physical and logical access security where he used an audit approach based on data analytics. One of his personal interests is researching the subject of blockchain and how the IT auditor can play an important role in conducting IT audits within organizations where blockchain is or will be applied.

Mr. Jaka Kosmač, LLB, University of Ljubljana, State Auditor, Court of Audit of the Republic of Slovenia

Jaka Kosmač, lawyer with state law exam and state auditor. After graduating, I started working at the Association of Municipalities of Slovenia, where I cooperated at Joint Internal Audit Service and helped organize trainings, meetings and events. I continued my career at the Commission for the Prevention of Corruption, where I began working as an advisor for prevention and integrity of public service, and was later promoted to project manager for integrity of public service. The last year at Commission for the prevention of Corruption, I was also in charge of international cooperation. In the field of the fight against corruption, I collaborated several times with the Organization for Economic Cooperation and Development (OECD), and within this cooperation, I also wrote a contribution on the topic of lobbying published by the OECD and held several presentations. Later I cooperated with the OECD as an external expert and took part in monitoring of the Istanbul Anti-Corruption Action Plan in Georgia. I joined the Court of Audit in 2015 and started working in the Performance Audit Department, since then I participated in a wide variety of performance audits, ranging from environmental to the IT audits. In 2019, I was a speaker at 27th International Conference on information systems audit and control.

Partners

This learning initiative was supported by: