Information Technology (IT) Auditing
Continuous IT advances are considerably changing the way governments operate and deliver services to the public. One trend that can be observed across South East Europe is an effort to pursue effective and efficient public services through digitalization, whereby governments are increasingly delivering information and services electronically. This results in both opportunities and challenges and marks an important milestone for internal audit function.
About this learning event
Public sector auditors have a significant interest in these developments as they are increasingly being expected to provide management with an assurance that the risks related to the latest information technologies are well managed. This learning initiative gives insight into the effect of digitalization for the internal audit function in the public sector. Participants will be engaged in a discussion on how IT risks can be properly identified and assessed, and how internal auditors can assure that the organization’s data processing systems are adequately controlled and secured, and functioning as intended, as the later contribute to the organizational objectives and also safeguarding resources. Since IT auditing skills in the government sector are scarce, the event will be a unique occasion for the exchange of experiences in the area of IT practices of public sector auditors in the SEE region.
What you will learn
The main objective of this workshop will be sharing of practical experiences in conducting IT audits. During the workshop we will discuss the following topics:
- Important IT knowledge for IT auditors
- Application controls and IT general controls
- IT audit approaches and tools
- IT security tools
- IT audit stages
How you will benefit
The three-day learning event will be facilitated by two experts from the Central Government Audit Service, the Ministry of Finance of the Netherlands. This workshop will focus on developing participants’ capacities in IT auditing and to allow them to apply the acquired knowledge in their daily work. Special attention will be put on presenting experiences from conducting real world IT Audits trough a series of case studies.
By the end of the course participants will:
- Have improved basic IT knowledge important for IT auditors
- Have improved understanding of IT risks
- Have learned about principles and common methodology of IT audit
- Be familiar with the utilization of audit tools
- Have gained insights in the process of performing an IT audit, from start-up to filling of the report.
Who should attend
The workshop is designed primarily for IT auditors working in public sector organizations. This workshop is also recommended for (internal and external) auditors who are interested in conducting IT-audits, as well as financial, quality and IT managers, IT project leaders, system analysts, and supervisors.
The workshop will be highly participatory. Participants will have the opportunity to share experience and knowledge.
Event will be in ENGLISH only. No Translation will provided.
Mr. Arjen Thijssen MSc CISSP, Senior IT Auditor at the Dutch Central Government Audit Service
Arjen is a IT audit manager with over 10 years of experience in IT auditing. He is employed at the Dutch Central Audit service where he conducts IT audits. This year he has been appointed Cybersecurity lead. In this role his prime responsibilities are skills improvement, knowledge sharing and innovation in the field of cybersecurity.
He has worked with most ministries at the central government level and the Dutch Tax Administration but recently he mostly worked with the Ministry of the Interior and Kingdom Relations and IT shared service centers.
His main fields of expertise are performing (security) audits on IT-infrastructures, e-government, identity & access management as well as IT general controls. More recently he has been involved in a large audit on both physical and logical access security where he used an audit approach based on data analytics.
Some of his personal interests are finding innovative methods for conducting IT-security audits (e.g. by using security logging and tooling) and setting up labs for hands-on practice.
Ms. Ruurdje Procee MSc, Senior IT Auditor at the Dutch Central Government Audit Service
Ruurdje is a Senior IT Auditor with 5 years of experience as an IT auditor at the Dutch Central Government Audit Service where she conducts IT audits and security assessments. She works with various ministries and also worked briefly at the security office of the Department of Public Works.
Her main fields of expertise are performing security audits and IT-project evaluations. More recently, she has been involved in several security assessments on web applications that allow secure and reliable data communications between citizens and the Dutch government through e-government networks.
One of her personal interests is researching the human factor in information security and how to apply this in IT-audit.
Ms. Maja Hmelak MSc, CISA, CIA, PRIS, IT Auditor at the Court of Audit of the Republic of Slovenia
Maja is an IT auditor with over 15 years of experience in IT auditing, both in the Big4 as well as in public sector environments. She is currently employed at the Court of Audit of the Republic of Slovenia where she conducts performance audits, primarily focusing on the effectiveness and efficiency of information system support of various public organizations and services.
Since joining the ranks of Slovenian public sector auditors, she has audited a number of public projects and services, including implementations of eHealth services, a new Slovenian tax management system, the central Slovenian blood transfusion information system, IT support of public health services payments, central vegetation protection information system and many others.
For a number of years Maja has also been working as a lecturer for the Slovenian institute of auditors and other institutions.
Mr. Oguz Yildiz, CISA, Authorized IT Auditor at the Central Bank of the Republic of Turkey
Oguz is an IT Auditor with over 4 years of experience in IT Auditing. He is employed at the Audit Department of the Central Bank of the Republic of Turkey where he conducts IT audits.
His main fields of expertise are performing audits on physical security management, IT risk management, vulnerability management, IT-project evaluation, IT-infrastructure and ISO 27001 compliance.
He worked as a lecturer at Middle East Technical University for more than a year and as a developer at the Central Bank of the Republic of Turkey.
This learning initiative was supported by: