IT Auditing: Practical Guidance

Jun 27 – Jul 7, 2022 Online No Fee
Jun 20, 2022 Auditing

IT auditing has been a rapidly developing field. More than ever IT auditing skills have been very much needed, especially in the public sector. IT auditing requires good technical skills to recognize where potential attacks and security holes lie inside the organizations and what we can do to help monitor, control, and prevent them. During this online course IT auditors will look into how the digitalization of the public sector leads to new risks and how these can be effectively managed and audited.

About this learning event

With the spread of (information technology) IT solutions in the public sector, auditors need to keep up with changes and be able to provide assurance that systems function as intended, that controls are set up and working, and that the systems are secured. Auditors also need to develop competencies to be able to use the most applicable IT governance frameworks, identify IT risks, form appropriate audit questions, and use the appropriate IT audit methodology.

At this online course, we will discuss how to advance IT auditing competences in the audit sector, and how each auditor, including internal auditors, are able to perform IT audits. Through a set of video lectures, webinars, and practical assignments, and discussions, we will dive deep into IT auditing in practice.

The topics will be practical and will give you a look into experience. The course will be divided in two units and will offer a unique and tailor-made design. The focus will be on providing practical guidance to all participants based on concrete IT audit examples. 

During the online course, participants will:

  • Outline the main specifics of IT auditing
  • Learn about IT risk in connection to IT controls
  • Outline different frameworks that can be used in designing and performing an IT audit
  • Learn about general IT controls (GITC) and application controls
  • Learn about your role in IT auditing if you are an internal auditor
  • Get more insight in IT auditing in practice
  • Get overview of different areas that can be audited
  • Get overview of practical application of IT audit tools used in Central Government Audit Service
  • Discuss IT auditing practice in ministries, supreme audit institutions and central banks

Who should attend

This learning initiative has been designed for IT auditors of public sector organizations, auditors interested in conducting IT audits, finance, quality and IT managers, IT project leaders, system analysts, and supervisors.


The learning initiative will be delivered under the guidance of:

Arjen Thijssen, MSc CISSP, Senior IT Auditor at the Dutch Central Government Audit Service

Arjen is a Senior IT Auditor with over 10 years of experience in IT auditing. He is employed at the Dutch Central Audit service where he conducts IT audits. This year he has been appointed Cybersecurity lead. In this role his prime responsibilities are skills improvement, knowledge sharing and innovation in the field of cybersecurity. He has worked with most ministries at the central government level and the Dutch Tax Administration but recently he mostly worked with the Ministry of the Interior and Kingdom Relations and IT shared service centers. His main fields of expertise are performing (security) audits on IT-infrastructures, e-government, identity & access management as well as IT general controls. More recently he has been involved in a large audit on both physical and logical access security where he used an audit approach based on data analytics. Some of his personal interests are finding innovative methods for conducting IT-security audits (e.g. by using security logging and tooling) and setting up labs for hands-on practice.

Welmoet de Ruijter, IT Auditor at the Dutch Central Government Audit Service

Welmoet is an IT Auditor with over 3 years of experience in IT auditing. She is employed at the Dutch Central Audit Service where she conducts IT audits. Welmoet has a scientific background in Sociology and Behavioural and Cognitive Neurosciences and is currently in the final stage of the Post Master IT Audit, Compliance and Advisory. Her main fields of expertise are performing audits on information security and GDPR. Beside conducting audits Welmoet is the coordinator for IT students that follow their internship at the Dutch Central Audit Service. Furthermore she is involved in the organization of experiments and knowledge events within the internal Cybersecurity lab.

Jaka Kosmač, State auditor, Court of Audit of the Republic of Slovenia

Jaka is a lawyer with state law exam and state auditor. After graduating, he started working at the Association of Municipalities of Slovenia, where he cooperated at Joint Internal Audit Service and helped to organize trainings, meetings, and events. He continued his career at the Commission for the Prevention of Corruption, where he began working as an advisor for prevention and integrity of public service, and was later promoted to project manager for integrity of public service. The last year at Commission for the prevention of Corruption, he was also in charge of international cooperation. In the field of the fight against corruption, he collaborated several times with the Organization for Economic Cooperation and Development (OECD), and within this cooperation, he also wrote a contribution on the topic of lobbying published by the OECD and held several presentations. Later he cooperated with the OECD as an external expert and took part in monitoring of the Istanbul Anti-Corruption Action Plan in Georgia. He joined the Court of Audit in 2015 and started working in the Performance Audit Department, since then he participated in a wide variety of performance audits, ranging from environmental to the IT audits.

Snezhana Cherepnalkovska Dukovska, PhD, CISA, Senior Advisor in the Internal Audit Department at the National Bank of the Republic of North Macedonia

Snezhana is Internal IT Auditor over 12 years, employed at the National Bank of the Republic of North Macedonia, conducting audits on IT governance and IT management as well as IT infrastructure, software applications and projects. Security audits are her highest expertise since in the last 7 years, as a group member, she performs reviewing the compliance of the central bank against the security requirements framework for clients of SWIFT, and in particular, in the last 2 years she has been appointed as a responsible person for confirmation of that compliance. In the last 8 years, within the group, she was engaged on reviewing the activities for privacy protection. Having a background in neural networks, fuzzy logic and artificial intelligence, she participates in a project for data centered assessment, within her department. She is active member of Technical Committee 34 for Information and Communication Technologies for ISO standardization within Institute for Standardization in RNM and observer member of the ISO/IEC JTC 1/SC 42 AI Working Group.

Practical information

Applications need to be submitted no later than June 20, 2022. Candidates will need to be approved by the CEF; selected candidates will be informed right after the application deadline. 

The course will be organized through CEF Online Learning Campus. You will be required to register an account. It will feature two learning units, one week of online learning per each. Units will feature several webinars delivered via Zoom.  


This learning initiative is supported by:

Ministry of Finance, the Netherlands Ministry of Finance Slovenia National Bank of the Republic of Macedonia