You are on page 1of 17

2/20/2024

Explore the future technology


LET OUR DREAM COME TRUE

Welcome
Cyber Security
Focus on
IT audit
LN

19 Feb 2024

20 February 2024 1

Objective of this Webinar


• To help people to develop knowledge related to Cyber
Security, IT audit, compliance and risk management

• To highlight

• the job opportunities for fresher in the field of IT audit

• the skill development opportunities for the Cyber security


and IT audit professionals enabling them for career
advancement

20 February 2024 2

1
2/20/2024

Who will be benefitted by this webinar

IT auditors, Team Leads and Any IT / non IT graduates &


audit managers Engineers looking for a lucrative
career path

Cyber Security professionals Charted Accountants (CA) willing


to explore IT audit
Risk, Compliance & IT Service
Privacy consultants
Continuity (BCP/DR) professionals

Access managers, developers, and


other IT operations team

20 February 2024 3

About the Presenter


Lakshmi Narasimhan slnarasimhan1@gmail.com
Linked In
https://www.linkedin.com/in/lakshmi-
narasimhan-b865a963/ Over 30 years of Having extensive experience in
experience in IT audit, information system audits, risk
assurance, information assessments, privacy assessments,
technology and banking software development and IT project
domains. management

Conducted several in house training


sessions on IT audit and related
functions
Conducted several interviews for hiring
20 February 2024 4

2
2/20/2024

Agenda
About IT audit and its relevance to Cyber
1 Security, Compliance and Risk Management

2 Demand for IT auditors and opportunities

3 Challenges

4 How can we help you?

20 February 2024 5

Organisation responsibilities over Information Technology

Compliance IT Risk
Management Management

IT IT Operations IT
Governance Audit

Quality Information / Cyber


Assurance Security

20 February 2024 6

3
2/20/2024

Operation Team IT Auditor


Statutory / Regulatory bodies Implements all the
Compliance requirements control requirements
(SOX/HIPAA/PCI-DSS, GDPR)
from various sources
and execute the
Governance Compliance
Organisation Policies & Standards Manager controls IT auditor
Test the
design and
Information / Cyber operating
Clients / Suppliers / Service providers
Security requirements (ISO 27001) Security effectiveness
Consolidate and of the
prepare a controls
Risk Risk Management comprehensive control
Manager Mitigation controls
framework.
Oversee
Business implementation and
Data Security and application controls monitor control
execution
Information
Security
20 February 2024 Manager 7

Information Security
Sources of Controls Sources of audit
Cyber Security requirements
• ISO / IEC 27001:2022
• ITIL • Statutory audits
• COBIT • SOX
• NIST • SOC1, 2, 3
• Cloud Security Alliance Internet Web Network • FISMA
• CIS (Centre for Internet Security) Security Security Security • FedRAMP
• PCI / DSS • HIPAA
• GDPR • PCI / DSS
• HIPAA • GDPR
• ISO/IEC 27001:2022

4
2/20/2024

Information Security
• Physical security, IT asset management, Human resource security, Data management, BCP and DR, Third
Party Risk Management
Cyber Security
• Security training, Security monitoring, Incidence response
Internet Security
• Firewall
• IDS & IPS
• Anti malware Network Security
• SSL & Transport layer Security
• VPN
Web Security • Network segmentation
• Secure coding (Code review) • Access Controls List
• Web application firewall • Network log monitoring
• Secure authentication • Content filter
• Data Encryption
• Application Vulnerability assessment

20 February 2024
9

20 February 2024 10

5
2/20/2024

IT audit

20 February 2024 11

Ever increasing demand for


Information System auditors
• Increasing global presence of
Corporate and MNCs • IT auditors
• Increase in outsourcing • Demand > supply
• ITO, BPO and Cloud services • High attrition
• Shared Service Centre Consequences • High salary
• Back office operations • Switching every 18 - 30
• Increase in cyber space risks due months with 40% to 120%
to AI, IOT etc hike
• Strict privacy and other compliance
requirements

20 February 2024 12

6
2/20/2024

Career progression options


Career options
• Statutory audits
• SOX audit Consulting Services
• SOC1, SOC2, SOC 3
audit
• Internal audit Compliance Management
• SOX management
assessment
• Continuous control IT Auditor Risk Management
monitoring
• Compliance audits Business Continuity
(Data Privacy, HIPAA, Management
PCI/DSS…)
• Cyber Security audits
Data Privacy
• ISO certification audits

20 February 2024 20

Other relevant roles available for an IT auditor


Compliance management Consulting services
• Compliance manager • IT Governance
• Compliance coordinator • Consulting for implementation of controls
• Audit coordinator in new applications / Infra set up
• ISO Certification support (ISMS)
Risk Management
• Cyber Security controls
• IT risk consultant • SOX controls
• IT risk manager • Data Privacy / BCP DR reviews
Data Privacy
• Data Privacy assessor
Business Continuity Manager
• BCM
• BCP / DR assessor

20 February 2024 21

7
2/20/2024

Where are the opportunities?

• Big 4 and other global audit firms


• Registered audit firms operating within the
country
• Product Companies
• Banking, Insurance and Finance Companies
• IT Service providers
• BPO Service providers
• Consulting firms
• Large Corporate Companies

20 February 2024 22

Advantages of choosing IT audit career


• Technologies keep changing. Specialists are heavily technology
dependent

Audit concepts, processes and testing of controls remain almost the


same. Audit is somewhat technology independent

• Audit is a high revenue business for the audit firms. So auditors get a
handsome salary.

• During difficult times, organisations may defer the projects or downsize


workforce. Many audits are mandated and cannot be dispensed with.

• After a few years of service, IT Auditors have the opportunity to move


to a different related function without much difficulty

20 February 2024 23

8
2/20/2024

Already we are in IT audit field. We have challenges…

We are working with IT auditors. We have challenges…

Challenges are everywhere….

We have a solution

20 February 2024 24

Let us look at some of the challenges…


Experienced auditor
Fresher / New IT auditor Internal auditor - IT
looking for opportunities

Lack of proper training.


Very small team of IT Not getting promotion. Not
Our LMS (Learning
auditors. No seniors to able to clear interviews.
Management) has audit
coach us or provide How can I bridge the
courses but they are only
clarifications. gaps?
theory. No practical exposure.
Team members help us but on
piecemeal basis - not
consistent and detailed

20 February 2024 25

9
2/20/2024

Senior IT Audit Manager Chartered Accountant Person with IT background

I conducted several I conduct finance I have experience in


interviews for the post of audits. I am very much infrastructure maintenance. I
IT auditors. interested in have IT knowledge. My
Not getting the right conducting IT audits as colleagues in IT audit team are
candidates. well. That will give me earning more. I too want to
more career growth switch internally but I do not
Experienced in the audit opportunities know what is IT audit.
but knowledge and skills
are lacking.

20 February 2024 26

Most common causes leading to poor performance


• Not understanding the ways of working
• Not understanding the IT processes
• Not understanding the intent of the controls
• Lack of proper prioritisation of activities
• Poor communication- Confusing evidence requests
• Multiple evidence requests for the same control
• Just accepting whatever the process owners say / provide as
evidence without analysing the risks, completeness,
effectiveness, accuracy etc.
• IT dependency (IPE) - population correctness evidence
not obtained
• Inappropriate test plans. Inadequate depth of testing
• Poor documentation – documentation not detailed enough

20 February 2024 27

10
2/20/2024

Learning IT audit helps not only the auditors


but also the persons supporting / dealing with
auditors

20 February 2024 28

IT Team members Access Manager

We are facing SOX audit for the first time. The We regularly conduct user access
auditors talk about controls and ask for reviews. I was very much surprised
evidences, I do not know what a control is and when the auditor tested this and
which evidences they require. They are not informed me that it is a deficient
allowing me to do my regular job. process. Auditor failed the control and
We migrated to new ERP in the mid of the we felt the wrath of the top
year. Old systems are decommissioned, Now management. Had I known the audit
auditor asks screenshot from the old system. requirements early, I would have
improved the process and passed the
test.

20 February 2024 29

11
2/20/2024

Compliance Manager Information Security Manager


Risk manager

Understanding audit
requirements help me to Understanding IT
improve the compliance level Understanding IT audit
controls and controls and evidences and
It also helps me to effectively evidence the level of the audits help
coordinate between the requirements gives me to implement and monitor
auditors and the IT teams. I me a better view on controls more effectively.
can communicate well and IT risks and helps
decipher what the auditors me to suggest
want. improved risk
mitigation measures.
20 February 2024 30

We can help you

20 February 2024 31

12
2/20/2024

15 Days Master class on IT Audit

From: 05th March 2024 (Tuesday)


To: 21st March 2024 (Thursday)
(excluding Sundays)
Time: 7:30 p.m. To 8:30 p.m.

In the mission of helping Millions of People to


excel in their career

20 February 2024 32

You will learn on this 15 Days Hackathon

• Fundamentals of compliance, risk


management, cyber security and IT audit
• Advanced audit practices and insights

20 February 2024 33

13
2/20/2024

• Seven modules
• Moving from basic level (module 1) to 1 IT audit overview
advanced level (module 6)
• Module 7 provides valuable insights, with 2 IT audit process
7 real case examples of challenging
IT environment
situations and how to analyse and come to 3
the correct conclusion
4 IT risks and controls
• Detailed guideline materials and templates
• Quality related tips Performing IT audit
5
• Training on right prioritisation
6 Testing key controls
• Fifteen hours of online sessions
• Thirteen (13) hours of training sessions
IT audit Insights
15 one hour a day from Monday to Friday
7

• Two (2) doubt clearing sessions on


Saturdays
20 February 2024 34

Who will be benefitted by this online course

IT auditors, TLs and audit managers Access managers, developers, and


other IT operations team

Cyber Security professionals


CISA certified or those preparing for
CISA examinations
Risk, Compliance & IT Service
Continuity (BCP/DR) professionals Any IT / non IT graduates &
Engineers looking for a lucrative
career path
Charted Accountants (CA)

ISO 27001 certified persons


Privacy consultants

20 February 2024
35

14
2/20/2024

At the end of the course


You will gain thorough knowledge on
• Technology components,
key IT roles and key IT • How to improve the
processes effectiveness of the controls
in the processes
• How people, process and
• Various compliance technology are interlinked • Types of IT audits
requirements and with each other
security standards • End to end audit process
• Information security /
• Unified control Cyber security related
framework controls, classification of
controls and how they are
mapped to the risks

20 February 2024 36

At the end of the course


You will develop skills on
• Performing audit scoping • Effective • Insights on challenging
exercise communications, scenarios, conducting risk
prioritisation and based audits and documenting
• Population collection and attention to details at re-performance standards
sample selection techniques
• Preparing effective
• Conducting design templates such as
effectiveness and operating project plan, risk and
effectiveness assessments control matrix, test
and updating test documents documents

20 February 2024 37

15
2/20/2024

Testimonials – What our students loved about our training

20 February 2024 38

Testimonials – What our students loved about our training

20 February 2024 39

16
2/20/2024

We will Handhold You,


Let us be Your Partner in Success 💪

Mobile: 7200081965
Gopichand@robokode.com

Thank You

20 February 2024
43

17

You might also like