visit our website:

www.fleminggulf.com

Advanced Course on Managing and

Auditing it from a Governance perspective
rd th
23 to 25 January 2012, Dubai, UAE

Presenter: Course Attendees:

R. Vittal Raj, FCA, CISA, CIA, CISSP,
CGEIT, CISM, CFE is a management Benefits of attending:
and assurance expert and trainer, with
over 25 years of experience specializing
Learn how to examine and interpret technical IT
in and directing projects in the fields of issues and their impact on Enterprise Information and
IT Governance, information security and Corporate Governance objectives
IT assurance, risk management and
risk based internal audits. He has been Techniques to map critical IT dependencies, IT risks
adviser to management board of several and their importance to business processes
well known organizations and government initiatives on IT Governance,
IT Security and risk management strategies. Vittal is currently member Methods to plan and perform technical security
on the global Education and Dissemination Committee of ISACA,
co-opted member on the IT Committee of Institute of Chartered
evaluations over distributed computing environments,
Accountants of India, Director and past president of ISACA, and emerging IT models etc.
member on the governing bodies of several chambers of commerce.
He has also held positions as the member on the Advanced Technology Stepping through the IT Audit using real life examples
Committee of The Institute of Internal Auditors and as member task and case studies
force of several conference technical committees of ISACA Asia CACS,
Advisor and past president of The Institute of Internal Auditors, Madras Gain insights into global IT Control and Audit best
Chapter. Vittal has presented papers at several ISACA international practices
conferences and seminars in 7 countries and is an expert trainer on IT
Governance and COBIT, IT risk management, information security, IT
auditing, enterprise risk management(ERM), risk based internal audits,
XBRL, cyber crime and fraud risk management . He conducts corporate Who Will Attend?
and public workshops on these topics in various countries.
• senior Management members
Course desCriPtion: • Chief Audit executives
Computers, mobiles and the Internet have been a game changer s an • Chief information officers
unthinkable proposition today. While IT is seen as the game changer
for businesses, the increasing IT failures and data breaches has not • internal Auditors
spared even monolithic global enterprises. It is now imperative for
managements in every industry today, to constantly assure on the • risk Managers and it Managers.
state of protection against IT security risks affecting their enterprise.
• industries that will benefit:
Auditing, traditionally has been providing assurance to management
and stakeholders on the effectiveness of risk management and • Banks and Financial services
controls and thereby trust in IT. With IT in the driving seat, successful
managements are realising the critical importance of IT controls • oil & Gas
assessment and auditing. Identifying, evaluating and interpreting
technical dependencies such as application security, IT general controls • telecom
such as network & server security requires specialised knowledge and
skills. Using practical examples and case studies, this course provides • services
indepth knowledge and skills on evaluating IT risks and related security
& controls. Developing necessary multi-domain skills on identify and • e-governance and internet dependent
interpreting technical risks from the perspective of their implications businesses
on the enterprise stakeholders and recommending the right solutions.
booking line: tel.: + 91 990 232 7948, fax: + 91 803 991 9099
e-mail: john.sebastian@fleminggulf.com, www.fleminggulf.com
Course timetable
day 1
rd
Monday 23 January
8:30 registration
9:00 Program overview
• Discuss Learning objectives & expectations
• Analysis of real world business disasters and their root • Identity Management & Privilege
causes in IT risk management & governance mistakes
10:30 Coffee Break
10:45 overview of steps in risk based it Auditing
• Stepping through various stages of IT Auditing
• Method to mapping the application and IT Infrastructure sample tests and identify control weaknesses
architecture supporting key business processes
• Key considerations in mapping sensitive, secret & private
data
• Key IT Audit Planning Considerations
12:30 Prayer break and lunch
13:30 CAse stuDY (Project 1): using interactive
discussions, delegates learn how to map the it
environment variables based on the management
expectation for it audit and assess business impact
15:00 Coffee Break
15:15 Performing it risk Analysis
• How to use IT Threats and Vulnerabilities Analysis to • Security in emerging IT models – Cloud Computing,
identify risks
• Assessing Residual Risk based on technical and process considerations
controls evaluation
• Data Protection Risk Considerations – GRC perspective
• Refining the IT Audit Scope
16:00 15 CAse stuDY (Project 2): using provided inputs,
delegates identify key risks using risk analysis and
refine the scope of audit
17:15 16 end of day discussion & day 1 Wrap up
day 2
24th tuesday January
9:00 review of day 1
Review the key impressions and learnings from Day 1
9:30 it Controls evaluation
• Discuss various types of key IT Security Controls
o IT Governance Controls
o Application Security
o IT General Controls
• Evaluating Application functional Controls, data boundary
defences, web messaging security and more.
10:30 Coffee Break
10:45 CAse stuDY (Project 3) Based on case inputs
provided, delegates will be required to develop
audit steps for testing Application Controls,
perform sample tests and identify control
weaknesses..
12:30 Prayer Break and lunch.
13:30 evaluating it General Controls
• Evaluating IT Policy Framework
• Identifying weaknesses in Security Architecture, security
mechanisms and combination controls
• Data Centre Security Considerations
14:30 Coffee Break
14:45 CAse stuDY (Project 4) Based on case inputs
provided, delegates will be required to develop
audit steps for testing it General Controls, perform
17:15 end of day discussion & day 2 Wrap up
day 3
Wednesday 25th January
9:00 31 review of day 1
9:30 32 special it Audit Aspects
• Human Resource security, Employee Contractual
considerations for data security, background checks,
social engineering controls etc.
• Reviewing data protection compliance in Customer,
Partner & Vendor Agreements
• Cross border data security and privacy controls evaluation
SaaS, Social Media, Green IT Cyber Crime and Forensic
10:30 Coffee Break
10:45 reporting and Communicating
• Presenting technical findings to top management
• Key aspects in collecting digital evidences supporting
findings
• Interpreting technical findings from a governance
perspective and applying Audit judgment
• Rating risks based on observations
• Using dashboards and graphical aids for effective
reporting
12:30 Prayer Break and lunch
13:30 CAse stuDY (Project 5) : Based on case studies
solved by them, delegates would be required
to interpret results, rate the risks and provide
recommendations
15:00 Coffee Break
15:15 tools, techniques and best practices
• Using global IT Audit best practices – ITAF(r), COBIT(r),
GTAG (r)
• Popular IT Auditing tools and techniques
17:30 end of day discussion & Program Wrap up
 Advanced Course on Managing and Auditing it from a Governance perspective
23rd to 25 th January 2012, Dubai, UAE

sales Contract Training Code: DB TETC 01 Payment Method

Please complete this form and fax back to Please debit my
+ 91 80 3991 9099 visa MasterCard American express Diners club

or email to: john.sebastian@fleminggulf.com

Card Billing Address:
Please write in CAPITAL LETTERS
registration details Street:

City:
Ms Mrs Mr Surname: Post/Zip Code
Name: Card Holder´s name:
Job Title:
Card Holder´s Signature:
Email:
Card Number:

Ms Mrs Mr Surname:

Name: Visa CVC Number or Eurocard/Mastercard CVV Number

Job Title:
(last 3 digits on the back on the card)
Email:
Valid from Expiry Date
Ms Mrs Mr Surname:
I agree to Fleming Gulf terms and Conditions and Fleming Gulf
Name: debiting my card.
Job Title:

Email: Authorization
I read and I agree with Fleming Gulf Terms and conditions:

Organisation: Name:

Contact person: Date:

Email:
Signature:
City: Booking is invalid without a signature

Country:
Pricing
Phone:

Fax:
registration Fee $ 3000
Address:

Nature of business: (inclusive of course, assessment & certification charges)

Payment is required within 5 working days
Website: 19 USD administration charge will be applied

terms and Conditions:

By signing the Registration Form, the contracting organization (hereinafter referred to Fleming Gulf reserves the right to modify the content, timing, speakers or venue of the
as “the client”) acknowledges that it has read, understood and accepted the Terms and conference should circumstances dictate. The event may be postponed or cancelled due
Conditions outlined hereunder. to acts of terrorism, war, extreme weather conditions, industrial action, force majeure
The client is liable to make payment in full to Fleming Gulf within 5 working days from or any event beyond the control of Fleming Gulf. Should such a situation arise, Fleming
the date of issue on the invoice. Fleming Gulf reserves the right to refuse entry to any Gulf endeavours to reschedule the conference. However, Fleming Gulf cannot be held
client who has not paid the invoiced amount in full. The client may be requested to responsible for any cost, damage or expenses incurred by the client as a consequence of
provide a credit card guarantee against the outstanding amount if full payment has not the conference being postponed or cancel.
been received. The conference fee does not include travel costs, hotel accommodation, transfers or
All sales are final. There will be no refunds for any cancellations, partial or in full, made by insurance. Any dispute arising under or by virtue of this Registration Form shall be settled
the client. If the client decides to cancel, the full invoice remains payable. Fleming Gulf before the competent Court in the United Arab Emirates.
can grant to the client a Credit in full for the amount paid by the client to Fleming Gulf The Conference Fee includes, and is limited to:
if the cancellation is made prior to a period of 30 days before the date of the conference. • Conference Documents
The Credit will be valid for one year from the date of issue and is redeemable, up to • Conference Sessions
the value of the Credit, for participation at any Fleming Gulf conference or training. In
• Lunches and Refreshments
the event of a cancellation made by the client less than 30 days prior to the date of the
conference, Fleming Gulf will not make a refund, nor will issue a Credit. • Networking Cocktail reception