I.T. Auditing Principles for Internal Audit Managers

Training Introduction

Background

In an era of digital transformation, cybersecurity threats, cloud computing, and complex automated systems, internal audit managers must go beyond traditional audit oversight. Even without being IT specialists, they are expected to understand IT risks, ensure appropriate coverage of IT audits, and guide their teams in assessing IT controls effectively.

This course bridges the gap between IT audit practices and audit leadership responsibilities, enabling internal audit managers to confidently plan, oversee, and communicate the results of IT-related audits while integrating them into the broader audit strategy.

 

Purpose of the Training

To equip internal audit managers with a solid understanding of IT auditing principles, enabling them to effectively manage IT audit engagements, assess IT risks, and align IT audit activities with organizational goals and risk appetite.

 

Learning Objectives

By the end of this training, participants will be able to:

• Understand the core principles of IT auditing relevant to audit managers
• Identify and prioritize IT risks within the internal audit universe
• Oversee IT audit engagements and integrate them with operational or financial audits
• Interpret IT audit findings and communicate results to executive stakeholders

 

Target Audience

• Internal Audit Managers and Supervisors
• Senior Auditors with oversight responsibilities
• Audit Leads and Team Coordinators
• CAEs seeking to strengthen their team's IT audit capability

 

Training Format

• Modules: 4 comprehensive modules
• Delivery: In-person, virtual, or hybrid format
• Methodology: Presentations, case studies, templates, planning tools, and group discussions

 

Course Content:

Module 1: IT Auditing Fundamentals for Audit Leaders

Objective:

To build an understanding of core IT auditing concepts and how they apply at a management level.

Topics Covered:

• What is IT auditing? How does it differ from other audits?
• Types of IT audits: infrastructure, application, cybersecurity, cloud, etc.
• Key frameworks and standards (COBIT, NIST, ISO 27001, ISACA, IIA)
• The role of internal audit managers in overseeing IT audits
• Risks of inadequate IT audit coverage

Activity:

• Discussion: Identify IT audit gaps in your current internal audit plan

Module 2: IT Risk Management and Audit Planning

Objective:

To develop strategies for identifying, prioritizing, and integrating IT risks into the audit universe.

Topics Covered:

• IT risk categories: cyber risk, data privacy, system failures, third-party risk
• Emerging technologies and related audit implications (AI, RPA, cloud, etc.)
• Integrating IT risk into annual planning and risk assessments
• Risk-based scoping of IT audit engagements
• Working with IT, cybersecurity, and compliance teams

Activity:

• Workshop: Map IT risks to strategic objectives and audit coverage areas

Module 3: Oversight of IT Audit Engagements

Objective:

To enable managers to effectively guide the execution of IT audits within their teams or with external providers.

Topics Covered:

• Planning and scoping IT audits (ITGCs, application controls, security audits)
• Key questions managers should ask during each phase
• Evaluating evidence and assessing control design vs. operating effectiveness
• Leveraging external IT audit expertise and coordinating with co-sourced providers
• Ensuring documentation quality and audit team competence

Activity:

• Case study: Review a sample IT audit working paper and assess audit quality

Module 4: Reporting IT Audit Results and Stakeholder Communication

Objective:

To enhance the audit manager’s ability to interpret IT audit findings and communicate them effectively to leadership.

Topics Covered:

• Translating technical findings into business impacts
• Writing executive summaries and clear, non-technical audit findings
• Risk rating and prioritization of IT-related issues
• Communicating with CIOs, CISOs, and executive stakeholders
• Audit committee reporting and escalation considerations

Activity:

• Role-play: Present a complex IT audit finding to a non-technical executive

 

Conclusion and Certification

• Final reflections and action planning for enhancing IT audit oversight
• Toolkit for managers: audit checklists, planning templates, reporting samples
• Q&A session
• Certificate of Completion awarded

 

Optional Training Materials

• IT Audit Universe Template
• Risk-Based IT Audit Planning Matrix
• Audit Committee IT Reporting Sample
• ITGC Oversight Checklist for Audit Managers
• Glossary of Key IT Audit Terms for Executives