The course introduces objectives, tasks, methods of IT-Audit, gives overview of techniques, and presents practical advice including, but not limited to, the following:

• The Place of IT Audit in the Internal Control System
• Audit Process
• Risk Analysis and Management
• Auditing Techniques for Integrated IT Environment
  • Entity-Level Controls
  • IT General Controls
  • Application Controls
  • Infrastructure
  • Processes
• Related Frameworks, Standards, and Regulations

There are no special pre-requisites to attend the course, and although the course content does not overlap with other security courses, a preceding course “353.067 Introduction to IT Security” is recommended. The course “353.077 Systems Security” may be also useful for participants.

It is advantageous to have overall understanding of systems management and security, computer networks, databases and information management, software development, IT management with deeper specialisation in some of them.

The course will be a combination of lecture and hands-on exercises, for which students will be asked to propose or justify solutions, search cause and effects, and implement some of the techniques with their own examples.

Through several assignments (homework), students will have an opportunity to refresh and extend their knowledge. These assignments include literature research and solution of example problems which will be completed and presented in groups.

The grading is based on the presentations of the results of the assignments and the activity in class. The assignments are done in groups, therefore the students are graded together as a team. Both parts must be completed successfully to complete the course.