IT risks are increasingly recognized as critical factors in enterprise risk management. From preventing failures in regulatory compliance to helping avoid devastating harm to the reputation of the organization from headline-making security breaches, auditors have an obligation as well as value-adding opportunities to assess enterprise vulnerabilities through effective risk-based IT audit planning.
Today, application systems development is all about SPEED. Agile and Scrum are all about getting data as well as processing and reporting to the customer ASAP. This is further complicated by the lack of standardized methodologies, expectations and business models. Auditors, reviewers and project sponsors are further confounded by the difficulty of knowing what can be done in a definitively short amount of time, especially in an environment that discourages oversight and audit.
Why attend this course?
- Examine the IT general control areas that must be addressed to ensure the confidentiality, integrity and availability of information assets
- Determine risks in critical areas of the IT environment and the key controls that can reduce those enterprise risks
- Explore critical aspects of the IT environment, including IT governance, user access controls IT infrastructure controls, information security, physical security, disaster recovery, production change management and network perimeter security
- Develop strategies for assessing the key controls in your information systems infrastructure
- Identify what auditors and developers can do to facilitate and achieve success
- Offer risk-based awareness of what can go right and what can go wrong with Agile and Scrum development
- Provide key risk-based “triggers” to heighten awareness of how to review, manage, and audit these “moving targets”
- Discover a unique tool that will set you on a path of contributing without distracting
- Remove the complication in auditing Agile and Scrum development projects