AFI106Effective IT Audit for Non-IT Auditor


This course is designed to provide non-IT professional and non-IT auditors a basic IT audit overview. It will explain some fundamentals about IT environments, concepts and terminologies that allow them to have a working knowledge of IT audit. Audit of IT General Control (ITGC) and IT Application Control (ITAC) will also be discussed in the course.


Course Fee SGD 550
Course Duration 1 Day
Course Timing 9:00am - 5:00pm
Course Venue M Hotel or similar
SDF Approved Yes (CRS-N-0050971)
Skills Future Credit Yes (Up to SGD350)
Upcoming Courses

With the extensive use of systems to process and store information, a lot of information today are being digitized and form part of the Big Data. A basic understanding of IT and systems is no longer the privilege of the selected few IT auditors. The day of vouching the manual ledger book and purely ticking the manual invoices are long gone. All auditors today, IT auditor or not, should have a working experience on IT systems, associated risks and controls to achieve a good and effective audits.

Highly sophisticated systems, IT infrastructure and databases require strong technical knowledge to perform a meaning audit. However, many organziations are either fully or partially operating in a relatively less sophisticated systems environment which do not demand deep IT skills for basic auditing. Various controls are now automated into systems, hence it is only effective and efficient the non-IT auditor to also verify such application and general controls. Overly relying on IT auditors not only incur more cost and time but may also causing undetected control gaps.

This course is designed to provide non-IT professional and non-IT auditors a basic IT audit overview. It will explain some fundamentals about IT environments, concepts, terminologies that allow them to have a working knowledge, able to speak the same language of IT people, and have the confidence to walk into the server room! The course will also discuss the IT auditing on IT General Control (ITGC) and IT Application Control (ITAC), IT purchases and operational management.

On completion of this course participants will:

  • Gain an overall understanding on IT systems
  • Acquire the skills to perform basic IT auditing
  • Know the step-b-step guide in performing IT audit on ITGC and ITAC
  • Understand the common IT structures, concept and terminology
  • Be confidence to deal with IT professionals to discuss IT related issues

1. Overview of IT environment and systems

  • IT departmental structure, role and responsibility
  • IT environment, system structure, networks, security terminologies
  • Data center, share service center, client terminal
  • COSO – Internal control, COBIT – IT control, ISO27001 and ISO27002 – security control
  • ISACA IT Audit Standards
  • IIA GTAG (Global Technology Audit Guides

2. IT Audit Planning

  • Guide to the Assessment of IT Risk (GAIT)
  • Defining the IT Audit Universe
  • Developing a Risk-based IT Audit Strategy

3. IT General Controls

  • Common IT weaknesses and issues
  • System development and changes (SDLC)
  • Access control, privilege superuser ID control
  • Physical environment control

4. Backup and Disaster Recovery Plan

5. IT security and data protection

  • IT policy
  • IT Technical audit and Security audit
  • Firewall, Antivirus, Routers, Remote Access, Network, Access Controls

6. Database controls

7. IT Application Controls

  • Access, Input, Process and Output controls
  • System validations and weaknesses
  • Centralized common system settings

8. IT project review

9. IT vendor and outsource service provider management

  • Procurement control
  • Quality control
  • Sustainability control

10. IT daily operation and future expansion

  • Internal auditor, audit manager, audit directors
  • Control and compliance officers, risk manager,
  • Forensic auditor, loss prevention and fraud investigator
  • Accounting, finance, procurement, HR managers
  • External auditors, regulatory agency staff

Presentation, group discussion, case study. Multimedia and template sharing

Kent Hoh

Kent Hoh

Kent Hoh is a prolific trainer in audit, fraud investigation, corporate governance, personal effectiveness, blockchain technology and big data. He has over 20 years’ experience in leading internal audit and forensic investigation functions of MNC in the region and globally. Kent Hoh has also spearheaded several roles in financial management, compliance and corporate governance of technology company. Kent has conducted numerous audit and investigation projects in Americas, Asia and Europe including Singapore, Indonesia, Malaysia, Thailand, India, Pakistan, China, Japan, Australia, New Zealand, Brazil, Hungary, Poland, Italy, Germany, USA, etc. Some of these projects involved hundreds of million dollars fraud scheme and syndicated crimes.

Kent holds a master’s degree in business Admin (MBA), Graduate Diploma in Business, Bachelor of Law (Hons), and a Bachelor of Accounting (Hons). Kent Hoh is also a Certified Fraud Examiner (CFE) and Certified Internal Auditor (CIA). He possesses the qualifications of the UK Chartered Secretary and Administrator (ICSA), Malaysian Institute of Certified Public Accountants (MICPA), Certified Information System Auditor (CISA) and Certified Bitcoin Expert (CBIE).

Kent Hoh has been an active trainer for large corporations, SME and non-profit-organizations such as Institute of Internal Audit (IIA) Singapore, IIA Malaysia, Institute of Singapore Chartered Accountants, Malaysia Institute of Accountants, China IIA, China Enterprise Anti-fraud Alliance, Enterprise Financial Management Association of China. Kent Hoh is also an adjunct lecturer for universities and college in Singapore, Shanghai, Nanjing and Hangzhou, China. As an enthusiast in cryptocurrency and a bitcoin mining farm investor, Kent researched heavily into this revolutionized Blockchain technology. He teaches fundamental blockchain and cryptocurrency at various institutions in China.

Currently, Kent Hoh serves as the Vice President of Internal Audit in an SGX listed company. As a strong believer that knowledge sharing create synergy, Kent is very passionate in sharing his experience. He capitalizes his free time conducting training classes and workshops.

View Other Courses by Kent Hoh