AA10 ● Understanding & Auditing Business Processes’ risks related to IT I Practice signractice

The digitalisation of business processes means that internal auditors need to understand IT and IT risks in their business audits. Data, cloud, network, security, outsourcing, internet and many others are mentioned everywhere as key risks for your business.  Since the manual controls of the past are largely automated in the application software, there is a clear need for internal auditors to understand the automated application controls and being able to assess the risks and to audit the mitigating controls. 


As internal auditors, you are required to understand basics of those risks, detect thema and identify applicable key controls even if you aren’t a technical IT specialists.

IT General Controls (ITGC) are controls that apply to all systems, components, processes, and data for a given organisation.

This training aims to place these ITGCs in a business risk perspective, which requires internal auditors to develop an understanding of Information Technology, business insights and audit techniques.


This course teaches you how to integrate IT and digital risks in the audits that you perform on existing business processes. You will learn how these risks can influence those processes and how you can identify and tackle them.

You will learn, through practical examples, how to audit the IT General controls applied to automated solutions. You will also learn about the consequences IT and digital risks can have for organisations and how you can best deal with those consequences. It goes without saying that you will be provided with all the tricks and techniques to perform IT audits properly and according to the latest insights.

This training is based on 10 major IT general controls, presented in technical sheets:

  • Project management
  • Application management
  • Service level agreement
  • Change management
  • Data management
  • Incident management
  • Continuity management
  • Security management
  • Privacy management
  • Performance management

Target audience

  • Internal auditors who deal with automated business processes,
  • Internal auditors wanting to understand IT and IT risks in their business audits.
  • IS/IT auditors,
  • Auditors with practical IT audit experience,
  • IT staff who want to learn about the combined audit of processes and application systems.


This advanced training requires a basic knowledge of IT and audit skills. The ‘IT Audit Essentials’ training is highly recommended.


  • Monique Garsoux, internal audit professional and an expert in audit methodologies and techniques.
  • Patrick Soenen, professional in risk management, audit and IT.

Training duration

The standard training lasts 2 days and can of course be adapted to your requirements.


Have a look at our training calendar for the next training dates

General information

  • Continuing Professional Education: 14 CPE hours.
  • Course level : This course corresponds to level 3 "Applying" on the 6 level scale of Bloom's taxonomy, a hierarchy used to classify educational levels.
  • References: IIA Belgium; Argenta
  • We can coach your staff in the combined audit of processes and application systems.
  • We would welcome the opportunity to make you a tailored offer.


Back to overview