Singapore, Hong Kong, Kuala Lumpur, Taiwan Time Zones
CPEs: 24
Instructor: Dennis Cox
Level: Intermediate
Tuition: £3,495.00
Register Now

NEW Auditing Information Security Risk in Banks & Financial Institutions IA093

Location: Singapore, Hong Kong, Kuala Lumpur, Taiwan Time Zones

Duration: 3 days/24 hours

Programme Director: Dennis Cox

All Dates & Locations
Venue Details

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.

All our 2023 Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.

"[Course] offers a fresh perspective on processes and controls. Reorganising our thinking process as to how to map out the controls and clarifying ownership in risk management and audit."
EFG Hermes, Egypt
Agenda Highlights

Session 1: Information Risk

Session 2:  Information Risk Management Strategy

Session 3: Auditing the Information Security Framework

Session 4: Auditing the Monitoring of Information Risk

Session 5:  Auditing Information Security

Session 6:  Auditing Incident Management

Session 7: Auditing the Management of the Information Risk Programme



"This IT audit program met all our expectations and was quite enjoyable as well."
Internal Audit Manager, First Rand Bank, South Africa

This 3-day How to Audit InfoSecurity in a Bank course will describe the strategic, tactical and operational requirements for managing information risk and security within the banking industry.

Focused on all of the key elements of the risk and control structure that are applied in practice and addresses the audit approach to be adopted.

Uniquely featured are the live, in-the- virtual classroom development of numerous practical audit programmes which will enable delegates to apply  immediately in practice within their organisations.

"Excellent programme bringing the risk and internal auditors together to upskill in [these] risk areas. Thank you and well done."
Chief Auditor: Nedbank, Capital & Risk, Nedbank, Sandton, South Africa
Who Should Attend

This course is designed for bank internal auditors, and recent delegates included those from risk management, operations and security team members and management.

Additional Course Information

What Does It Cover?

Information Risk

  • What is information risk management?
  • Why is it of particular importance now?
  • Corporate governance and management issues
  • Measuring and prioritising information risk
  • Key risk elements of information risk management
  • Policy and procedures in information risk
  • Information risk and operational resilience
  • Where are the key elements of information risk within banking?
  • How are they currently managed?
  • Cybersecurity and Information Risk

Case Study:  Review a series of existing structures within banking for the management of information risk

Information Risk Management Strategy

  • Managing complexity
  • Reference architectures
  • Why strategic information risk programmes fail and how to avoid failure
  • The holistic approach
  • Developing enterprise security architectures
  • Strategy and concept phase
  • Design phase
  • Implementation phase
  • Operational phase – management and measurement
  • What is really under your control?

Case Study:  Develop an audit program to address Information risk management strategy

Auditing the Information Security Framework

  • The role of systems engineering
  • Basic systems design concepts
  • The system boundaries and its environment
  • Sub-system decomposition
  • Control systems and advanced systems modelling techniques
  • Business process analysis
  • Dependency tree modelling
  • The information register
  • Identifying critical information
  • Storage and BCP
  • Considering third parties

Case Study:  Develop an audit program to address the information security framework

Auditing the Monitoring of Information Risk

  • Return on investment for information security
  • Monitoring and measurement
  • The need for metrics
  • Measurement approaches
  • Scorecards
  • Quantitative approaches
  • Business drivers and traceability
  • Data mining
  • Business attributes profiling
  • Setting up a metrics framework
  • Maturity modelling applied to information security
  • Risk reporting

Case Study:  Develop an audit program to address information risk monitoring

Auditing Information Security

  • Unique entity naming
  • Registration
  • Public key certification
  • Credentials certification
  • Directory services
  • Information model
  • Service naming model
  • Service functional model
  • Service security model
  • Authorisation services
  • Entity authentication
  • Use authentication
  • Device authentication
  • Communication security services
  • Session authentication
  • Message origin authentication
  • Message integrity protection
  • Message replay protection
  • Message content confidentiality
  • Non-repudiation
  • Traffic flow confidentiality

Case Study:  Develop an audit program to address information security

Auditing Incident Management

  • Identification of incidents
  • Incident assessment
  • Analysing the consquences
  • Considering the control structure
  • Reporting incidents
  • Acting to increase resilience

Case Study:  Develop an audit programme to address incident management

Auditing the Management of the Information Risk Programme

  • Selling the benefits of information risk management to senior management
  • Getting sponsorship and budget
  • Building the team
  • Programme planning and management
  • Collecting the information you need
  • Getting consensus on the conceptual security architecture
  • Architecture governance, compliance and maintenance
  • Long-term confidence of senior management

Case Study:  Final program highlighting key elements of the work to be conducted.

Learning Objectives

All delegates completing the course will receive a personalised, dated Risk Reward CPD accredited Certificate in Auditing Information Security Risk in Banks & Financial Institutions.

Delegates will gain specialist world- class audit knowledge, techniques and experience of applying learned concepts through the live, in class development of audit programmes and will be able to audit:

  • The main information risks that are faced by a large financial services firm;
  • The approach taken to managing these risks;
  • The information risk management ad security strategy;
  • Design architectures, systems and processes to implement the potential strategies
  • The key elements of the information security and risk framework

A Tier 1 Global Bank Risk & Internal Audit expert will led group activities and discussion to build the audit approaches and programmes for immediate application in the workplace. Theses include audit programs listed in the What Does It Cover section above.



Social Learning & Methods

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)


NEW Auditing Information Security Risk in Banks & Financial Institutions

Course Fee

Early Bird Discounts of 10%+ available by May 1, 2021

Course Fee (per person):
GBP £3,495.00 (+ UK VAT when applicable)

Number of delegates:

Data Privacy & Update of Contact Details Risk Reward Limited is fully compliant with the Data Protection Act. The information you provide will be safeguarded by Risk Reward Ltd. We do not rent, sell or exchange your details to anyone without your consent. Your details are never given to third parties. If you wish to update your details, please email: with your OLD and NEW details. Please allow 10 days to see the changes take effect. Thank you.

Terms and Conditions: You can cancel at any time. Due to the on-going COVID 19 environment cancellations may be made at any time for either a full refund or a credit towards another event occurring within the following 6 month period. Simply email or telephone the London Client Services team at to advise your preference and we will do our best to accommodate your circumstances. Risk Reward Ltd receives the right to a final decision in the event of a dispute.

All Risk Reward public courses are guaranteed to run although those offered by affiliates are subject to demand
SKU: IA093 Categories: ,

Quick Contact

    Get in touch and see how Risk Reward can help you

    Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.

    Get in touch and see how Risk Reward can help you

    Our London and Miami teams are ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.