Featured courses

This courses provides the fundamentals, covers the data analytic phases of importing data, preparing data, analyzing data and reporting results. It also covers basic scripting showing how to automate analytic routines with ACL Analytics.
View course details
ACL Galvanized Diligent Scripting (CPE 8 - Enterprise Only)
View course details
This course focuses on key building blocks of modern IT audit, physical and logical security, including identity and access management, the threats to web-based e-commerce, best practices and standards for auditing servers.
View course details
This course covers continuous development, testing, deployment, monitoring, feedback, vulnerability scanning and auditing of DevOps. This is a continuous process, so the focus is on where to find the risks in a dynamic environment.
View course details
This course covers the common architecture of cloud computing and examines the security and controls of SaaS, PaaS, and IaaS. It also covers the deficiencies that exist in cloud-based services and how Security-as-a-Service can be helpful.
View course details
This course covers Agile and Scrum methodologies, expectations, business models, and focuses on what auditors and developers must review and manage to facilitate rapid application systems development and project success.
View course details
This course looks systematically at how to best implement controls within asset management to drive down risk, and considers the approach that internal auditors should adopt when conducting such an assignment.
View course details

When given a project to audit, the task may seem daunting and impossible. Many will not know where to start. Through this course, students will understand the importance of auditing capital projects and will learn tips and tricks to determine the project's risks and risk mitigation techniques. The course will be a general overview and will enable an auditor to develop an audit workflow, prioritize tasks, and understand how all the pieces of the projects fit into one another. Students will be able to have a more intelligent conversation with the project management staff, as some common terms will be defined in the course. Students will also be able to develop effective audit strategies. There are many complexities in understanding the payment process that may affect the findings discovered during the audit. Students will be walked through the chaos to better understand issues and document the correct findings amount. This course will also review some of the most common myths and misconceptions about having a contract and auditing it. Being able to understand contracts and contract risks will be discussed so that students can more effectively understand what the wording means and how a simple word can change the entire intention. Consequently, students will learn what the correct word choice should be and why the contract may not be as strong as they first imagined. Lastly, students will understand what is typically found during an audit and why the audit is important. They can bring this knowledge back to the audit committee or senior management to become a champion that will encourage further audits and to better protect the organization.

View course details

This course provides internal auditors with a foundation for approaching an audit of company culture. Learners will be exposed to key drivers and frameworks that can help establish guidelines and parameters around the somewhat nebulous topic of culture. This course will prepare internal auditors for performing an audit of culture by first exposing them to ways in which an organization can be assessed. 


We will review how attitudes towards risk, organizational strategies and values, structure, communication styles, and decision-making processes all factor into assessing organizational stances of culture. We will also explore considerations that auditors should be aware of when preparing to perform an audit of culture. Learners will leave this course with a better understanding of how to factor these considerations into their audit work and execute their audit engagement. Finally, this course will illustrate how to best perform an audit of culture and share the audit report with key stakeholders to yield improved outcomes for employees and organizational leaders.

View course details
This course focuses on how in-charge auditors lead audits. You will review audit program development and changes, risk assessments, setting priorities, delegation, managing staff performance, reviewing workpapers and stakeholder management.
View course details

This course will start with an overview of the Enterprise Risk Management process and all the underlying elements of Enterprise Risk Management, including a discussion on risk appetite, governance, and roles & responsibilities. The course will provide more details into the attributes that make an Enterprise Risk Management process effective, such as addressing black swans, using risk-driven metrics, and linking Enterprise Risk Management with the organization’s strategy. Most of the course will involve methods for auditing the Enterprise Risk Management process by assessing the Enterprise Risk Management process according to the COSO framework, comprising five components and twenty principles.   


The five components include: 1) Governance & Culture, 2) Strategy & Objective Setting, 3) Performance, and 4) Review & Revision. The objective of the assessment procedures is to determine if the organization’s ERM process exhibits these twenty principles.  


There will also be a discussion to address another risk management framework, ISO 31000. A summary of key highlights of ISO 31000 will be covered; we will also compare the commonalities and differences between the ISO risk management framework and the COSO risk management framework. 


The course will end with a discussion on Enterprise Risk Management reporting to various stakeholders.  


The course will be delivered with practical application of concepts using actual examples, case studies, and exercises. 

View course details
This course provides the key skills required to conduct reviews of retail and corporate banking, private banking, and similar financial institutions. It focuses on the design of suitable internal audit programs for such assignments.
View course details
This course focuses on ways to ensure that the time spent on your audits is used effectively and efficiently to achieve optimal results. It addresses how to deliver a timely and successful audit outcome and the reasons many audits fail.
View course details
This course provides a comprehensive review of the COBIT framework, and its IT governance, management, control, and audit elements. It covers how to use this framework to evaluate the effectiveness of IT activities.
View course details
Students explore cybersecurity scenarios designed to reinforce the knowledge of effective control design, execution, risk warning signs and investigative techniques. Students also learn how to implement and assess controls effectively.
View course details
This course covers new regulations, IT security threats and other challenges audit management should know about. It brings students up to date on a wide range of technologies so they can provide assurance that IT risks are being addressed.
View course details

This course provides an Executive and high-level Management overview of the essential Data Management disciplines.  Taught by an industry recognized DAMA DMBoK(2.0) author and CDMP(Fellow) this course provides a foundation of the drivers and challenges for Data Management, the 11 different disciplines in the Data field, and an explanation of the 5 most important disciplines. 

By attending the course, delegates will get a firm understanding of the core Information Management concepts and challenges, and thereby help to understand the disciplines that an organizations’ Information Management function should seek to address.

View course details
This course covers the critical aspects of data mining that auditors should know, what data to use, how to incorporate data mining into audit methodology, how to assess critical business functions and essential analytical procedures
View course details
This course reviews audit planning best practices so the work focuses on the right areas, like how to develop a business-focused, objective-based plan that will zero in on business issues and maximize the value of expended audit resources.
View course details
More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure.                                                                                    In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.
View course details

There is a need for public companies to provide investors and consumers with information on organizational operations as it pertains to sustainability initiatives that companies use to drive financial performance. These sustainability initiatives are summarized around three key factors — environmental impact, social responsibility, and good corporate governance. 


This course will provide business professionals with a historical background on how these Environmental, Social, and Governance (ESG) factors evolved and how they play an important part in a company's current financial reporting and corporate disclosures. We will look at the current landscape of recommended ESG reporting standards outlined by various organizations and how you can leverage them to create your own set of policies and controls for ESC reporting and disclosures. Finally, we will also look at ESG from an investor's and consumer's perspective and give an overview of how companies are positioning their ESG reporting in alignment with their investments, interests, and values.

View course details
An effective audit team works together cohesively and towards the same end goal. This course will show you how to build teamwork, communicate effectively, deal with difficult people, enable change and work effectively with others.
View course details

An IT auditor with the skills, knowledge and competencies to help organizations navigate through the complex environment of IT risks has never been in higher demand.  Every organization in every industry has become aware of the importance of proactively identifying then evaluating and monitoring IT risks.  This course is designed to help reinforce and enhance the principles of assessing IT risks.  The leaner will emerge with the ability to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things; add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance.  The learner will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization.  The learner will be engaged through case studies of real-life examples and scenarios.  The learner will emerge with a wealth of resources, templates and guides which can be adapted to and incorporated into any industry.  The course is designed for an IT auditor who has perhaps been in the field for 1-2 years and is looking to increase his/her skills and competencies to move into a more seasoned position of leadership in IT auditing.

View course details

This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.  

View course details
This course teaches how to use data analytics to identify fraudulent activity. It combines fraud risk assessment and the use of data analytics to assist the auditor in responding to the risk of fraud within their audits.
View course details