Auditing ERPs, Applications & IT Infrastructure

About Grande Afrique Consulting

Grande Afrique Consulting (GA) (, is a regional Management Consulting firm based in Nairobi. At GA we provide a wide range of services including the globally recognized Audit Management Software Solutions i.e. Robotics professional, Robotics Enterprise and HighBond by Galvanize.

Our consulting services include IT Audits, Data Management & Data Analysis Consulting services, Training Services for various Business Courses, Internal Audits, Fraud Investigations, Business
Process re-engineering, and other management consulting services in this region.

Business case for a training on Auditing ERPs, Applications and IT Infrastructure

Most of the modern-day organizations in private and public sector have automated their operations significantly through the installation of Simple to Highly Complex Business Systems, ERPs, Databases, and General ICT Infrastructure.

This automation has also transformed the way auditors’ function. Auditors can no longer claim to give assurance on achievement of business objectives if they cannot give such assurance in Business Systems and Infrastructure.

In response, Auditors and Business Managers have changed the way they perform their functions to respond to serious challenges which must be addressed. These challenges include: –

  1. Big and Complex Databases built from Electronic Processing of millions of transactions daily making it impossible to audit manually or even with spreadsheets;
  2. Fraudulent and Irregular transactions being completed faster and repeatedly without detection taking advantage of technology;
  3. Cybercrimes including hacking leading to loss of assets, loss of data, damaged reputation, loss of business and job losses especially where customer, employee or even suppliers or trading data is stolen and abused;
  4. Non-adherence to Compliance and Regulatory requirements due to slow processing of the necessary data.
  5. Delayed Risk Response measures due to delayed detection of controls violation or entry of new risks that are driven by technology.
  6. Very expensive and slow traditional style manual audit approaches that may not be in touch with the heavily automated business processes in an organization;
  7. Challenges of Auditing multiple and disparate business systems
  8. Inaccurate Financial and Management reports since neither the auditor nor management can give assurance on the numbers with manual testing.
  9. Multiple Systems running in multiple locations in different environments have made it more difficult to audit.

Completeness, Accuracy, Validity and Independence are only possible through ERPs, Applications and IT Infrastructure Audits

The main challenges facing Internal and External Auditors in ICT include: –

  1. Validity and Integrity– Auditors are not Comfortable that the systems generating the reports that they are auditing are valid
  2. Independence – Lack of expertise to audit business systems and technical IT resources have made auditors heavily reliant on IT professionals whom they are supposed to be auditing as
    well. This creates Independent issues for the auditor.
  3. Accuracy – Auditors cannot give assurance on the accuracy of systems reports when they haven’t audited the systems generating them.
  4. Completeness – Lack of understanding of a business system means an auditor cannot give assurance on the completeness of the data
  5. Confidentiality – Without an IT audit, it is not possible to ensure security of data security for any organization.

ERPs, Applications and IT Infrastructure Audits are therefore no longer optional but mandatory.


This three – day course is designed for Financial, Operational, Business, and IT auditors who need to update their technical and operational knowledge to audit information technologies and
business application systems.

The course focuses on a Risk – Based approach to Auditing ERPs, Applications and IT Infrastructure no matter the system generating them as well as help you to master techniques you can apply to all types of applications whether real-time, batch or on-line. You will learn:

  1. Key risks facing the ICT and related business processes
  2. How to Audit various IT areas e.g. Operating Systems, Database Management Systems, and networks
  3. Auditing various Business Systems/ERPs and Applications
  4. Software acquisition and Selection – Processes, Risks and Controls
  5. ICT Security risks and controls
  6. Benefits realization and Post Implementation reviews

You will leave this course confident on handling the basics of information technology as they apply to IT risks, audit, information security, and business application systems.

Detailed Training Course Content

In the 3 days training, the below subject topics shall be discussed.

  1. Introduction to Auditing ERPs, Applications and IT Infrastructure Concepts and Basic Principles
  2. Planning for a Corporate ERP, Applications and IT infrastructure Audit
  3. ICT Audit Standards and Frameworks
  4. Understanding the IT Infrastructure
  5. Understanding and Auditing Network Technology and Controls
  6. Audit objectives, risks and controls
  7. Auditing General Computer and Application and Application Controls
  8. Auditing Database Technology and Controls
  9. Auditing Infrastructure General Controls
  10. Auditing Business Application Transactions
  11. Risk Based ICT Audit Planning
  12. Auditing of Application Controls in Business Systems
  13. Computer Assisted Audit Techniques (CAATs)
  14. Documenting Application Controls
  15. End-User Computing

Dates & Times

Classes start on the date(s) posted herein, and run from 9:00am to 4:00pm daily, except for the last day of class, which ends at 3pm.

Who Should Participate?

Heads of Audit, IT Managers, IT Auditors, Internal Auditors, External Auditors, Risk Management Practitioners, Fraud Investigators, Data Analysts, IT directors, Business Analysts, IT practitioners, Performance Monitoring Teams, Investigators, Compliance staff and various Business Operations Professionals



Course Methods

This is a group-live, instructor-led course in a classroom setting. The class size supports individual attention and development.

What to Bring for the Course

Participants should bring a laptop running on Windows Operating System and that can connect to Wi-Fi

Our Training Team

We have put together a team of trainers who are subject matter experts in their areas of specialization including: –

  1. Qualified, Certified and Experienced ICT practitioners
  2. Qualified and Experienced Internal and External ICT Audit Professionals

CPE Hours

Attendants will be issued with certificates that entitle them to CPE hours

Training fee & Mode of Payment

Training fee is Kshs 50,000 per participant (inclusive of all taxes) and will cover the following: –

  • Facilitation fees
  • Trainers costs
  • Morning teas
  • Lunches
  • Afternoon teas
  • Certificates

Training fee must be paid in CASH at least 5 days before the training date for planning purposes. Confirmations are on a FIRST COME FIRST SERVED BASIS.

Deposit or transfer the training fee to our Bank Account details below: –

Bank Name: NCBA

Branch: Thika Road Mall (TRM)

Account name: Grande Afrique Consulting Limited

Account number: 8105620011

Booking Contacts

For reservations and clarifications contact :-


Oct 28 2020 - Oct 30 2020


All Day




Voyager Beach Resort
Mombasa, Kenya
Grande Afrique Consulting


Grande Afrique Consulting
+254 20 2627284 / 255
[email protected]
QR Code