Home > Professional Development Courses >


Accounts/Business/HRM | Communication Skills | Education | Engineering | IT & Information Studies | Personal Development



Cloud Computing - What IT Auditors Needs to Know (SFC)(SF Series) 


Cloud computing has emerged as one of the most significant information technology developments over the past decade. As a new framework for the way IT solutions are designed, sourced and used for services delivery, it offers organisations new and flexible ways to manage IT costs, scale IT operations and streamline related processes. However, with the new IT developments, new risks will emerge. This course will help you understand the risk implications of moving to the cloud, as well as strategies for managing those risks. 


Understand the fundamentals and impact of Cloud Computing
Describe the different types of Cloud Computing architectures
Describe the different services that Cloud Computing provides
Describe some of the challenges to adopting a cloud architecture
Identify the top security threats to cloud computing
Understand how the risks associated with Cloud Computing vary from the traditional application service provider model
Develop an audit plan based on the different services of Cloud Services
Learn about auditing standard based on ISO27001 & ISO27018
Learn to utilise the myriad of tool/s to map out the risks and develop a comprehensive audit strategy


Day 1
What is Cloud Computing?
Adoption of cloud
- Current landscape
- New business models
- Key business drivers
Cloud computing architectures
Cloud computing service delivery models
Key attributes of Cloud Computing
Top Cloud considerations & challenges
Review of the Cloud risk map
- Addressing risks in security & privacy
- Data management
- Governance & compliance
- Operations
- General business

Day 2
Background to Information Security Management System (ISMS)
ISO27001: Structure, Auditing Areas, Terms and Definitions
Auditor Competence, Responsibilities and Characteristics
Audit Evidence Triangle
Types of Audit
Audit Activities
Creating an Audit Plan
Creating an Audit Checklist
Audit Questioning Techniques
Conducting the opening Meeting
Prepare, Approve and Distribute
Conducting Audit follow-up Activities

Day 3
Nonconformities and Writing Nonconformities
Creating the Audit Report: Prepare, Approve and Distribute
Conducting Audit follow-up Activities
Case Study Deep dive into Cloud technology (security & privacy)
- Utilise Cloud risk map
- Identify risks
- Define scope
Develop an audit plan based on identified Cloud risks
Scenario based activity Bring a fictional enterprise securely into the cloud  


Ho, Kenneth

Mr. Kenneth Ho is a seasoned consultant with extensive knowledge in information risk management, information security and information system audit. He is a certified ISO 27001 Lead Auditor, CRISC, CISSP, CCSK and CISA.

He has 20 years of experience in security assessment, design, implementation and management consultancy in the above domains, and has worked in a number of industries, including the health, airline, electronics, manufacturing, finance and telecommunication.

His professional expertise ranges from Information Security and Compliance Officer to Security Consultant. His direct technology experience spans enterprise architecture, telecommunications networks, network management systems, business continuity, and security operations process.

Kenneth holds a Bachelor of Applied Science in Computer Technology Degree and a Postgraduate Certificate in Network Engineering from Nanyang Technological University.

Who Should Attend

IT Internal Audit Practitioners
IT Managers
IT Professionals

Fee with SkillsFuture Series subsidy: S$314.58(inclusive of GST). *conditions apply

To be eligible for SF Series subsidy, participants:
- must be Singaporeans or Permanent Residents of Singapore
* Participants who do not fulfill the above criteria are not eligible for SF Series funding, and are required to pay the course fee in full.

Course supported for the new Union Training Assistance Programme (UTAP) funding

Union members may enjoy up to $250 unfunded course fee support when you sign up for courses supported under UTAP. Conditions apply. Visit www.ntuc.org.sg for more information.  



1 to 3 April 2019 


9:00am to 5:00pm 


NTU@one-north campus, Executive Centre 

Closing Date:

18 March 2019 

Course Fee:

Standard: S$1048.60  

NTU/NIE Alumni, Staff & Students: S$838.88  

Group (3 & Above): S$943.73

NTUC Member: S$943.73


Registration fees inclusive of:

  • Course materials

  • Light refreshments

  • Complimentary Lunch - applicable at NTU@one-north campus only

  • Prevailing GST

Online Registration

>> CLICK HERE to Register Online


Methods of Payment

1. Credit Card (Visa, American Express and Mastercard only)

2. Cheque made payable to Nanyang Technological University

3. Invoice to Company (for Company Sponsored Participants)

4. E-invoice (for Government Organizations)

5. Telegraphic Transfer or Bank Draft (Note: All related charges are to be borne by participant)

Cancellation & Refund Policy

A written notification to pace@ntu.edu.sg or fax to

6774 2911 before course closing date.

No cancellation charges (Full refund)



A written notification on or after course closing date.

No Refund

SkillsFuture Credit (if applicable):
- Participant to cancel their claim with WDA
- PaCE@NTU reserves the rights to collect the full fee amount from the participant

Replacement Policy

Given a 3 days notice before course commencement, companies may replace participants who have signed up for the course. Terms and conditions apply.


There is no replacement for participant utilising SkillsFuture Credit. Participant to cancel their SkillsFuture Credit claim with WDA.

Terms and Conditions

• Course is subject to a minimum participation before commencement
• Course is subject to a first-come-first-serve basis in light of overwhelming responses
• PaCE@NTU reserves the right to change or cancel any course or trainer, in light of unforeseen circumstances
• All details are correct at time of dissemination

Privacy Clauses

At PaCE@NTU, participants’ personal information is collected, used and disclosed for the following purposes:
  1. To process your application.
  2. For course administration and billing.
  3. To enable the trainers to know the background of the course participants.
  4. To submit to governmental authorities for funding verification, administration and survey conducted by them (only applicable to funded courses).
  5. To submit to NTU Alumni Affairs Office, NTUC and other relevant organisations for course discount verification (if applicable).
  6. To issue certificate to the course participants.
  7. For marketing of courses to participants via E-newsletter.
  8. To understand and study the profile of its course participants for NTU’s policy making and planning.
  9. To deal with any matter related to the course.
Full Data Protection and Privacy Statement : CLICK HERE  



Accounts/Business/HRM | Communication Skills | Education | Engineering | IT & Information Studies | Personal Development



© Nanyang Technological University - Centre for Continuing Education

Copyright | Disclaimer | Privacy Statement

Reg. No. 200604393R