As part of developing the capabilities of oversight bodies and enhancing the effectiveness of digital governance, a technical session titled “IT Audit”<\/strong> was organized and presented by Mr. Abdul Hamid Al-Deeb from the Information Technology Office of the Libyan Audit Bureau.<\/p>\n\n\n\n The session aimed to highlight the fundamental concepts of IT auditing, demonstrate its importance in ensuring operational efficiency and protecting digital infrastructure, and review the methodologies used in executing such audits. Additionally, it covered the international and local standards upon which the audit process is based, as well as the approved technical and organizational controls.<\/p>\n\n\n\n The session began with a historical overview of IT auditing in Libya. The lecturer explained that this specialization began to take institutional form in 2012 through an initiative launched by the IDI (INTOSAI Development Initiative)<\/strong>, an international organization dedicated to developing the capacities of supreme audit institutions across Africa, Asia, and Europe. This initiative contributed to building a deeper understanding of technical auditing and fostering the exchange of expertise between nations.<\/p>\n\n\n\n Mr. Abdul Hamid emphasized that IT auditing is not merely an assessment of the presence of hardware or operating systems; rather, it is a comprehensive process involving a meticulous examination of an entity\u2019s digital infrastructure and an analysis of evidence and data related to technical performance. The goal is to verify system effectiveness, ensure information security, and promote compliance with approved standards. He further stressed that this audit serves as a pivotal tool in enhancing transparency, mitigating risks, and ensuring the continuous and efficient delivery of public services.<\/p>\n\n\n\n The session clarified that IT auditing aims to ensure Information Security<\/strong>, based on three core principles known in the field as the CIA Triad<\/strong>:<\/p>\n\n\n\n The lecturer noted that as public entities rely on various technical systems for daily operations, it is essential to examine these systems for compliance with security standards and analyze the entity’s level of dependence on them.<\/p>\n\n\n\n The session classified the assets evaluated during the audit process into four main categories:<\/p>\n\n\n\n The audit covers the entire institutional context, including cybersecurity culture, operational procedures, and emergency response plans.<\/p>\n\n\n\n The methodology follows a structured technical path:<\/p>\n\n\n\n The lecturer confirmed that the Libyan Audit Bureau relies on recognized international standards, most notably:<\/p>\n\n\n\n Controls are categorized into two main types:<\/p>\n\n\n\n Mr. Abdul Hamid Al-Deeb concluded that IT auditing has become an indispensable element of good governance and the protection of public funds. The effectiveness of this role depends on building qualified cadres and following precise methodologies based on international standards.<\/p>\n\n\n\n Key Recommendations:<\/strong><\/p>\n\n\n\nWorkshop Pillars<\/h3>\n\n\n\n
Pillar I: The Concept of IT Audit<\/h4>\n\n\n\n
\n
Pillar II: Categories of Audited Assets<\/h4>\n\n\n\n
\n
Pillar III: Audit Execution Methodology<\/h4>\n\n\n\n
\n
\n
Pillar IV: Approved Audit Standards<\/h4>\n\n\n\n
\n
Pillar V: Types of Audit Controls<\/h4>\n\n\n\n
\n
\n
Conclusion and Recommendations<\/h3>\n\n\n\n
\n