IT Risk/Audit Transformation

How to stay relevant as an IT Risk/Audit Transformation professional in an agile and DevOps setting?

Assurance functions like IT risk management and IT audit face a huge challenge to provide assurance on new IT risks, increasing IT automation and renewed IT operating models. As the conventional IT controls are replaced by high-level IT automation, assurance functions are required to re-design their IT risk management and IT control frameworks to remain relevant. This requires new knowledge and skills to assess the risks. This training helps you to require the necessary skills and insights.

"Conventional IT risk and control frameworks are not ‘fit for purpose’ anymore”.

Seda Foppen, Director IT Risk and Regulations, PwC

About this course

This course includes

Successful firms of the future will likely be those that can adapt quickly, move fast, learn rapidly and embrace dynamic customer demands. IT functions of these firms respond to the business expectation of agility by eg implementing agile software development methodologies and changing their working style to DevOps, for example. To help you remain relevant and cope with the challenges, these will be learning goals of this training:

  • Understand new concepts such as Agile, DevOps, Continuous Integration/Continuous Delivery pipelines, automated infra delivery ecosystem, Cloud
  • Understand the skillset/capabilities required for assurance professionals to develop for the future
  • Recognize the potential adjustments required to IT risk and control frameworks in order to accommodate the implementation of DevOps and agile way of working
  • Be motivated to learn the capabilities required for IT risk agility and apply them into the daily practice


View more

Target audience

This training is for:

  • IT risk and/or IT security professionals
  • IT auditors
  • Software engineers who would like to build IT risk management skills and/or demonstrate that the IT risks are managed effectively


View more


Seda Foppen is a director with 17 years of experience in IT risk governance, IT regulations & compliance, IT internal control frameworks and transformation of the assurance functions (in particular IT risk & IT audit). “PwC plays an important role as an external auditor and advisor in IT audit space in how we look at IT controls automation and compliance vs digital IT transformation, important influencial party.”

Sander Landzaat is a senior manager with more than 10 years of experience focusing on IT risk transformation and on how to audit DevOps environments. Sander is a member of the NOREA working committee of software development.

View more


  • Training will be given in spring 2020. Date will be announced soon. 

Both sessions include lunch.


The classroom trainings will take place at the PwC Office in Utrecht.


The costs are 1250 euro, exempt from VAT, including the preparation and the two classroom trainings. Also included are the training materials, lunch for both sessions, and drinks.


The training consists of several components: self study to update your basic knowledge on the relevant topics, and one and a half day classroom sessions to translate the topics to the situation and road ahead for your organization.

We will take you through the following topics:

Key principles for adopting agile and DevOps way of working
The impact of agile and DevOps on the IT risk control frameworks
The impact of IT agility on assurance functions (three lines of defense model)
Key capabilities required for IT functions in their agile/DevOps transformation
Key capabilities of agile assurance functions of the future (IT risk/IT audit)
Principles and control objectives for ‘DevOps in control’ framework
Presentation of a demo CI/CD pipeline and automation of software testing

PE hours Accountants

The training courses of the Academy meet the requirements for Permanent Education of the NBA. By completing this training, accountants (AA and RA) receive 9 PE hours. The certificate of attendance will be provided within 4 weeks after the last training session.

PE points RC’s

By completing this training, registered controllers receive 9 PE points. The certificate of attendance will be provided within 4 weeks after the last training session.



When you register we will send you a confirmation with additional information about the training session. Please note that the number of available places is limited. We therefore advise you to apply as soon as possible. If later you are unable to attend, a colleague can take your place. If this is the case, please inform us by sending an e-mail to



PwC's Academy

Onderdeel van/Part of, PwC Netherlands

Tel: +31 (0)88 792 86 70

Volg ons