Course description
This course intends to teach audit and control aspects of information systems. Students will learn about risks, controls, audit and computer fraud detection techniques related to key information systems areas. Specially developed software will be used to perform audit tests and fraud prevention and detection procedures.
Course learning outcomes
After studying this course you will be able to:
· Explain and apply the concepts and theory underlying IS Auditing;
· Evaluate internal control in an IS environment - emphasising the auditor's role in risk analysis, contingency planning and systems development, etc;
· Explain contemporary IS Auditing practice, considering techniques and methods for auditing computerized information systems;
· Describe and differentiate between contemporary IS auditing techniques;
· Apply the Information Systems Auditing Methodology;
· Appraise the audit significance and implications of:
o Auditing in a Mobile Computing environment
o Auditing in a Cloud Computing environment
o Auditing as a part of project SDLC
o Auditing web servers and applications
o Auditing switches, routers and firewalls, including UNIX and Windows operating systems
o Auditing DRP/BCM and Data Centers
o e-Forensics and ID Fraud,
· Assess the current status of professional and legal requirements; and,
· Discuss current research issues in IS auditing by use of the web to review current research efforts in IS auditing.
Course content
· Overview of Information Systems Auditing, Need for Control and audit of computers, system integrity objectives, system effectiveness and efficiency objectives
· Fundamentals of Information system auditing, effects of computer on internal control, Effects of computer on Auditing.
· Conducting and information System Audit, Audit Risks, Type of Audit Procedures.
· Steps in Audit, Auditing Through Computers
· Top Management controls, Evaluating the Planning and Organizing function.
· Top Management controls, Evaluating the Leading and Controlling Function
· System Development Management Controls, Auditing systems development, Techniques for studying Existing system.
· Evaluating Major Phases in System Development Process
· Programming Management Controls, organizing the programming teams, types of programming teams
· Managing the Programming groups, Techniques for Program Design
· Data Resource Management Controls, Functions of DA and the DBA, Placement of DA and DBA roles.
· Data repository Systems, Control over DA and DBA, Organizational issues, exposures and Measures. Audit Aspects of a DRS
· Security Management Controls., Developing a Security Program, Exposure Analysis, Controls Adjustment, Report Preparation
· Major Security Threats and Remedial Measures, Controls of Last Resort
· Operation Management Controls, Production Management Controls, Capacity Planning and Performance Monitoring, Management of Out Sourced operations
· Quality Assurance Management Controls. QA functions, Organizational Considerations.
· MID
· Application Boundary Controls, Cryptographic Controls, PINs, Digital Signatures, Plastic Cards, Audit Trial Controls
· Audit Software, Functional Capabilities of Audit Software, Using Software to assess operational efficiency, effectiveness, and reliability, Control of Audit Software
· Code Review, Test Data and Code Comparisons
· Concurrent Auditing Techniques, needs and nature of concurrent auditing.
· Implementing Concurrent Auditing Techniques, Strengths and Limitations.
· Interviews Questionnaires and control Flow Charts
· Performance Measurement Tools, types of Performance Measurement
· Presenting Performance Measurement, Kiviat graphs, Performance Measurement vs. Data integrity
· Evaluating Asset Safeguarding and Data Integrity, Determinants of Judgment and Performance.
· Audit Technology to assist the Evaluation Decision, Cost effectiveness considerations
· Evaluating System Effectiveness, Effectiveness evaluation process, Model of Information System Effectiveness.
· Evaluating System and information Quality, ease of use and usefulness. System Satisfaction and organizational Impact
· Evaluating System Efficiency, Key Performance Indicators, performance Indices
· Evaluating System Efficiency, Workload Models, System models, Combining Workload Models and System models.
· Managing the Information System Audit Function planning, Organizing and Staffing
· Managing the Information System Audit Function Leading, Controlling , IS Audit Professionalism, Features of IS Auditing
Course reading Materials
· Davis, Schiller, Wheeler. 2011. IT Auditing: Using Controls to Protect Information Assets, 2nd Edition, McGraw-Hill, ISBN: 0-071-74238-7.
· Richard E. Cascarino. 2007. Auditor's Guide to Information Systems Auditing, John Wiley, ISBN: 0-470-00989-6.
· James A Hall. 2005. Information Systems Auditing and Assurance, Thompson, ISBN: 0-324-19198-7.
· Doug Dayton, Daug Dayton (1997), “ Information Technology Audit Handbook ”, Prentice Hall, ISBN: 0136143148.
· Frederick Gallegos, Sandra Allen-Senft, Daniel P. Manson (1999), “ Information Technology Control and Audit ”, Auerbach Pub, ISBN: 0849399947.