Universitas Andalas

Faculty of Economics

Undergraduate Accounting Study Program

Information Systems Auditing

Lecturer:                               

URL    : http://amsaldjunid.orgfree.com

Email   : amsaldjunid@yahoo.com

Phone  : 0811665118

 

GRADUATES' PROFILE

 

Having a strong analytical skills and able to exercise professional judgment in accounting and related fields by taking into account sustainability and ethic in decision making as well as committed to life-long learning

 

GRADUATES’ EXPECTED LEARNING OUTCOMES  

 

Knowledge Proficiency

1. Having knowledge and skills in accounting, finance, assurance & taxation

2. Having knowledge and skills in governance, risk & compliance (GRC)

Work Skill Capability

3. Able to apply knowledge and skills in accounting, finance, assurance & taxation

4. Able to apply knowledge and skills in governance, risk & compliance (GRC)

5. Able to utilize information systems and technology

Managerial Competency

6. Able to exercise professional judgment

7. Able to work in a team

8. Having a good communication skill both oral and written

Value and Attitude

9. Having strong character, attitude and integrity (religious, nationalist, ethically and moral responsible, socially responsible, self-confidence, and independent)

10.    Able to adapt current and future issues in accounting, finance, assurance, and taxation

 

COURSE DESCRIPTION

Course material provides prospective auditors with the skills required to examine a company's hardware, software, and data organization and processing methods to ensure quality control and security and surveys the tools necessary to implement an effective IS audit. Included are specific procedures and illustrative case studies useful for auditors and information security professionals, as well as a survey of the tools required for audits involving outsourced systems, large mainframes or stand-alone desktops. It covers physical, logical, and environmental security; security certifications; computer forensics; e-commerce and Internet security including encryption and cryptography; information privacy laws and regulations; and project management controls. It surveys the latest types of security certifications as well as presenting the nature and importance of physical security controls, adequate insurance, and digital surveillance systems.

After passing this course the student should have the following competences:

 

1.        able to appreciate the relationship between risk and control as applied to the use of computers

2.        able to appreciate the role of the auditor in relation to information systems

3.        able to apply appropriate of information systems audit method and techniques

4.        able to appreciate how the computer can assist the audit process.

5.        able to  work in a team

6.        having a good communication skill both oral and written

7.        having strong character, attitude and integrity

8.        able to adapt to future issues in information system control and audit

BIBLIOGRAPHY

Weber, R. Information Systems Control and Audit, Prentice Hall, 1999 (Compulsory)

Champlain, Auditing Information Systems (2nd ed.), Wiley, 2003

Cobit 4.1 (2007) IT Governance Institute www.itgi.org (C)

ICA India, Information Systems Control and Audit tap to download.

Time Table/Venue:      Tue 13.30-15.00/B 1.5

 COURSE OUTLINE

Week

Topic

Sub Topics

References/ Notes

Home Work

1

Introducing the course

§   

Syllabus

 

2

Relational database

§  Types of database

§  Characteristics of relational database

§  Illustration

 

Reading Notes

simpleproject

 

3

Introduction – Overview of Information Systems Auditing

§  Control and computer systems

§  Computer auditing

§  IS Auditing scope

W ch.1

Reading Notes

 

4

Conducting an Information Systems Audit

§  Control and risk

§  Audit risk

§  Audit steps and procedures

§  IS auditing techniques

W ch.2

Reading Notes

5

Top  Management Control

§  organization benefits from effective project management and how it realizes the benefits of business process change

§  Summarizes the risks associated with information systems projects and identifies mitigating controls

§  project methodologies, milestones and decision points 

§  Identifies the requisite information required by project stakeholders at each decision point.

W ch.3

List of your LR references

Reading Notes

6

IS Development Auditing

§  System Development Approaches

§  the process for procuring and developing systems, the development controls and explains how the latter mitigate risk

§  Compares different types of development, including incremental, prototyping and rapid application development

§  Identifies the main types of systems documentation and explains what they evidence

§  assess the effectiveness of system design and explains the role of quality assurance

§  outsource facilities and identifies the risks and mitigating controls

§  Identifies the main types of outsourcing, including bureau, application service provision, facilities management, maintenance

§  Identifies the use of service level agreements and methods of service measurement

§  Identifies the main stages of systems implementation, including system configuration, data migration and interfaces to legacy systems, and identify the risks and mitigating controls

§  Compares different types of post project and development process reviews, including post-implementation reviews and learning from experience

W ch.4

Reading Notes

7.

Programming & Database Management Control

§  Programming control

§  Programming team control

§  DA and  DBA

W ch.5 & 6

Reading Notes

 

 

§   

 

 

8.

Midterm Test

§   

 

 

 

 

§   

 

 

9

Literature Review Writing

§  First evaluation

 

Submit your draft paper

10

Security and Operation Management control

§  Security program

§  security treat

§  Computer Operation  and net work

§  Outsourcing control

W ch.7 & 8

Reading Notes

 

11, 12

 

 

 

 

 

 

The Application Control

§ Physical and environmental controls
• business continuity planning and disaster recovery
• network controls
• system software controls
• database controls
• application controls
• Internet and e-commerce controls
• installation and operational controls
• change controls
• access controls
• encryption, authentication and non-repudiation
• personnel controls
• end-user controls
• software licensing controls.

W ch.10/11/12

13/14/15

Reading Notes

 

13

Evidence collection: Audit software

§  Generalized Audit Software

§  High level language

§  Specific Audit Software

§  Industry specialize audit software

§  Utility software

W ch.16

Reading Notes

14

Evidence collection: Test data, Integrated Test Facility, and SCARF

§ Test data

§  systems testing

§  audit automation

§  Integrated Test Facility

§ SCARF

W ch.17 & 18

Reading Notes

15

assignment discussion

§  Test data

§  Data extraction

§  Audit documentation

§  Audit conclusion

§  Audit recommendation

 

Bring your own lab top.

 

 

 

Revision

§   

 

 

 

Final Exam

§  All material include assignment

 

Computer Assignment due

 

LEARNING AND TEACHING

There will be one 2 hour lecture per week.

Individual structured computer assignment

Library research and Literature review article writing

 

ASSESSMENT

This subject will be assessed by:

1.      Homework 10%

2.      Midterm examination up to 20%

3.      Final examination  30 to 50%

4.      Assignment (case study  in audit of Andalas Credit Union) 15%

5.      Term paper on IS Audit 15%

6.      Participation 10%

LITERATURE REVIEW ARTICLE WRITING ASSIGNMENT DUE ON WEEK 9

You are required to write a literature review article based on only 4(four) authoritative references from journal articles/book chapters. (Reference from individual web block is not allowed), choose the topic based on the lecturing material. You have to get approval for your topic by showing your references on week 4.  The paper length is 1000-1500 words only. Use APA reference style for citation.

Free Web Hosting