Universitas Andalas
Faculty of Economics
Audit Sistem Berbasis Komputer
(Information System Auditing)
Lecturer : Amsal Djunid
URL: http://amsaldjunid.orgfree.com
Email: amsaldjunid(@,yahoo.com
Phone: 0811665118
Course Description
Course material provides prospective auditors with the skills required to examine a company's hardware, software, and data organization and processing methods to ensure quality control and security and surveys the tools necessary to implement an effective IS audit. Included are specific procedures and illustrative case studies useful for auditors and information security professionals, as well as a survey of the tools required for audits involving outsourced systems, large mainframes or stand-alone desktops. It covers physical, logical, and environmental security; security certifications; computer forensics; e-commerce and Internet security including encryption and cryptography; information privacy laws and regulations; and project management controls. It surveys the latest types of security certifications as well as presenting the nature and importance of physical security controls, adequate insurance, and digital surveillance systems.
Bibliography
Weber, R. Information Systems Control and Audit, Prentice Hall, 1999 (Compulsory)
Champlain, Auditing Information Systems (2nd ed.), Wiley, 2003
Cobit 4.1 (2007) IT Governance Institute.. www.itgi.org
(C)
Time Table : Mon 10.15-12.15
Venue: R3.2
No |
Topic |
Sub Topics |
References/Notes |
Home Work |
1 |
Introducing the unit |
§ Syllabus § Literature review |
|
|
2 |
Introduction – Overview of Information Systems Auditing |
§ Control and computer systems § Computer auditing § IS Auditing scoop |
W ch.1 |
Reading notes |
3 |
Conducting an Information Systems Audit |
§ Control and risk § Audit risk § Audit steps and procedures § IS auditing techniques |
W ch.2 |
Reading notes |
4. |
Introduction to Database and DBMS |
§ |
|
Paper preparation |
5. |
Starting Literature Review Writing |
§ Plan the paper contents § Writing Introduction |
|
Bring your references |
6. |
IS Development Auditing |
§ System Development Approaches § the process for procuring and developing systems, the development controls and explains how the latter mitigate risk § Compares different types of development, including incremental, prototyping and rapid application development § Identifies the main types of systems documentation and explains what they evidence § assess the effectiveness of system design and explains the role of quality assurance § outsource facilities and identifies the risks and mitigating controls § Identifies the main types of outsourcing, including bureau, application service provision, facilities management, maintenance § Identifies the use of service level agreements and methods of service measurement § Identifies the main stages of systems implementation, including system configuration, data migration and interfaces to legacy systems, and identify the risks and mitigating controls § Compares different types of post project and development process reviews, including post-implementation reviews and learning from experience |
W ch.4 |
Reading notes |
7 |
Database Management Control |
§ DA and DBA |
W ch. 6 |
Reading notes |
8 Mid Term Test |
||||
9 |
Security and Operation Management control |
§ Security program § security treat § Computer Operation and net work § Outsourcing control |
W ch. 7 & 8 |
Reading notes |
10/11 |
The Application Control |
§ Physical
and environmental controls |
W ch.10/11/12/13/14/15 |
Reading notes |
12 |
Evidence collection: Audit software |
§ Generalized Audit Software § High level language § Specific Audit Software § Industry specialize audit software § Utility software |
W ch.16 |
Reading notes |
13 |
Evidence collection: Systems testing |
§ Test data § Code Review § Code Comparison |
W ch.17 |
Reading notes |
14 |
Evidence collection: Concurrent Auditing Techniques |
n Audit automation n Integrated Test facility n SCRAF |
W ch. 18 |
Reading notes |
15 |
assignment discussion |
§ Test data § Data extraction § Audit documentation § Audit conclusion § Audit recommendation |
assignment |
|
16 |
Final Exam |
§ All material, include assignment |
Computer Assignment due |
|
There will be one 2 hour lecture per week.
Individual structured computer assignment
Library research and Literature review article writing
Learning Outcomes
After passing this course the student should be able to:
· appreciate the relationship between risk and control as applied to the use of
computers
· understand the role of the auditor in relation to information systems
· understand the use of information systems audit techniques
· appreciate how the computer can assist the audit process.
Assessment
This subject will be assessed by:
1. Home work 10%
2. Midterm examination up to 20%
3. Final examination up to 50%
4. Assignment (case study in audit of Andalas Credit Union) 20%
5. Term paper on IS Audit 20%
Literature Review Article Writing Assignment due on week 11
You are required to write an literature review article based on only 4(four) authoritative references from journal articles/book chapters. (Reference from individual web block is not allowed), choose the topic based on the lecturing material. Your have to get approval for your topic by showing your references on week 4. There are one class meeting on week 5 for planing and starting this paper writing. The paper length is 1000-1500 words only. Use APA reference style for citation.