Course Description
This course explores the theories and practices of audit and control of computer-based information systems. Audit and control of information systems is examined from the viewpoint of management, systems professionals, and auditors. The rationale for controls, control theories, and audit practices are emphasized. Students will be exposed to risk assessment and professional standards in the field of information systems auditing.
Intended Learning Outcomes
Upon completion of the course, students are expected to be able to:
1. Explain the concepts and related technology of e-audit;
2. Understand the legal and ethical issues as an e-auditor;
3. Identify the auditor’s objectives in performing an audit of a computer-based information system;
4. Understand the methods auditors use to assess control risk in computer-based information systems;
5. Identify and describe the general and application controls found in computer-based information systems and the methods used to assess risk for these controls;
6. Understand system security controls and the impact of these controls on the overall reliability of computer-based information systems;
7. Apply the knowledge in formulating an audit report and the necessary follow-ups;
8. Apply the analytical skills in identifying the risks and controls on some selective areas and scopes. Selective areas and scopes will be discussed, such as information technology governance; systems and infrastructure lifecycle management; information technology service delivery and support; protection of information assets; business continuity and disaster recovery; and auditing e-commerce systems.