ACG 6457 Accounting Systems Audit, Control & Security All sections (3 credit hours) COURSE SYLLABUS Last Updated: 2/15/2023 Instructor: Kristina Demek, PhD, CFE Semester: Spring 2023 Class Meeting Day / Time / Location: Online Virtual Discussion Hours: Thursday 6:30 – 7:30 (optional, via MS Teams) Virtual Office Hours: MS Teams (available Tues 5:30 – 6:30 or Thurs 7:30 – 8:30, by appointment) Email: see Section XVII I. Welcome! This is an exciting time to be working in IT Audit, and at the intersection of business and technology. This course gives you a foundation in the terminology and skills necessary to ‘bridge the gap’ between business and IT to add value to any organization. Additionally, you will get a head start to sit for the Certified Information Systems Auditor (CISA) exam. II. University Course Description ACG 6457 provides an in-depth study of contemporary systems control security from an audit perspective. Course topics will include IS audit standards, contemporary AIS technologies, and the development and maintenance of AIS integrity. III. Course Prerequisites ACG 3401 or equivalent, or BUL 5842. IV. Course Purpose Accounting processes have been significantly altered by the information technology revolution of the past three decades. Accountants must now deal with computer-based accounting systems that vary greatly in their scope and complexity. Key concerns relating to advanced computer-based accounting systems are the risks associated with such systems, the controls, and security measures that should be incorporated into such systems, and the process of auditing such systems to ensure the reliability of the accounting information produced by them. V. How to Succeed in this Course It’s simple, take responsibility for your learning. I give you everything to succeed – this course is organized and available to you, in full, from the beginning of the semester. READ the syllabus, the policies, the assignments, and the rubrics. Ask questions if you need clarification. Plan your semester and work your plan. Realistically, you should plan to spend an average of 10 hours per week on this course – it’s a compressed course with lots of material. We will move fast – you cannot afford to get behind. 1 VI. Course Topics In this course, we will cover the following broad topics: 1) An introduction to auditing and fraud, 2) Controls: COSO-ERM and IT general and application controls, 3) IT Governance and COBIT 5, 4) Computer-Assisted Audit Tools and Techniques (CAATTs), 5) Auditing Operating Systems and Networks, 6) Auditing Database Systems, and 7) Systems Development and Program Change Activities. VII. Student Learning Outcomes By the end of this course, you will be able to: 1) Explain the broad concepts of auditing and fraud, 2) Demonstrate knowledge of business process and how to apply the COSO-ERM and COBIT 5 frameworks to identify key risks, recommend control implementations, and governance mechanisms within a business process, 3) Explain the phases of an IT audit, 4) Differentiate between IT general and application controls, 5) Explain key concepts of a disaster recovery plan and IT outsourcing, 6) Identify and explain the different types of input, processing, and output controls, 7) Differentiate between the different types of tests of application controls, 8) Identify the risks and controls over operating systems, networks, EDI, and PC-based accounting systems, 9) Differentiate the characteristics between different database models, 10) Identify the risks and controls associated with database systems, 11) Identify and describe the eight stages of the systems development life cycle (SDLC), 12) Discuss the risks, controls, and audit issues in the SDLC, and 13) Apply the broad concepts of the course to discuss current trends and cases impacting the IT audit profession. VIII. Recommended Texts and Software • Textbook o Information Technology Auditing, 4 th Edition by James A. Hall. ISBN: 978-1-13394988-6 • Other o MS Teams – I will provide a link the first week of class IX. Supplementary Materials Most weeks, there will be additional videos and/or readings that you are expected to watch/read. These will be included either in the respective Module and/or listed in the respective Module’s Key Concepts & Terms document. X. Grading Scale Grading Scale (%)* Letter Grade 90 – 100 A 80 – 89 B 70 – 79 C 60 – 69 D 0 – 59 F *I do not round grades (e.g., an 89.9 is a B). 2 XI. Evaluation Criteria Assignment Professionalism Learning Assessments (6 @ 10 points each) Gleim (5 @ 6 points each) Discussion posts (4 @ 30 points each) Ethics & Technology Essay Total Points 25 60 30 120 125 360 Percent of Final Grade 6.9% 16.7% 8.3% 33.3% 34.7% 100% XII. Assignments Details (i.e., guidelines, rubrics, etc.) for each of the above criteria can be found in Canvas, under the “Assignments” feature. I have also put together a video to review the assignments at a high level. XIII. Grade Dissemination You can access your grades, in real time, using the "Grades" feature in Canvas. I will not return graded assignments, but you can review any assignment via email request. XIV. Course Schedule All activities, assignments, due dates are listed in the Calendar in Canvas. XV. Standard University Policies Policies about disability access, religious observances, academic grievances, academic misconduct, academic continuity, food insecurity, and sexual harassment are governed by a central set of policies that apply to all classes at USF. These may be accessed at: https://www.usf.edu/provost/faculty/core-syllabus-policy-statements.aspx XVI. Course Policies: Grades Late Work Policy: I will accept NO late work. All work is available online from the beginning of the semester. Plan your semester and obligations accordingly. Extra Credit Policy: There is no extra credit offered in this course. Research Participation: Each semester, all students enrolled in an accounting course may be required to participate in either (1) one social/behavioral experiment conducted by School of Accountancy doctoral students and/or faculty, or (2) one written assignment (University policies concerning academic honesty will be enforced). A minimum of one percent of the points for the course will be earned by either participating in an experiment or completing the written assignment. If a student is enrolled in two or more courses in which the same behavioral experiment is being conducted, the student is only permitted to participate (receive credit) in one of the courses. Within two weeks of the beginning of the semester, the student must notify the researcher of the course in which the participation points are to be credited. In the “other” courses, the research participation points will be excluded from the student’s grade and total possible points. Grades of "Incomplete": The current university policy concerning incomplete grades will be followed in this course. An Incomplete grade ("I") is exceptional and granted at the instructor’s discretion only when students are unable to complete course requirements due to illness or other circumstances beyond their control. The course instructor and student must complete and sign the "I" Grade Contract Form that describes the work to be completed, the date it is due, and the grade the student would earn factoring in a zero for all incomplete 3 assignments. The due date can be negotiated and extended by student/instructor if it does not exceed two semesters for undergraduate courses and one semester for graduate courses from the original date grades were due for that course. An "I" grade not cleared within the two semesters for undergraduate courses and one semester for graduate courses (including summer semester) will revert to the grade noted on the contract. Make-up Assignment Policy: All assignments are to be completed online per the schedule posted in Canvas. You are expected to manage your schedule appropriately. Thus, I do not offer make-up assignments. Retention Policy: All course material will be retained for one semester following the current one, and then will be destroyed. Group Work Policy: Some assignments may include group work. All students must participate in these group assignments, as indicated. Generally, I will assign the groups. Campus Free Expression: It is fundamental to the University of South Florida’s mission to support an environment where divergent ideas, theories, and philosophies can be openly exchanged and critically evaluated. Consistent with these principles, this course may involve discussion of ideas that you find uncomfortable, disagreeable, or even offensive. In the instructional setting, ideas are intended to be presented in an objective manner and not as an endorsement of what you should personally believe. Objective means that the idea(s) presented can be tested by critical peer review and rigorous debate, and that the idea(s) is supported by credible research. Not all ideas can be supported by objective methods or criteria. Regardless, you may decide that certain ideas are worthy of your personal belief. In this course, however, you may be asked to engage with complex ideas and to demonstrate an understanding of the ideas. Understanding an idea does not mean that you are required to believe it or agree with it. XVII. Course Policies: Technology and Media Email: If you have a general question, please post it to the appropriate Discussion board. If you have a personal question, email me via Canvas. I will NOT respond to any emails (1) that are sent to me via Canvas of a general nature, or (2) sent to my USF email. Canvas: As this is an online course, all content and student engagement will occur via USF's learning management system (LMS), Canvas. If you need help learning how to perform various tasks being offered in Canvas, please consult the Canvas help guides. You may also contact USF's IT department at (813) 974-1222 or help@usf.edu. MS Teams: We will use MS Teams for virtual discussions and virtual office hours. I will provide a link for you to connect to the sessions. You will need to have a webcam and a microphone to participate. XVIII. Course Policies: Student Expectations Attendance Policy: Due to the online nature of this course, there is no attendance policy. You have one week to complete each Module. Thus, you have sufficient time to manage your other obligations to meet course deadlines. Academic Integrity Policy: The USF Policy on Academic Integrity specifies that students may not plagiarize, cheat on tests, misrepresent their work, or help anyone else do so. Please note that it is a violation of academic integrity to share notes, lecture slides, and test/quiz material with third parties and external companies, regardless of whether you profit from the 4 transaction. It is also strictly against policy to inform students in other classes what they can expect on tests, based on your experience. Professionalism Policy: As humans (or at least grad students), professionalism should be second nature. Unfortunately, there are always a few students who prove otherwise every semester. I have implemented a Professionalism component to the overall grade of the course. End of Semester Student Evaluations: All classes at USF make use of an online system for students to provide feedback to the University regarding the course. These surveys will be made available at the end of the semester, and the University will notify you by email when the response window opens. Your participation is highly encouraged and valued. If you choose to complete a course evaluation, please take it seriously as the evaluation is used as part of my annual evaluation and included in my teaching portfolio. The Writing Studio: The Writing Studio is a free resource for USF undergraduate and graduate students. At the Writing Studio, a trained writing consultant will work individually with you, at any point in the writing process from brainstorming to editing. Appointments are recommended, but not required. For more information or to make an appointment, visit http://www.lib.usf.edu/writing/, stop by LIB 2nd Floor, or call 813-974-8293. 5