ACG 6457
Accounting Systems Audit, Control & Security
All sections (3 credit hours)
COURSE SYLLABUS
Last Updated: 2/15/2023
Instructor: Kristina Demek, PhD, CFE
Semester: Spring 2023
Class Meeting Day / Time / Location: Online
Virtual Discussion Hours: Thursday 6:30 – 7:30 (optional, via MS Teams)
Virtual Office Hours: MS Teams (available Tues 5:30 – 6:30 or Thurs 7:30 – 8:30, by appointment)
Email: see Section XVII
I.
Welcome!
This is an exciting time to be working in IT Audit, and at the intersection of business and
technology. This course gives you a foundation in the terminology and skills necessary to
‘bridge the gap’ between business and IT to add value to any organization. Additionally,
you will get a head start to sit for the Certified Information Systems Auditor (CISA) exam.
II.
University Course Description
ACG 6457 provides an in-depth study of contemporary systems control security from an audit
perspective. Course topics will include IS audit standards, contemporary AIS technologies,
and the development and maintenance of AIS integrity.
III.
Course Prerequisites
ACG 3401 or equivalent, or BUL 5842.
IV.
Course Purpose
Accounting processes have been significantly altered by the information technology
revolution of the past three decades. Accountants must now deal with computer-based
accounting systems that vary greatly in their scope and complexity. Key concerns relating
to advanced computer-based accounting systems are the risks associated with such
systems, the controls, and security measures that should be incorporated into such systems,
and the process of auditing such systems to ensure the reliability of the accounting
information produced by them.
V.
How to Succeed in this Course
It’s simple, take responsibility for your learning. I give you everything to succeed – this course
is organized and available to you, in full, from the beginning of the semester. READ the
syllabus, the policies, the assignments, and the rubrics. Ask questions if you need clarification.
Plan your semester and work your plan. Realistically, you should plan to spend an average
of 10 hours per week on this course – it’s a compressed course with lots of material. We will
move fast – you cannot afford to get behind.
1
VI.
Course Topics
In this course, we will cover the following broad topics:
1) An introduction to auditing and fraud,
2) Controls: COSO-ERM and IT general and application controls,
3) IT Governance and COBIT 5,
4) Computer-Assisted Audit Tools and Techniques (CAATTs),
5) Auditing Operating Systems and Networks,
6) Auditing Database Systems, and
7) Systems Development and Program Change Activities.
VII.
Student Learning Outcomes
By the end of this course, you will be able to:
1) Explain the broad concepts of auditing and fraud,
2) Demonstrate knowledge of business process and how to apply the COSO-ERM and
COBIT 5 frameworks to identify key risks, recommend control implementations, and
governance mechanisms within a business process,
3) Explain the phases of an IT audit,
4) Differentiate between IT general and application controls,
5) Explain key concepts of a disaster recovery plan and IT outsourcing,
6) Identify and explain the different types of input, processing, and output controls,
7) Differentiate between the different types of tests of application controls,
8) Identify the risks and controls over operating systems, networks, EDI, and PC-based
accounting systems,
9) Differentiate the characteristics between different database models,
10) Identify the risks and controls associated with database systems,
11) Identify and describe the eight stages of the systems development life cycle (SDLC),
12) Discuss the risks, controls, and audit issues in the SDLC, and
13) Apply the broad concepts of the course to discuss current trends and cases impacting
the IT audit profession.
VIII.
Recommended Texts and Software
• Textbook
o Information Technology Auditing, 4 th Edition by James A. Hall. ISBN: 978-1-13394988-6
• Other
o MS Teams – I will provide a link the first week of class
IX.
Supplementary Materials
Most weeks, there will be additional videos and/or readings that you are expected to
watch/read. These will be included either in the respective Module and/or listed in the
respective Module’s Key Concepts & Terms document.
X.
Grading Scale
Grading Scale (%)*
Letter Grade
90 – 100
A
80 – 89
B
70 – 79
C
60 – 69
D
0 – 59
F
*I do not round grades (e.g., an 89.9 is a B).
2
XI.
Evaluation Criteria
Assignment
Professionalism
Learning Assessments (6 @ 10 points each)
Gleim (5 @ 6 points each)
Discussion posts (4 @ 30 points each)
Ethics & Technology Essay
Total
Points
25
60
30
120
125
360
Percent of Final Grade
6.9%
16.7%
8.3%
33.3%
34.7%
100%
XII.
Assignments
Details (i.e., guidelines, rubrics, etc.) for each of the above criteria can be found in Canvas,
under the “Assignments” feature. I have also put together a video to review the assignments
at a high level.
XIII.
Grade Dissemination
You can access your grades, in real time, using the "Grades" feature in Canvas. I will not
return graded assignments, but you can review any assignment via email request.
XIV.
Course Schedule
All activities, assignments, due dates are listed in the Calendar in Canvas.
XV.
Standard University Policies
Policies about disability access, religious observances, academic grievances, academic
misconduct, academic continuity, food insecurity, and sexual harassment are governed by
a central set of policies that apply to all classes at USF. These may be accessed at:
https://www.usf.edu/provost/faculty/core-syllabus-policy-statements.aspx
XVI.
Course Policies: Grades
Late Work Policy: I will accept NO late work. All work is available online from the beginning
of the semester. Plan your semester and obligations accordingly.
Extra Credit Policy: There is no extra credit offered in this course.
Research Participation: Each semester, all students enrolled in an accounting course may
be required to participate in either (1) one social/behavioral experiment conducted by
School of Accountancy doctoral students and/or faculty, or (2) one written assignment
(University policies concerning academic honesty will be enforced). A minimum of one
percent of the points for the course will be earned by either participating in an experiment
or completing the written assignment. If a student is enrolled in two or more courses in which
the same behavioral experiment is being conducted, the student is only permitted to
participate (receive credit) in one of the courses. Within two weeks of the beginning of the
semester, the student must notify the researcher of the course in which the participation
points are to be credited. In the “other” courses, the research participation points will be
excluded from the student’s grade and total possible points.
Grades of "Incomplete": The current university policy concerning incomplete grades will be
followed in this course. An Incomplete grade ("I") is exceptional and granted at the
instructor’s discretion only when students are unable to complete course requirements due
to illness or other circumstances beyond their control. The course instructor and student must
complete and sign the "I" Grade Contract Form that describes the work to be completed,
the date it is due, and the grade the student would earn factoring in a zero for all incomplete
3
assignments. The due date can be negotiated and extended by student/instructor if it does
not exceed two semesters for undergraduate courses and one semester for graduate
courses from the original date grades were due for that course. An "I" grade not cleared
within the two semesters for undergraduate courses and one semester for graduate courses
(including summer semester) will revert to the grade noted on the contract.
Make-up Assignment Policy: All assignments are to be completed online per the schedule
posted in Canvas. You are expected to manage your schedule appropriately. Thus, I do not
offer make-up assignments.
Retention Policy: All course material will be retained for one semester following the current
one, and then will be destroyed.
Group Work Policy: Some assignments may include group work. All students must participate
in these group assignments, as indicated. Generally, I will assign the groups.
Campus Free Expression: It is fundamental to the University of South Florida’s mission to
support an environment where divergent ideas, theories, and philosophies can be openly
exchanged and critically evaluated. Consistent with these principles, this course may involve
discussion of ideas that you find uncomfortable, disagreeable, or even offensive. In the
instructional setting, ideas are intended to be presented in an objective manner and not as
an endorsement of what you should personally believe. Objective means that the idea(s)
presented can be tested by critical peer review and rigorous debate, and that the idea(s)
is supported by credible research. Not all ideas can be supported by objective methods or
criteria. Regardless, you may decide that certain ideas are worthy of your personal belief. In
this course, however, you may be asked to engage with complex ideas and to demonstrate
an understanding of the ideas. Understanding an idea does not mean that you are required
to believe it or agree with it.
XVII. Course Policies: Technology and Media
Email: If you have a general question, please post it to the appropriate Discussion board. If
you have a personal question, email me via Canvas. I will NOT respond to any emails (1) that
are sent to me via Canvas of a general nature, or (2) sent to my USF email.
Canvas: As this is an online course, all content and student engagement will occur via USF's
learning management system (LMS), Canvas. If you need help learning how to perform
various tasks being offered in Canvas, please consult the Canvas help guides. You may also
contact USF's IT department at (813) 974-1222 or help@usf.edu.
MS Teams: We will use MS Teams for virtual discussions and virtual office hours. I will provide
a link for you to connect to the sessions. You will need to have a webcam and a microphone
to participate.
XVIII. Course Policies: Student Expectations
Attendance Policy: Due to the online nature of this course, there is no attendance policy.
You have one week to complete each Module. Thus, you have sufficient time to manage
your other obligations to meet course deadlines.
Academic Integrity Policy: The USF Policy on Academic Integrity specifies that students may
not plagiarize, cheat on tests, misrepresent their work, or help anyone else do so. Please note
that it is a violation of academic integrity to share notes, lecture slides, and test/quiz material
with third parties and external companies, regardless of whether you profit from the
4
transaction. It is also strictly against policy to inform students in other classes what they can
expect on tests, based on your experience.
Professionalism Policy: As humans (or at least grad students), professionalism should be
second nature. Unfortunately, there are always a few students who prove otherwise every
semester. I have implemented a Professionalism component to the overall grade of the
course.
End of Semester Student Evaluations: All classes at USF make use of an online system for
students to provide feedback to the University regarding the course. These surveys will be
made available at the end of the semester, and the University will notify you by email when
the response window opens. Your participation is highly encouraged and valued. If you
choose to complete a course evaluation, please take it seriously as the evaluation is used
as part of my annual evaluation and included in my teaching portfolio.
The Writing Studio: The Writing Studio is a free resource for USF undergraduate and graduate
students. At the Writing Studio, a trained writing consultant will work individually with you, at
any point in the writing process from brainstorming to editing. Appointments are
recommended, but not required. For more information or to make an appointment, visit
http://www.lib.usf.edu/writing/, stop by LIB 2nd Floor, or call 813-974-8293.
5