Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

Full Description

advertisement 
1.
Title of subject
Information Systems Audit
2.
Subject code
TSC 2111
3.
Status of subject
Major Subject
4.
Version
Date of Previous Version: Year 2006
Date of New Version : September 2006
5.
Credit hour
3
28 Hours of Lecture
14 Hours of Tutorial
LAN Credit Hours Equivalence: 2.67
6.
Semester
Trimester 2 (Gamma Level)
7.
Pre-Requisite
TIS 2211 Systems Analysis and Design
8.
Methods of teaching
28 Hours of Lecture
14 Hours of Tutorial
9.
Assessment
40% Coursework
60% Final Exam
Total 100%
10. Teaching staff (Proposed)
11. Objective of subject
Dr. Lee Chien Sing
Students will understand various information systems controls
and auditing techniques. It covers the management control
framework and application control framework
12. Synopsis of subject
The major areas of study include:
Overview of Information Systems Auditing; Conducting an
Information System Audit; Data Resource Management
Auditing; Security Management Auditing; Operations
Management Auditing; Quality Assurance Management
Auditing; Boundary Auditing; Input Auditing; Communications
Auditing; Processing Auditing; Database Auditing; Output
Controls and Audit Software.
Bidang pengajian meliputi: Pengenalan audit sistem
informasi, Pengendalian audit sistem informasi, Kawalan dan
audit pengurusan sumber data, kawalan dan audit pengurusan
sekuriti, Kawalan dan audit pengurusan operasi, Kawalan dan
audit pengurusan kepastian kualiti, Kawalan dan audit
boundri, Kawalan dan audit input, Kawalan dan audit
komunikasi, Kawalan dan audit pemprosesan, Kawalan dan
audit pangkalan data, Kawalan dan audit output, Perisian
audit.
13. Learning Outcomes
By the end of the subject, students should be able to:
 Identify and appraise the need for control and audit of
computer based information systems.
 Describe the basic steps to be undertaken in the conduct of
information systems audit
 Identify major threats to information function and
 Design, implement, operate and maintain controls that reduce
losses from these threats to an acceptable level.
Programmes Outcomes
% of
contribution
Ability to apply soft skills in work and career
related activities
5
Good understanding of fundamental concepts
35
Acquisition and mastery of knowledge in
specialized area
30
Acquisition of analytical capabilities and problem
solving skills
15
Adaptability and passion for learning
5
14.Details of subject
Cultivation of innovative mind and development
of entrepreneurial skills
5
Understanding of the responsibility with moral and
professional ethics
5
Topics Covered
1.
Overview of information Systems Auditing;
Need for control and audit of computers, Effects of
computers on internal controls, Effects of
computer on auditing, foundations of information
systems auditing.
Hours
2
2. Conducting an Information Systems Audit ;
Nature of controls, Dealing with complexity, Audit
Risks, Types of Audit Procedures, Overview of
Steps in Audit, Audit Around or through the
computer
3.
Data Resource Mangement Controls and Audit;
Functions of DA and DBA, Data Repository
Systems, Control over the DA and DBA
4.
Security Management Controls and Audit;
Conducting a Security Program, Major security
Threats and remedial measures, Controls of last
resort.
5.
6.
7.
Operations Management Controls and Audit;
Computer Operations, Network operations, data
preparation and entry, Production control, File
library, Management of outsourced operations.
Quality Assurance Management Controls and
Audit;
QA functions, organizations considerations
Boundary Controls and Audit;
Cryptograhic controls and audit, access controls
and audit, Personal identification numbers, digital
signatures, plastic cards, audit trail controls.
3
2
2
2
2
2
8.
9.
10.
11.
12.
13.
15. Tutorial
16.Text book
Input and Output Controls and Audit;
Data input methods, Source document design,
data-entry
screen
design,
data
code
controls,check digits, batch controls, validation
of input data, instruction input, validation of
instruction input, audit trail controls and
existence controls, Inference controls, batch
output production and distribution controls,
batch report design controls, online output
production and distribution controls, audit trail
controls and existence controls.
Communication Controls and Audit;
Communication subsystem exposures, physical
component controls, line error controls, flow
controls, link controls, topological controls,
channel access controls, controls over subversive
controls, Internetworking controls, audit trail
controls and exitence controls
Processing Controls and Audit;
Processor controls, real memory controls, virtual
memory controls, operating system integrity,
application software controls, audit trail controls
and exitence controls
Database Controls and Audit;
Access controls, integrity controls, application
software controls, concurrency controls, file
handling controls, audit trail controls and exitence
controls.
Risk management;
Risk Strategies, Risk Identification, Risk
Projection, Risk Monitoring and Management
 Verification and validation
 Measurement tracking and feedback
mechanism
 Total quality management
 Risk management
Audit Software and Audit;
Generalized audit software, industry specific audit
software, high level languages, utility software,
expert systems, neural network software,
specialized audit software, control of audit
software
2
2
2
2
2
3
Total Contact Hours
28
Students will be given tutorial questions and case
studies based on topics covered.
1. Information Technology Control and
Audit, Second Edition by Frederick
Text book
Gallegos, Daniel P. Manson, Sandra Senft,
Carol Gonzales, Mar 26, 2004
Reference Books
1.
2.
3.
4.
5.
6.
7.
8.
Information Technology Controls
(Global Technology Audit Guide 1),
The Institute of Internal Auditors Inc.
(Paperback - Mar 1, 2005)
Core Concepts of IT Auditing by
Hunton, James E., Stephanie Bryant,
Wiley, 2004.
Auditing EDP Systems (Second
Edition), Donald A. Watne, Petter B.
B. Turny, Prentice.
Information Systems Control and
Audit, Ron A. Weber (Oct 29, 1998)
Computer Security Management,
Karen, A. Forcht, 1994.
Project Management: Principles and
Practices, Spinner, M. P., PrenticeHall, 1997
Inroads to Software Quality, Jarvis, A.
and Vern, C. Prentice Hall, 1997.
Basic Computer Security, Deborah
Russell, O’Reilly and Associates,
1991.
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Job Title: IT Audit Senior
Job Title: IT Audit Senior
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
Hungary - Internal Audit Manual -_NE201106
Hungary - Internal Audit Manual -_NE201106
Fetal Medicine Foundation - FMF
Fetal Medicine Foundation - FMF
Download
advertisement