Punjab University College of Information Technology, University of the Punjab
1-4
Course Outline
Title
Code
Credit Hours
Information Systems Control And Audit
IT-5751-3
3 Hours
Theory/week:
Weight
Contact Hours
Lectures:
Duration
Prerequisite
Follow Up
Category
Aims and Objectives
3 Cr. Hrs.
3 Hrs.
2
1.5 Hrs.
IT-5952 –3 Information Technology Project Management, MNGT-6855-3 Human Resource Management, ACC-5501 –3 Financial Accounting
None
IT- Core
This course intends to teach audit and control aspects of information systems. Students will learn about risks, controls, audit and computer fraud detection
techniques related to key information systems areas. Specially developed software will be used to perform audit tests and fraud prevention and detection
procedures.
Learning Outcomes
The major goal is to provide an understanding of the duties of an Information Systems Technologist in enabling and supporting Audit and Control functions
Another goal is to further train your ability to contribute via a team effort to research, plan, develop and communicate an appropriate Audit plan including team
selection and building, team management and progress monitoring, implementation and documentation. Throughout the course, team projects will provide
experience in research, system analysis, risk assessment, control development, and fraud detection.
Syllabus
Topics: Overview of Information Systems Auditing; IT Audits; Reengineering Operations; Temporal Aspects of IT Audit Process; IT Audit and Requirements
Planning; Selecting and Managing Audit Process; Advantage and Impact of IT Audit; Concurrent Auditing Techniques; Evaluating System Effectiveness;
Evaluating System Efficiency; Managing the Information Systems Audit Function; Audience Analysis; Top Management Controls: Systems Development
Management Controls; Programming Management Controls; Data Resource Management Controls; Security Management Controls; Operations Management
Controls; Quality Assurance Management Controls; Boundary Controls; Input/Output Controls; Communication Controls; Processing Controls. Database Controls;
Objectives Convergence; Market Demand Drives Technological Innovation; Data Management Trends; Strategic Business Audit Objectives; Corporate Culture;
Personnel; Organization Chart; Planning Issues; Corporate Effectiveness; Management Effectiveness; Facilities; Financial Information; Market Factors; Products
and Services; Market Analysis; Market Differentiation Factors; Customer; Purchase Factors; Customer Satisfaction; Competition; Business Development and
promotion; Production Issues; Purchasing Issues; Sales Forecasts and Analysis; Auditor's Recommendations; AICPA WebTrust and SysTrust Programs; Digital
Analysis as an Auditing Tool; Fraud and Collusion Handling Tools; Extensible Business Report Language (XBRL).
Text Book
Reference Material
A.
1.
2.
Ron Weber (1998) “ Information Systems Control and Audit ”, Prentice Hall, ISBN: 0139478701.
Doug Dayton, Daug Dayton (1997), “ Information Technology Audit Handbook ”, Prentice Hall, ISBN: 0136143148.
Frederick Gallegos, Sandra Allen-Senft, Daniel P. Manson (1999), “ Information Technology Control and Audit ”, Auerbach Pub, ISBN: 0849399947.
3.
URLs For reference:
Information System Audit and Control Association www.isaca.org
The Institute of Internal Auditors www.theiia.org/
American institute of certified professional accountants www.aicpa.org
The IT Audit www.theiia.org/itaudit/
International Auditing and Assurance Standards Board www.ifac.org/IAASB
Control objectives for IT and Related Technologies www.isaca.org/cobit.htm
Punjab University College of Information Technology, University of the Punjab

o
o
o
o
o
o
2-4
Class facilities to Instructor and students for Lectures per Room
1 Network enabled PC
1 Multimedia
1 Whiteboard
1 Rostrum
1 Board marker/Month i.e. 4 Week Lectures (eight sessions)
Max 45 students sitting facility
Instructional Aids/Resources

Evaluation and Support facilities
o
Announced Testes i.e. pre mid and pre final Testes should not be conducted during class hours

o
o
o
Assessment Criteria
Recommendations
Photocopy facility for different Handouts
Subject description document that includes student version of course outline, prerequisite test and its solution should be distributed in first class.
Handout: - Required handouts as mentioned in lecture framework
Quizzes and Solution: - Quizzes and their standard solution must be provided to students in handout form after each quiz.
Sessional
15%
Mid
35%
Final
50%
Total 100%
Quizzes and Test
05
If Required:
If Required:
Assignment and Presentations
08
Project
10
Attendance and Class Participations 02
Paper
35
Paper
40
Marks division for sessional or project may vary on the basis of complexity of project or available time for project execution and documentation.
Punjab University College of Information Technology, University of the Punjab
Framework
Week
Lecture
1
1
2
2
3
3
4
5
4
6
7
5
8
9
6
10
11
12
7
13
8
14
15
16
9
17
18
10
11
12
19
20
21
22
23
24
Topic
Overview of Information Systems Auditing, Need for Control and audit of
computers, system integrity objectives, system effectiveness and efficiency
objectives
Fundamentals of Information system auditing, effects of computer on internal
control, Effects of computer on Auditing.
Conducting and information System Audit, Audit Risks, Type of Audit Procedures.
Steps in Audit, Auditing Through Computers
Top Management controls, Evaluating the Planning and Organizing function.
Top Management controls, Evaluating the Leading and Controlling Function
System Development Management Controls, Auditing systems development,
Techniques for studying Existing system.
Evaluating Major Phases in System Development Process
Programming Management Controls, organizing the programming teams, types of
programming teams
Managing the Programming groups, Techniques for Program Design
Data Resource Management Controls, Functions of DA and the DBA, Placement of
DA and DBA roles.
Data repository Systems, Control over DA and DBA, Organizational issues,
exposures and Measures. Audit Aspects of a DRS
Security Management Controls., Developing a Security Program, Exposure
Analysis, Controls Adjustment, Report Preparation
Major Security Threats and Remedial Measures, Controls of Last Resort
Operation Management Controls, Production Management Controls, Capacity
Planning and Performance Monitoring, Management of Out Sourced operations
Quality Assurance Management Controls. QA functions, Organizational
Considerations.
MID
Application Boundary Controls, Cryptographic Controls, PINs, Digital Signatures,
Plastic Cards, Audit Trial Controls
Audit Software, Functional Capabilities of Audit Software, Using Software to
assess operational efficiency, effectiveness, and reliability, Control of Audit
Software
Code Review, Test Data and Code Comparisons
Concurrent Auditing Techniques, needs and nature of concurrent auditing.
Implementing Concurrent Auditing Techniques, Strengths and Limitations.
Interviews Questionnaires and control Flow Charts
Performance Measurement Tools, types of Performance Measurement
Presenting Performance Measurement, Kiviat graphs, Performance Measurement
vs. Data integrity
Source
(Book-Chapter No.
Section No.)
A 1 page 3-13
3-4
Recommendations for Learning Activities
(Mention Assignments, Test, Quizzes, Practical, Case Study,
Projects, Lab Work or Reading Assignments)

Distribution of course outline
A-1 page 14-30




Quiz from previous lecture
Project Announced
Assignment 1 (IS Auditing)
Case Study

Quiz 1
A-4 page 103-155
A-5 page 160-181

Project Proposal Announced
A-5 page 182-205
A-6 page 205-218

Project Phase 1: Audit Planning
A-6 page 218-236

Assignment 2. Review of COBIT Guide Lines



Case study. Network Security Issues
Project Phase 2: Submission of Audit Plan, Task
Schedules, Team Organization, Preliminary
Assessment
Quiz 2

Case Study: Introduction to an Audit Software


Quiz 3 . Integrating Audit function in Software
Project Phase 3: Data gathering, organizational
flowcharts, Risk Assessment

Assignment: Performance Measurement Matrix
Design
A-2 page 34-45
A-2 page 47-57
A-3 page 69-83
A-3page 84-96
A-4 page 103-155
A-7 page 243-255
A-7 page 255-271
A-8 page 281-319
A-9 page 334-351
A-10 page 367-405
A-16 page 661-696
A-17 page 708-738
A-18 page 751-758
A-18 page 758-779
A-19 page 789-809
A-20 page 820-833
A-20 page 834-838
Punjab University College of Information Technology, University of the Punjab
13
25
26
14
27
28
15
16
29
30
31
32
Evaluating Asset Safeguarding and Data Integrity, Determinants of Judgment and
Performance.
Audit Technology to assist the Evaluation Decision, Cost effectiveness
considerations
Evaluating System Effectiveness, Effectiveness evaluation process, Model of
Information System Effectiveness.
Evaluating System and information Quality, ease of use and usefulness. System
Satisfaction and organizational Impact
Evaluating System Efficiency, Key Performance Indicators, performance Indices
Evaluating System Efficiency, Workload Models, System models, Combining
Workload Models and System models.
Managing the Information System Audit Function planning, Organizing and
Staffing
Managing the Information System Audit Function Leading, Controlling , IS Audit
Professionalism, Features of IS Auditing
4-4
A-21 page 851-863

Project Phase 4: system Evaluation and
Performance Measurement

Quiz: Efficiency & Performance Measurement

Project Submission

Quiz: IS Audit Function
A-21 page 864-876
A-22 page 888-894
A-22 page 888-910
A-23 page 926-934
A-23 page 926-954
A-24 page 971-980
A-24 page 980-998