CISB424 Information Systems Auditing

CISB424 : INFORMATION SYSTEMS AUDITING

College of Information Technology
Universiti Tenaga Nasional

LECTURER INFORMATION
Lecturer name Aliza Abdul Latif
Room number BW-4-C47
Email aliza@uniten.edu.my
Website http://metalab.uniten.edu.my/~aliza

COURSE PARTICULARS
Course Name Information Systems Auditing
Course Code CISB424
Course Level Degree
Credit Hours 4 (4 hours lecture)
Pre-requisite CISB223/CISB244
Objectives At the end of the course, the students should be able
to:
• Identify the types of errors and irregularities
that can occur in a computer-based information
systems environment
• Understand the managerial controls that can be
implemented to reduce expected losses from errors
and irregularities
• Learn the application system controls that can
be implemented to reduce expected losses from errors
and irregularities
• Find ways in which an information systems
audit can be approached and managed
• Learn the tools available to collect evidence on
the reliability of computer controls
• Find the way in which information systems audit
evidence can be evaluated

Assessments Coursework
Case 5%
Studies/Assignment
Quizzes 5%
Research Paper 10%
Company Audit 20%
Mid Term Exam 20%
Final Examination 40%
TOTAL 100%

TENTATIVE COURSE SCHEDULE & OUTLINE

Reading Assignment or
Homework/Project Due
This Day
Week 1
05/07- Class Introduction Submission of Group Names
09/07
CISB424 Information Systems Auditing

Week 2 Chapter 1: IT Auditing Overview

12/07 – • Course Introduction
16/07 • Overview of IT Audit and
Conducting an IT Audit
• Presentation Skills
• ISACA Standards, Guidelines,
and Procedures
Bagranoff, Bryant and Hunton
(hereafter “BBH”),
Chapter 1
ISACA Guidelines pages 1-7

Week 3 Chapter 2: Ethical and Legal BBH, Chapter 2

19/07 – Issues for IT Auditors Case Study I
23/07 • ISACA Code of Ethics
• Irregular and Illegal Acts
• Regulatory and Legal Issues

Week 4 Chapter 3: Information Technology BBH, Chapter 3

26/07 – Risks & Controls Quiz 1
30/07 • Identifying IT Risks Research Paper
• Identifying IT Controls Deliverable 1 Due
• Documenting IT Controls
• Monitoring IT Risks & Controls

Chapter 4: Information Systems

Deployment Risks BBH, Chapter 4
• Developing Strategic Plans
• Managing Development Projects
• Acquiring Software Applications
• Developing Software Applications
• Changing Software Applications
Implementing Software Applications

Week 5
02/08 – Chapter 5: Managing the IT BBH, Chapter 5 Part I
06/08 Function Case Study II
• Organizing Research Paper
Deliverable 2 Due
• Financing
• Staffing
• Directing
• Controlling
• Strategy implementation
• Failed e-Business strategies

Week 6
09/08 – MID TERM EXAMINATION Cover Chapter 1 - 4
13/08
Week 7 BBH, Chapter 5 Part II
16/08 – Chapter 5: Managing the IT
20/08 Function (cont.) Give out Project Question
Research Paper
Deliverable 3 Due

Week 8 BBH, Chapter 6

23/08 – Chapter 6: IT Network and Quiz 2
27/08 Telecommunication Review Mid Term
Risks
• Network and
Telecommunications
Technologies
• Risks
CISB424 Information Systems Auditing

• Network and Telecom

Security

Week 9 BBH, Chapter 7

30/08 – Chapter 7: E-Business Risks Progress of Audit Project
03/09 • Models
• Technologies
• Risks
• Specialized E-business
Applications
• Managing Third Party
Providers
Third Party Assurance Services
Week 10 MID TERM BREAK
06/09 – Presentation of Research
10/09 Paper

Week 11 No class
13/09 – Submission of Proposal of
17/09 Company Audit
Week 12
20/09 – Chapter 9: Conducting the IT BBH, Chapter 9
24/09 Audit Quiz 3
• ISACA IT Audit Standards,
Guidelines, and Procedures
revisited
• The IT Audit Life Cycle
• Four Types of IT Audits
BBH, Chapter 10
• Using COBIT to perform an audit Research Paper Due
Chapter 10: Fraud and Forensic
Auditing
• Fraud Statistics
• Fraud Schemes
• Sarbanes Oxley
• Forensic Auditing
• Computer Crime
• Case Studies
• EnCase Software

Week 13 Quiz 4
27/09 – Company Audit Report
01/10 Due
Week 14
04/10 – Presentation of Company Audit
08/10
Week 15 REVIEW
11/10 –
15/10
Week 16
18/10 – REVIEW
22/10
Week 17
25/10 – FINAL EXAMINATION
03/11

REFERENCES:
 CISB424 Information Systems Auditing

1. Core Concepts of Information Technology Audit, Bagranoff, Bryant, and Hunton,

John Wiley & Sons, Inc 2004
2. Information Systems Control and Audit by Ron Weber. Prentice Hall, 1999
3. COBIT-Control Objectives for Information Technology (ISACA)--Framework
(download from www.isaca.org)
4. ISACA Standards and Guidelines, ISACA Code of Ethics download at
http://www.isaca.org/standard/stdownload.htm. Note that this is a very long
document. You need only print out the portions listed in the syllabus.

CLASS POLICIES:
1. Attendance for lecture is compulsory. Attendance for less than 80% of the
lectures will result in students being barred from taking the Final Exam.
2. Dress in proper attire corresponding to UNITEN dress code. Caps are not
allowed. Hand phone and other electronic devices must be set to SILENCE
mode at all times while you are in class. Failure to do so will result in confiscation
of your devices.
3. If you are absent from the lecture due to
 Sickness – MC is required
 Emergency – letter of guardian is required
4. Quizzes will be given at whatever time, which deemed appropriate by the
lecturer.
5. Cheating and Plagiarism will not be tolerated and will be penalized
accordingly.
6. Late submission of assignments will not be accepted unless with STRONG
VALID reasons. Deduction of 20% from the awarded mark for each day late. (Do
not bother to hand in your assignment after 5 days).