IS 344 IT Auditing

Download syllabus

Summary

Course Description:

Management and boards continue to recognize the importance of effectively managing information technology (IT) assets - to meet business objectives and to thoughtfully manage IT-related business risks. Information systems (IS), represented by three components (i.e., people, process, and information technology (IT)), are the combination of strategic and operational activities involved in managing information. The IT component involves the hardware, software, communication, and other facilities necessary to manage such information. This course recognizes the continuous need for organizations to effectively manage and control IT in order to meet business objectives. The course provides essential principles, knowledge, and skills on how to examine IT systems. Students work through IT audit problems, simulations, practical audit cases, and research in order to develop IT audit expertise. This course examines the key principles related to auditing information technology processes and related controls and is designed to meet the ever increasing needs of IT audit and IT governance professionals.

 

Course Objectives:

• To discuss how technology is constantly evolving and shaping today's IT environments. To explain the IT audit profession, roles of the IT auditor, and career opportunities.
• To describe legislation relevant to IT auditors and its impact on the IT field. To illustrate frequently reported Internet crimes and cyberattacks. To develop audit plans and procedures that assist organizations to comply with relevant laws and regulations.
• To explain the IT audit process, the significance of Control Objectives for Information and Related Technology (COBIT), and the various phases of an IT audit engagement. To develop relevant and practical documentation to perform IT audit work.
• To support the role and significance of tools and computer-assisted audit techniques when performing audit work. To design audit plans that ensure adequate use of tools and technologies when delivering audit work.
• To demonstrate the significance of aligning IT with business objectives (IT governance). To discuss IT strategy and IT strategic plan, and their significance in aligning business objectives with IT.
• To explain risk management, particularly the Enterprise Risk Management - Integrated Framework. To describe what risk assessments are, and how they form the first step in the risk management methodology.
• To describe project management, as well as project management standards and best practices. To discuss the role of the IT auditor in project management.
• To outline the system development life cycle (SDLC), common approaches, risks, associated controls, and IT auditor's involvement. To develop relevant audit programs listing risks related to SDLC phases, and IT controls and procedures needed to mitigate those risks.
• To discuss risks associated with common types of application systems, as well as application controls and how they are used to safeguard the input, processing, and output of information. To discuss the IT auditor's involvement in an examination of application systems. To develop relevant and practical documentation to perform IT audit work.
• To establish the significance of a change control management process. To illustrate the audit involvement in a change control management examination. To perform actual audit work related to change control management, from completing an understanding of the environment through preparing and presenting formal communication to management.
• To demonstrate the importance of having implemented policies, procedures, and adequate controls related to information systems operations for both, organizations and auditors, to ensure completeness, accuracy, and validity of information. To describe the audit involvement in an examination of an organization’s information systems operations. To design and prepare relevant and practical documentation to perform IT audit work.
• To support the importance of protecting information against security threats and risks, and implementing effective information security policies, procedures, and controls to ensure the integrity of such information. To describe audit involvement in an information security control examination.
• To explain the importance of a sourcing strategy as a critical success factor to purchasing IT services or products. To discuss how IT services should be defined to meet organizational objectives and how to measure the performance of those IT services.

 

This course represents an ideal resource for those preparing for the Certified Information Systems Auditor (CISA) exam. Moreover, the course will expose students to computer-assisted auditing techniques (CAATs).

Texts

Grading

Prerequisites

School policies:

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over three weeks. Students do not receive reminders once they complete the evaluation. Students complete the evaluation online in CampusConnect.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More information can be found at http://academicintegrity.depaul.edu/ If you have any questions be sure to consult with your professor.

All students are expected to abide by the University's Academic Integrity Policy which prohibits cheating and other misconduct in student coursework. Publicly sharing or posting online any prior or current materials from this course (including exam questions or answers), is considered to be providing unauthorized assistance prohibited by the policy. Both students who share/post and students who access or use such materials are considered to be cheating under the Policy and will be subject to sanctions for violations of Academic Integrity.

Academic Policies

All students are required to manage their class schedules each term in accordance with the deadlines for enrolling and withdrawing as indicated in the University Academic Calendar. Information on enrollment, withdrawal, grading and incompletes can be found at http://www.cdm.depaul.edu/Current%20Students/Pages/PoliciesandProcedures.aspx.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential.
To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the Center for Students with Disabilities (CSD) at:
Lewis Center 1420, 25 East Jackson Blvd.
Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296