module specification

This module focuses on those strategies facilitating the auditing of computerised information systems. The module also considers the practical and theoretical appreciation of the different computerised tools and techniques employed by system auditors within the corporate sector.

To equip the student with those skills which will enable them to produce a report evaluating the integrity of an organisation’s computerised information system;

To develop an awareness and understanding of  how new technology can be used to satisfy internal and external audit objectives;

To familiarise students with the potential risks that new technology poses to the modern business;

To provide an understanding of those concepts which enable a systems auditor to critically evaluate the use of the various audit software techniques and audit technologies in order to carry out their duties;

The syllabus is taught in the context of an information system audit:

System development and documentation controls
Hardware and system software controls
System security controls
Audit team strategies – composition of staff, managerial control, duration and intensity of audit
System audit software technology
Substantive testing, control testing and dual testing
Duties of the systems auditor (Internal) and (External)
System auditing in interdependent environments
Network auditing as part of information system control
Auditing e-commerce.

Lectures, Tutorials

Lectures: One two hour lecture per week supported by directed reading.

Tutorials (Computer Workshop): One hour per week; Students will engage in practical on screen exercises using industry standard software applications;

A variety of teaching tools will be used including presentations, group discussion and various web applications.

Rationale for 2 + 1 delivery: The students will gain direct hands on skills in the 1 hour computer workshop – The 2 hour lecture has a considerable ‘interactive’ feel in that the computer presentation station in the lecture theatre will facilitate broad technological concept being broadcast to the group and enable direct student interaction.

With respect to PDP – students will be required to produce a reflective learning log that will be appended to the final assignment.

With respect to current QAA benchmarks for accounting:

1. The student will appreciate how computerised accounting systems can be designed and validated.

2. The student will be made aware of critical legal and ethical issues which emerge as a result of systems auditing;

3. The students will make use of a range of software applications as employed by the modern systems auditor.

On successful completion of this module students should be able to:

1. Evaluate and appreciate the scope and requirements of  critical new technology employed in the auditing of an organisation’s computerised information system;

2. Analyse and apply appropriate technological tools and techniques in the formulation of audit judgements with respect to an organisation’s computerised information system;

3. Critically appraise the legal and operational goals when auditing a computerised information system;

4.     To concentrates on those techniques and technologies currently being employed by professional System  Auditors;

5.      To  consider  the application and pertinence of contemporary legislation with respect to the auditing of a modern information system;

6.      Display enhanced employability skills by their ability to use industry standard applications and techniques in the auditing of a computerised information system;

7.   Appreciate how sustainability is advanced in the delivery of the module learning material and the assignment due to its digital format, the manipulation of which in turn enhances the student skill set with respect to handling digital information;

1. Diagnostic and formative assessment will take place on a weekly basis in computer workshop tutorials to develop those analytical/IT skills that auditors need to employ in auditing a computerised information system. 

2. Students will be given individual summative feedback upon submission of a case scenario assignment being submitted in week 11. The actual feedback will be in the form of a personalised voice mail. Extra feedback will be given upon request.

3. Feedback on the in-class test will be generalised. Extra individualised feedback will be given upon request.

Textbooks:
Certified Information Security Manager (CISM) Review Manual 2010, ISACA institute publications - ISBN - 978-60420-086-7

Gallegos, Frederick & Sandra Senft, Information Technology Control and Audit, Auerbach Publications; 3rd edition, 2008, ISBN-10: 1420065505

Hunton, James E, Bryant, Stephanie M & Bagranoff, Nancy A., Core Concepts of Information Technology Auditing, Wiley (2004), ISBN-10: 0072263431

Library Online E-Books:

Cascarino, Richard,  Auditor's Guide to Information Systems Auditing, Wiley (2007) – ISBN-10: 0470009896

Ray, Amy W., ‘Strategically managing information security risks’, London : Henry Stewart Talks, 2011 [Audio Visual Presentation]

Calder, Alan, ‘Information security risk management for ISO27001/ISO27002’, Cambridgeshire : IT Governance Pub., c2010

Periodicals/Papers:
Financial Times
Economist

Internet Addresses:
ISACA Auditing Institute: https://www.isaca.org/Pages/default.aspx
CNET: http://www.cnet.co.uk/
FT Tech Hub: http://blogs.ft.com/fttechhub/#axzz1V7JOC9HF
Reuters Technology News: http://uk.reuters.com/news/technology
PCMAG : http://www.pcmag.com/
Risk Portal: http://portal.brint.com/