1 of 8
De La Salle University
COLLEGE : RVRCOB DEPARTMENT : Accountancy
COURSE CODE : LBYMODT CREDIT : Three (3) units
FACULTY : TYPE OF COURSE : Major Subject
CLASS DAYS
AND CLASS TIME : ROOM :
COURSE DESCRIPTION:
This course (LBYMODT or Auditing in a Computer Information Systems [CIS] Environment) complements the course in Auditing, but limited to the areas that have an immediate consequence to information technology (IT) as used in business. It discusses the impact of information technology on the auditor’s study and evaluation of internal controls with emphasis on the previously learned IT-related risks and controls in a CIS environment. It takes into account the audit of IT function as a whole and the audit of CIS in support of financial statement audit. It introduces tools and techniques in auditing around, auditing through, and auditing with the computer (using Audit Command Language [ACL] as generalized audit software [GAS]). LEARNING OUTCOMES:
UNIVERSITY EXPECTED LASALLIAN GRADUATE
ATTRIBUTES (ELGA)
LEARNING OUTCOMES
On completion of the course, the student is expected to be able to do the following:
A. Critical and creative thinker LO1: Apply the knowledge of auditing standards and IT frameworks, techniques, procedures and internal controls in the audit of IT function as a whole and the audit of CIS in support of financial statement audit.
B. Effective communicator LO2: Prepare IT audit programs by applying auditing standards, IT frameworks, and principles learned.
C. Reflective lifelong learner LO3: Recognize the importance of laws and regulations, corporate governance, and ethical considerations in the context of auditing and assurance in a dynamic domestic and international business environment.
FINAL COURSE OUTPUT:
As of evidence of attaining the above learning outcomes, the student is required to do and submit the following during the indicated dates of the term.
LEARNING OUTCOMES REQUIRED OUTPUTS DUE DATE
A. LO1: Apply the knowledge of auditing standards and IT frameworks, techniques, procedures and internal controls in the audit of IT
Complete proposed solutions to
2 of 8
LEARNING OUTCOMES REQUIRED OUTPUTS DUE DATE
function as a whole and the audit of CIS in support of financial statement audit. B. LO2: Prepare IT audit
programs by applying auditing standards, IT frameworks, and principles learned.
At least one (1) oral report discussing the solutions to the problems and cases during the term.
Day 1 to 9
C. LO3: Recognize the importance of laws and regulations, corporate governance, and ethical considerations in the context of auditing and assurance in a dynamic domestic and international business environment.
One (1) reflection paper discussing the issues encountered and insights realized about the unit assigned, or one (1) group written case analysis applying the laws and regulations, corporate governance, and ethical considerations learned during the term.
Day 11
RUBRIC FOR ASSESSMENT:
Proposed Solutions to Problems and Cases CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING Solution content (50%) The student provides correct solutions to problems and cases. The student provides substantially correct solutions to problems and cases. The student provides partly correct and partly incorrect solutions to problems and cases. The student provides mostly incorrect solutions to problems and cases. Completeness of solutions (50%) The student prepared solutions to all problems and cases before reporting to class. The student prepared solutions to most problems and cases before reporting to class. The student prepared solutions to some problems and cases before reporting to class. The student did not prepare substantially solutions to problems and cases before reporting to class. RATING Oral Report CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING Delivery (40%) The
student-presenter communicates and explains clearly the solutions to the problems or cases, and generates interest and The student-presenter communicates and explains clearly the solutions to the problems or cases, and generates some interest among The student-presenter communicates and explains somewhat clearly the solutions to the problems or cases, and generates little The student-presenter communicates and explains vaguely the solutions to the problems or cases, and does not generate
3 of 8 CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING establishes
rapport among the audience.
the audience. interest among the audience. interest among the audience. Presentation content/solution (30%) The student-presenter presents correct solutions to the problems or cases by showing all relevant supporting calculations or proofs, and relating these solutions to the business world. The student-presenter presents correct solutions to the problems or cases by showing certain supporting calculations or proofs, and somewhat relating these to the business world. The student-presenter presents partly or entirely correct solutions to the problems or cases by showing supporting calculations or proofs. The student-presenter presents incorrect solutions to the problems or cases but corrects the solutions to these problems or cases. Question and
answer (30%) The student-presenter provides correct or valid answers to the questions, explains these clearly, and presents valid/sensible arguments to support/justify the answers to the questions raised. The student-presenter provides correct or valid answers, explains these somewhat clearly, and presents some valid/sensible arguments to support/justify the answers to the questions raised. The student-presenter provides partly or entirely correct or valid/sensible answers, explains these somewhat clearly. The student-presenter provides incorrect or non-sensible answers to the questions raised but somehow provides partly or entirely correct or valid/sensible answers through follow-up questions. RATING Reflection Paper CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING Quality of issues identified (40%) The student identifies interesting and relevant AIS reliability issues. The student identifies somewhat interesting and relevant AIS reliability issues. The student identifies less interesting but somewhat relevant AIS reliability issues. The student identifies not interesting and not relevant AIS reliability issues. Depth and quality (60%) The student provides valid, sensible and logical reflection of issues identified, and provides The student provides somewhat valid, sensible and logical reflection of issues identified, and provides some valid, sensible The student provides somewhat valid, sensible and logical reflection of issues identified but these are not
The student provides non-sensible reflection of issues identified.
4 of 8 CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING valid, sensible, and logical arguments or supports. and logical arguments or supports. properly supported by valid, sensible and logical arguments or supports. RATING Written Case Analysis
CRITERIA EXEMPLARY
96-100 SATISFACTORY 91-95 DEVELOPING 86-90 BEGINNING 81-85 RATING Analysis of
case (80%) The group provides valid, sensible and logical case analysis, presents feasible alternatives and solutions to the case problem, and provides valid, sensible and logical arguments or supports. The group provides somewhat valid, sensible and logical case analysis, presents feasible alternatives and solutions to the case problem, and provides some valid, sensible and logical arguments or supports. The group provides somewhat valid, sensible and logical case analysis, presents somewhat feasible alternatives and solutions to the case problem but these are not properly supported by valid, sensible and logical arguments or supports. The group provides non-sensible case analysis, presents alternatives and solutions to the case problem which may not be feasible or logical. Teamwork
(20%) The group is organized and shows strong teamwork and camaraderie as evidenced in the written case analysis. The group is organized and shows teamwork as evidenced in the written case analysis. The group is somewhat organized and shows a hint of teamwork as evidenced in the written case analysis. The group is disorganized and shows lack of teamwork as evidenced in the written case analysis. TOTAL OTHER REQUIREMENTS AND ASSESSMENTS:
Aside from the final output, the student will be assessed at other times during the term by the following: • Quizzes • Comprehensive exam • Recitation/Class participation • Attendance/Class citizenship • Module notes
5 of 8 GRADING SYSTEM:
GRADE POINT DESCRIPTION PERCENTAGE
4.0 Excellent 97-100 3.5 Superior 94-96 3.0 Very Good 91-93 2.5 Good 87-90 2.0 Satisfactory 83-86 1.5 Fair 77-82 1.0 Pass 70-76 0.0 Fail Below 70
The percentage equivalent shall be arrived at as follows:
BASIS FINAL GRADE Quiz 1 20% Quiz 2 20% Quiz 3 20% Comprehensive Examination 20%
Class Standing (Assignments, oral report, module notes, reflection paper/case analysis, recitation/class participation, attendance/class
citizenship) 20%
Total 100%
Course grade requirement is at least 83%. LEARNING PLAN:
LEARNING
OUTCOMES UNIT TOPICS WEEK NO. HOURS NO. OF REF ACTIVITIES LEARNING
Orientation 1 0.5
LO1, LO2,
LO3 1 OVERVIEW OF IT AUDIT 1.1 IT Governance 1.2 CobiT 4.1 versus CobiT 5 1.3 The work of an IT auditor 1.4 IT audit skills
1.5 The CISA exam
1 3.0 Hunton (Ch1) ISACA website Lecture, Reporting, Discussion, and Exercises LO1, LO2,
LO3 2 LEGAL AND ETHICAL ISSUES FOR IT AUDITORS 2.1 RA 8792 (E-Commerce Act of
2000)
2.2 ISACA audit standards (1001-1402)
2.3 ISACA code of ethics (updated)
2.4 Ethical issues
2.5 Fraud and accountants 2.5.1 Fraud triangle
2.5.2 Fraud diamond 2.5.3 Fraud pentagon
2.6 Auditor’s responsibility for detecting fraud
2.7 Fraud detection techniques
1 3.0 Hall (Ch12) RA 8792 ISACA website Wolfe & Hermanson (2004) Tugas (2012) Lecture, Reporting, Discussion, and Exercises
6 of 8 LEARNING
OUTCOMES UNIT TOPICS WEEK NO. HOURS NO. OF REF ACTIVITIES LEARNING LO1, LO2,
LO3 3 AUDITING IT GOVERNANCE CONTROLS 3.1 Philippine Corporate Reform
Act of 2006 – SB209 / amended HB286
3.2 IT Governance
3.3 Structure of the IT function 3.4 The computer center 3.5 Disaster recovery planning 3.6 Outsourcing the IT function
1 3.0 HB 286 SB209 Hall (Ch2) Lecture, Reporting, Discussion, and Exercises QUIZ 1 1 2.0 LO1, LO2,
LO3 4 SECURITY I: AUDITING OPERATING SYSTEMS AND NETWORKS
4.1 Auditing operating systems 4.2 Auditing networks
4.3 Controlling networks 4.4 Auditing electronic data
interchange (EDI)
4.5 Auditing PC-based accounting systems
4.6 PAPS 1013 (Electronic Commerce – Effect on the Audit of Financial Statements)
1 3.0 Hall (Ch3)
PAPS 1013 Lecture, Reporting, Discussion, and Exercises
LO1, LO2,
LO3 5 SECURITY II: AUDITING DATABASE SYSTEMS 5.1 Data management approaches
5.2 Key elements of the database environment
5.3 Database in a distributed environment
5.4 Controlling and auditing data management systems 1 3.0 Hall (Ch4) Lecture, Reporting, Discussion, and Exercises QUIZ 2 1 2.0 LO1, LO2,
LO3 6 AUDITING COMPUTER-BASED INFORMATION SYSTEMS 6.1 The risk-based audit
approach
6.2 Information systems audits 6.3 Operational audits of an
accounting information system
1/2 3.0 Romney
(Ch11) Lecture, Reporting, Discussion, and Exercises LO1, LO2,
LO3 7 COMPLETING THE IT AUDIT 7.1 The IT audit life cycle 7.2 Four types of IT audit 7.3 Using CobiT to perform an
audit
2 1.5 Hunton
(Ch9) Lecture, Reporting, Discussion, and Exercises ADVANCED TOPICS IN IT AUDIT
LO1, LO2,
LO3 8 EMERGING ISSUES IN IT SECURITY: CLOUD COMPUTING 8.1 Cloud computing
8.2 Advantages of cloud computing
8.3 Risks of cloud computing
2 2.0 Dela Cruz
(2014) Lecture, Reporting, Discussion, and Exercises
7 of 8 LEARNING
OUTCOMES UNIT TOPICS WEEK NO. HOURS NO. OF REF ACTIVITIES LEARNING LO1, LO2,
LO3 9 EMERGING ISSUES IN IT SECURITY: TRUSTWORTHY COMPUTING 9.1 Trustworthy computing 9.2 Radio-frequency identification technology 9.3 Data-at-rest encryption appliance technology 9.4 Quantum encryption 9.5 Privacy on the internet 9.6 Information security and civil
liberties in cyberspace 2 2.0 Slay (Ch11) Lecture, Reporting, Discussion, and Exercises INTEGRATED LO1, LO2,
LO3 10 USING computer-assisted audit tools and techniques (CAATTS) 10.1 PAPS 1009 (Computer-Assisted Audit Techniques) 10.2 Audit productivity software 10.3 GAS tools
10.4 Computer-assisted IT audit techniques
10.4.1 Testing computer applications
10.4.2 Test data, ITF, parallel simulation
10.5 Continuous auditing techniques
10.6 Hands-on training with ACL
2 9.0 Hunton (Ch8) Hall (Ch7) PAPS 1009 ACL in Practice Lecture, Reporting, Discussion, and Exercises QUIZ 3 2 2.0 COMPREHENSIVE EXAM 2 3.0 TOTAL HOURS 42.0
REQUIRED TEXT AND REFERENCE MATERIALS: Required textbooks
1. Hall, J. (2011). Information Technology Auditing. International Edition, South-Western Cengage Learning.
2. Romney, Marshall B. & Steinbart, Paul John (2012). Accounting Information Systems. 12th Edition, Pearson Prentice Hall.
3. Hunton, James, Bryant, Stephanie & Bagranoff, Nancy (2004). Core Concepts of Information Technology Auditing. 1st Edition, John Wiley and Sons.
4. Slay, Jill & Koronios, Andy (2006). Information Technology Security and Risk Management. 3rd Edition, John Wiley and Sons.
References
1. Tugas, F. (2012). Exploring A New Element of Fraud: A Study of Selected Financial Accounting Fraud Cases in the World. American International Journal of Contemporary
Research, 112-121.
2. Dela Cruz, A. (2014). Cloud Computing: Through the Eyes of Small Businesses in Manila with Social Networking Sites as Lens. Unpublished master’s term paper.
3. PAPS 1009 and PAPS 1013 of the Auditing Standards and Practices Council 4. Republic Act 8792
8 of 8 Websites
1. www.mhhe.com/louwers4e 2. http://www.aasc.org.ph/ 3. http://www.isaca.org
Auditing and Assurance Committee May 2014
