1.

Title of subject Information Systems Audit

2. Subject code TSC2111

3. Status of subject Major Subject

4. Version September 2006

5. Credit hour LAN Credit Hours Equivalence: 2.67

6. Semester Trimester 2 (Gamma Level)

7. Pre-Requisite TIS 2211 Systems Analysis and Design

8. Methods of teaching 28 Hours of Lecture

14 Hours of Tutorial

9. Assessment 40% Coursework

60% Final Exam
Total 100%

10. Teaching staff (Proposed) Subarmaniam Kannan

Ho Yean Li

11. Objective of subject Students will understand various information systems controls and
auditing techniques. It covers the management control framework
and application control framework

12. Synopsis of subject The major areas of study include:

Overview of Information Systems Auditing; Conducting an
Information System Audit; Data Resource Management Auditing;
Security Management Auditing; Operations Management Auditing;
Quality Assurance Management Auditing; Boundary Auditing;
Input Auditing; Communications Auditing; Processing Auditing;
Database Auditing; Output Controls and Audit Software.

1
 Bidang pengajian meliputi: Pengenalan audit sistem
informasi, Pengendalian audit sistem informasi, Kawalan dan
audit pengurusan sumber data, kawalan dan audit pengurusan
sekuriti, Kawalan dan audit pengurusan operasi, Kawalan
dan audit pengurusan kepastian kualiti, Kawalan dan audit
boundri, Kawalan dan audit input, Kawalan dan audit
komunikasi, Kawalan dan audit pemprosesan, Kawalan dan
audit pangkalan data, Kawalan dan audit output, Perisian
audit.

13. Learning Outcomes By the end of the subject, students should be able to:
• Identify and appraise the need for control and audit of
computer based information systems.
• Describe the basic steps to be undertaken in the conduct of
information systems audit
• Identify major threats to information function and
• Design, implement, operate and maintain controls that reduce
losses from these threats to an acceptable level.

Programmes Outcomes Degree of

Contribution
(%)
Ability to apply soft skills in work and career 5
related activities

Good understanding of fundamental concepts 35

Acquisition and mastery of knowledge in 30

specialized area

Acquisition of analytical capabilities and 15

problem solving skills

Adaptability and passion for learning 5

Cultivation of innovative mind and 5

development of entrepreneurial skills

Understanding of the responsibility with moral 5

and professional ethics

14.Details of subject Topics Covered Hours

1. Overview of information Systems Auditing;

Need for control and audit of computers, Effects of
computers on internal controls, Effects of 2
computer on auditing, foundations of information
systems auditing.

2
 2. Conducting an Information Systems Audit ;
Nature of controls, Dealing with complexity, Audit 3
Risks, Types of Audit Procedures, Overview of
Steps in Audit, Audit Around or through the
computer

3. Data Resource Mangement Controls and Audit;

Functions of DA and DBA, Data Repository 2
Systems, Control over the DA and DBA

4. Security Management Controls and Audit;

Conducting a Security Program, Major security 2
Threats and remedial measures, Controls of last
resort.

5. Operations Management Controls and Audit;

Computer Operations, Network operations, data 2
preparation and entry, Production control, File
library, Management of outsourced operations.

6. Quality Assurance Management Controls and

Audit; 2
QA functions, organizations considerations

7. Boundary Controls and Audit;

Cryptograhic controls and audit, access controls 2
and audit, Personal identification numbers, digital
signatures, plastic cards, audit trail controls.

8. Input and Output Controls and Audit;

Data input methods, Source document design, dat- 2
entry screen design, data code controls,check
digits, batch controls, validation of input data,
instruction input, validation of instruction input,
audit trail controls and existence controls,
Inference controls, batch output production and
distribution controls, batch report design controls,
online output production and distribution controls,
audit trail controls and existence controls.

9. Communication Controls and Audit;

Communication subsystem exposures, physical 2
component controls, line error controls, flow
controls, link controls, topological controls,
channel access controls, controls over subversive
controls, Internetworking controls, audit trail
controls and exitence controls

10. Processing Controls and Audit;

Processor controls, real memory controls, virtual 2
memory controls, operating system integrity,
application software controls, audit trail controls
and exitence controls

3
 11. Database Controls and Audit;
Access controls, integrity controls, application
software controls, concurrency controls, file 2
handling controls, audit trail controls and exitence
controls.

12. Risk management;

Risk Strategies, Risk Identification, Risk
Projection, Risk Monitoring and Management 2
• Verification and validation
• Measurement tracking and feedback
mechanism
• Total quality management
• Risk management

13. Audit Software and Audit;

Generalized audit software, industry specific audit
software, high level languages, utility software, 3
expert systems, neural network software,
specialized audit software, control of audit
software

Total Contact Hours 28

15. Tutorial Students will be given tutorial questions and case
studies based on topics covered.
1. Information Technology Control and
16.Text book Text book Audit, Second Edition by Frederick
Gallegos, Daniel P. Manson, Sandra Senft,
Carol Gonzales, Mar 26, 2004

4
Reference Books 1. Information Technology Controls
(Global Technology Audit Guide 1),
The Institute of Internal Auditors Inc.
(Paperback - Mar 1, 2005)
2. Core Concepts of IT Auditing by
Hunton, James E., Stephanie Bryant,
Wiley, 2004.
3. Auditing EDP Systems (Second
Edition), Donald A. Watne, Petter B.
B. Turny, Prentice.
4. Information Systems Control and
Audit, Ron A. Weber (Oct 29, 1998)
5. Computer Security Management,
Karen, A. Forcht, 1994.
6. Project Management: Principles and
Practices, Spinner, M. P., Prentice-
Hall, 1997
7. Inroads to Software Quality, Jarvis, A.
and Vern, C. Prentice Hall, 1997.
8. Basic Computer Security, Deborah
Russell, O’Reilly and Associates,
1991.