LBYMODT Syllabus T31415

De La Salle University COLLEGE COURSE CODE FACULTY CLASS DAYS AND CLASS TIME

DEPARTMENT CREDIT TYPE OF COURSE ROOM

: RVRCOB : LBYMODT : :

: Accountancy : Three (3) units : Major Subject :

COURSE DESCRIPTION: This course (LBYMODT or Auditing in a Computer Information Systems [CIS] Environment) complements the course in Auditing, but limited to the areas that have an immediate consequence to information technology (IT) as used in business. It discusses the impact of information technology on the auditor’s study and evaluation of internal controls with emphasis on the previously learned IT-related risks and controls in a CIS environment. It takes into account the audit of IT function as a whole and the audit of CIS in support of financial statement audit. It introduces tools and techniques in auditing around, auditing through, and auditing with the computer (using Audit Command Language [ACL] as generalized audit software [GAS]). LEARNING OUTCOMES: UNIVERSITY EXPECTED LASALLIAN GRADUATE ATTRIBUTES (ELGA)

LEARNING OUTCOMES On completion of the course, the student is expected to be able to do the following:

A.

Critical and creative thinker

LO1: Apply the knowledge of auditing standards and IT frameworks, techniques, procedures and internal controls in the audit of IT function as a whole and the audit of CIS in support of financial statement audit.

B.

Effective communicator

LO2: Prepare IT audit programs by applying auditing standards, IT frameworks, and principles learned.

C.

Reflective lifelong learner

LO3: Recognize the importance of laws and regulations, corporate governance, and ethical considerations in the context of auditing and assurance in a dynamic domestic and international business environment.

FINAL COURSE OUTPUT: As of evidence of attaining the above learning outcomes, the student is required to do and submit the following during the indicated dates of the term. LEARNING OUTCOMES A.

REQUIRED OUTPUTS

LO1: Apply the knowledge of Complete proposed solutions auditing standards and IT problems and cases every meeting. frameworks, techniques, procedures and internal controls in the audit of IT 1 of 8

DUE DATE to

Day 1 to 9

LEARNING OUTCOMES

REQUIRED OUTPUTS

DUE DATE

function as a whole and the audit of CIS in support of financial statement audit. B.

LO2: Prepare IT audit At least one (1) oral report discussing the programs by applying auditing solutions to the problems and cases standards, IT frameworks, and during the term. principles learned.

C.

LO3: Recognize the importance of laws and regulations, corporate governance, and ethical considerations in the context of auditing and assurance in a dynamic domestic and international business environment.

One (1) reflection paper discussing the issues encountered and insights realized about the unit assigned, or one (1) group written case analysis applying the laws and regulations, corporate governance, and ethical considerations learned during the term.

Day 1 to 9

Day 11

RUBRIC FOR ASSESSMENT: Proposed Solutions to Problems and Cases CRITERIA Solution content (50%)

Completeness of solutions (50%)

EXEMPLARY 96-100 The student provides correct solutions to problems and cases.

SATISFACTORY 91-95 The student provides substantially correct solutions to problems and cases.

The student prepared solutions to all problems and cases before reporting to class.

The student prepared solutions to most problems and cases before reporting to class.

EXEMPLARY 96-100 The studentpresenter communicates and explains clearly the solutions to the problems or cases, and generates interest and

SATISFACTORY 91-95 The studentpresenter communicates and explains clearly the solutions to the problems or cases, and generates some interest among

DEVELOPING 86-90 The student provides partly correct and partly incorrect solutions to problems and cases. The student prepared solutions to some problems and cases before reporting to class.

BEGINNING RATING 81-85 The student provides mostly incorrect solutions to problems and cases. The student did not prepare substantially solutions to problems and cases before reporting to class. RATING

DEVELOPING 86-90 The studentpresenter communicates and explains somewhat clearly the solutions to the problems or cases, and generates little

BEGINNING RATING 81-85 The studentpresenter communicates and explains vaguely the solutions to the problems or cases, and does not generate

Oral Report CRITERIA Delivery (40%)

2 of 8

CRITERIA

EXEMPLARY 96-100 establishes rapport among the audience. Presentation The studentcontent/solution presenter (30%) presents correct solutions to the problems or cases by showing all relevant supporting calculations or proofs, and relating these solutions to the business world. Question and The studentanswer (30%) presenter provides correct or valid answers to the questions, explains these clearly, and presents valid/sensible arguments to support/justify the answers to the questions raised.

SATISFACTORY DEVELOPING BEGINNING 91-95 86-90 81-85 the audience. interest interest among the among the audience. audience.

RATING

The studentpresenter presents correct solutions to the problems or cases by showing certain supporting calculations or proofs, and somewhat relating these to the business world.

The studentpresenter presents partly or entirely correct solutions to the problems or cases by showing supporting calculations or proofs.

The studentpresenter presents incorrect solutions to the problems or cases but corrects the solutions to these problems or cases.

The studentpresenter provides correct or valid answers, explains these somewhat clearly, and presents some valid/sensible arguments to support/justify the answers to the questions raised.

The studentpresenter provides partly or entirely correct or valid/sensible answers, explains these somewhat clearly.

The studentpresenter provides incorrect or non-sensible answers to the questions raised but somehow provides partly or entirely correct or valid/sensible answers through follow-up questions. RATING

EXEMPLARY 96-100 The student identifies interesting and relevant AIS reliability issues.

SATISFACTORY 91-95 The student identifies somewhat interesting and relevant AIS reliability issues.

The student provides valid, sensible and logical reflection of issues identified, and provides

The student provides somewhat valid, sensible and logical reflection of issues identified, and provides some valid, sensible

DEVELOPING 86-90 The student identifies less interesting but somewhat relevant AIS reliability issues. The student provides somewhat valid, sensible and logical reflection of issues identified but these are not

BEGINNING RATING 81-85 The student identifies not interesting and not relevant AIS reliability issues. The student provides nonsensible reflection of issues identified.

Reflection Paper CRITERIA Quality of issues identified (40%)

Depth and quality (60%)

3 of 8

CRITERIA

EXEMPLARY 96-100 valid, sensible, and logical arguments or supports.

SATISFACTORY 91-95 and logical arguments or supports.

DEVELOPING BEGINNING RATING 86-90 81-85 properly supported by valid, sensible and logical arguments or supports. RATING

Written Case Analysis CRITERIA Analysis of case (80%)

Teamwork (20%)

EXEMPLARY 96-100 The group provides valid, sensible and logical case analysis, presents feasible alternatives and solutions to the case problem, and provides valid, sensible and logical arguments or supports.

SATISFACTORY 91-95 The group provides somewhat valid, sensible and logical case analysis, presents feasible alternatives and solutions to the case problem, and provides some valid, sensible and logical arguments or supports.

The group is organized and shows strong teamwork and camaraderie as evidenced in the written case analysis.

The group is organized and shows teamwork as evidenced in the written case analysis.

DEVELOPING 86-90 The group provides somewhat valid, sensible and logical case analysis, presents somewhat feasible alternatives and solutions to the case problem but these are not properly supported by valid, sensible and logical arguments or supports. The group is somewhat organized and shows a hint of teamwork as evidenced in the written case analysis.

BEGINNING 81-85 The group provides non-sensible case analysis, presents alternatives and solutions to the case problem which may not be feasible or logical.

RATING

The group is disorganized and shows lack of teamwork as evidenced in the written case analysis. TOTAL

OTHER REQUIREMENTS AND ASSESSMENTS: Aside from the final output, the student will be assessed at other times during the term by the following: • Quizzes • Comprehensive exam • Recitation/Class participation • Attendance/Class citizenship • Module notes

4 of 8

GRADING SYSTEM: GRADE POINT 4.0 3.5 3.0 2.5 2.0 1.5 1.0 0.0

DESCRIPTION

PERCENTAGE

Excellent Superior Very Good Good Satisfactory Fair Pass Fail

97-100 94-96 91-93 87-90 83-86 77-82 70-76 Below 70

The percentage equivalent shall be arrived at as follows: BASIS Quiz 1 Quiz 2 Quiz 3 Comprehensive Examination Class Standing (Assignments, oral report, module notes, reflection paper/case analysis, recitation/class participation, attendance/class citizenship) Total

FINAL GRADE 20% 20% 20% 20% 20% 100%

Course grade requirement is at least 83%. LEARNING PLAN: LEARNING OUTCOMES

UNIT

LO1, LO2, LO3

1

LO1, LO2, LO3

2

TOPICS Orientation OVERVIEW OF IT AUDIT 1.1 IT Governance 1.2 CobiT 4.1 versus CobiT 5 1.3 The work of an IT auditor 1.4 IT audit skills 1.5 The CISA exam LEGAL AND ETHICAL ISSUES FOR IT AUDITORS 2.1 RA 8792 (E-Commerce Act of 2000) 2.2 ISACA audit standards (10011402) 2.3 ISACA code of ethics (updated) 2.4 Ethical issues 2.5 Fraud and accountants 2.5.1 Fraud triangle 2.5.2 Fraud diamond 2.5.3 Fraud pentagon 2.6 Auditor’s responsibility for detecting fraud 2.7 Fraud detection techniques

5 of 8

WEEK NO.

NO. OF HOURS

REF

LEARNING ACTIVITIES

1

0.5

1

3.0

Hunton (Ch1) ISACA website

Lecture, Reporting, Discussion, and Exercises

1

3.0

Hall (Ch12) RA 8792 ISACA website Wolfe & Hermanson (2004) Tugas (2012)

Lecture, Reporting, Discussion, and Exercises

LEARNING OUTCOMES LO1, LO2, LO3

UNIT

LO1, LO2, LO3

4

LO1, LO2, LO3

3

5

LO1, LO2, LO3

6

LO1, LO2, LO3

7

LO1, LO2, LO3

8

TOPICS AUDITING IT GOVERNANCE CONTROLS 3.1 Philippine Corporate Reform Act of 2006 – SB209 / amended HB286 3.2 IT Governance 3.3 Structure of the IT function 3.4 The computer center 3.5 Disaster recovery planning 3.6 Outsourcing the IT function QUIZ 1 SECURITY I: AUDITING OPERATING SYSTEMS AND NETWORKS 4.1 Auditing operating systems 4.2 Auditing networks 4.3 Controlling networks 4.4 Auditing electronic data interchange (EDI) 4.5 Auditing PC-based accounting systems 4.6 PAPS 1013 (Electronic Commerce – Effect on the Audit of Financial Statements) SECURITY II: AUDITING DATABASE SYSTEMS 5.1 Data management approaches 5.2 Key elements of the database environment 5.3 Database in a distributed environment 5.4 Controlling and auditing data management systems QUIZ 2 AUDITING COMPUTER-BASED INFORMATION SYSTEMS 6.1 The risk-based audit approach 6.2 Information systems audits 6.3 Operational audits of an accounting information system COMPLETING THE IT AUDIT 7.1 The IT audit life cycle 7.2 Four types of IT audit 7.3 Using CobiT to perform an audit ADVANCED TOPICS IN IT AUDIT EMERGING ISSUES IN IT SECURITY: CLOUD COMPUTING 8.1 Cloud computing 8.2 Advantages of cloud computing 8.3 Risks of cloud computing

6 of 8

WEEK NO.

NO. OF HOURS

REF

LEARNING ACTIVITIES

1

3.0

HB 286 SB209 Hall (Ch2)

Lecture, Reporting, Discussion, and Exercises

1

2.0

1

3.0

Hall (Ch3) PAPS 1013

Lecture, Reporting, Discussion, and Exercises

1

3.0

Hall (Ch4)

1

2.0

1/2

3.0

Romney (Ch11)

Lecture, Reporting, Discussion, and Exercises

2

1.5

Hunton (Ch9)

Lecture, Reporting, Discussion, and Exercises

2

2.0

Dela Cruz (2014)

Lecture, Reporting, Discussion, and Exercises

Lecture, Reporting, Discussion, and Exercises

LEARNING OUTCOMES LO1, LO2, LO3

LO1, LO2, LO3

UNIT

TOPICS

9

EMERGING ISSUES IN IT SECURITY: TRUSTWORTHY COMPUTING 9.1 Trustworthy computing 9.2 Radio-frequency identification technology 9.3 Data-at-rest encryption appliance technology 9.4 Quantum encryption 9.5 Privacy on the internet 9.6 Information security and civil liberties in cyberspace

10

WEEK NO.

NO. OF HOURS

REF

LEARNING ACTIVITIES

2

2.0

Slay (Ch11)

Lecture, Reporting, Discussion, and Exercises

2

9.0

Hunton (Ch8) Hall (Ch7) PAPS 1009 ACL in Practice

Lecture, Reporting, Discussion, and Exercises

QUIZ 3

2

2.0

COMPREHENSIVE EXAM

2

3.0

INTEGRATED USING computer-assisted audit tools and techniques (CAATTS) 10.1 PAPS 1009 (ComputerAssisted Audit Techniques) 10.2 Audit productivity software 10.3 GAS tools 10.4 Computer-assisted IT audit techniques 10.4.1 Testing computer applications 10.4.2 Test data, ITF, parallel simulation 10.5 Continuous auditing techniques 10.6 Hands-on training with ACL

TOTAL HOURS

42.0

REQUIRED TEXT AND REFERENCE MATERIALS: Required textbooks 1. Hall, J. (2011). Information Technology Auditing. International Edition, SouthWestern Cengage Learning. 2. Romney, Marshall B. & Steinbart, Paul John (2012). Accounting Information Systems. 12th Edition, Pearson Prentice Hall. 3. Hunton, James, Bryant, Stephanie & Bagranoff, Nancy (2004). Core Concepts of Information Technology Auditing. 1st Edition, John Wiley and Sons. 4. Slay, Jill & Koronios, Andy (2006). Information Technology Security and Risk Management. 3rd Edition, John Wiley and Sons. References 1. Tugas, F. (2012). Exploring A New Element of Fraud: A Study of Selected Financial Accounting Fraud Cases in the World. American International Journal of Contemporary Research, 112-121. 2. Dela Cruz, A. (2014). Cloud Computing: Through the Eyes of Small Businesses in Manila with Social Networking Sites as Lens. Unpublished master’s term paper. 3. PAPS 1009 and PAPS 1013 of the Auditing Standards and Practices Council 4. Republic Act 8792 5. HB 286/SB209 7 of 8

Websites 1. www.mhhe.com/louwers4e 2. http://www.aasc.org.ph/ 3. http://www.isaca.org

Auditing and Assurance Committee May 2014

8 of 8