INFORMATION SYSTEMS AUDIT
Année du cours : 1 année(s)
Etablissement : IÉSEG School of Management
Langue : English
Formation(s) dans laquelle/lesquelles le cours apparait :
Période : S1
***Prerequisite: AUDIT TECHNIQUES
*Students should have little above basic knowledge of IT/IS, the structure of accounting information systems, auditing and a good general business culture. Overall, students are required to be able to demonstrate good analytical skills when confronted with various types of information systems auditing tasks.
At the end of the course, the student should be able to:
– Go beyond the idea of auditing around the computer but place more emphasis on auditing through and with the computer based on the ISAs. – Understand the mechanism by which the auditor seeks assurance of the internal control processes by mitigating the apparent risk exposures with a level of IT auditing activities. – Draw out an IT auditing plan, implement a level of test of general controls and also exercise application tests to assist the substantive procedures in the era of data analytics. – Perform a documentation of electronic work-papers to meet up with standards and also learn why certain Big Auditing firms and the 2nd-tier firms are reluctant to implement it. – Prepare reports based on the job done to serve various users.
Topic 1: Concepts of IS Auditing, Tasks and Knowledge Statements. IS Auditing Standards and Guidelines- What does auditing around, with and through the computer entail and which are the standards?
Topic 2: Auditing IT/IS and Engagement Planning – Which are the mechanisms and how does the auditor seek assurance of the internal control processes by mitigating the apparent risk exposures with a level of IT auditing activities?
Topic 3: IT auditing working papers procedures – How does the traditional procedure differ from the electronic and how does the mechanism look like?
Topic 4: Auditing Softwares, Tools & Techniques – Which to use?
Topic 5: Systems Development, Infrastructure/Acquisition Practices . Analysis of General Controls in place to address information systems threats, vulnerability and risks (Organizational Controls; Acquisition Development, Maintenance & Documentation Controls; Hardware & Operation Controls; Access and Technical Support Controls); what is the impact in the assurance services or financial statement auditing as a matter of scope?
Topic 6: Business Application Systems. Analysis of Application System Controls (Vulnerability, Confidentiality, Accountability, Auditability & Classification of risks) – Can one also adopt other criteria by analysing the rate at which businesses are prone to: Erroneous record keeping, Unacceptable accounting, Business interruptions, Erroneous management decisions, Fraud and Embezzlement, Statutory sanctions, Excessive costs, Loss or destruction of assets, Competitive disadvantage?
Topic 7: Performing CAAT – Computer Assisted Audit Techniques to support the substantive tests – How could you build one? IS Audit Reporting – What does IS audit reporting entail?
Topic 8: IT Governance – What does the IT Governance involve and what are the auditors’ responsibilities?
Topic 9: Cybersecurity – What is the organisation up to in terms of restriction of access from outsiders through the internet transactions and connectivity.
Topic 10: Disaster Recovery Planning / Business Continuity Planning – What is the preparedness of the organisation in terms of restarting in case of any contingency.
Topic 11: Compliance of ITGC, ISO 27001, PCI-SS – To What extent is the compliance programme avoiding undue penalties from non-complaint?
Topic 12: Contemporary Issue in IS Auditing – Artificial intelligence, Robotics Process Automation in Auditing – What does RPA entail and what is its effect on IS Auditing process?
