KONTRAK PERKULIAHAN

AUDIT SISTEM INFORMASI

Pengajar : Tim
Semester :
Tahun : 2019/2020
Beban Studi : 3 SKS
Hari Pertemuan/Jam : -lihat jadwal perkuliahan-
Ruang Pertemuan : -lihat jadwal perkuliahan-

Surabaya, 20 January 2020

Perwakilan/Koordinator kelas PJMK

( ) (Damai Nasution, SE., MSi., Dr. Sc., Ak., CA.)

PROGRAM STUDI S1 AKUNTANSI

FAKULTAS EKONOMI DAN BISNIS
UNIVERSITAS AIRLANGGA
 SYLLABUS
INFORMATION SYSTEM AUDIT

Course Description
This course is designed to prepare the students to earn knowledge and skills regarding
information system auditing. The content of this course consists of the theory and
practice of information systems auditing and how to manage the audit function for an
information system.

Course Learning Objectives

After completing this course, the students should be able to:
1. understand the goals and objectives of IT audit and its role in the internal control
system;
2. understand and be able to apply techniques of audit planning and audit
performance, gathering of audit-related information and audit evidence;
3. understand and be able to apply audit and evaluation of effectiveness and
efficiency of the information system
4. understand how to manage the information systems audit function.

Course Evaluation
After the completion of this course, the students will earn a grade based on these
components and their weight:
1. Mid-term examination 35%
2. Final examination 35%
3. Tasks, etc. 30%
The teachers have an authority to add points to certain students based on the students’
performance in class.
The tasks will be discussed on the first day of class.

Literature
Information technology auditing, James A. Hall, Cengage Learning, 4th edition, 2016, ISBN:
978-1-113-94988-6. (Hall)
Information systems control and audit, Ron Weber, Prentice Hall, 1999, ISBN: 0-13-947870-
1. (Weber)
Course Plan
Week Topics
1 Course introduction
Auditing and internal control
2 Auditing IT governance control
3 Security part I: Auditing
operating systems and
networks
Learning Objectives Reading
assignment
A syllabus
• Know the difference between Hall ch 1 1
attest services and advisory
services and be able to explain
the relationship between the
two
• Understand the structure of an
audit and have a firm grasp of
the conceptual elements of the
audit process
• Understand internal control
categories presented in the
COSO framework
• Understand the relationship
between general controls,
application controls, and
financial integrity
• Understand the risks of Hall ch 2
incompatible functions and
how to structure the IT
function
• Be familiar with the controls
and precautions required to
ensure the security of an
organization’s computer
facilities
• Understand the key elements
of a disaster recovery plan
• Be familiar with the benefits,
risks, and audit issues related
to IT outsourcing
• Be able to identify the Hall Ch 3
principal threats to the
operating systems and the
control techniques used to
minimize the possibility of
actual exposures
• Be familiar with the principal
risks associated with
commerce conducted over
intranets and the internet and
understand the control
techniques used to reduce
these risks

4 Security part II: Auditing
database systems
5 Systems development and
program change activities
• Be familiar with the risks
associated with personal
computing systems
• Recognize the unique
exposures that arise in
connection with electronic
data interchange and
understand how these
exposures can be reduced
• Understand the operational Hall ch 4
problems inherent in the flat-
file approach to data
management that gave rise to
the database approach
• Understand the relationship
among the fundamental
components of the database
concept
• Recognize the defining
characteristics of three
database models
• Understand the operational
features and associated risks
of deploying centralized,
partitioned, and replicated
database models in the DDP
environment
• Be familiar with the audit
objectives and procedures
used to test data management
control
• Be able to identify the stages Hall ch 5
in the systems development
life cycle
• Understand the importance of
strategic system planning
• Be able to identify the basic
features of both the structured
and object-oriented
approaches to systems design
• Be able to identify and discuss
the major steps involved in a
cost-benefit analysis of the
proposed information system
• Understand the advantages
and disadvantages of the
commercial software option,
and be able to discuss the

6 Transaction processing and
financial reporting system
overview
7 Review and quiz
Mid-term Examination
8 Computer-assisted audit tools
and techniques
decision-making process used
to select commercial software
• Be familiar with different
types of system
documentation and the
purposes they serve.
• Understand the risks, controls,
and audit issues related to
systems development and
maintenance procedures
• Understand the broad Hall ch 6
objectives of the three
transaction cycles and the
types of transactions
processed by each of them
• Understand the relationship
between traditional
accounting records and their
digital equivalents in
computer-based systems
• Be familiar with the
documentation techniques
used for representing manual
and computer-based systems
• Understand the technologies
used to automate and re-
engineer accounting
information system
• Understand the operational
features of the general ledger
system and the financial
reporting system
• Be familiar with the classes of Hall ch 7
transaction input controls
used by the accounting
application
• Understand the objectives and
techniques used to implement
processing controls, including
run-to-run, operator
intervention, and audit trail
controls
• Understand the methods used
to establish effective output
controls for both batch and
real-time systems
 • Know the difference between
black-box and white-box
auditing
• Be familiar with the key
features of the five CAATT’s
discussed in the chapter
9 Data structures and CAATS’s for • Understand the components Hall ch 8
data extraction of data structures and how
these are used to achieve data-
processing operations
• Be familiar with the structures
used in flat-file systems
• Be familiar with relational
database structures and the
principles of normalization
• Understand the features,
advantages, and
disadvantages of the
embedded audit module
approach to data extraction
• Know the capabilities and
primary features of
generalized audit software
• Become familiar with the
more commonly used features
of the audit command
language
10 Evaluating asset safeguarding Refer to the LOs in the chapter Weber ch 21
and data integrity
11 Evaluating system effectiveness Refer to the LOs in the chapter Weber ch 22
12 Evaluating system efficiency Refer to the LOs in the chapter Weber ch 23
13 Managing the information Refer to the LOs in the chapter Weber ch 24
systems audit function
14 Review and Quiz
Final Examination