Scribd Logo
Upload

Welcome to Scribd!

  • The State University of Zanzibar: Department of Computer Science and Information Technology Course Outline

    Uploaded by

    Badal Mohamed
    27 views3 pages
    Course

    Original Title

    course_outline_Auditing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Course

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views3 pages

    The State University of Zanzibar: Department of Computer Science and Information Technology Course Outline

    Uploaded by

    Badal Mohamed
    Course

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    THE STATE UNIVERSITY OF ZANZIBAR

    DEPARTMENT OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY

    COURSE OUTLINE

    Course Code: INF 3201

    Course Name: Information Systems Audit and Control

    Number of Credits: 10

    Duration: 15 weeks of classes

    Number of contact hours: 3 lecture hours or its equivalent per week

    Prerequisites: None

    Course offered by: Department of Computer Science and IT

    Course description:
    In organizations where computer based information systems play a significant role in achieving
    business goals and critical success factors, the effectiveness of general management and controls
    exercised over these information systems is critical to the success of the organization. The
    prerequisites for effective management are appropriate plans, staffing structures, policies,
    standards, procedures, methods and controls within the IS environment. Without those, the risks of
    failure are greatly increased.
    Learning Outcomes
     To understand knowledge necessary to provide audit services in accordance with IT audit
    standards and to assist the enterprise with protecting and controlling information systems.
     To recognise assurance that the enterprise has the structure, policies, accountability
    mechanisms and monitoring practices in place to achieve the requirements of corporate
    governance of IT.
     To provide assurance that the practices for the acquisition, development, testing and
    implementation of information systems meet the enterprise’s strategies and objectives.
     To provide assurance that the IT service management practices will ensure the delivery of
    the level of services required to meet the enterprise’s objectives.
     To provide assurance that the security architecture (policies, standards, procedures and
    controls) ensures the confidentiality, integrity and availability of information assets.

    Course Outline

    Week 1 - 2: The Process of Auditing Information Systems


    o Risk-based IT audit strategy

    1
    o Specific audit planning
    o IT audit standards
    o Audit reporting, communications and follow-up

    Week 3 - 7: Governance and Management of IT

    o IT governance structures
    o IT organizational structure and HR
    o IT strategy and direction
    o IT policies, standards and procedures
    o QMS and IT management of controls
    o Monitoring and assurance practices
    o IT resource management
    o IT contracting strategies and policies
    o Risk management practices
    o Business continuity planning (BCP)

    Week 8 - 9: Information Systems Acquisition, Development and Implementation

    o Business case development


    o Project management practices
    o Project reviews
    o Develop project controls
    o Information systems implementation and migration
    o Post implementation reviews

    Week 10 - 12: Information Systems Operations, Maintenance and Support

    o Information systems reviews


    o Service level management practices
    o Third-party management practices
    o End-user procedures and operations
    o Maintenance of information systems
    o Data administration practices
    o Capacity and performance monitoring
    o Problem and incident management
    o Change, configuration and release management
    o Backup and restoration of systems

    Week 13 - 15: Protection of Information Assets

    o Information security policies, standards and procedures and generally accepted practices
    o Design, implementation and monitoring of system and logical security controls to verify
    confidentiality, integrity, availability (CIA)
    o Data classification processes and procedures
    o Physical access and environmental controls
    o Processes for storing, retrieving, transporting and disposing of information assets

    2
    Method of Instruction: Mix of lectures, tutorials and Practical.

    Assessment methods:

    Assessment will be in terms of tests and Assignment. The course work weigh 40% and final exams
    60%. The course work will comprise of group assignment (10%) a mid-semester test (20 marks) and
    one more test (10%). Final marks graded from A to C as pass, D and E as fail.

    Text Books:
    1. S., Sandra and F. Gallegos, “Information Technology Control and Audit”, Third Edition, Taylor
    & Francis Group, LLC, 2009.

    Additional Reading
    1. H.R. Wegner. “Information system Auditing and Electronic commerce”, A Master’s Project.
    2. Western Australia Auditor General Report. “Information System Audit Report” Report 4 –
    June 2011 the Real World, Pearson Education

    You might also like