Professional Documents
Culture Documents
COURSE OUTLINE
Number of Credits: 10
Prerequisites: None
Course description:
In organizations where computer based information systems play a significant role in achieving
business goals and critical success factors, the effectiveness of general management and controls
exercised over these information systems is critical to the success of the organization. The
prerequisites for effective management are appropriate plans, staffing structures, policies,
standards, procedures, methods and controls within the IS environment. Without those, the risks of
failure are greatly increased.
Learning Outcomes
To understand knowledge necessary to provide audit services in accordance with IT audit
standards and to assist the enterprise with protecting and controlling information systems.
To recognise assurance that the enterprise has the structure, policies, accountability
mechanisms and monitoring practices in place to achieve the requirements of corporate
governance of IT.
To provide assurance that the practices for the acquisition, development, testing and
implementation of information systems meet the enterprise’s strategies and objectives.
To provide assurance that the IT service management practices will ensure the delivery of
the level of services required to meet the enterprise’s objectives.
To provide assurance that the security architecture (policies, standards, procedures and
controls) ensures the confidentiality, integrity and availability of information assets.
Course Outline
1
o Specific audit planning
o IT audit standards
o Audit reporting, communications and follow-up
o IT governance structures
o IT organizational structure and HR
o IT strategy and direction
o IT policies, standards and procedures
o QMS and IT management of controls
o Monitoring and assurance practices
o IT resource management
o IT contracting strategies and policies
o Risk management practices
o Business continuity planning (BCP)
o Information security policies, standards and procedures and generally accepted practices
o Design, implementation and monitoring of system and logical security controls to verify
confidentiality, integrity, availability (CIA)
o Data classification processes and procedures
o Physical access and environmental controls
o Processes for storing, retrieving, transporting and disposing of information assets
2
Method of Instruction: Mix of lectures, tutorials and Practical.
Assessment methods:
Assessment will be in terms of tests and Assignment. The course work weigh 40% and final exams
60%. The course work will comprise of group assignment (10%) a mid-semester test (20 marks) and
one more test (10%). Final marks graded from A to C as pass, D and E as fail.
Text Books:
1. S., Sandra and F. Gallegos, “Information Technology Control and Audit”, Third Edition, Taylor
& Francis Group, LLC, 2009.
Additional Reading
1. H.R. Wegner. “Information system Auditing and Electronic commerce”, A Master’s Project.
2. Western Australia Auditor General Report. “Information System Audit Report” Report 4 –
June 2011 the Real World, Pearson Education