Course Description

This course complements the course in auditing. It discusses information technology (IT) – related risks, security and control mechanisms and techniques that may be
employed to address the risks, and the impact of computer use on the audit. It also introduces computer assisted audit techniques and tools. In this course, students
gain an appreciation of the particular features and understanding of the risks involved in auditing in a CIS environment, the CIS controls they would expect to find in
this area. The students gain hands-on experience in the use of computers in performing audits.

I. COURSE LEARNING OUTCOMES

Upon completion of the course, the students will be able to:

Cognitive
1. Discuss the impact of computers on accounting systems.
2. Explain the effects of computers on the audit process.
3. Discuss the auditor’s responsibilities with respect to internal control over Electronic Data Processing (EDP) systems.
4. Identify major types of computer fraud.
5. Discuss the basic audit procedures applied in evaluating the internal control and substantive testing in a CIS environment.

Psychomotor
1. Demonstrate awareness how audit planning is done in a CIS environment.
2. Demonstrate basic skills in designing audit programs for IT audits.
3. Prepare an IT audit report.

Affective
1. Support the vision, mission and goals of the University, the College and the Department
2. Comply with PAPS 1013, Electronic Commerce – Effect on the Audit of Financial Statements.
 3. Exemplify the code of ethics that IT auditors follow.

II. TEXTBOOK(S) AND REFERENCE(S)

Textbook : Information Technology Auditing

By: James A. Hall
3rd Edition

References : Principles of Auditing and Other Assurance Services

By: Ray Whittington and Kurt Pany
2012 Edition, McGraw-Hill Companies

Auditing and Assurance Services: An Integrated Approach

By: Alven Arens, et.al.
2011 Edition, Pearson Prentice Hall

Note on textbook(s) and reference(s): The teacher reserves the right to choose the textbook(s) and reference(s) he/she deems
appropriate.

III. DETAILED COURSE OUTLINE/LEARNING PLAN

WK HRS TOPIC LEARNING OUTCOMES STRATEGIES/ACTIVITIES ASSESSMENT OF LEARNING

OUTCOMES
1 1.5   
1 1.5 Auditing and Internal Control

 Overview of auditing  Differentiate attest  Lecture/Discussion  Drill

 The role of the audit services from advisory  Class sharing  Students to submit written
 committee
 Financial audit
components
 Audit risk
 The IT audit
 Internal control
 Internal control objectives,
principles, and models
services and explain the  Review workshop analysis on cases
relationship between the  Case analysis and assigned
two. presentation  Quiz on the topic
 Explain the structure of an  Assign readings for the
audit and the conceptual next meeting
elements of the audit  Assign cases for the next
process. topic
 Identify internal control
categories presented in
the COSO framework.
 Describe key features of
Section 302 and 404 of
the Sarbanes-Oxley Act.
 Explain the relationship
between general controls,
application controls, and
financial data integrity.

2 3 Auditing IT Governance Controls

 Information technology
governance
 Structure of the
information technology
function
 The computer center
 Disaster recovery planning
 Outsourcing the IT
function
 Explain the risks of
incompatible functions
and how to structure the
IT function.
 Describe the controls and
precautions required to
ensure the security of an
organization’s computer
facilities.
 Explain the key elements
of a disaster recovery
plan.
 Lecture/Discussion  Drill
 Class sharing  Students to submit written
 Video clip presentation analysis on cases
 Case analysis and assigned
presentation  Quiz on the topic
 Assign readings for the
next meeting
 Assign cases for the next
topic

3 3 Security Part I: Auditing Operating
Systems and Networks
 Auditing operating
systems
 Auditing networks
 Auditing electronic data
interchange (EDI)
 Auditing PC-based
accounting systems
4 3 Security Part II: Auditing Database
Systems
 Describe the benefits,
risks, and audit issues
related to IT outsourcing.
 Identify the principal  Lecture/Discussion  Drill
threats to the operating  Role playing  Students to submit a
system and the control  Case analysis and reflection paper on the role
techniques used to presentation play presented
minimize the possibility of  Students to submit written
actual exposures. analysis on cases
 Explain the principal risks assigned
associated with commerce  Quiz on the topic
conducted over intranets
and the Internet and the
control techniques used to
reduce these risks.
 Identify the risks
associated with personal
computing systems.
 Recognize the unique
exposures that arise in
connection with electronic
data interchange (EDI)
and explain how these
exposures can be
reduced.
 Explain the operational  Lecture/Discussion  Drill
  Data management problems inherent in the  Group discussion  Students to submit written
approaches flat-file approach to data  Case analysis and analysis on cases
 Key elements of the management that gave presentation assigned
database environment rise to the database  Quiz on the topic
 Databases in a distributed approach.
environment  Explain the relationships
 Controlling and auditing among the fundamental
data management components of the
systems database concept.
 Recognize the defining
characteristics of three
database models:
hierarchical, network, and
relational.
 Explain the operational
features and associated
risks of deploying
centralized, partitioned,
and replicated database
models in the DDP
Environment.
 Describe the audit
objectives and procedures
used to test data
management controls.

5 3 Systems Development and

Program Change Activities

 Participants in systems  Identify the stages in the  Lecture/Discussion  Drill

development SDLC.  Oral recitation  Graded oral recitation
 Information systems  Describe common  Case analysis and  Students to submit written
acquisition problems that can lead to presentation analysis on cases
  The systems development
life cycle
 Controlling and auditing he
SDLC
failure in the systems assigned
development process.  Quiz on the topic
 Explain the importance of
strategic system planning.
 Describe how
accountants participate in
the SDLC.
 Identify the basic features
of both the structured and
object-oriented
approaches to systems
design.
 Discuss the major steps
involved in a cost-benefit
analysis of proposed
information systems.
 Enumerate the
advantages and
disadvantages of the
commercial software
option, and discuss the
decision-making process
used to select commercial
software.
 Explain the purpose of a
system walkthrough.
 Describe the different
types of system
documentation and the
purposes they serve.

6 2 PRELIM EXAMINATION
7 3 Transaction Processing and
 Financial Reporting Systems
Overview
 An overview of transaction
processing
 Accounting records
 Documentation techniques
 Computer-based
accounting systems
 Data coding schemes
 The general ledger system
 The financial reporting
system
 XBRL-reengineering
financial reporting
 Controlling the FRS
8-9 6 Computer-Assisted Audit Tools
and Techniques
 Explain the broad  Lecture/Discussion  Drill
objectives of the three  Illustration through the  Students to submit written
transaction cycles and the extensive use of graphics analysis on cases
types of transactions such as figures, diagrams, assigned
processed by each of flowcharts and tables  Students to take a moving
them.  Case analysis and quiz.
 Explain the relationship presentation
between traditional  Assign readings for the
accounting records and next meeting
their digital equivalents in  Assign cases for the next
computer-based systems. topic
 Describe the
documentation techniques
used for representing
manual and computer-
based systems.
 Explain the technologies
used to automate and
reengineer accounting
information systems.
 Explain the operational
features of the general
ledger system (GLS) and
the financial reporting
system (FRS).
  Application controls
 Testing computer
application controls
 Computer-aided audit
tools and techniques for
testing controls
 Identify the classes of  Lecture/Discussion  Drill
transaction input controls  Oral recitation  Graded oral recitation
used by accounting  Case analysis and  Students to submit written
applications. presentation analysis on cases
 Explain the objectives and  Assign readings for the assigned
techniques used to next meeting  Quiz on the topic
implement processing  Assign cases for the next
controls, including run-to- topic
run, operator intervention,
and audit trail controls.
 Explain the methods used
to establish effective
output controls for both
batch and real-time
systems.
 Differentiate black box
auditing from white box
auditing.
 Discuss the key features
of the CAATTs.

9-10 6 Data Structure and CAATTs for

Data Extraction

 Data structure  Explain the components  Lecture/Discussion  Drill

 Designing relational
database
 Embedded audit module
 Generalized audit software
 ACL software
of data structures and
how these are used to
achieve data-processing
operations.
 Discuss the structures
used in flat-file systems,
including sequential,
 Class sharing  Students to submit written
 Quiz show analysis on cases
 Illustration through the assigned
extensive use of graphics  Quiz on the topic
such as figures, diagrams,
flowcharts and tables
 Case analysis and
 indexes, hashing, and presentation
pointer structures.  Assign readings for the
 Discuss the relational next meeting
database structures and  Assign cases for the next
the principles of topic
normalization.
 Explain the features,
advantages, and
disadvantages of the
embedded audit module
approach to data
extraction.
 Identify the capabilities
and primary features of
generalized audit
software.
 Describe the more
commonly used features
of ACL.

11 2 MIDTERM EXAMINATION
12-13 6 Auditing the Revenue Cycle

 Revenue cycle activities  Explain the operational  Lecture/Discussion  Drill

and technologies tasks associated with the
 Revenue cycle audit revenue cycle under
objectives, controls, and different levels of
tests of controls technology.
 Substantive tests of  Explain the audit
revenue cycle accounts objectives related to the
revenue cycle.
 Discuss the revenue cycle
control issues related to
 Oral recitation  Students to submit written
 Illustration through the analysis on cases
extensive use of graphics assigned
such as figures, diagrams,  Quiz on the topic
flowcharts and tables
 Case analysis and
presentation
 Assign readings for the
next meeting

14-15 6 Auditing the Expenditure Cycle
 Expenditure cycle
activities and technologies
 Expenditure cycle audit
objectives, controls, and
tests of controls
 Substantive tests of
expenditure cycle
accounts
alternative technologies.  Assign cases for the next
 Recognize the topic
relationship between
revenue cycle audit
objectives, controls, and
tests of controls.
 Explain the nature of
substantive tests in
achieving revenue cycle
audit objectives.
 Describe the common
features and functions of
ACL that are used to
perform substantive tests.
 Explain the primary tasks  Lecture/Discussion  Drill
associated with the  Group activity in a form of  Students to submit a
expenditure cycle under talk show with audience journal about the group
different levels of participation activity
technology.  Illustration through the  Students to submit written
 Explain the audit extensive use of graphics analysis on cases
objectives related to the such as figures, diagrams, assigned
expenditure cycle. flowcharts and tables  Quiz on the topic
 Discuss the expenditure  Case analysis and
cycle control issues presentation
related to alternative  Assign readings for the
technologies. next meeting
 Recognize the  Assign cases for the next
relationship between topic
expenditure cycle audit
objectives, controls, and

16 3 Enterprise Resource Planning
Systems
 What is an ERP?
 ERP system
configurations
 Data warehousing
 Risks associated with ERP
implementation
 Implications for internal
control and auditing
tests of controls.
 Explain the nature of
substantive tests in
achieving expenditure
cycle audit objectives.
 Describe the common
features and functions of
ACL that are used to
perform substantive tests.
 Explain the general  Lecture/Discussion  Drill
functionality and key  Class sharing  Students to submit written
elements of ERP  Illustration through the analysis on cases
systems. extensive use of graphics assigned
 Explain the various such as figures, diagrams,  Quiz on the topic
aspects of ERP flowcharts and tables
configuration including  Case analysis and
servers, databases, and presentation
the use of bolt-on  Assign readings for the
software. next meeting
 Explain the purpose of  Assign cases for the next
data warehousing as a topic
strategic tool and
recognize the issues
related to the design,
maintenance, and
operation of a data
warehouse.
 Recognize the risks
associated with ERP

17 3 Business Ethics, Fraud, and Fraud
Detection
 Ethical issues in business
 ISACA code of ethics
 Fraud and accountants
 Auditor’s responsibility for
detecting fraud
 Fraud detection
techniques
18 2 FINAL EXAMINATION
IV. EXPECTATIONS FROM STUDENT
implementation.
 Identify the key
considerations related to
ERP implementation.
 Explain the internal
control and auditing
implications associated
with ERPs.
 Identify the broad issues  Lecture/Discussion  Drill
pertaining to business  Role playing  Students to submit written
ethics.  Video clip presentation analysis on cases
 Explain what constitutes  Case analysis and assigned
fraudulent behavior. presentation  Students to submit a
 Explain fraud-motivating reflection paper on the role
forces. play presented
 Identify typical fraud  Quiz on the topic
schemes perpetrated by
managers and
employees.
 Discuss the common anti-
fraud techniques used in
both manual systems and
computer-based systems.
 Describe the use of ACL
in the detection of fraud.
Every student is expected to:
1. Come to each class prepared and participate in the class discussions,
2. Take all quizzes/examinations on the date scheduled,
3. Read the assigned topics prior to class,
4. Solve assigned problems prior to class,
5. Submit course requirements, if any, on time,
6. Abide with class policies, and
7. Understand the course syllabus