BM E1 – Information System Audit and Governance
Objective : To learn IS audit methods, controls, IS strategies through case studies.
Prerequisites: IT fundamentals , Computer operations , Network concepts , and
Internet concepts, Exposure to programming languages , Exposure to SSAD and
Database concepts, Commercial Applications, Management Concepts and Practice
1 Auditing concepts ISA need, concept, standards,
performance, steps , techniques ,
methodologies , around and through
2 Controls – Concept objectives, types,
3 IT environment – hardware, system
software, OS, DBMS, Infrastructure,
network concepts, Personnel,
documentation, review of performance,
procurement, and other controls
Network concepts, LAN, WAN, Client-
Server architecture, Internet, EDI, email,
encryption, digital signatures –
review of performance, procurement
and other controls.
4 Software procurement and development
–SDLC – Meaning and IS auditor’s roletraditional
SSAD , OOM , prototyping ,
4GL , project management , testing ,
5 Is-operations -planning, organizing,
scheduling, SCM, problem management
, record management, QA and QC ,
review and controls
6 Controls – Input , process , validation ,
output, logical access, physical access ,
database , network , environment ,
7 Evidence collection, evaluation and
8 IS strategies and management –
organization structure , long term and
short term plans , steering and other
committees , HR policies , segregation
9 IT crimes , viruses , security , privacy
10 Broad introduction to concepts and
practice of e-commerce and legal
framework for e-commerce
11 Case studies and assignments 4 2,3
Two case studies and two assignments need also be covered.
The syllabus is expected to be completed within approx 40 sessions of 90
minutes each. Session-wise suggested contents are enclosed
Many topics will have to be covered at a broad level only.
Role of IS auditor and relation of each topic to ISA controls and review should
be part of all lectures. Emphasis should be on Audit , security, control, review
and documentation aspects and usage of relevant standards as relevant to all
the IT facets.
1. Names of ISA related material is given. For all other IT related topics, e.g. EIT
, SSAD , DBMS , Network etc various standard books are available in the
market and also recommended by the University.
2. “EDP Auditing Conceptual Foundations And Practices” by Ron Weber –
3. Latest CISA review manual by ISACA , USA – This may be procured by
individual institutes and made available to students on library basis
4. IS audit standards and control objectives of ISAXA which are non-copyrighted
and relevant , refer www.isaca.org
5. IS control journals from ISACA
No responses found. Be the first to respond...