COURSE RUBRIC: FIS 433 - Information Systems Audit and Control

COURSE DESCRIPTION: This course deals with audit and control aspects of information systems. Students will study the risks, controls, and audit techniques related to key information systems areas. In addition, they will study computer fraud detection techniques. Students will use specially developed software to perform audit tests and fraud prevention and detection procedures.

PREREQUISITES: FIS 318 or ACC 318 or MIS 304

COURSE OBJECTIVES:

• To identify the risks and internal control issues associated with modern information systems
• To identify risks associated with operating systems security, database access, networks, and the Internet.
• To define the audit role of Computer Assisted Audit Tools and Techniques (CAATTs)
• To use a data extraction and analysis tool to perform standard audit tests and fraud detection tests.

MAJOR TOPICS:   Risks of Insecure Systems
                                  Risk Management
                                  Controls in Data Management Systems
                                  Controls in Electronic Commerce Systems
                                  Computer Fraud
                                  Computer Assisted Audit Tools and Techniques (CAATTs)
                                  Using Software for Data Extraction and Analysis (including Fraud Detection)

COURSE INCLUDES:

Information Technology: Students use a leading audit software package (ACL or IDEA) to query, analyze and report on data stored by a computer system.

Oral Communication: All students are required to participate in class discussions in each class. During each class session, a class participation sheet is completed on which each student records his or her two "best" verbal comments or contributions during class. This is handed to the instructor at the end of class for grading purposes. Students also present projects to the class during the semester. Topics covered include: Basic Personal Computer Security; Operating Systems Reviews; Network Security; Firewall Audit; Encryption; Application of Biometrics; Internet Payment Systems; AICPA WebTrust and SysTrust Programs; Digital Analysis as an Auditing Tool; Advanced Tools to Tackle Fraud and Collusion; Extensible Business Report Language (XBRL).

Writing Skills: Weekly written assignments are collected and graded.

Critical Thinking: Students are required access data from a computer files and to comment on anomalies or unusual trends, thus simulating a real-life assessment environment.

Problem Solving: Students test, analyze and report on the data that they extract from a computer system, and make audit and control decisions. Students are required to justify each decision.

Team Building: After doing individual assignment preparation at home, students are assigned to small groups (approximately two to four per group, with different groups each week) to discuss individual solutions and to reach a small group solution. Also, students work in groups of two or three on a semester-long group project.

Globalization: As the focus of Audit and Control is to enforce business rules of enterprise systems, and these systems are global, globalization issues are an inherently addressed.