MGT

278B
INFORMATION TECHNOLOGY AUDITING AND ASSURANCE

Instructor: Dr. Rosemary Kim

Office: Anderson Hall 137
Phone: (951) 8275279
E-mail: rhkim@ucr.edu

Quarter: Winter 2013

Lecture time: Mon/Wed 9:40AM-11:00AM
Classroom: LFSC 1500
Office Hours: Mon/Wed 12PM-1:30PM & by appt.

SoBA Mission Statement

Our mission is to develop diverse leaders, propel research-based innovation and promote the sustainable growth of Inland
Southern California within the global economy. We harness the powerful resources of UC and our location at the nexus of
commerce to create a laboratory for education, research, and productive partnerships across economic enterprises.

The strategic activities that propel our mission include:
Conducting basic and applied research in management that explores and informs the creation, development and
management of growth;
Providing degree programs that prepare our students to be effective managers and responsible community leaders with a
deep understanding of the dynamics of growth in both a regional and global context;
Partnering with business and community leaders through a shared commitment exemplary growth; and
Delivering educational programs to executives and the public at large that respond to the needs of our local, state, national,
and international communities.

Graduate Program - Learning Goals

Professional Integrity / Ethical Reasoning Skills
Students will be able to recognize ethical issues, demonstrate familiarity with alternative frameworks for ethical reasoning, and
discern trade-offs and implications of employing different ethical frames of reference when making business decisions.

Global Context Skills
Students will be conversant with major economic, social, political, and technological trends and conditions influencing foreign
investment and development of the global economy and demonstrate an understanding of the cultural, interpersonal and
analytical competencies required for engaging in global business activities.

Written Communication
Students will demonstrate proficiency in written communications by creating written document that are clearly written, with
appropriate content and conclusions.

Technology Skills
Students will be able to integrate and apply the tools and techniques of business, drawing on a broad-based knowledge of the
major functions (accounting, economics, finance, information systems, marketing, operations management, and strategy) to
solve complex business problems and make sound business decisions.

Course Description

Catalog Description: Seminar, 3 hours; outside research, 3 hours. Prerequisite(s): MGT 278A or permission of instructor. Basic
concepts and techniques that are used in the provision of IT audit and assurance services. Topics include IT security, risk

assessment; internal control; nature of audit evidence; independence and objectivity; suitable criteria; the role of standards
and technology and ethical issues.
Course Summary

IT auditing and assurance is a process that involves research, investigation, and evidence gathering which has the objective of
providing assurance concerning the security and information quality of systems that provide financial and other information of
interest to business, government, or society in general.

This course is an introduction to basic concepts and techniques that are used in the provision of IT audit and assurance services.
The assurance providers role is to provide independent, cost effective assurance of systems and information to insure that the
information meets accepted standards.

MGT 278B is designed to provide an introductory framework for understanding how assurance providers plan and conduct such
assurance engagements. In completing an IT assurance engagement, the audit team decides what to do, how much risk is
appropriate and when to conclude the research, investigation, and evidence gathering processes. IT auditing and assurance
services are essential to the success of many enterprises manufacturing, service, government, or not-for-profit organizations.

Course/Learning objective

The course objectives are embedded in the context of the following learning objectives:

Gaining knowledge and skills about the nature of and opportunities for IT audit and assurance services.
Applying basic principles and concepts related to risk assessment and evidential reasoning as they apply to IT settings.
Developing your analytical and technical problem solving skills.
Developing abilities and skills in working with others as a team.
Developing knowledge of and commitment to ethical principles and personal values.
Developing skills to understand, analyze and critically evaluate audit and assurance research.

This syllabus is an invitation to you as a student to engage in an interactive study of the core concepts of providing IT auditing
and assurance services. It is my intention to provide a collaborative and supportive learning environment where students will
learn both in and out of the classroom. To that end, modifications to this syllabus might be warranted as I assess and update
the learning needs of this particular class.

Prerequisite

MGT 278A: Foundations of Auditing & Assurance

Course Materials

rd

Textbook: Information Technology Auditing and Assurance, 3 Edition by Hall ISBN-10: 1439079110 | ISBN-13: 978-
1439079119
Clicker

Grading Policy

Your performance in BUS MGT 278B will be evaluated based on the following:
1. 12.5% Blackboard (iLearn) Quizzes (online) and pop-quizzes (in-class)
2. 12.5% Attendance, Participation, Individual in-class activities and Clicker
3. 25.0% Assignments, Case Studies, Projects (individual and group) and Presentations
4. 25.0% Midterm examination
5. 25.0% Final examination
----------
100% TOTAL

MGT278B, Spr2013, R. Kim, Page 2 of 5

In addition to a necessary test of memory, this course is intended to provide basic IT auditing concepts and to teach the
application of logical analysis to develop the approach to any situation that might be presented to an IT auditor. As such,
various activities will make up your course grade.
Quizzes (Announced and Unannounced): During the term, regular Blackboard based quizzes will be provided which you will
complete online each week. It is also possible that unannounced quizzes will be given. All such quizzes will be related to the
assigned homework for the day as well as information from prior assignments.
Attendance and Participation: You are expected to attend every class and to be in the classroom on time. By enrolling at UCR,
you are making a commitment both to yourself and to your instructor that you will do your best to learn the material presented.
It is imperative to come to class prepared to participate and exchange ideas and knowledge. You will be evaluated on your
participation and the quality of your contribution to class discussions.
Formal exams: There will be one midterm and a final exam.
Case studies/Assignments/Projects: There will be several internal audit-related projects, case studies, and assignments during
the term. Due dates are clearly noted on iLearn in Assignments so please submit timely. No late work is accepted. All details for
assignments will be provided in class before they are due and if you miss class, please check Assignments on iLearn. Please note
that you must keep a back-up copy of your projects. If the copy turned in is lost or damaged, the back-up will be requested. If a
back-up copy cant be supplied when requested, then a grade of zero will be assigned.

Course Schedule


Wk

Day

Lecture Topic (Read Before

Discussion of Chapter in Class)

Assignments Due

M
4/1/13

Discussion on Introduction to IT
Auditing

W
4/3/13

1. Auditing and Internal Control

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 7,8 (even/odd)

M
4/8/13

2. Auditing IT Governance Controls

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 3,4 (even/odd)

W
3. Security Part I: Auditing Operating
4/10/13 Systems and Networks

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 6,7 (even/odd)

M
4. Security Part II: Auditing Database
4/15/13 Systems

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 7,8 (even/odd)

W
5. Systems Development and
4/17/13 Program Change Activities

Discussion Ques.: (Answer the last 10 questions, even/odd)
Problems: 3,4 (even/odd)

M
6. Transaction Processing and
4/22/13 Financial Reporting Systems
Overview

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 4,5 (even/odd)

W
Read two articles from the Reading
4/24/13 List on iLearn

Article opinion

MGT278B, Spr2013, R. Kim, Page 3 of 5

Submit case study

5

M
Midterm based on Assigned
4/29/13 textbook readings, articles, and

lectures

No assignment due on Midterm Day

W
5/1/13

7. Computer-Assisted Audit Tools and Discussion Ques.: (Answer the last 10 questions, even/odd)
Techniques
Problems: 1,2 (even/odd)

M
5/6/13

8. Data Structures and CAATTs for

Data Extraction

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 11,12 (even/odd)

W
5/8/13

Read two articles from the Reading

List on iLearn

Submit case study

Article opinion

M
9. Auditing the Revenue Cycle
5/13/13

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 4,5 (even/odd)

W
10. Auditing the Expenditure Cycle
5/15/13

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 1,2 (even/odd)

M
Read two articles from the Reading
5/20/13 List on iLearn

Submit ACL Project (1 and 2)

Article opinion

W
11. Enterprise Resource Planning
5/22/13 Systems

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 1,2 (even/odd)

M
Academic Holiday Memorial Day
5/27/13

W
Read two articles from the Reading
5/29/13 List on iLearn

Submit ACL Project (3, 4 & 5)

Article opinion

M
6/3/13

12. Business Ethics, Fraud, and Fraud

Detection

Discussion Ques.: (Answer the last 10 questions, even/odd)

Problems: 1,2 (even/odd)

W
6/5/13

Read two articles from the Reading

List on iLearn

Submit ACL Project for Fraud (1, 2 &
3)

Article opinion

10

11

W
FINAL EXAM - Emphasizes assigned
6/12/13 textbook readings, articles, and
lectures since Exam 2

8-11am

MGT278B, Spr2013, R. Kim, Page 4 of 5

Integrity statement:

At the University of California, Riverside (UCR) honesty and integrity are fundamental values that guide and
inform us as individuals and as a community. The academic culture requires that each student take responsibility
for learning and for producing work that reflect their intellectual potential, curiosity, and capability. Students
must represent themselves truthfully, claim only work that is their own, acknowledge their use of others words,
research results, and ideas, using the methods accepted by the appropriate academic disciplines and engage
honestly in all academic assignments. Misunderstanding of the appropriate academic conduct will not be
accepted as an excuse for academic misconduct. If a student is in doubt about appropriate academic conduct in a
particular situation, he or she should consult with the instructor in the course to avoid the serious charge of
academic misconduct.
To ensure the highest standard of academic integrity, all students should be familiar with the guidelines posted
at:
http://conduct.ucr.edu/SiteCollectionDocuments/DocumentsFromStudentConduct/AcademicIntegrityBrochureSt
udent.pdf

MGT278B, Spr2013, R. Kim, Page 5 of 5