Você está na página 1de 5

UNIVERSITY OF INDONESIA

FACULTY OF COMPUTER SCIENCE


INFORMATION SYSTEMS
COURSE SYLLABUS: SEPTEMBER, 2011

INTRODUCTION TO INFORMATION SYSTEMS


AUDIT (DASAR-DASAR AUDIT SI)
Instructor
E-mail
Class hours
Load

: M. Rifki Shihab, M.Sc.


: shihab@cs.ui.ac.id
: Tuesday, 10:00 11:40. Thursday, 10:00-10:50
: 3 credit-hour (3 SKS)

Description
An information systems/information technology audit is an examination of the controls
within an Information technology (IT)/Information Systems (IS) in an organization. It is
the process of collecting and evaluating evidence of an organization's information
systems, practices, and operations. The evaluation of obtained evidence determines if the
information systems are safeguarding assets, maintaining data integrity, and operating
effectively to achieve the organization's goals or objectives. These reviews may be
performed in conjunction with a financial statement audit, internal audit, or other form of
attestation engagement.
This course provides foundation for the students to conduct an IS/IT audit. The course
will cover the concept of IS/IT audit and how to conduct IS/IT audit in an organization.
Beside that, this course will introduce industrial standards to perform such an IS/IT audit.
The approach we use in this course is risk-based approach for identifying significant IT
threats and describes the audits tests and procedures for evaluating internal control in the
following general control areas:
1. IT Governance, including IT organizational structure, disaster recovery planning,
and IT outsourcing;
2. System Security, including security issues pertaining to operating systems,
networks and database systems.
3. Systems development and program change procedures.
Evaluation will be based on class participation, quizzes, assignments/case studies, and
examinations.

Research Methodology Syllabus

Page 1

Course Objectives
Upon successfully taking this course, students are expected to:
(1) Understand what information system (IS) audit is and why it is important.
(2) Understand the areas that are covered by IS audit
(3) Understand the standards used as references in IS audit.
(4) Able to perform simple IS audit
Required Reading
James A. Hall, Information Technology Control and Audit, 3rd ed, South-Western
CENGAGE Learning
Additional Readings
1. Ron A. Weber, Information Systems Control and Audit, ISBN-13: 978-0139478703
2. S. Senft & F. Gallegos, Information Technology Control and Audit, 3rd ed., CRC
Press, 2009
Assignments
The assignments will be performed in individual and groups. There are 2 (two) individual
assignments that will be taken from book exercises.
For group assignments, each group will consist of 4 5 students. In these group
assignments, you will perform IS/IT audit through experience in real organization. The
group assignments will be divided into 3 (three) tasks:
Assign. #1: Indonesias IT and Financial Regulation
Assign. #2: System security audit.
Assign. #3: CAAT experiencing with ACL
At the end of each task, each group should present their audit results. You need to prepare
well your group presentation.
Evaluation
Your final grade will be determined by the following components:
Components
Weight
Class Participation
5%
Individual Assignments
10%
Group Assignments
45%
Mid Test
20%
Final Test
20%
Total 100%
Class participation includes class attendance as well as your participation in class
discussion and group presentation.

Research Methodology Syllabus

Page 2

Class Policies
Attendance. Students are expected to attend class or visit SCELE regularly. There
are 75% minimum attendance requirements, and attendance sheets will be passed out
and will be factored into your class participation grade. In the case of absence,
students are responsible to stay current on information regarding materials covered in
class and any changes in schedule.
Late Assignments. For each day an assignment is turned late, the total grade will be
deducted 5 (five) points. If you have a justified reason for not turning the assignment
on time (e.g., due to extenuating circumstances), please let me know prior to the due
date. I want to be flexible, yet fair to other students in the class.
Academic dishonesty and Incompletes. Each student should be familiar with
the issues pertaining to academic dishonesty and plagiarism. No tolerance to plagiator.
The grade E is immediately applied to student whom plagiated. No incompletes (I) will
be assigned. There will be no makeup assignments unless prior notice is given and
documentation of emergency is given.

Grades (rounded to the nearest number):

A
>90
A>85 90
B+
>80 - 85
>75 80
B>70 - 75
C
65 70
D
<65

Research Methodology Syllabus

Page 3

Lesson Plan (16 weeks)


Week

Topics Covered

Auditing and
Internal Control

Auditing IT
Governance
Controls
Security Part I:
Auditing
Operating
Systems and
Networks
Security Part II:
Auditing Database
Systems
System
Development and
Program Change
Activities
Transaction
Processing and
Financial
Reporting
Systems Overview
Group
presentations

4
5

7
8
9

10
11
12
13
14
15

Assignments

Lecturer

Evaluation

Group Assign #1:


Indonesias IT and
Financial Regulation

Mode of
Delivery
Face-toFace
Face-toFace

Indiv. Assign #1

Face-toFace

Face-toFace
Group Assign #2:
Security Audit

Face-toFace
Face-toFace

Face-toFace
Mid Test

ComputerAssisted Audit
Tools and
Techniques
Data Structures
and CAATs for
Data Extraction
Auditing the
Revenue Cycle
Auditing the
Expenditure Cycle
Enterprise
Resource Planning
Systems
Business Ethics,
Fraud, and Fraud
Detection
Group
Presentations

Research Methodology Syllabus

Face-toFace
Indiv. Assign #2

Face-toFace
Face-toFace
Face-toFace
Face-toFace

Group Assign #3:


CAAT experiencing
with ACL

Face-toFace
Face-toFace

Page 4

16

Research Methodology Syllabus

Final Test

Page 5

Você também pode gostar