This course seeks to explore
how enterprise-wide IT resources can be secured, managed, and leveraged through
appropriate IT governance and internal controls. The most effective way to
mitigate IT-associated risks is to design and implement IT audit and control
mechanism with a risk management approach. IT must be systematically organized
and monitored as a resource with carefully designed and executed IT policies to
maximize its impacts. After all, firms in the digital economy leverage IT to
gain a competitive advantage.
The objectives of this course
- To enable students to comprehend general audit,
information systems audit and control, IT governance and their
applications to the business environment.
- To enhance students’ competency towards risk
management, information systems audit, assurance, business continuity
planning, disaster recovery planning, and internal control.
- To develop students’ critical understanding of
Computer Assisted Audit Tools and Techniques (CAATTs) and its business
applications for data extraction and analysis.
- To gain insight into computer-assisted fraud
and fraud detection techniques for business asset protection
By the end of this course,
students should be able to:
- Articulate the concepts of auditing and
information systems audit and control.
- Apply the IS audit methodology and formulate
information security policy.
- Evaluate the organization’s IT governance, risk
management, IS control and security architecture, business continuity
plan, disaster recovery plan, and propose solutions in addressing related
- Develop knowledge and skills in the application
of various types of computer- assisted audit tools and techniques.