Information Systems Auditing, Controls and Assurance

Information systems (IS) are important assets to business organizations and are ubiquitous in our daily lives.

With the latest IS technologies emerging, such as Big Data, FinTech, Virtual Banks, there are more concerns from the public on how organizations maintain systems’ integrity, such as data privacy, information security, the compliance to the government regulations. Management in organizations also need to be assured that systems work the way they expected. IS auditors play a crucial role in handling these issues.

In the course “Information Systems Auditing, Controls and Assurance”, you will explore risks of information systems, and how to mitigate the risks by proper IS Controls. You will also get familiar with the IS Audit procedures and how they are applied during the IS development throughout the Systems Development Life Cycle (SDLC).

Finally, you will get to observe how we can make the system changes more manageable using formal IS Management practices, such as Change Management Controls and Emergency Changes.

The conversations between the course instructor - Prof. Percy Dias, and the IS auditing practitioner will give you a concrete idea on how IS auditors perform their duties, the qualities to become IS auditors and future prospects of IS auditing industry.

This course is suitable for students and graduates from Information Systems, Information Technology and Computer Science, and IT practitioners who are interested to get into the IS auditing field. It is also a good starting point for learners who would like to pursue further studies for IS audit certifications – such as Certified Information Systems Auditor (CISA).

Introduction to Information Systems (IS) Auditing
-IS Auditing is related to risks, controls and assurance. In the first module, Prof. Dias introduces what risk is about. Getting deeper to risk, the 3-step risk management process is elaborated. To manage risks, controls need to be established. Prof. Dias also demonstrates with daily examples on what the controls are.

Perform IS auditing
-You may have heard of financial auditing, do you know the difference between IS auditing and financial auditing? You are going to explore more about IS auditing through the conversation between Prof. Dias and the IS audit practitioner. Prof. Dias then explains the general IS audit procedures and two major testings that IS auditors/compliance officers have to conduct. Prof. Dias also explains the procedure to obtain evidence in order to produce justified audit reports.

Business Application Development and the Roles of IS Auditors
-IT practitioners develop business applications following the Systems Development Life Cycle (SDLC). IS auditors are in place to ensure the controls are implemented to mitigate the risks of developing application systems throughout the SDLC. Prof. Dias is going to review what IT practitioners usually do, and further elaborate the role that IS auditors play in different phases of SDLC.

IS Maintenance and Control
-Information systems seldom remain static, it is common for users to make change requests to add new features, or refine existing functions some time after the information system launches. Organizations should follow a formal procedure to make the changes in their systems manageable. Prof. Dias is going to give you an overview on the change management controls which organizations should follow. Different kinds of maintenance practices, and Emergency Controls are also discussed in this module. Finally, Percy's conversations with the IS audit practitioner give you better insights on the future development of IS audit and how IS audit support the newly emerged FinTech industry.