Course Overview

course description for Auditing Information Systems (AIS) – typically offered in Year 3, Semester 6 of a BBA in Auditing:

Auditing Information Systems (AIS)

Course Code: BBA-AUD 390
Credit Hours: 3
Semester Offered: Year 3 – Semester 6

Course Description

This course provides an in-depth study of the principles and practices of auditing information systems (IS) in modern organizations. It focuses on the evaluation of IT environments, internal controls, data integrity, system security, and risk management. Students will gain practical skills in applying audit techniques to computer-based systems, with emphasis on compliance, fraud detection, and the use of Computer-Assisted Audit Techniques (CAATs). The course also highlights emerging issues in IT governance, cybersecurity, and digital forensics, preparing students to handle challenges of auditing in technology-driven businesses.

Course Objectives

By the end of the course, students should be able to:

1. Understand the nature and objectives of information systems auditing.

2. Evaluate risks and internal controls in computerized accounting systems.

3. Apply IT governance and security frameworks (e.g., COBIT, ISO 27001).

4. Use CAATs and other audit software tools for data analysis.

5. Conduct audits of databases, networks, and enterprise systems (ERP).

6. Appreciate ethical, legal, and professional issues in IS auditing.

Learning Outcomes

On successful completion, students will be able to:

• Plan and execute audits of IT-based accounting and business systems.

• Assess the effectiveness of IT controls and their role in mitigating risks.

• Detect fraud, errors, and irregularities using digital audit tools.

• Demonstrate knowledge of cybersecurity auditing and compliance requirements.

• Prepare audit reports on IT systems with recommendations for improvement.

Key Topics

1. Introduction to Information Systems Auditing

   • Role and importance of IS auditing in modern businesses

   • Differences between IS auditing and traditional auditing

2. IT Governance and Frameworks

   • COBIT (Control Objectives for Information and Related Technologies)

   • ISO 27001 and other IT security frameworks

   • IT governance, compliance, and regulatory requirements

3. Internal Controls in IT Systems

   • General IT controls vs. application controls

   • Access controls, authentication, and authorization

   • Backup, disaster recovery, and business continuity planning

4. Audit of Information Systems

   • Phases of IS auditing (planning, execution, reporting)

   • Audit of transaction processing systems, ERP, and cloud environments

   • Auditing databases, networks, and e-commerce platforms

5. Computer-Assisted Audit Techniques (CAATs)

   • Types of CAATs and audit software

   • Data extraction and analysis tools

   • Continuous auditing and monitoring

6. Fraud Detection and Cybersecurity Auditing

   • IT-related fraud schemes and red flags

   • Cybersecurity risks and audit responsibilities

   • Role of forensic tools in detecting IT fraud

7. Legal, Ethical, and Professional Issues

   • Laws relating to data protection, privacy, and cybercrime

   • Ethical responsibilities of IS auditors

   • Case studies of IT audit failures and lessons learned

Teaching Methods

• Lectures and tutorials

• Hands-on workshops using audit software (ACL, IDEA, or equivalent)

• Case studies of IT audit reports and cybersecurity breaches

• Group projects simulating an IS audit assignment

Assessment Methods

• Assignments & Practical Exercises (20%)

• Midterm Examination (20%)

• Group Project (IS Audit Simulation Report) (10%)

• Final Examination (50%)

???? Recommended Textbooks & References

1. Hall, J. A. – Information Technology Auditing

2. Weber, R. – Information Systems Control and Audit

3. ISACA – COBIT Framework and IT Audit Guidelines

4. Moeller, R. – IT Audit, Control, and Security