1 of 8

De La Salle University






COLLEGE : RVRCOB DEPARTMENT : Accountancy
COURSE CODE : LBYMODT CREDIT : Three (3) units
FACULTY : TYPE OF COURSE : Major Subject
CLASS DAYS
AND CLASS TIME

:
ROOM :


COURSE DESCRIPTION:

This course (LBYMODT or Auditing in a Computer Information Systems [CIS] Environment)
complements the course in Auditing, but limited to the areas that have an immediate
consequence to information technology (IT) as used in business. It discusses the impact of
information technology on the auditors study and evaluation of internal controls with emphasis
on the previously learned IT-related risks and controls in a CIS environment. It takes into
account the audit of IT function as a whole and the audit of CIS in support of financial statement
audit. It introduces tools and techniques in auditing around, auditing through, and auditing with
the computer (using Audit Command Language [ACL] as generalized audit software [GAS]).


LEARNING OUTCOMES:

UNIVERSITY EXPECTED
LASALLIAN GRADUATE
ATTRIBUTES (ELGA)

LEARNING OUTCOMES
On completion of the course, the student is
expected to be able to do the following:
A. Critical and creative thinker LO1: Apply the knowledge of auditing standards
and IT frameworks, techniques, procedures and
internal controls in the audit of IT function as a
whole and the audit of CIS in support of financial
statement audit.

B. Effective communicator LO2: Prepare IT audit programs by applying
auditing standards, IT frameworks, and principles
learned.

C. Reflective lifelong learner LO3: Recognize the importance of laws and
regulations, corporate governance, and ethical
considerations in the context of auditing and
assurance in a dynamic domestic and international
business environment.



FINAL COURSE OUTPUT:

As of evidence of attaining the above learning outcomes, the student is required to do and
submit the following during the indicated dates of the term.

LEARNING OUTCOMES

REQUIRED OUTPUTS DUE DATE
A. LO1: Apply the knowledge of
auditing standards and IT
frameworks, techniques,
procedures and internal
controls in the audit of IT
Complete proposed solutions to
problems and cases every meeting.
Day 1 to 9
2 of 8

LEARNING OUTCOMES

REQUIRED OUTPUTS DUE DATE
function as a whole and the
audit of CIS in support of
financial statement audit.

B. LO2: Prepare IT audit
programs by applying auditing
standards, IT frameworks, and
principles learned.

At least one (1) oral report discussing the
solutions to the problems and cases
during the term.
Day 1 to 9
C. LO3: Recognize the
importance of laws and
regulations, corporate
governance, and ethical
considerations in the context of
auditing and assurance in a
dynamic domestic and
international business
environment.

One (1) reflection paper discussing the
issues encountered and insights realized
about the unit assigned, or one (1) group
written case analysis applying the laws
and regulations, corporate governance,
and ethical considerations learned during
the term.

Day 11


RUBRIC FOR ASSESSMENT:

Proposed Solutions to Problems and Cases

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
Solution
content
(50%)
The student
provides
correct
solutions to
problems and
cases.
The student
provides
substantially
correct solutions
to problems and
cases.
The student
provides partly
correct and
partly incorrect
solutions to
problems and
cases.
The student
provides
mostly
incorrect
solutions to
problems
and cases.

Completeness
of solutions
(50%)
The student
prepared
solutions to
all problems
and cases
before
reporting to
class.
The student
prepared
solutions to most
problems and
cases before
reporting to
class.
The student
prepared
solutions to
some
problems and
cases before
reporting to
class.
The student
did not
prepare
substantially
solutions to
problems
and cases
before
reporting to
class.

RATING

Oral Report

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
Delivery (40%) The student-
presenter
communicates
and explains
clearly the
solutions to
the problems
or cases, and
generates
interest and
The student-
presenter
communicates
and explains
clearly the
solutions to the
problems or
cases, and
generates some
interest among
The student-
presenter
communicates
and explains
somewhat
clearly the
solutions to
the problems
or cases, and
generates little
The student-
presenter
communicates
and explains
vaguely the
solutions to
the problems
or cases, and
does not
generate

3 of 8

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
establishes
rapport
among the
audience.
the audience. interest
among the
audience.
interest
among the
audience.
Presentation
content/solution
(30%)
The student-
presenter
presents
correct
solutions to
the problems
or cases by
showing all
relevant
supporting
calculations or
proofs, and
relating these
solutions to
the business
world.
The student-
presenter
presents correct
solutions to the
problems or
cases by
showing certain
supporting
calculations or
proofs, and
somewhat
relating these to
the business
world.
The student-
presenter
presents partly
or entirely
correct
solutions to
the problems
or cases by
showing
supporting
calculations or
proofs.
The student-
presenter
presents
incorrect
solutions to
the problems
or cases but
corrects the
solutions to
these
problems or
cases.

Question and
answer (30%)
The student-
presenter
provides
correct or
valid answers
to the
questions,
explains these
clearly, and
presents
valid/sensible
arguments to
support/justify
the answers
to the
questions
raised.
The student-
presenter
provides correct
or valid answers,
explains these
somewhat
clearly, and
presents some
valid/sensible
arguments to
support/justify
the answers to
the questions
raised.
The student-
presenter
provides partly
or entirely
correct or
valid/sensible
answers,
explains these
somewhat
clearly.
The student-
presenter
provides
incorrect or
non-sensible
answers to
the questions
raised but
somehow
provides
partly or
entirely
correct or
valid/sensible
answers
through
follow-up
questions.

RATING

Reflection Paper

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
Quality of
issues
identified (40%)

The student
identifies
interesting
and relevant
AIS reliability
issues.
The student
identifies
somewhat
interesting and
relevant AIS
reliability issues.
The student
identifies less
interesting but
somewhat
relevant AIS
reliability
issues.
The student
identifies not
interesting
and not
relevant AIS
reliability
issues.

Depth and
quality (60%)

The student
provides
valid,
sensible and
logical
reflection of
issues
identified, and
provides
The student
provides
somewhat valid,
sensible and
logical reflection
of issues
identified, and
provides some
valid, sensible
The student
provides
somewhat
valid, sensible
and logical
reflection of
issues
identified but
these are not
The student
provides
non-
sensible
reflection of
issues
identified.

4 of 8

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
valid,
sensible, and
logical
arguments or
supports.
and logical
arguments or
supports.
properly
supported by
valid, sensible
and logical
arguments or
supports.
RATING

Written Case Analysis

CRITERIA EXEMPLARY
96-100
SATISFACTORY
91-95
DEVELOPING
86-90
BEGINNING
81-85
RATING
Analysis of
case (80%)
The group
provides valid,
sensible and
logical case
analysis,
presents
feasible
alternatives
and solutions
to the case
problem, and
provides valid,
sensible and
logical
arguments or
supports.
The group
provides
somewhat valid,
sensible and
logical case
analysis, presents
feasible
alternatives and
solutions to the
case problem,
and provides
some valid,
sensible and
logical arguments
or supports.
The group
provides
somewhat
valid, sensible
and logical
case analysis,
presents
somewhat
feasible
alternatives
and solutions
to the case
problem but
these are not
properly
supported by
valid, sensible
and logical
arguments or
supports.
The group
provides
non-sensible
case
analysis,
presents
alternatives
and solutions
to the case
problem
which may
not be
feasible or
logical.

Teamwork
(20%)
The group is
organized and
shows strong
teamwork and
camaraderie
as evidenced
in the written
case analysis.
The group is
organized and
shows teamwork
as evidenced in
the written case
analysis.
The group is
somewhat
organized and
shows a hint of
teamwork as
evidenced in
the written
case analysis.
The group is
disorganized
and shows
lack of
teamwork as
evidenced in
the written
case
analysis.

TOTAL


OTHER REQUIREMENTS AND ASSESSMENTS:

Aside from the final output, the student will be assessed at other times during the term by the
following:
Quizzes
Comprehensive exam
Recitation/Class participation
Attendance/Class citizenship
Module notes






5 of 8

GRADING SYSTEM:

GRADE POINT DESCRIPTION PERCENTAGE

4.0 Excellent 97-100
3.5 Superior 94-96
3.0 Very Good 91-93
2.5 Good 87-90
2.0 Satisfactory 83-86
1.5 Fair 77-82
1.0 Pass 70-76
0.0 Fail Below 70

The percentage equivalent shall be arrived at as follows:

BASIS FINAL
GRADE
Quiz 1 20%
Quiz 2 20%
Quiz 3 20%
Comprehensive Examination 20%
Class Standing (Assignments, oral report,
module notes, reflection paper/case analysis,
recitation/class participation, attendance/class
citizenship)


20%
Total 100%

Course grade requirement is at least 83%.


LEARNING PLAN:

LEARNING
OUTCOMES
UNIT TOPICS WEEK
NO.
NO. OF
HOURS
REF LEARNING
ACTIVITIES

Orientation 1 0.5
LO1, LO2,
LO3
1 OVERVIEW OF IT AUDIT
1.1 IT Governance
1.2 CobiT 4.1 versus CobiT 5
1.3 The work of an IT auditor
1.4 IT audit skills
1.5 The CISA exam


1

3.0

Hunton
(Ch1)
ISACA
website


Lecture,
Reporting,
Discussion,
and Exercises
LO1, LO2,
LO3
2 LEGAL AND ETHICAL ISSUES
FOR IT AUDITORS
2.1 RA 8792 (E-Commerce Act of
2000)
2.2 ISACA audit standards (1001-
1402)
2.3 ISACA code of ethics
(updated)
2.4 Ethical issues
2.5 Fraud and accountants
2.5.1 Fraud triangle
2.5.2 Fraud diamond
2.5.3 Fraud pentagon
2.6 Auditors responsibility for
detecting fraud
2.7 Fraud detection techniques




1


3.0


Hall (Ch12)
RA 8792
ISACA
website
Wolfe &
Hermanson
(2004)
Tugas
(2012)


Lecture,
Reporting,
Discussion,
and Exercises
6 of 8

LEARNING
OUTCOMES
UNIT TOPICS WEEK
NO.
NO. OF
HOURS
REF LEARNING
ACTIVITIES
LO1, LO2,
LO3
3 AUDITING IT GOVERNANCE
CONTROLS
3.1 Philippine Corporate Reform
Act of 2006 SB209 /
amended HB286
3.2 IT Governance
3.3 Structure of the IT function
3.4 The computer center
3.5 Disaster recovery planning
3.6 Outsourcing the IT function



1


3.0


HB 286
SB209
Hall (Ch2)



Lecture,
Reporting,
Discussion,
and Exercises

QUIZ 1 1 2.0
LO1, LO2,
LO3
4 SECURITY I: AUDITING
OPERATING SYSTEMS AND
NETWORKS
4.1 Auditing operating systems
4.2 Auditing networks
4.3 Controlling networks
4.4 Auditing electronic data
interchange (EDI)
4.5 Auditing PC-based accounting
systems
4.6 PAPS 1013 (Electronic
Commerce Effect on the
Audit of Financial Statements)




1



3.0



Hall (Ch3)
PAPS 1013




Lecture,
Reporting,
Discussion,
and Exercises
LO1, LO2,
LO3
5 SECURITY II: AUDITING
DATABASE SYSTEMS
5.1 Data management
approaches
5.2 Key elements of the database
environment
5.3 Database in a distributed
environment
5.4 Controlling and auditing data
management systems



1


3.0


Hall (Ch4)




Lecture,
Reporting,
Discussion,
and Exercises
QUIZ 2 1 2.0
LO1, LO2,
LO3
6 AUDITING COMPUTER-BASED
INFORMATION SYSTEMS
6.1 The risk-based audit
approach
6.2 Information systems audits
6.3 Operational audits of an
accounting information system



1/2


3.0


Romney
(Ch11)



Lecture,
Reporting,
Discussion,
and Exercises
LO1, LO2,
LO3
7 COMPLETING THE IT AUDIT
7.1 The IT audit life cycle
7.2 Four types of IT audit
7.3 Using CobiT to perform an
audit


2

1.5

Hunton
(Ch9)


Lecture,
Reporting,
Discussion,
and Exercises

ADVANCED TOPICS IN IT AUDIT
LO1, LO2,
LO3
8 EMERGING ISSUES IN IT
SECURITY: CLOUD COMPUTING
8.1 Cloud computing
8.2 Advantages of cloud
computing
8.3 Risks of cloud computing



2


2.0


Dela Cruz
(2014)


Lecture,
Reporting,
Discussion,
and Exercises
7 of 8

LEARNING
OUTCOMES
UNIT TOPICS WEEK
NO.
NO. OF
HOURS
REF LEARNING
ACTIVITIES
LO1, LO2,
LO3
9 EMERGING ISSUES IN IT
SECURITY: TRUSTWORTHY
COMPUTING
9.1 Trustworthy computing
9.2 Radio-frequency identification
technology
9.3 Data-at-rest encryption
appliance technology
9.4 Quantum encryption
9.5 Privacy on the internet
9.6 Information security and civil
liberties in cyberspace




2



2.0



Slay (Ch11)



Lecture,
Reporting,
Discussion,
and Exercises
INTEGRATED
LO1, LO2,
LO3
10 USING computer-assisted audit
tools and techniques (CAATTS)
10.1 PAPS 1009 (Computer-
Assisted Audit Techniques)
10.2 Audit productivity software
10.3 GAS tools
10.4 Computer-assisted IT audit
techniques
10.4.1 Testing computer
applications
10.4.2 Test data, ITF, parallel
simulation
10.5 Continuous auditing
techniques
10.6 Hands-on training with ACL



2


9.0


Hunton
(Ch8)
Hall (Ch7)
PAPS 1009
ACL in
Practice


Lecture,
Reporting,
Discussion,
and Exercises
QUIZ 3 2 2.0

COMPREHENSIVE EXAM 2 3.0

TOTAL HOURS 42.0


REQUIRED TEXT AND REFERENCE MATERIALS:

Required textbooks

1. Hall, J. (2011). Information Technology Auditing. International Edition, South-
Western Cengage Learning.
2. Romney, Marshall B. & Steinbart, Paul John (2012). Accounting Information
Systems. 12
th
Edition, Pearson Prentice Hall.
3. Hunton, James, Bryant, Stephanie & Bagranoff, Nancy (2004). Core Concepts of
Information Technology Auditing. 1
st
Edition, John Wiley and Sons.
4. Slay, Jill & Koronios, Andy (2006). Information Technology Security and Risk
Management. 3
rd
Edition, John Wiley and Sons.

References

1. Tugas, F. (2012). Exploring A New Element of Fraud: A Study of Selected Financial
Accounting Fraud Cases in the World. American International Journal of Contemporary
Research, 112-121.
2. Dela Cruz, A. (2014). Cloud Computing: Through the Eyes of Small Businesses in
Manila with Social Networking Sites as Lens. Unpublished masters term paper.
3. PAPS 1009 and PAPS 1013 of the Auditing Standards and Practices Council
4. Republic Act 8792
5. HB 286/SB209
8 of 8

Websites

1. www.mhhe.com/louwers4e
2. http://www.aasc.org.ph/
3. http://www.isaca.org





Auditing and Assurance Committee
May 2014