De La Salle University

COLLEGE
COURSE CODE
FACULTY
CLASS DAYS
AND CLASS TIME

DEPARTMENT
CREDIT
TYPE OF COURSE
ROOM

: RVRCOB
: LBYMODT
:
:

: Accountancy
: Three (3) units
: Major Subject
:

COURSE DESCRIPTION:
This course (LBYMODT or Auditing in a Computer Information Systems [CIS] Environment)
complements the course in Auditing, but limited to the areas that have an immediate
consequence to information technology (IT) as used in business. It discusses the impact of
information technology on the auditors study and evaluation of internal controls with emphasis
on the previously learned IT-related risks and controls in a CIS environment. It takes into
account the audit of IT function as a whole and the audit of CIS in support of financial statement
audit. It introduces tools and techniques in auditing around, auditing through, and auditing with
the computer (using Audit Command Language [ACL] as generalized audit software [GAS]).
LEARNING OUTCOMES:
UNIVERSITY EXPECTED
LASALLIAN GRADUATE
ATTRIBUTES (ELGA)

LEARNING OUTCOMES
On completion of the course, the student is
expected to be able to do the following:

A.

Critical and creative thinker

LO1: Apply the knowledge of auditing standards

and IT frameworks, techniques, procedures and
internal controls in the audit of IT function as a
whole and the audit of CIS in support of financial
statement audit.

B.

Effective communicator

LO2: Prepare IT audit programs by applying

auditing standards, IT frameworks, and principles
learned.

C.

Reflective lifelong learner

LO3: Recognize the importance of laws and

regulations, corporate governance, and ethical
considerations in the context of auditing and
assurance in a dynamic domestic and international
business environment.

FINAL COURSE OUTPUT:

As of evidence of attaining the above learning outcomes, the student is required to do and
submit the following during the indicated dates of the term.
LEARNING OUTCOMES
A.

REQUIRED OUTPUTS

LO1: Apply the knowledge of Complete

proposed
solutions
auditing standards and IT problems and cases every meeting.
frameworks,
techniques,
procedures
and
internal
controls in the audit of IT
1 of 8

DUE DATE
to

Day 1 to 9

LEARNING OUTCOMES

REQUIRED OUTPUTS

DUE DATE

function as a whole and the

audit of CIS in support of
financial statement audit.
B.

LO2:
Prepare
IT
audit At least one (1) oral report discussing the
programs by applying auditing solutions to the problems and cases
standards, IT frameworks, and during the term.
principles learned.

C.

LO3:
Recognize
the
importance of laws and
regulations,
corporate
governance,
and
ethical
considerations in the context of
auditing and assurance in a
dynamic
domestic
and
international
business
environment.

One (1) reflection paper discussing the

issues encountered and insights realized
about the unit assigned, or one (1) group
written case analysis applying the laws
and regulations, corporate governance,
and ethical considerations learned during
the term.

Day 1 to 9

Day 11

RUBRIC FOR ASSESSMENT:

Proposed Solutions to Problems and Cases
CRITERIA
Solution
content
(50%)

Completeness
of solutions
(50%)

EXEMPLARY
96-100
The student
provides
correct
solutions to
problems and
cases.

SATISFACTORY
91-95
The student
provides
substantially
correct solutions
to problems and
cases.

The student
prepared
solutions to
all problems
and cases
before
reporting to
class.

The student
prepared
solutions to most
problems and
cases before
reporting to
class.

EXEMPLARY
96-100
The studentpresenter
communicates
and explains
clearly the
solutions to
the problems
or cases, and
generates
interest and

SATISFACTORY
91-95
The studentpresenter
communicates
and explains
clearly the
solutions to the
problems or
cases, and
generates some
interest among

DEVELOPING
86-90
The student
provides partly
correct and
partly incorrect
solutions to
problems and
cases.
The student
prepared
solutions to
some
problems and
cases before
reporting to
class.

BEGINNING RATING
81-85
The student
provides
mostly
incorrect
solutions to
problems
and cases.
The student
did not
prepare
substantially
solutions to
problems
and cases
before
reporting to
class.
RATING

DEVELOPING
86-90
The studentpresenter
communicates
and explains
somewhat
clearly the
solutions to
the problems
or cases, and
generates little

BEGINNING RATING
81-85
The studentpresenter
communicates
and explains
vaguely the
solutions to
the problems
or cases, and
does not
generate

Oral Report
CRITERIA
Delivery (40%)

2 of 8

CRITERIA

EXEMPLARY
96-100
establishes
rapport
among the
audience.
Presentation
The studentcontent/solution presenter
(30%)
presents
correct
solutions to
the problems
or cases by
showing all
relevant
supporting
calculations or
proofs, and
relating these
solutions to
the business
world.
Question and
The studentanswer (30%)
presenter
provides
correct or
valid answers
to the
questions,
explains these
clearly, and
presents
valid/sensible
arguments to
support/justify
the answers
to the
questions
raised.

SATISFACTORY DEVELOPING BEGINNING

91-95
86-90
81-85
the audience.
interest
interest
among the
among the
audience.
audience.

RATING

The studentpresenter
presents correct
solutions to the
problems or
cases by
showing certain
supporting
calculations or
proofs, and
somewhat
relating these to
the business
world.

The studentpresenter
presents partly
or entirely
correct
solutions to
the problems
or cases by
showing
supporting
calculations or
proofs.

The studentpresenter
presents
incorrect
solutions to
the problems
or cases but
corrects the
solutions to
these
problems or
cases.

The studentpresenter
provides correct
or valid answers,
explains these
somewhat
clearly, and
presents some
valid/sensible
arguments to
support/justify
the answers to
the questions
raised.

The studentpresenter
provides partly
or entirely
correct or
valid/sensible
answers,
explains these
somewhat
clearly.

The studentpresenter
provides
incorrect or
non-sensible
answers to
the questions
raised but
somehow
provides
partly or
entirely
correct or
valid/sensible
answers
through
follow-up
questions.
RATING

EXEMPLARY
96-100
The student
identifies
interesting
and relevant
AIS reliability
issues.

SATISFACTORY
91-95
The student
identifies
somewhat
interesting and
relevant AIS
reliability issues.

The student
provides
valid,
sensible and
logical
reflection of
issues
identified, and
provides

The student
provides
somewhat valid,
sensible and
logical reflection
of issues
identified, and
provides some
valid, sensible

DEVELOPING
86-90
The student
identifies less
interesting but
somewhat
relevant AIS
reliability
issues.
The student
provides
somewhat
valid, sensible
and logical
reflection of
issues
identified but
these are not

BEGINNING RATING
81-85
The student
identifies not
interesting
and not
relevant AIS
reliability
issues.
The student
provides
nonsensible
reflection of
issues
identified.

Reflection Paper
CRITERIA
Quality of
issues
identified (40%)

Depth and
quality (60%)

3 of 8

CRITERIA

EXEMPLARY
96-100
valid,
sensible, and
logical
arguments or
supports.

SATISFACTORY
91-95
and logical
arguments or
supports.

DEVELOPING BEGINNING RATING

86-90
81-85
properly
supported by
valid, sensible
and logical
arguments or
supports.
RATING

Written Case Analysis

CRITERIA
Analysis of
case (80%)

Teamwork
(20%)

EXEMPLARY
96-100
The group
provides valid,
sensible and
logical case
analysis,
presents
feasible
alternatives
and solutions
to the case
problem, and
provides valid,
sensible and
logical
arguments or
supports.

SATISFACTORY
91-95
The group
provides
somewhat valid,
sensible and
logical case
analysis, presents
feasible
alternatives and
solutions to the
case problem,
and provides
some valid,
sensible and
logical arguments
or supports.

The group is
organized and
shows strong
teamwork and
camaraderie
as evidenced
in the written
case analysis.

The group is
organized and
shows teamwork
as evidenced in
the written case
analysis.

DEVELOPING
86-90
The group
provides
somewhat
valid, sensible
and logical
case analysis,
presents
somewhat
feasible
alternatives
and solutions
to the case
problem but
these are not
properly
supported by
valid, sensible
and logical
arguments or
supports.
The group is
somewhat
organized and
shows a hint of
teamwork as
evidenced in
the written
case analysis.

BEGINNING
81-85
The group
provides
non-sensible
case
analysis,
presents
alternatives
and solutions
to the case
problem
which may
not be
feasible or
logical.

RATING

The group is
disorganized
and shows
lack of
teamwork as
evidenced in
the written
case
analysis.
TOTAL

OTHER REQUIREMENTS AND ASSESSMENTS:

Aside from the final output, the student will be assessed at other times during the term by the
following:
Quizzes
Comprehensive exam
Recitation/Class participation
Attendance/Class citizenship
Module notes

4 of 8

GRADING SYSTEM:
GRADE POINT
4.0
3.5
3.0
2.5
2.0
1.5
1.0
0.0

DESCRIPTION

PERCENTAGE

Excellent
Superior
Very Good
Good
Satisfactory
Fair
Pass
Fail

97-100
94-96
91-93
87-90
83-86
77-82
70-76
Below 70

The percentage equivalent shall be arrived at as follows:

BASIS
Quiz 1
Quiz 2
Quiz 3
Comprehensive Examination
Class Standing (Assignments, oral report,
module notes, reflection paper/case analysis,
recitation/class participation, attendance/class
citizenship)
Total

FINAL
GRADE
20%
20%
20%
20%
20%
100%

Course grade requirement is at least 83%.

LEARNING PLAN:
LEARNING
OUTCOMES

UNIT

LO1, LO2,
LO3

LO1, LO2,
LO3

TOPICS
Orientation
OVERVIEW OF IT AUDIT
1.1 IT Governance
1.2 CobiT 4.1 versus CobiT 5
1.3 The work of an IT auditor
1.4 IT audit skills
1.5 The CISA exam
LEGAL AND ETHICAL ISSUES
FOR IT AUDITORS
2.1 RA 8792 (E-Commerce Act of
2000)
2.2 ISACA audit standards (10011402)
2.3 ISACA code of ethics
(updated)
2.4 Ethical issues
2.5 Fraud and accountants
2.5.1 Fraud triangle
2.5.2 Fraud diamond
2.5.3 Fraud pentagon
2.6 Auditors responsibility for
detecting fraud
2.7 Fraud detection techniques

5 of 8

WEEK
NO.

NO. OF
HOURS

REF

LEARNING
ACTIVITIES

0.5

3.0

Hunton
(Ch1)
ISACA
website

Lecture,
Reporting,
Discussion,
and Exercises

3.0

Hall (Ch12)
RA 8792
ISACA
website
Wolfe &
Hermanson
(2004)
Tugas
(2012)

Lecture,
Reporting,
Discussion,
and Exercises

LEARNING
OUTCOMES
LO1, LO2,
LO3

UNIT

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

TOPICS
AUDITING IT GOVERNANCE
CONTROLS
3.1 Philippine Corporate Reform
Act of 2006 SB209 /
amended HB286
3.2 IT Governance
3.3 Structure of the IT function
3.4 The computer center
3.5 Disaster recovery planning
3.6 Outsourcing the IT function
QUIZ 1
SECURITY I: AUDITING
OPERATING SYSTEMS AND
NETWORKS
4.1 Auditing operating systems
4.2 Auditing networks
4.3 Controlling networks
4.4 Auditing electronic data
interchange (EDI)
4.5 Auditing PC-based accounting
systems
4.6 PAPS 1013 (Electronic
Commerce Effect on the
Audit of Financial Statements)
SECURITY II: AUDITING
DATABASE SYSTEMS
5.1 Data management
approaches
5.2 Key elements of the database
environment
5.3 Database in a distributed
environment
5.4 Controlling and auditing data
management systems
QUIZ 2
AUDITING COMPUTER-BASED
INFORMATION SYSTEMS
6.1 The risk-based audit
approach
6.2 Information systems audits
6.3 Operational audits of an
accounting information system
COMPLETING THE IT AUDIT
7.1 The IT audit life cycle
7.2 Four types of IT audit
7.3 Using CobiT to perform an
audit
ADVANCED TOPICS IN IT AUDIT
EMERGING ISSUES IN IT
SECURITY: CLOUD COMPUTING
8.1 Cloud computing
8.2 Advantages of cloud
computing
8.3 Risks of cloud computing

6 of 8

WEEK
NO.

NO. OF
HOURS

REF

LEARNING
ACTIVITIES

3.0

HB 286
SB209
Hall (Ch2)

Lecture,
Reporting,
Discussion,
and Exercises

2.0

3.0

Hall (Ch3)
PAPS 1013

Lecture,
Reporting,
Discussion,
and Exercises

3.0

Hall (Ch4)

2.0

1/2

3.0

Romney
(Ch11)

Lecture,
Reporting,
Discussion,
and Exercises

1.5

Hunton
(Ch9)

Lecture,
Reporting,
Discussion,
and Exercises

2.0

Dela Cruz
(2014)

Lecture,
Reporting,
Discussion,
and Exercises

Lecture,
Reporting,
Discussion,
and Exercises

LEARNING
OUTCOMES
LO1, LO2,
LO3

LO1, LO2,
LO3

UNIT

TOPICS

EMERGING ISSUES IN IT
SECURITY: TRUSTWORTHY
COMPUTING
9.1 Trustworthy computing
9.2 Radio-frequency identification
technology
9.3 Data-at-rest encryption
appliance technology
9.4 Quantum encryption
9.5 Privacy on the internet
9.6 Information security and civil
liberties in cyberspace

10

WEEK
NO.

NO. OF
HOURS

REF

LEARNING
ACTIVITIES

2.0

Slay (Ch11)

Lecture,
Reporting,
Discussion,
and Exercises

9.0

Hunton
(Ch8)
Hall (Ch7)
PAPS 1009
ACL in
Practice

Lecture,
Reporting,
Discussion,
and Exercises

QUIZ 3

2.0

COMPREHENSIVE EXAM

3.0

INTEGRATED
USING computer-assisted audit
tools and techniques (CAATTS)
10.1 PAPS 1009 (ComputerAssisted Audit Techniques)
10.2 Audit productivity software
10.3 GAS tools
10.4 Computer-assisted IT audit
techniques
10.4.1 Testing computer
applications
10.4.2 Test data, ITF, parallel
simulation
10.5 Continuous auditing
techniques
10.6 Hands-on training with ACL

TOTAL HOURS

42.0

REQUIRED TEXT AND REFERENCE MATERIALS:

Required textbooks
1. Hall, J. (2011). Information Technology Auditing. International Edition, SouthWestern Cengage Learning.
2. Romney, Marshall B. & Steinbart, Paul John (2012). Accounting Information
Systems. 12th Edition, Pearson Prentice Hall.
3. Hunton, James, Bryant, Stephanie & Bagranoff, Nancy (2004). Core Concepts of
Information Technology Auditing. 1st Edition, John Wiley and Sons.
4. Slay, Jill & Koronios, Andy (2006). Information Technology Security and Risk
Management. 3rd Edition, John Wiley and Sons.
References
1. Tugas, F. (2012). Exploring A New Element of Fraud: A Study of Selected Financial
Accounting Fraud Cases in the World. American International Journal of Contemporary
Research, 112-121.
2. Dela Cruz, A. (2014). Cloud Computing: Through the Eyes of Small Businesses in
Manila with Social Networking Sites as Lens. Unpublished masters term paper.
3. PAPS 1009 and PAPS 1013 of the Auditing Standards and Practices Council
4. Republic Act 8792
5. HB 286/SB209
7 of 8

Websites
1. www.mhhe.com/louwers4e
2. http://www.aasc.org.ph/
3. http://www.isaca.org

Auditing and Assurance Committee

May 2014

8 of 8