De La Salle

University
COLLEGE
COURSE CODE
FACULTY

: RVRCOB
: LBYMODT
: H. Concepcion

CLASS DAYS
AND CLASS
TIME

M-F 6pm to 9pm

: Saturday (5 hours)

DEPARTMENT
CREDIT
TYPE OF
COURSE
ROOM

: Accountancy
: Three (3) units
: Major Subject
: J307

COURSE DESCRIPTION:
This course (LBYMODT or Auditing in a Computer Information Systems [CIS] Environment)
complements the course in Auditing, but limited to the areas that have an immediate
consequence to information technology (IT) as used in business. It discusses the impact of
information technology on the auditors study and evaluation of internal controls with emphasis
on the previously learned IT-related risks and controls in a CIS environment. It takes into
account the audit of IT function as a whole and the audit of CIS in support of financial statement
audit. It introduces tools and techniques in auditing around, auditing through, and auditing with
the computer (using Audit Command Language [ACL] as generalized audit software [GAS]).
LEARNING OUTCOMES:
UNIVERSITY EXPECTED
LASALLIAN GRADUATE
ATTRIBUTES (ELGA)

LEARNING OUTCOMES
On completion of the course, the student is
expected to be able to do the following:

A.

Critical and creative thinker

LO1: Apply the knowledge of auditing standards

and IT frameworks, techniques, procedures and
internal controls in the audit of IT function as a
whole and the audit of CIS in support of financial
statement audit.

B.

Effective communicator

LO2: Apply auditing standards, IT frameworks, and

principles learned.

C.

Reflective lifelong learner

LO3: Recognize the importance of laws and

regulations, corporate governance, and ethical
considerations in the context of auditing and
assurance in a dynamic domestic and international
business environment.

1 of 8

FINAL COURSE OUTPUT:

As of evidence of attaining the above learning outcomes, the student is required to do and
submit the following during the indicated dates of the term.
LEARNING OUTCOMES

REQUIRED OUTPUTS

DUE DATE

A.

LO1: Apply the knowledge of

auditing standards and IT
frameworks,
techniques,
procedures
and
internal
controls in the audit of IT
function as a whole and the
audit of CIS in support of
financial statement audit.

Complete
proposed
solutions
problems and cases every meeting.

to

Day 1 to 9

B.

LO2: Apply auditing standards,

IT frameworks, and principles
learned.

At least one (1) oral report discussing the

solutions to the problems and cases
during the term.

Day 1 to 9

C.

LO3:
Recognize
the
importance of laws and
regulations,
corporate
governance,
and
ethical
considerations in the context of
auditing and assurance in a
dynamic
domestic
and
international
business
environment.

One (1) reflection paper discussing the

issues encountered and insights realized
about the unit assigned, or one (1) group
written case analysis applying the laws
and regulations, corporate governance,
and ethical considerations learned during
the term.

Day 11

RUBRIC FOR ASSESSMENT:

Proposed Solutions to Problems and Cases
CRITERIA
Solution
content
(50%)

EXEMPLARY
96-100

SATISFACTORY
91-95

The student
provides
correct
solutions to
problems and
cases.

The student
provides
substantially
correct solutions
to problems and
cases.

2 of 8

DEVELOPIN
G
86-90
The student
provides partly
correct and
partly
incorrect
solutions to
problems and
cases.

BEGINNIN
G
81-85
The student
provides
mostly
incorrect
solutions to
problems
and cases.

RATING

Completeness
of solutions
(50%)

The student
prepared
solutions to
all problems
and cases
before
reporting to
class.

The student
prepared
solutions to most
problems and
cases before
reporting to
class.

The student
prepared
solutions to
some
problems and
cases before
reporting to
class.

The student
did not
prepare
substantially
solutions to
problems
and cases
before
reporting to
class.
RATING

EXEMPLARY
96-100

SATISFACTOR
Y
91-95
The studentpresenter
communicates
and explains
clearly the
solutions to the
problems or
cases, and
generates some
interest among
the audience.

DEVELOPIN
G
86-90
The studentpresenter
communicate
s and
explains
somewhat
clearly the
solutions to
the problems
or cases, and
generates
little interest
among the
audience.

BEGINNING
81-85

The studentpresenter
presents correct
solutions to the
problems or
cases by
showing certain
supporting
calculations or
proofs, and
somewhat
relating these to
the business
world.

The studentpresenter
presents
partly or
entirely
correct
solutions to
the problems
or cases by
showing
supporting
calculations
or proofs.

Oral Report
CRITERIA
Delivery (40%)

Presentation
content/solutio
n (30%)

The studentpresenter
communicate
s and
explains
clearly the
solutions to
the problems
or cases, and
generates
interest and
establishes
rapport
among the
audience.
The studentpresenter
presents
correct
solutions to
the problems
or cases by
showing all
relevant
supporting
calculations
or proofs, and
relating these
solutions to
the business
world.

3 of 8

The studentpresenter
communicate
s and
explains
vaguely the
solutions to
the problems
or cases, and
does not
generate
interest
among the
audience.
The studentpresenter
presents
incorrect
solutions to
the problems
or cases but
corrects the
solutions to
these
problems or
cases.

RATIN
G

CRITERIA

EXEMPLARY
96-100

Question and
answer (30%)

The studentpresenter
provides
correct or
valid answers
to the
questions,
explains
these clearly,
and presents
valid/sensible
arguments to
support/justify
the answers
to the
questions
raised.

SATISFACTOR
Y
91-95
The studentpresenter
provides correct
or valid answers,
explains these
somewhat
clearly, and
presents some
valid/sensible
arguments to
support/justify
the answers to
the questions
raised.

DEVELOPIN
G
86-90
The studentpresenter
provides
partly or
entirely
correct or
valid/sensible
answers,
explains
these
somewhat
clearly.

DEVELOPIN
G
86-90
The student
identifies less
interesting but
somewhat
relevant AIS
reliability
issues.
The student
provides
somewhat
valid, sensible
and logical
reflection of
issues
identified but
these are not
properly
supported by
valid, sensible
and logical
arguments or
supports.

BEGINNING
81-85

RATIN
G

The studentpresenter
provides
incorrect or
non-sensible
answers to
the questions
raised but
somehow
provides
partly or
entirely
correct or
valid/sensible
answers
through
follow-up
questions.
RATING

Reflection Paper
CRITERIA

EXEMPLARY
96-100

SATISFACTORY
91-95

Quality of
issues
identified (40%)

The student
identifies
interesting
and relevant
AIS reliability
issues.

The student
identifies
somewhat
interesting and
relevant AIS
reliability issues.

Depth and
quality (60%)

The student
provides
valid,
sensible and
logical
reflection of
issues
identified,
and provides
valid,
sensible, and
logical
arguments or
supports.

The student
provides
somewhat valid,
sensible and
logical reflection
of issues
identified, and
provides some
valid, sensible
and logical
arguments or
supports.

4 of 8

BEGINNIN
G
81-85
The student
identifies not
interesting
and not
relevant AIS
reliability
issues.
The student
provides
nonsensible
reflection of
issues
identified.

RATING

CRITERIA

EXEMPLARY
96-100

SATISFACTORY
91-95

DEVELOPIN
G
86-90

EXEMPLARY
96-100
The group
provides valid,
sensible and
logical case
analysis,
presents
feasible
alternatives
and solutions
to the case
problem, and
provides valid,
sensible and
logical
arguments or
supports.

SATISFACTORY
91-95
The group
provides
somewhat valid,
sensible and
logical case
analysis, presents
feasible
alternatives and
solutions to the
case problem,
and provides
some valid,
sensible and
logical arguments
or supports.

The group is
organized and
shows strong
teamwork and
camaraderie
as evidenced
in the written
case analysis.

The group is
organized and
shows teamwork
as evidenced in
the written case
analysis.

DEVELOPING
86-90
The group
provides
somewhat
valid, sensible
and logical
case analysis,
presents
somewhat
feasible
alternatives
and solutions
to the case
problem but
these are not
properly
supported by
valid, sensible
and logical
arguments or
supports.
The group is
somewhat
organized and
shows a hint of
teamwork as
evidenced in
the written
case analysis.

BEGINNIN
G
81-85
RATING

RATING

Written Case Analysis

CRITERIA
Analysis of
case (80%)

Teamwork
(20%)

BEGINNING
81-85
The group
provides
non-sensible
case
analysis,
presents
alternatives
and solutions
to the case
problem
which may
not be
feasible or
logical.

RATING

The group is
disorganized
and shows
lack of
teamwork as
evidenced in
the written
case
analysis.
TOTAL

OTHER REQUIREMENTS AND ASSESSMENTS:

Aside from the final output, the student will be assessed at other times during the term by the
following:
Quizzes
Comprehensive exam
Recitation/Class participation
Attendance/Class citizenship
Unit notes

5 of 8

GRADING SYSTEM:
GRADE POINT
4.0
3.5
3.0
2.5
2.0
1.5
1.0
0.0

DESCRIPTION

PERCENTAGE

Excellent
Superior
Very Good
Good
Satisfactory
Fair
Pass
Fail

97-100
94-96
91-93
87-90
83-86
77-82
70-76
Below 70

The percentage equivalent shall be arrived at as follows:

BASIS

FINAL
GRADE
20%
20%
20%
20%

Quiz 1
Quiz 2
Quiz 3
Comprehensive Examination
Class Standing
Unit notes
Attendance
Class participation
Total

10%
5%
5%
100%

Course grade requirement is at least 83%.

LEARNING PLAN:
LEARNING
OUTCOMES

UNIT

LO1, LO2,
LO3

TOPICS
Orientation
OVERVIEW OF IT AUDIT
1.1 IT Governance
1.2 CobiT 4.1 versus CobiT 5
1.3 The work of an IT auditor
1.4 IT audit skills
1.5 The CISA exam

6 of 8

WEEK
NO.

NO. OF
HOURS

0.5

3.0

REF

LEARNING
ACTIVITIES

Hunton
(Ch1);
ISACA
website;
Tugas

Lecture,
Reporting,
Discussion,
and Exercises

LEARNING
OUTCOMES

UNIT

TOPICS

WEEK
NO.

NO. OF
HOURS

REF

LEARNING
ACTIVITIES

(2010);
Tugas
(2014)
LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,

LEGAL AND ETHICAL ISSUES

FOR IT AUDITORS
2.1 RA 8792 (E-Commerce Act of
2000)
2.2 ISACA audit standards (10011402)
2.3 ISACA code of ethics
(updated)
2.4 Ethical issues
2.5 Fraud and accountants
2.5.1 Fraud triangle
2.5.2 Fraud diamond
2.5.3 Fraud pentagon
2.6 Auditors responsibility for
detecting fraud
2.7 Fraud detection techniques
AUDITING IT GOVERNANCE
CONTROLS
3.1 Philippine Corporate Reform
Act of 2006 SB209 /
amended HB286
3.2 IT Governance
3.3 Structure of the IT function
3.4 The computer center
3.5 Disaster recovery planning
3.6 Outsourcing the IT function
QUIZ 1
SECURITY I: AUDITING
OPERATING SYSTEMS AND
NETWORKS
4.1 Auditing operating systems
4.2 Auditing networks
4.3 Controlling networks
4.4 Auditing electronic data
interchange (EDI)
4.5 Auditing PC-based accounting
systems
4.6 PAPS 1013 (Electronic
Commerce Effect on the
Audit of Financial Statements)
SECURITY II: AUDITING

7 of 8

3.0

Hall (Ch12);
RA 8792;
ISACA
website;
Wolfe &
Hermanson
(2004);
Tugas
(2012)

Lecture,
Reporting,
Discussion,
and Exercises

3.0

HB 286
SB209
Hall (Ch2)

Lecture,
Reporting,
Discussion,
and Exercises

2.0

3.0

Hall (Ch3)
PAPS 1013

Lecture,
Reporting,
Discussion,
and Exercises

LEARNING
OUTCOMES
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

LO1, LO2,
LO3

UNIT

TOPICS
DATABASE SYSTEMS
5.1 Data management
approaches
5.2 Key elements of the database
environment
5.3 Database in a distributed
environment
5.4 Controlling and auditing data
management systems

QUIZ 2
AUDITING COMPUTER-BASED
INFORMATION SYSTEMS
6.1 The risk-based audit
approach
6.2 Information systems audits
6.3 Operational audits of an
accounting information
system
COMPLETING THE IT AUDIT
7.1 The IT audit life cycle
7.2 Four types of IT audit
7.3 Using CobiT to perform an
audit
ADVANCED TOPICS IN IT AUDIT
EMERGING ISSUES IN IT
SECURITY: CLOUD COMPUTING
8.1 Cloud computing
8.2 Advantages of cloud
computing
8.3 Risks of cloud computing
EMERGING ISSUES IN IT
SECURITY: TRUSTWORTHY
COMPUTING
9.1 Trustworthy computing
9.2 Radio-frequency identification
technology
9.3 Data-at-rest encryption
appliance technology
9.4 Quantum encryption
9.5 Privacy on the internet
9.6 Information security and civil
liberties in cyberspace
INTEGRATED

8 of 8

WEEK
NO.

NO. OF
HOURS

REF

3.0

Hall (Ch4)

LEARNING
ACTIVITIES
Lecture,
Reporting,
Discussion,
and Exercises

2.0

1/2

3.0

Romney
(Ch11)

Lecture,
Reporting,
Discussion,
and Exercises

1.5

Hunton
(Ch9)

Lecture,
Reporting,
Discussion,
and Exercises

2.0

Dela Cruz
(2014)

Lecture,
Reporting,
Discussion,
and Exercises

2.0

Slay (Ch11)

Lecture,
Reporting,
Discussion,
and Exercises

LEARNING
OUTCOMES
LO1, LO2,
LO3

UNIT
10

TOPICS

WEEK
NO.

NO. OF
HOURS

REF

LEARNING
ACTIVITIES

9.0

Hunton
(Ch8)
Hall (Ch7)
PAPS 1009
ACL in
Practice

Lecture,
Reporting,
Discussion,
and Exercises

QUIZ 3

2.0

COMPREHENSIVE EXAM

3.0

USING computer-assisted audit

tools and techniques (CAATTS)
10.1 PAPS 1009 (ComputerAssisted Audit Techniques)
10.2 Audit productivity software
10.3 GAS tools
10.4 Computer-assisted IT audit
techniques
10.4.1 Testing computer
applications
10.4.2 Test data, ITF, parallel
simulation
10.5 Continuous auditing
techniques
10.6 Hands-on training with ACL

TOTAL HOURS

42.0

REQUIRED TEXT AND REFERENCE MATERIALS:

Required textbooks
1. Hall, J. (2011). Information Technology Auditing. International Edition, South-Western
Cengage Learning.
2. Romney, Marshall B. & Steinbart, Paul John (2012). Accounting Information Systems.
12th Edition, Pearson Prentice Hall.
3. Hunton, James, Bryant, Stephanie & Bagranoff, Nancy (2004). Core Concepts of
Information Technology Auditing. 1st Edition, John Wiley and Sons.
4. Slay, Jill & Koronios, Andy (2006). Information Technology Security and Risk
Management. 3rd Edition, John Wiley and Sons.
References
1. Tugas, F. (2010). Assessing the Level of Information Technology (IT) Processes
Performance and Capability Maturity in the Philippine Food, Beverage and Tobacco
(FBT) Industry Using the COBIT Framework. Academy of Information and Management
Sciences Journal 13(1), 45-68.
2. Tugas, F. (2014). Assessing the Information Technology Maturity of De La Salle
University: Accountancy Students and IT Center Perspectives. Rethinking Business:
Responsibility and Sustainability Governance and Finance, De La Salle University
Publishing House, 182-197.

9 of 8

3. Tugas, F. (2012). Exploring A New Element of Fraud: A Study of Selected Financial

Accounting Fraud Cases in the World. American International Journal of Contemporary
Research, 112-121.
4. Dela Cruz, A. (2014). Cloud Computing: Does Every Cloud Have A Silver Lining? DLSU
Business Notes and Briefings 2(5), 1-4.
5. PAPS 1009 and PAPS 1013 of the Auditing Standards and Practices Council
6. Republic Act 8792
7. HB 286/SB209
8. ACL in Practice
Websites
1.
2.
3.
4.

www.mhhe.com/louwers4e
http://www.aasc.org.ph/
http://www.isaca.org
http://www.isaca.org/cobit/documents/a-cobit-5-overview.pdf

Auditing and Assurance Committee

August 2015

10 of 8