It Auditing Outline

ACC 624 Information Technology Auditing Spring, 2013 Ram Engira Office: BENT Hall 364 Hours: By appointment ONLY Telephone: Cell (917)597-9523 e-Mail: Currently engirar@stjohns. edu or rengira@gmail. com The Course: This course provides an overview of controls relating to IT governance, databases and their structures, networks, client servers systems, IT service delivery, business continuity, disaster recovery, IS security, cryptography, firewalls, IDS, IPS, backups, recovery, and distributed systems. Text: Required: ISACA, CISA Review Manual- 2013, ISACA publication, Code# CRM11- Required

Note: You can buy any edition of the aforementioned text. 2008,2009, 2010, and 2011 editions are all good, and are much cheaper from various sources “CISA Q/A CD-ROM in English”- 2011- Recommended not Required, Code # CDB11 CISA Review Questions, Answers, and Explanations- 2011 Recommended not Required, Code # CDB11W CISA Review Questions (Supplement) - 2011 Recommended not Required, Code # QAE11ES (Note: If you buy CDB11, you don’t have to buy CDB11W and QAE11ES) Grading: Mid-Term ………………………………………….. …... ………………… …. 35% Term Paper ……………………………………………….. ………….. …….. 20% Final Exam ……………….. ……………………………………………... .. 35% Class Participation …………….. ………………………………………….. …10% Please note • With the exception of documented medical emergencies, there will be no make-ups for any test. • More than three (3) non-excused absences are considered as an automatic withdrawal from the course. (Please let me know, IN ADVANCE, if you cannot attend a class because of a legitimate emergency). Note: Power Point Slides and Class Handouts will be available on professor’s disk (STJ’s S: Drive). There is no off campus access to this drive, therefore, you should copy these files into a diskette for your own use at home.

Professor may also decide to use other electronic means to send the handouts to the students. Ranges for Grades: A = 93. 1 to 100 A- = 90. 1 to 93. 0 B+ = 87. 1 to 90. 0 B = 84. 1 to 87. 0 B- = 80. 1 to 84. 0 C+ = 77. 1 to 80. 0 C = 74. 1 to 77. 0 C- = 70. 1 to 74. 0 D+ = 67. 1 to 70. 0 (Undergrads only) D = 64. 1 to 67. 0 (Undergrads only) D- = 60. 1 to 64. 0 (Undergrads only) F = below 60. 0 WEEKLY CLASS SCHEDULES: Note: There is a strong possibility that sequence of coverage of chapters might change. Week |CHAPTER |DESCRIPTION | |1,2 |Instructor Handouts (PP |Financial Auditing, Operational Auditing, IT Auditing, Forensics auditing, role of IIA, ISACA, | | |decks) |certifications of CIA and CISA | | | |IT technical refresher | | | |Introduction to IT Auditing | | | |Theory and Practice of “Controls” | |3 |CRM Domain 1 |IS Audit Process | |4 |CRM Domain 1 |IS Audit Process | |5 |CRM Domain 2 |IT Governance | |6 |CRM Domain 2 |IT Governance | |7 |CRM Domain 3 |System and Infrastructure Lifecycle Management (mid-term) | |8 |CRM Domain 3 |System and Infrastructure Lifecycle Management | |9 |CRM Domain 4 |IT Service Delivery and Support | |10 |CRM Domain 4 |IT Service Delivery and Support | |11 |CRM Domain 5 |IS Asset protection- security | |12 |CRM Domain 3 |IS Asset protection- security | |13 |Rain/Snow Day Contingency |Business Continuity and Disaster recovery | |14 |Finals |Finals (Cumulative from ALL domains) (35 points) | Course Outline for ACC 624 Domain 1- The IS Audit Process: IS Auditing Standards and Guidelines, Performing an IS Audit, Control Self Assessment, Emerging changes in IS Audit Process.

Domain 2- IT Governance: Policies and Procedures, Risk Management, Information Systems Management Practices (Personnel Management, Sourcing Practices, Organizational Change Management), Organizational Structure and Responsibilities (IS Roles and Responsibilities, Segregation of Duties, Auditing IT Governance Structure and Implementation. Domain 3-Systems and Infrastructure Life Cycle Management: Project management structure and Practices, Business Application Development (Traditional SDLC phases, alternate Application Development Approaches), Infrastructure Development / Acquisition in Practices, Information Systems Maintenance Practices, System Development Tools and Productivity Aids, Application Controls, Auditing Application Controls, Auditing System Development, Acquisition and Maintenance, Business Application Systems: E-Commerce, EDI, POS, Electronic Systems, EFT, ATM, Image Processing etc.

Domain 4- IT Service Delivery and Support: IS Operations, IS Hardware, IS Architecture and Software, IS Network Infrastructure (OSI model, LAN-WAN, wireless, N/W Administration and Controls), Auditing Infrastructure and Operations. Domain 5- Protection of Information Assets: Information Security Management, Logical Access Exposures and Controls, N/W Infrastructure Security, Auditing Information Security Framework, Environmental Exposures and Controls, Physical Access Exposures and Controls. Domain 6- Business Continuity and Disaster Recovery: BC and DR Planning (BCP process, BCP incidence management, recovery strategies, developing a BCP, organization and assignment of responsibilities, components of BCP, Plan Testing, Backup and Restoration,  Auditing DR and BC Plan. [pic]