Management and Information Technology


CMPT 31212

IS Auditing and Control

Status : Elective Pre-requisite : None Co-requisite : None


On completion of this course, the student should be able to:

  • Understand the role and objectives of information technology audits.
  • Develop an appropriate information technology audit process.
  • Describe the risks inherent in various types of information systems.
  • Understand how to design and implement assurance procedures and control measures to effectively manage risks.
  • Understand best practices, standards, and regulatory requirements governing information and controls.
  • Gain the ability to measure the degree of compliance with standards.
  • Understand the role of auditing in systems development, including the review of the development process and participation in systems under development.
  • Understand data forensics.
  • Develop disaster recovery and business continuity plans.

The need for information technology audit & controls, Information technology risks, Business Process and Business Continuity, Auditing ethics, guidelines, and standards of the profession, Undertaking an information system audit, Controls over information and processes, Controls Assessment.

Lectures, Practicas and case discussions.

End-of- Semester examination, practical tests and group assignments.

  1. Chris, D,Mike, S and Kevin, W (2011),IT Auditing Using Controls to Protect Information Assets,2nd Edition,McGraw-Hill Osborne Media.
  2. Robert,R M (2010),IT Audit, Control and Security,2nd edition, Wiley.