CIS 4350: Sample Course Syllabus

Title Information Technology Audit
Description This course will deal with such questions as: How do you audit a Computer Information System?  Assess risks? Identify control objectives? Identify appropriate audit procedures? Choose audit software and the varying Information systems Frameworks and Governing Bodies of IT Governance.  The framework of this course will include areas covered in the CISA examination and will be extended to more recent issues such as cloud computing, virtual environments and data security standards.
Prerequisites CIS 3367 or CIS 3400 or ACC 3100 or ACC 3200
Learning Goals
  • Midterm                    35%     
  • Individual project      20%                            
  • Final exam                45%
  • COBIT-Control Objectives for Information Technology (ISACA)–Framework (download from
  • ISACA Standards and Guidelines, ISACA Code of Ethics download at
  • IT Auditing: Using Controls to Protect Information Assets, Second Edition, by  Chris Davis, Mike Schiller and Kevin Wheeler McGraw-Hill/Osborne © 2011 (520 pages) Citation
  • Information Technology Control and Audit, Third Edition, by  Sandra Senft and Frederick Gallegos, Auerbach Publications © 2009
  • General Aspects of Info Systems Control
  • Governing Bodies and IT Audit Frameworks
  • Certifications available in IT Audit
  • Building an effective Internal IT Audit Function
  • The Audit Process and Entity Level Controls
  • Data Centers, Disaster Recovery Infrastructure Auditing
  • Auditing windows, Unix, Linux, Operating Systems
  • Web Servers, Web Applications and Data bases
  • Auditing Storage and Virtualized Environments
  • WLAN and Mobile Devices
  • COBIT: Structure and relevance of COBIT for organizations and IS auditors
  • Midterm
  • Using Computer Assisted Audit Tools & Techniques (CAATTs) Part I
  • Definition of CAATTs
  • Audit Productivity Software
  • Generalized Audit Software Tools
  • Computer Assisted IT Audit Techniques
  • Continuous Auditing Techniques
  • Cloud Computing and PCI Compliance
  • Application Controls and Change management
  • Internal Audit Project
  • Presentation of final RCM project