Refer to Discussion Forum, Facilitator Introduction and Expectations
CIT 466 - IT Audit and Risk Management
Investigates the principles of information systems audit, IT audit tools, audit procedures to help in detection and prevention of security breaches and fraud. Examines the solutions that can be used to prevent information loss or costly business interruptions, the role of information technology governance in business organizations, reporting requirements, and industry standards for IT Governance.
Prerequisite(s): CIT 331.
The goal of this course is to investigate the principles of information system audit and explains the role of information technology governance in business organizations. IT audit process, risk assessment and IT Governance, Frameworks, Standards, and Regulations are introduced and discussed. The students will learn the life cycle of auditing different IT systems including the operation system, database, computer network etc. The students will have the opportunity to conduct risk assessments, create audit program, test controls and analyze test results for concluding audit reports. The course will also explore how to use automated audit tool ACL for data analysis.
Key concepts to be covered in this course include:
Upon completion of this course, learners should be able to:
Davis, C., Schiller, M., & Wheeler, K. (2011). IT Auditing Using Controls to Protect Information Assets (2nd ed.). New York, NY: McGraw-Hill. ISBN 0-07-174238-2, 978- 0-07-174238-2.
American Psychological Association. (2010). Publication Manual of the American Psychological Association (6th ed.). Washington, DC: American Psychological Association. ISBN 1433805618, 978-1433805615. Companion website: http://www.apastyle.org.
ACL - software
1. Introduction and Reading
Online Format: Sign on to D2L (Home Page) and become familiar with the course navigation of the Web Curriculum. Read chapter 1 from the textbook,
Classroom-based Format:Read chapter 1 from the textbook
2. Essay
From Bloomberg Businessweek 2014: “ In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.”
Riley, Michael. “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It” Bloomberg Businessweek, March 17, 2014. Web. May 18, 2015
Hacking happens all the time and everywhere. Businesses lose billions of dollars due to hacking. Write a short essay, 2 to 3 double-spaced pages, which addresses the question:
How can an organization be prepared to address the hacking issue?
Keep in mind that you are writing a thesis-support essay that will be based on your own conviction. Begin with an introduction that states the issue/problem and your position on this issue, a body that supports and argues for your position, with appropriate citations as necessary, and a conclusion. Note: there is no single right answer to this question.
Classroom-based Format: This assignment is due the first night of class.
Online Format: The instructor will specify the due date for this assignment.
| Week | Readings | Graded Assignments or Assessments (Percentage) |
|---|---|---|
| 1: Internal Audit and IT Audit Function | Text : Chapter 1 | Class Discussion: (12.5pts) Written Assignment: • Pre Assignment (50 pts) • Essay (100 pts) • ACL data analysis (50 pts) |
| 2: IT Governance, Frameworks, Standards, and Regulations | Text: Chapters 16 & 17. | Class Discussion: (12.5 pts) Written Assignment: • Capacity Maturity Model (100 pts) • ACL data analysis (50 pts) |
| 3: Risk Management and Audit Process | Text: Chapters 2 & 18 | Class Discussion: (12.5 pts) Written Assignment: • Risk Assessment (100 pts) • ACL data analysis (50 pts) |
| 4: Audit Entry-Level Controls and Applications | Text: Chapters 3 &13 | Class Discussion: (12.5 pts) Written Assignment: • Audit program (100 pts) • ACL data analysis (50 pts) |
| 5: Audit OS | Text: Chapters 6 & 7 | Class Discussion: (12.5 pts) Written Assignment: • ACL data analysis (50 pts) |
| 6: Audit DB, Data Centers and disaster recovery | Text : Chapters 4 & 9 | Class Discussion: (12.5 pts) Written Assignment: • ACL data analysis (50 pts) |
| 7: Audit Networks security | Text : Chapters 5, 8 & 12 | Class Discussion: (12.5 pts) |
| 8: Audit Projects | Text: Chapter 15 | Class Discussion: (12.5 pts) Written Assignment: • Report drafting and issuance (150 pts) |
| Maximum Points Possible: 1000 |
Review the CCIS Policies on the Regis University website.
NOTE TO LEARNERS: On occasion, the course facilitator may, at his or her discretion, alter the Learning Activities shown in this Syllabus. The alteration of Learning Activities may not, in any way, change the Learner Outcomes or the grading scale for this course as contained in this syllabus. Examples of circumstances that could justify alterations in Learning Activities could include number of learners in the course; compelling current events; special facilitator experience or expertise; or unanticipated disruptions to class session schedule.