Program Studi Informatika - Fakultas Ilmu Komputer Universitas Bina Darma SAP IT Audit

(1)

Written by

Checked by

Approved by

Valid date

Syahril Rizal, S.T., M.M., M.Kom.

M. Izman Herdiansyah, S.T, M.M., M.Kom.

1. Faculty : Computer Science

2. Study Program : Information Technology Grade : S1 Degree

3. Subject : Audit IT

4. Subject Code :

5. Pra requirement Subject :

6. Subject Status :

Description : This subject allows students to acquire, in pedagogic terms, the basic core knowledge of the field of Information Systems Audit and Control, the audit process and the protection of information, consistent with the ISACA Model Curriculum (Note 1), and to develop, in pragmatic terms, the necessary background and skills needed to enter the Information Systems Audit and Control profession (Note 2). This course aims to:

8. Competencies :

(2)

No Topic/ Learning Materials Sub Topic Sumber Pustaka Information

1 Chapter 1

Overview of Information System Audit

Chapter 2

Conducting an Information Systems Audit

- Need for Control and Audit of Computers - Effects of Computers on Internal Controls - Effects of Computers on Auditing

- Foundations of Information Systems Auditing

- The Nature of Controls - Dealing with Complexity - Audit Risks

- Types of Audit Procedures - Overview of Steps in an Audit

- Auditing Around or Through the Computer

- Weber, Ron. 1999. Information Systems Control And Audit. New Jersey : Prentice Hall

- Gondodiyoto, Sanyoto. 2009.

Pengelolaan Fungsi Audit Sistem informasi. Jakarta : Mitra Wacana Media

2 Chapter 3

Top Management Controls

Chapter 4

System Development Management Controls

- Evaluating the Planning Function - Evaluating the Organizing Function - Evaluating the Leading Function - Evaluating the Controlling Function

- Approaches to Auditing Systems Development - Normative Models of the Systems Development

Process

- Evaluating the Major Phases in the Systems Development process

- Appendix 4.1 Techniques for studying the Existing System : Structured Analysis

- Appendix 4.2 Techniques for studying the Existing System : Object-Oriented Analysis

- Appendix 4.3 Entity-Relationship Modeling - Appendix 4.4 Normalization

(3)

3 Chapter 5

Programming Management Controls

Chapter 6

Data Resource Management Controls

- The Program Development Life Cycle - Organizing the Programming Team - Managing the System Programming Group - Appendix 5.1 Techniques for program Design :

Functional Decomposition

- Appendix 5.2 Techniques for Program Design : Data Flow Design

- Appendix 5.3 Techniques for Program Design : Data Structure Design

- Appendix 5.4 Techniques for Program Design : Object-Oriented Design

- Motivations Toward the DA and DBA Roles - Functions of the DA and DBA

- Some Organizational Issues - Data Repository Systems - Control over the DA and DBA

4 Chapter 7

Security Management Controls

Chapter 8

Operations Management Controls

- Conducting a Security Program

- Major Security Threats and Remedial Measures - Controls of Last Resort

- Some Organizational Issues

- Computer Operations - Network Operations - Data Preparation and Entry - Production Control

- File Library

- Documentation and Program Library - Help Desk / Technical Support

- Capacity Planning and Performance Monitoring - Management of Outsourced Operations

- Weber, Ron. 1999. Information Systems Control And Audit. New Jersey : Prentice

Hall

(4)

Quality Assurance Management Controls

Chapter 10 Boundary Controls

- QA Functions

- Organizational Considerations

- Relationship Between Quality Assurance and Auditing

- Cryptographic Controls - Access Controls

- Personal identification Numbers - Digital Signatures

- Plastic Cards - Audit Trail Controls - Existence Controls

Control And Audit. New Jersey : Prentice

Hall

8 Chapter 11 Input Controls

Chapter 12

Communication Controls

- Data Input Methods - Source Document Design - Data-entry Screen Design - Data Code Controls - Check Digits - Batch Controls - Validation of Data Input - Instruction Input

- Validation of Instruction Input - Audit Trail Controls

- Existence Controls

- Communication Subsystem Exposures - Physical Component Controls - Line Error Controls

- Flow Controls - Link Controls - Topological Controls - Channel Access Controls - Controls over Subversive Threats - Internetworking Controls

(5)

- Communication Architectures and Controls - Audit Trail Controls

- Existence Controls 7 Chapter 13

Processing Controls

Chapter 14 Database Controls

- Processor Controls - Real Memory Controls - Virtual Memory Controls - Operating System Integrity - Application software Controls - Audit Trail Controls

- Access Controls - Integrity Controls

- Applications Software Controls - Concurrency Controls

- Cryptographic Controls - File Handling Controls - Audit Trail Controls - Existence Controls

- Weber, Ron. 1999. Information Systems

Control And Audit. New Jersey : Prentice

Hall

9 MID Test exam

10 Chapter 15 Output Controls

Chapter 16 Audit Software

- Inference Controls

- Batch Output Production and Distribution Controls - Batch Report Design Controls

- Online Output Production and Distribution Controls - Audit Trail Controls

- Generalized Audit Software - Industry-specific Audit Software - High-level Languages

- Utility Software

(6)

- Expert Systems - Neural Network Software - Specialized Audit Software - Other Audit Software

- Basic Nature of Concurrent Auditing Techniques - Need for Concurrent Auditing Techniques - Types of Concurrent Auditing Techniques - Implementing Concurrent Auditing Techniques - Strengths / Limitations of Concurrent Auditing Techniques

Hall

12 Chapter 19

Interviews, Questionnaires and Control Flowcharts

- The Objects of Measurement

- General Characteristics of Performance Measurement Tools

- Types of Performance Meansurement Tools - Presenting Performance Measurement Results - Performance Measurement and Data Integrity

- Weber, Ron. 1999. Information Systems

- Meansures of Asset Safeguarding and Data Integrity

- Nature of the Global Evaluation Decision - Determinants of Judgment Performance

- Audit Technology to Assist the Evaluation Decision - Cost-effectiveness Considerations

(7)

Chapter 22

Evaluating System Effectiveness -- Overview of the Effectiveness Evaluation ProcessA Model of Information System Effectiveness - Evaluating System Quality

- Evaluating Information Quality - Evaluating Perceived Usefulness - Evaluating Perceived Ease of Use - Evaluating Computer Self-efficacy - Evaluating Information System use - Evaluating Individual Impact

- Evaluating Information System Satisfaction - Evaluating Organizational Impact

Pengelolaan Fungsi Audit Sistem informasi. Jakarta : Mitra Wacana Media

14 Chapter 23

Evaluating System Efficiency

-The Evaluation Process - Performance Indices - Workload Models - System Models

- Combining Workload and System Models

-- Weber, Ron. 1999. Information Systems Control And Audit. New Jersey : Prentice Hall

15 Chapter 24

Managing the Information System Audit Function

- Planning Function - Organizing Function - Staffing Function - Leading Function - Controlling Function

- Toward Information Systems Audit Professionalism - Some Futures of Information Systems Auditing

16 Final test Exam

10. Evaluation :

(8)

1. Weber, Ron. 1999. Information Systems Control And Audit. New Jersey : Prentice Hall