FAR EASTERN UNIVERSITY

Vision
Guided by the core values of Fortitude, Excellence and Uprightness, Far Eastern University aims to be a university of choice in Asia

Mission
Committed to the highest intellectual, moral and cultural standards, it strives to produce principled and competent graduates. It nurtures a service-oriented and environment conscious
community which seeks to contribute to the advancement of the global society.

Quality Policy
Far Eastern University is committed to providing quality educational services. Each person is expected to do the job right the first time with the intention of consistently satisfying the
requirement of our students, other members of FEU community, and external parties. Under any given circumstances we shall adhere to all the requirements and standards for continuous
improvement and effectiveness of the quality management systems.

INSTITUTE OF ACCOUNTS, BUSINESS AND FINANCE

Vision
Far Eastern University – Institute of Accounts, Business and Finance (IABF) envisions itself to be the preferred business school in Asia.

Mission
The Institute of Accounts, Business and Finance is committed to produce principled and competent business graduates, espousing Fortitude, Excellence and Uprightness. IABF will promote
community engaged, service-oriented individuals who will shape and build strong organization in the future.

DEPARTMENT OF ACCOUNTANCY

Vision
Guided by the core values (Fortitude, Excellence and Uprightness) of a true-blooded Tamaraw, the Accountancy Program of FEU– IABF envisions itself as a Center of Excellence in
Accountancy Education.

Mission
It commits to develop future responsible accounting professionals through holistic accountancy curriculum, extensive and innovative delivery of instruction, competent and highly qualified
faculty, state-of-the-art facilities, industry and community-based researches, practical-based student apprenticeship program and extensive community.
Course Title: Auditing in CIS Environment
Course Code : ACT1208
Credits : Three (3) units
Prerequisite : ACT1111
Course Description : This course is intended to provide understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the
ability to effectively assess financial information’s validity, reliability, and security. Emphasizing on essential principles, knowledge, and skills on how
to control and assess IT systems; legislation relevant to IT auditors and its impact on the IT field; and significance of tools and computer-assisted audit
techniques (CAATs) when performing audit work. At the end of the course, students are expected to be prepared for the global examination of
Certified Information Security Auditor (CISA) and Certified Internal Auditor (CIA).

Program Expected Learning Outcomes (PELO):

A graduate of the BS Internal Auditing program is expected to achieve the following learning outcomes:
1. Resolve business issues and problems, with a global and strategic perspective using knowledge and technical proficiency in the areas of internal auditing, financial
accounting and reporting, cost accounting and management, management accounting and control, taxation, law and accounting/auditing information systems with
integrity, objectivity and competence;
2. Prepare financial statements and other-related reports in accordance with applicable accounting and auditing standards, taxation and business laws.
3. Conduct internal auditing research through independent studies of relevant literature and appropriate use of internal auditing theory and methodologies.
4. Develop a strategic business plan using the management concepts and principles holistically.
5. Employ technology as a business tool in capturing financial and non-financial information, generating reports and making decisions
6. Interpret the business environment through various financial and management analysis.
7. Evaluate accounting-related topics and contemporary issues through written inquiry and investigation.
8. Apply relevant auditing standards to financial statements audit for reliable communication of results to stakeholders.
9. Confidently maintain a commitment to good corporate citizenship, social responsibility and ethical practice in performing functions as an internal auditor.
10. Prepare income tax returns and other business documents in compliance with regulatory requirements.
11. Apply knowledge and skills that will successfully respond to various types of assessments (including professional licensure and certifications.
12. Demonstrate leadership and interpersonal skills through collaborative work.
13. Communicate effectively in a variety of domain including writing, speaking, listening and reading in the context of accounting and business.
14. Adapt to changing environment by responding positively to challenges.
15. Manifest the FEU core values – Fortitude, Excellence and Uprightness.
Course Expected Learning Outcomes (CELO):
Upon completion of the course, the students are expected to:
1. Build an understanding of the essential principles, knowledge, and skills on how to control and assess IT systems that will prepare the students for a successful
career in the public practice, private industry, or government.
2. Build an understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the ability to effectively assess financial
information’s validity, reliability, and security.
3. Learn to describe legislation relevant to IT auditors and its impact on the IT field.
4. Learn to demonstrate the significance of aligning IT plans, objectives, and strategies with the business (i.e., IT governance).
5. Understand the role and significance of tools and computer-assisted audit techniques (CAATs) when performing audit work and to design audit plans that ensure
adequate use of tools and technologies when delivering audit work.
6. Understand the risks associated with information security and common types of application systems, as well as application controls and how they are used to
safeguard the input, processing, and output of information.
7. Understand the IT auditor’s involvement in an examination of application systems and the development of relevant and practical documentation to perform IT
audit work.
8. Understand the importance of protecting information against security threats and risks and implement effective information security policies, procedures, and
controls to ensure the integrity of such information and the involvement of IT auditors in such.

Program Expected Learning

Course Expected Learning Outcomes (CELO) Outcomes (PELO)
CELO 1 Build an understanding of the essential principles, knowledge, and skills on how to control and assess IT systems that will 1, 3, 4, 5, 6, 9, 11, 14, 15
prepare the students for a successful career in the public practice, private industry, or government
CELO 2 Build an understanding of the IT audit profession, emphasizing on how IT audit provides organizations and auditors the 1, 3, 4, 5, 6, 9, 11, 14, 15
ability to effectively assess financial information’s validity, reliability, and security
CELO 3 Learn to describe legislation relevant to IT auditors and its impact on the IT field. 1, 3, 5, 9, 10, 11, 12, 14, 15
CELO 4 Learn to demonstrate the significance of aligning IT plans, objectives, and strategies with the business (i.e., IT governance) 1, 3, 4, 5, 6, 9, 11, 12, 14, 15
CELO 5 Understand the role and significance of tools and computer-assisted audit techniques (CAATs) when performing audit work 1, 3, 5, 9, 11, 12, 13, 14, 15
and to design audit plans that ensure adequate use of tools and technologies when delivering audit work
CELO 6 Understand the risks associated with information security and common types of application systems, as well as application 1, 3, 4, 5, 6, 9, 11, 12, 13, 14, 15
controls and how they are used to safeguard the input, processing, and output of information
CELO 7 Understand the IT auditor’s involvement in an examination of application systems and the development of relevant and 1, 3, 4, 5, 6, 9, 11, 12, 13, 14, 15
practical documentation to perform IT audit work.
CELO 8 Understand the importance of protecting information against security threats and risks and implement effective information 1, 3, 4, 5, 6, 9, 1, 12, 13, 14, 15
security policies, procedures, and controls to ensure the integrity of such information and the involvement of IT auditors in
such.
COURSE MAP
Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
1 1. Introduction: Meet the 1. To make the students understand the learning Introduce self and tell Self-introduction and No
teacher and classmates outcomes of the course, the rules and routines of class expectations expectations post in Forum assessment
2. Course learning the class and other guidelines in online learning. [CP1]
outcomes discussion
3. Discuss rules and Read and discuss “Ace
routines and guidelines the Case” Study Guide
in online learning
1-3 Information Technology 1. Discuss how technology is constantly evolving and Discussion on learning Read lesson and answer Formative
Environment and IT Audit shaping today's business (IT) environments. content review questions Pre-quiz 1
1. IT Environment 2. Explain what IT auditing is and summarize its two [PQ1]
2. IT Auditing broad groupings. Introduce StellenTek Listen and react to podcast:
3. IT Auditing Trends 3. Describe current IT auditing trends and identify Case Study and The Future of IT Audit Formative
4. Role of the IT Auditor the needs to have an IT audit. Resources [CP2] Quiz 1
5. IT Audit Profession 4. Explain the various roles of the IT auditor. [Q1]
5. Support why IT audit is considered a profession. Listen and react to podcast:
6. Describe the profile of an IT auditor in terms of Addressing the Challenges
experience and skills required. Facing IT Auditors
7. Discuss career opportunities available to IT [CP3]
auditors
Start the StellenTek Case
Study [CS1]
4-6 Legislation Relevant to 1. Discuss IT crimes and explain the three main Discussion on learning Watch “The Enron Formative
Information Technology categories of crimes involving computers. content Scandal”, Background for Pre-quiz 2
1. IT Crimes and 2. Define cyber attack, and illustrate recent major the Sarbanes Oxley Act of [PQ2]
Cyberattacks cyber attacks conducted in the U.S. and the Continue StellenTek 2002
2. Sarbanes-Oxley Act of Philippines. Case Study and Formative
2002 3. Summarize the Sarbanes-Oxley Act of 2002 Resources Listen and react to the Quiz 2
3. US Security Legislation financial integrity legislation. podcast: The Mother of All [Q2]
4. Privacy Legislation 4. Describe and discuss financial security legislation Breaches
relevant to IT auditors. [CP4]
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
5. International Privacy 5. Describe and discuss privacy-related legislation
Laws relevant to IT auditors Listen and react to the
6. Philippine Laws related 6. Discuss Philippine laws relevant and international podcast: Privacy
to Cyber and Information privacy laws to IT auditors Expectations and
Security 7. Describe and discuss ethical issues and code of Regulatory Complexities
7. Code of Ethics ethics relevant to IT auditors. [CP5]
7-9 IT Governance and Strategy 1. Describe IT governance and explain the Discussion on the TBD Formative
1. IT Governance – significance of aligning IT with business objectives. learning content Pre-quiz 3
Alignment of IT with 2. Describe relevant IT governance frameworks. [PQ3]
Business Objectives 3. Explain the importance of implementing IT
2. IT Governance performance metrics within the organization, Formative
Frameworks particularly, the IT Balanced Scorecard. Describe Quiz 3
3. IT Performance Metrics the steps in building an IT Balanced Scorecard and [Q3]
4. Regulatory Compliance illustrate supporting example.
and Internal Controls 4. Discuss the importance of regulatory compliance
5. IT Strategy and internal controls in organizations.
6. IT Steering Committee 5. Define IT strategy and discuss the IT strategic
7. Communication plan, and its significance in aligning business
8. Operational Planning objectives with IT.
6. Explain what an IT Steering Committee is and
describe its tasks in an organization.
7. Discuss the importance of effective
communication of the IT strategy to members of
the organization.
8. Describe the operational governance processes
and how they control delivery of IT projects, while
aligning with business objectives.
9 Midterm Examination
10-11 The IT Audit Process 1. Describe what audit universe is and illustrate Discussion on learning Listen and react to the Formative
1. Audit Universe example. content podcast: Creating Value by Pre-quiz 4
2. COBIT Taking Risks and [PQ4]
3. Risk Assessment Overcoming Fear of Failure
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
4. Audit Plan 2. Define control objectives for information and [CP6] Formative
5. Audit Process related technology and explain why they are Quiz 4
6. Other Types of IT Audit useful for organizations and auditors. Do the group exercise: The [Q4]
3. Explain what a risk assessment is and its IT Audit Process [CP7]
significance to the audit function. Illustrate an
example of a risk assessment following the Finish StellenTek Case
National Institute of Standards and Technology Study
methodology. [CS1]
4. Define the audit process and describe the phases
of an IT audit engagement.
5. Discuss other types of audits conducted in IT.
12-13 Tools and Techniques Used 1. Define auditor productivity tools and describe Discussion on learning Short Case – Change Formative
in Auditing IT how they assist the audit process. content Control Management Pre-quiz 5
1. Audit Productivity Tools 2. Describe techniques used to document Process [CP8] [PQ5]
2. System Documentation application systems, such as flowcharting, and Introduce TechWear
Techniques to how these techniques are developed to assist the Case Study and Start TechWear Casestudy Formative
Understand Application audit process. Resources and watch related videos Quiz 5
Systems 3. Explain what Computer-Assisted Audit Techniques [CS2] [Q5]
3. Flowcharting (CAATs) are and describe the role they play in the Discuss and
4. CAATs performance of audit work. demonstrate usage of Perform ACL Exercises –
5. Auditing Around the 4. Describe how CAATs are used to define sample ACL (Audit Command ACL Data Analysis Project
Computer Versus size and select the sample. Language) by Galvanize [CS3]
Auditing Through the 5. Describe the various CAATs used for reviewing
Computer applications, particularly, the audit command
6. Computer Forensics language (ACL) audit software.
Tools 6. Describe CAATs used when auditing application
controls.
7. Describe CAATs used in operational reviews.
8. Differentiate between “Auditing Around the
Computer” and “Auditing Through the
Computer.”
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
9. Describe computer forensics and sources to
evaluate computer forensic tools and techniques.
14 Application Systems: Risks 1. Discuss common risks associated with application Discussion on learning Short Case – Input Controls Formative
and Controls systems. content [CP9] Pre-quiz 6
1. Application System Risks 2. Discuss common risks associated with end-user [PQ6]
2. End-user Development development application systems. Case-studies Continue TechWear
Application Risks 3. Discuss risks to systems exchanging business Casestudy and watch Formative
3. Risks to Systems information and describe common standards for related videos [CS2] Quiz 6
Exchanging Electronic their audit assessments. [Q6]
Business Information 4. Describe Web applications, including best secure
4. Web Application Risks coding practices and common risks.
5. Application Controls 5. Explain application controls and how they are
6. IT Auditor’s used to safeguard the input, processing, and
Involvements output of information.
6. Discuss the IT auditor’s involvement in an
examination of application systems.
15-17 Information Security 1. Describe the importance of information security Discussion on learning Short Case – Information Formative
1. Information Security to organizations, and how information represents content Security Audit Program Pre-quiz 7
2. Information Security in a critical asset in today’s business organizations. [CP10] [PQ7]
the Current IT 2. Discuss recent technologies that are Case-studies
Environment revolutionizing organizations’ IT environments Finish TechWear Casestudy Formative
3. Information Security and the significance of implementing adequate and watch related videos Quiz 7
Threats and Risks security to protect the information. [CS2] [Q7]
4. Information Security 3. Discuss information security threats and risks, and
Standards how they represent a constant challenge to
5. Information Security information systems.
Policy 4. Describe relevant information security standards
6. Information Security and guidelines available for organizations and
Roles and auditors.
Responsibilities 5. Explain what an information security policy is and
7. Information Security illustrate examples of its content.
Controls
 Time Learning Content Learning Outcomes Strategy / Methodology Student Output Evaluation /
Frame- / Activities Assessment
Week
8. Selection and Testing of 6. Discuss roles and responsibilities of various
Information Security information system groups within information
Controls security.
9. Involvement in an 7. Explain what information security controls are,
Information Security and their importance in safeguarding the
Audit information.
8. Describe the significance of selecting,
implementing, and testing information security
controls.
9. Describe audit involvement in an information
security control examination, and provide
reference information on tools and best practices
to assist such audits.
18 Final Examinations

INSTRUCTIONAL MATERIALS/ RESOURCES

1. Microsoft PowerPoint
2. CANVAS
3. Other Learning Management System (LMS) (e.g. Connect, Mindtap, etc.)

SUGGESTED READINGS AND REFERENCES

1. Otero, A. R. (2019). Information Technology Control and Audit, 5th Edition. CRC Press, Taylor & Francis Group. (Main Reference Text)
2. Cannon, D. (2016). CISA: Certified Information Systems Auditor Study Guide, Fourth Edition. Indianapolis, Indiana: John Wiley & Sons, Inc. .
3. Cascarino, R. E. (2012). Auditor's Guide to IT Auditing, Second Edition. Hoboken, New Jersey: John Wiley & Sons, Inc.
4. Davis, C., & Schiller, M. (2011). IT Auditing Using Controls to Protect Information Assets, Second Edition. McGraw-Hill Companies.
5. Hall, J. (2016). Information Technology Auditing, 4th Edition. South-Western Cengage Learning.
6. Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core Concepts of Information Technology Auditing. John Wiley & Sons, Inc.

CLASSROOM POLICIES
It is the responsibility of the learner to come to each class prepared. He/she is also expected to take all examinations on the scheduled date. He/she should read the
assigned problems prior to class discussion. He/she is expected to attend each class and participate actively in the discussions.
FEU ACADEMIC DISHONESTY
All Research, Accounting, Auditing, Law and Taxation students are expected to be academically honest. Cheating, lying, and other forms of immoral and unethical behavior
will not be tolerated. Any student found guilty of cheating in examinations or plagiarizing in submitted course requirements will (at a minimum) receive a Failing Grade in the
course/subject. Cheating and Plagiarism refer to the use of unauthorized books, notes, securing help in a test, copying test, assignments, reports or term papers, collaborating
without authority with another student during an examination or in preparing academic work, signing another student’s name on an attendance sheet, representing the work
of another person as one’s own; and other activities manifesting the practice of scholastic dishonesty.

POLICY ON ABSENCES
The students are allowed only 20% of the total number of hours in a semester for absences. Hence, the allowed number of absences for a student enrolled in a 3-unit
subject or 6-unit subject is a maximum of six (6) absences during regular semester. Request for excused absences or waiver of absences must be presented prior to
occurrence of absence or immediately upon reporting back to class, whichever is applicable. Special examinations will be given only in special cases, such as prolonged
illness. It is the responsibility of the student to monitor his/her own tardy incidents and absences that might accumulate leading to the grade of 5.00 or F. It is also his/her
responsibility to consult with the concerned faculty member, program head, Dean should his/her case be of special nature.
Note: Always refer to the Student Handbook for academic policies.

POLICY ON NON-SOLICITATION OF FUNDS

All official fees of the University are collected through the Cash Department. Students should not pay any additional fees such as those for tickets, entrance fees,
transportation fees, hand-outs, readings, quizzes or tests to any faculty or staff member of the University.

POLICY ON STUDENT DATA PRIVACY ACT

In compliance with the Act and for ensuring highest level of data security and confidentiality in the access of student’s personal data/information, faculty members should
not allow the student to check other students’ test papers, assignments, seat work, announce the individual grades of the students before the class, disclose student
information, student records and other “student-generated content” in any media, and any other similar acts that will jeopardize the interest of an identified individual
student.

COURSE REQUIREMENTS
Assignments, Quizzes, Major Exams, Output Presentation
GRADING SYSTEM
Computation of Periodic Grades

I. Computation of 1st Preliminary Grade: Midterm Grade (MG)

Formative Assessment (FA)
Class Participation (Homework, Practice Tests, Recitation, Pre-test) 20%
Quizzes 30
Summative Assessment (SA) - Major Departmental Exam 50
1st PRELIMINARY GRADE 100%

II. Computation of 2nd Preliminary Grade

Formative Assessment (FA)
Class Participation (Homework, Practice Tests, Recitation, Pre-test ) 20%
Quizzes 30
Summative Assessment (SA) – Major Departmental Exam 50
2nd PRELIMINARY GRADE 100%

III. FINAL GRADE = 1st PG (50%) + 2nd PG (50%)

TRANSMUTATION OF FINAL GRADE (FG)
FINALGRADE LETTER GRADE QUALITY POINT RANGE
92 – 100 A 4.0 3.80-4.0
85 – 91 B+ 3.5 3.30 – 3.79
78 – 84 B 3.0 2.80 – 3.29
71 – 77 C+ 2.5 2.30 – 2.79
64 – 70 C 2.0 1.80 – 2.29
57 – 63 D+ 1.5 1.30 – 1.79
50 – 58 D 1.0 1.0 – 1.29
F .99 and lower
 IV. RETENTION GRADE - (QUALITY POINT AVERAGE (QPA) CUMULATIVE PER YEAR LEVEL
BACHELOR OF SCIENCE BACHELOR OF SCIENCE
FAR EASTERN IN ACCOUNTANCY IN INTERNAL AUDITING
YEAR LEVEL UNIVERSITY (BSA) (BSIA)
First Year 1.2 1.2 1.2
Second Year 1.5 1.6 1.5
Third Year 1.8 2.0 1.8
Fourth Year 2.0 2.4 2.0

DATE OF EFFECTIVITY: August 2021

Prepared By: Recommended by: Approved By:

REYMARK LAZO
JEROMY ORANGA RAMIL N. BALDRES EARL JOSEPH BORGOÑA
Instructor – Auditing in a CIS Environment Program Head – Accountancy & Internal Auditing OIC-Dean - IABF