Guías Docentes Electrónicas
1. General information
Course:
INFORMATION SYSTEMS AUDITING
Code:
42366
Type:
ELECTIVE
ECTS credits:
6
Degree:
347 - DEGREE PROGRAMME IN COMPUTER SCIENCE ENGINEERING (CR)
Academic year:
2021-22
Center:
108 - SCHOOL OF COMPUTER SCIENCE OF C. REAL
Group(s):
20 
Year:
4
Duration:
C2
Main language:
English
Second language:
Use of additional languages:
Technical documentation in English.
English Friendly:
N
Web site:
Available at https://esi.uclm.es/categories/profesorado-y-tutorias
Bilingual:
Y
Lecturer: IGNACIO GARCIA RODRIGUEZ DE GUZMAN - Group(s): 20 
Building/Office
Department
Phone number
Email
Office hours
Fermín Caballero / 3.26
TECNOLOGÍAS Y SISTEMAS DE INFORMACIÓN
6617
ignacio.grodriguez@uclm.es
Available at https://esi.uclm.es/categories/profesorado-y-tutorias

2. Pre-Requisites

In order to take this course, it is advisable to have taken the Basic Training modules (Module I) and the Common to the Computer Branch module (Module II).

3. Justification in the curriculum, relation to other subjects and to the profession

From the 1950s onwards, Information Technology has become a very important tool in financial auditing, as it allows operations to be carried out quickly and precisely that would manually consume too many resources. The so-called computer-aided audit begins, in which the computer is used as a financial audit tool. However, the growth of organizations makes them increasingly dependent on information systems, and therefore there is a need to verify that they work properly. At the end of the 1960s, the first cases of fraud committed with the help of the authorising officer were discovered. These reasons make it necessary to audit such role, the aim of which is precisely to verify the correct, effective and efficient functioning of information technologies and systems. Today, no one doubts that information has become one of the main assets of companies. Organizations invest enormous amounts of money and time in the creation of information systems and in the acquisition and development of technologies that offer them the highest possible productivity and quality. For this reason, auditing is taking on great importance both nationally and internationally. Systems auditing is related to a large number of concepts acquired in other subjects since the main areas of application of systems auditing are varied. Some examples are outsourcing, databases, communication networks, system maintenance, video surveillance, personal data protection, etc.

Audit, as a profession, is developed in a wide range of domains in the field of organizations, however, the scope of this subject focuses on auditing in the context of Information Systems.


4. Degree competences achieved in this course
Course competences
Code Description
INS01 Analysis, synthesis, and assessment skills.
INS02 Organising and planning skills.
INS05 Argumentative skills to logically justify and explain decisions and opinions.
PER01 Team work abilities.
SI01 Ability to integrate information and communiction technology solutions and entrepeneurial process so as to fulfil the needs for information in organisation, allowing them to meet their goals in an effective and efficient manner, providing them with competitive benefits.
SI05 Ability to understand and apply principles for the assessment of risks, and correctly apply them in the elaboration and execution of acting plans.
SIS01 Critical thinking.
SIS03 Autonomous learning.
UCLM01 Command of a second language at a B1 level within the Common European Framework of Reference for Languages
UCLM04 Professional ethics.
5. Objectives or Learning Outcomes
Course learning outcomes
Description
To know and know how to apply the main techniques and methodologies of internal control and information systems audit.
Knowledge of the legal environment of information systems auditing, as well as of the main areas of information systems auditing, and the possession of skills in the use of tools for auditing.
Additional outcomes
Not established.
6. Units / Contents
  • Unit 1: Introduction and basic concepts of information systems auditing
  • Unit 2: Internal Control
  • Unit 3: Evaluation, internal control and audit methodologies
  • Unit 4: Review areas
  • Unit 5: Legal and regulatory aspects of auditing
  • Unit 6: IT Auditing tools
ADDITIONAL COMMENTS, REMARKS

Deliverables:

1º) Information System Internal Control Development

2º) Information System external IT Auditing

3º) Technological Environment Auditing


7. Activities, Units/Modules and Methodology
Training Activity Methodology Related Competences (only degrees before RD 822/2021) ECTS Hours As Com Description
Class Attendance (practical) [ON-SITE] Lectures INS01 INS02 INS05 SI05 SIS01 UCLM01 UCLM04 0.72 18 N N Teaching of the subject matter by lecturer (MAG)
Individual tutoring sessions [ON-SITE] INS01 INS02 INS05 SI05 0.18 4.5 N N Individual or small group tutoring in lecturer's office, classroom or laboratory (TUT)
Study and Exam Preparation [OFF-SITE] Self-study INS01 INS02 INS05 SI05 SIS03 2.1 52.5 N N Self-study (EST)
Other off-site activity [OFF-SITE] Practical or hands-on activities INS01 INS02 INS05 PER01 SI05 SIS03 0.6 15 N N Lab practical preparation (PLAB)
Problem solving and/or case studies [ON-SITE] Problem solving and exercises INS01 INS02 INS05 PER01 SI05 0.6 15 Y N Worked example problems and cases resolution by the lecturer and the students (PRO)
Writing of reports or projects [OFF-SITE] Self-study INS01 INS02 INS05 PER01 SI05 SIS01 SIS03 0.9 22.5 Y N Preparation of essays on topics proposed by lecturer (RES)
Laboratory practice or sessions [ON-SITE] Practical or hands-on activities INS01 INS02 INS05 PER01 SI05 UCLM01 UCLM04 0.6 15 Y Y Realization of practicals in laboratory /computing room (LAB)
Other on-site activities [ON-SITE] Assessment tests INS01 INS02 INS05 SI05 UCLM01 UCLM04 0.3 7.5 Y Y Realization of a final exam (EVA)
Total: 6 150
Total credits of in-class work: 2.4 Total class time hours: 60
Total credits of out of class work: 3.6 Total hours of out of class work: 90

As: Assessable training activity
Com: Training activity of compulsory overcoming (It will be essential to overcome both continuous and non-continuous assessment).

8. Evaluation criteria and Grading System
Evaluation System Continuous assessment Non-continuous evaluation * Description
Final test 50.00% 50.00% Compulsory activity that can be retaken (rescheduling) to be carried out within the planned exam dates of the final exam call (convocatoria ordinaria)
Theoretical papers assessment 15.00% 15.00% Non-compulsory activity that can be retaken. To be carried out before end of teaching period.
Laboratory sessions 25.00% 25.00% Compulsory activity that can be retaken. To be carried out before end of teaching period.
Oral presentations assessment 10.00% 10.00% Non-compulsory activity that can be retaken (rescheduling). To be carried out in the theory/laboratory sessions for the students of the continuous modality. The students of non-continuous modality will be evaluated of this activity through an alternative system in the ordinary call
Total: 100.00% 100.00%  
According to art. 4 of the UCLM Student Evaluation Regulations, it must be provided to students who cannot regularly attend face-to-face training activities the passing of the subject, having the right (art. 12.2) to be globally graded, in 2 annual calls per subject , an ordinary and an extraordinary one (evaluating 100% of the competences).

Evaluation criteria for the final exam:
  • Continuous assessment:
    In compulsory activities, a minimum mark of 40% is required in order to pass that activity and have the possibility to therefore pass the entire subject. The evaluation of the activities will be global and therefore must be quantified by means of a single mark. In the case of the activities that may be retaken (i.e., rescheduling), an alternative activity or test will be offered in the resit/retake exam call (convocatoria extraordinaria).

    The final exam will be common for all the theory/laboratory groups of the subject and will be evaluated by the lecturers of the subject in a serial way, i.e., each part of the final exam will be evaluated by the same lecturer for all the students.

    A student is considered to pass the subject if she/he obtains a minimum of 50 points out of 100, taking into account the points obtained in all the evaluable activities, and also has passed all the compulsory activities.

    For students who do not pass the subject in the final exam call (convocatoria ordinaria), the marks of activities already passed will be conserved for the resit/retake examcall (convocatoria extraordinaria). If an activity is not recoverable, its assessment will be preserved for the resit/retake exam call (convocatoria extraordinaria) even if it has not been passed. In the case of the passed recoverable activities, the student will have the opportunity to receive an alternative evaluation of those activities in the resit/retake exam call and, in that case, the final grade of the activity will correspond to the latter grade obtained.

    The mark of the passed activities in any call, except for the final exam, will be conserved for the subsequent academic year at the request of the student, provided that mark is equal or greater than 50% and that the activities and evaluation criteria of the subject remain unchanged prior to the beginning of that academic year.

    The failure of a student to attend the final exam will automatically result in her/him receiving a "Failure to attend¿ (no presentado). If the student has not passed any compulsory evaluation activity, the maximum final grade will be 40%.
  • Non-continuous evaluation:
    Students may apply at the beginning of the semester for the non-continuous assessment mode. In the same way, the student may change to the non-continuous evaluation mode as long as she/he has not participated during the teaching period in evaluable activities that together account for at least 50% of the total mark of the subject. If a student has reached this 50% of the total obtainable mark or the teaching period is over, she/he will be considered in continuous assessment without the possibility of changing to non-continuous evaluation mode.

    Students who take the non-continuous evaluation mode will be globally graded, in 2 annual calls per subject, an ordinary and an extraordinary one (evaluating 100% of the competences), through the assessment systems indicated in the column "Non-continuous evaluation".

    In the "non-continuous evaluation" mode, it is not compulsory to keep the mark obtained by the student in the activities or tests (progress test or partial test) taken in the continuous assessment mode.

Specifications for the resit/retake exam:
Evaluation tests will be conducted for all recoverable activities.
Specifications for the second resit / retake exam:
Same characteristics as the resit/retake exam call.
9. Assignments, course calendar and important dates
Not related to the syllabus/contents
Hours hours

Unit 1 (de 6): Introduction and basic concepts of information systems auditing
Comment: The course is taught in three weekly sessions of 1.5 hours.

10. Bibliography and Sources
Author(s) Title Book/Journal Citv Publishing house ISBN Year Description Link Catálogo biblioteca
 
Del Peso,E., Del Peso, M., Piattini, M. Auditoría de Tecnologías y Sistemas de Información RA-MA 978847897846 2008  
Hervada, F., Piattini, M. Gobierno de las Tecnologías y Sistemas de Información RA-MA 978847897767 2007  
ISACA COBIT® 5 for Assurance 2014  
ISACA COBIT® 5: A Business Framework for the Governance and Management of Enterprise IT 2014  



Web mantenido y actualizado por el Servicio de informática