22730 Assurance for Business Systems and Information

Subject level: Postgraduate

Handbook description

This subject addresses the provision of assurance and auditing services for internal and external auditing. It sets out the professional and legal expectations and responsibilities of assurance services and financial statement audits. It deals with the control framework in accounting information systems for the ensuring of security of information and other assets and the integrity of these systems. These controls are evaluated from the perspective that they permeate the entire organisation and are pervasive and inherent in the management of a business. Issues considered include, COSO and COBIT, the nature and purpose of control, its design and operation and management, application control framework, safeguarding assets and data integrity, cryptography and encryption, electronic business environment (EDI systems), and business continuity planning and disaster recovery plans. The subject provides students with competencies in audit methodology of risk and control evaluation, evidence collection and evaluation in various accounting information systems environments including enterprise resource programming (ERP) systems such as SAP. It develops and expands these competencies into providing assurance services on information other than financial information. The subject is accredited by the accounting professional bodies.

Subject objectives/outcomes

On successful completion of this subjects should be able to:

1. Understand the role of assurance services and auditing in enhancing risk management and internal control to protect an organisation's assets and information.
2. Evaluate the effectiveness of internal control in accounting information systems in various information technology environments including enterprise resource planning (ERP) systems and electronic business to ensure that processes produce reliable information.
3. Use methodologies to undertake and complete assurance tasks. Particularly emphasis is given to providing audit service in order to prepare an opinion and report on the credibility of information in financial statements.
4. Understand the professional, ethical and legal responsibilities and requirements for providing assurance and audit services as a part of corporate governance mechanisms.
5. Communicate to, shareholders (owners), management and other users on assurance and auditing issues.

Contribution to graduate profile

This subject provides an understanding of the role and contribution of assurance services such as auditing to organisations and society as a necessary skill and attribute for an adaptive and functioning manager.

Teaching and learning strategies

The teaching strategies used in Assurance for Business Systems and Information are to designed to provide students with an analytical and investigative approach to assurance and audit services. A lecture addressing main points of that week's topic will lead students into a seminar/workshop possibly including computer laboratory activity where students will be expected to undertake practical assignments, discuss and present reviews of case studies, selected academic papers and key points emerging from assigned physical and online readings for rigorous class discussion.

Content

This is an advanced subject addressing an organisations need to ensure that the quality, fiduciary and security requirements for information and other assets are met effectively and efficiently.

• Introduction to the nature of assurance services and auditing as well as internal and external auditing
• Assurance services and audit Methodology, which includes audit risk and evaluation of external controls
• Assertions, evidence collection and evaluation in various accounting information systems environments including enterprise resource programming (ERP) systems
• Control Framework and Information Systems
• Electronic commerce, risk analysis and systems reliability, business continuity planning
• Assurance opinions and reports
• Types of opinions and reports
• Reporting on assurance and audit tasks
• Professional and legal Expectations and Responsibilities
• Conclusion and Review.

Assessment

Recommended text(s)

Pearson, Sydney [2004], Auditing Handbook 2004 (This is volume 2 of The Accounting and Auditing Handbook an annual publication)

Lehman M W [2003] Computer-Assisted Auditing with Microsoft Great Plains Dynamics, Thomson South-Western (A case study for the audit team assignment. Other case studies may be set as appropriate.)

Schelluch P S Topple C Jubb L E Rittenberg and B J Schwieger [2004] Assurance and Auditing: Concepts for a Changing Environment, Thomson Melbourne.

Indicative references

Charter, [2003], Business Software Guide, Charter Supplement

Committee of Sponsoring Organisations of the Treadway Commission (COSO) [1992] New York

Gemmy S. A and Hall G [1998] Internet Guide for Accounting, South-Western College Publishing

The Institute of Chartered Accountants of Scotland, Controlling Computers in Business, Vols 1 to 5 [1996]

Dayton, D., [1997], Information Technology Audit Handbook, Prentice Hall

Gelinas U J, S G Sutton and A E Oram [1999] Accounting Information Systems, South Western 4th edition

Manson, S., S. McCartney and M Sherer, [1997], Audit Automation: The use of Information Technology in the Planning Controlling and Recording of Audit Work, The Institute of Chartered Accountants of Scotland.

Pfleeger. C., [1997] Security in Computing, 2nd edition Prentice Hall