22730 Assurance for Business Systems and Information

Subject level: Postgraduate

Handbook description

This subject addresses the provision of assurance and auditing services for internal and external auditing. It sets out the professional and legal expectations and responsibilities of assurance services and financial statement audits. It deals with the control framework in accounting information systems for the ensuring of security of information and other assets and the integrity of these systems. These controls are evaluated from the perspective that they permeate the entire organisation and are pervasive and inherent in the management of a business. Issues considered include, COSO and COBIT, the nature and purpose of control, its design and operation and management, application control framework, safeguarding assets and data integrity, cryptography and encryption, electronic business environment (EDI systems), and business continuity planning and disaster recovery plans. The subject provides students with competencies in audit methodology of risk and control evaluation, evidence collection and evaluation in various accounting information systems environments including enterprise resource programming (ERP) systems such as SAP. It develops and expands these competencies into providing assurance services on information other than financial information. The subject is accredited by the accounting professional bodies.

Subject objectives/outcomes

On successful completion of this subjects should be able to:

1. understand the role of assurance services and auditing in enhancing risk management and internal control to protect an organisation's assets and information
2. evaluate the effectiveness of internal control in accounting information systems in various information technology environments including enterprise resource planning (ERP) systems and electronic business to ensure that processes produce reliable information
3. use methodologies to undertake and complete assurance tasks. Particularly emphasis is given to providing audit service in order to prepare an opinion and report on the credibility of information in financial statements
4. understand the professional, ethical and legal responsibilities and requirements for providing assurance and audit services as a part of corporate governance mechanisms
5. communicate to, shareholders (owners), management and other users on assurance and auditing issues.

Contribution to graduate profile

This subject provides an understanding of the role and contribution of assurance services such as auditing to organisations and society as a necessary skill and attribute for an adaptive and functioning manager.

Teaching and learning strategies

The teaching strategies used in Assurance for Business Systems and Information are to designed to provide students with an analytical and investigative approach to assurance and audit services. A lecture addressing main points of that week's topic will lead students into a seminar/workshop possibly including computer laboratory activity where students will be expected to undertake practical assignments, discuss and present reviews of case studies, selected academic papers and key points emerging from assigned physical and online readings for rigorous class discussion.

Content

This is an advanced subject addressing an organisations need to ensure that the quality, fiduciary and security requirements for information and other assets are met effectively and efficiently.

It will cover:

• introduction to the nature of assurance services and auditing as well as internal and external auditing
• assurance services and audit methodology, which includes audit risk and evaluation of external controls
• assertions, evidence collection and evaluation in various accounting information systems environments including enterprise resource programming (ERP) systems
• control framework and information systems
• electronic commerce, risk analysis and systems reliability, business continuity planning
• assurance opinions and reports
• types of opinions and reports
• reporting on assurance and audit tasks
• professional and legal expectations and responsibilities
• conclusion and review.

Assessment

Assessment item 1: Class Presentation (Individual)

Assessment item 2: Assurance Project (Group)

Assessment item 3: Final Examination (Individual)

Required text(s)

Jubb C, Topple S, Rittenberg LE and Schwieger BJ, 2008, Assurance and Auditing: Concepts for a Changing Environment 2nd edn, Thomson

CPA Australia, Auditing Assurance and Ethics Handbook, 2009, Pearson Education

Preliminary reading

Auditing Standards Board, 1990, Understanding Financial Statement Audits — A Guide for Financial Statement Users, pp 2–20, Auditing Handbook 2009, Pearson, Sydney

Indicative references

Committee of Sponsoring Organisations of the Treadway Commission (COSO) [1992] Internal Control Integrated Framework New York

Greenstein M and M Vasarhelyi [2002] Electronic Commerce: Security Risk Management and Control 2nd edition McGraw-Hill

Hall J A and T Singleton [2005] Information Technology Auditing and Assurance 2nd ed South Western

Kinney W R [2000] Information Quality Assurance and Internal Control for Management Decision Making McGraw-Hill

The Accounting Handbook 2009 Pearson Education Sydney

Weber R [1998] Information Systems Control and Audit Prentice Hall Sydney

Wright M [1999] Auditing in an IT Systems Environment Audit Guide No 5 Australian Accounting Research Foundation Melbourne.

Articles

Getting Technical Auditing Issues [1996] Auditing Investments under CHESS Charter pp 62 and 63

Greinke A and G Shailer [1997] Auditing the Auditors — The Esanda Case Australian Accountant 67 7 August pp 16–18

Morris R [1984] Corporate Disclosure in a Substantially Unregulated Environment Abacus 20 pp 52–86

Watts R and Z Zimmerman [1983] Agency Problems Auditing and the Theory of the Firm Journal of Law and Economics 26 (October 1983) pp 613-634

Websites

Australian Auditing and Assurance Board www.auasb.gov.au

American Institute of Certified Public Accountants www.aicpa.org

Australian Prudential Regulation Authority (APRA) www.apra.gov.au

Information Systems Audit and Control Association www.isaca.org

Australian Securities and Investment Commission (ASIC) www.asic.gov.au

Australian Accounting Standards Board www.aasb.com.au

Australian Securities Exchange www.asx.com.au

Canadian Institute of Chartered Accountants www.cica.ca

CPA Australia www.cpaonline.com.au

International Federation of Accountants www.ifac.org

Institute of Chartered Accountants in Australia www.icaa.org.au

The Institute of Internal Auditors (US) www.theiia.org

The Commonwealth Treasury www.treasury.gov.au

Institute of Internal Auditors in the UK www.iia.org.uk

Financial Reporting Council www.frc.gov.au

The Institute of Internal Auditors Australia http://iia.asn.au

Institute of Chartered Accountants in England and Wales www.icaew.co.uk

The Institute of Chartered Accountants of Scotland www.icas.org.uk

Professional and financial press reading

This subject deals with topical issues and students must be aware of new ideas and practices. Professional body journals In the Black and Charter business and business magazines such as The Business Review Weekly and the financial press Australian Financial Review, Sydney Morning Herald and Australian are very useful in understanding practical aspects of this subject as well as business and professional views. The journals of overseas accounting professional bodies, such as the Journal of Accountancy in the US and Accountancy in the UK, are also providing a broader perspective. Given the international harmonisation being undertaken in respect of auditing and accounting standards awareness of overseas issues is important. Other useful sources include the IS Audit and Control Journal of the Information Systems Audit and Control Association and publications by the Institute of Internal Auditors.

Publications of the International Federation of Accountants are very useful.