Republic of the Philippines

POLYTECHNIC UNIVERSITY OF THE PHILIPPINES

Office of the Vice President for Academic Affairs
COLLEGE OF ACCOUNTANCY AND FINANCE

DEPARTMENT of ACCOUNTANCY

COURSE TITLE : AUDITING IN A CIS ENVIRONMENT

COURSE CODE :ACCO 30083
CREDIT UNITS : 3 Units
COURSE PREREQUISITE : ACCO 20153 ACCOUNTING INFORMATION SYSTEM
COURSE DESCRIPTION : This course complements the course in auditing. It discusses IT-related risks, security and control mechanisms and techniques that may be employed to address the risks, and the impact of
computer use on the audit. It also introduces computer assisted audit techniques and tools. In this course, students gain an appreciation of the particular features and understanding of the risks
involved in auditing in a CIS environment, the CIS controls they would expect to find in this particular area, how auditors use CAATS (Computer Assisted Audit Tools and Techniques) in this
area. The students gain hands-on experience in the use of Audit Command Language (ACL) in performing audits.

This course comprehensively explains the theory and procedures behind and involving the audit of business entities that uses computer systems in processing their data or information. This
course also provides a background on how information is processed under a computerised system as comapred to a manual system. It also discusses the detailed processes of how an auditor may
conduct his/her audit under such environment. As an academic tool, this course will use the Audit Command Language Software or other Audit Software that will serve as a hands-on device for
students.

Institutional Learning Outcomes Program Outcomes Course Outcomes

1. Creative and Critical Thinking
Graduates use their imaginative as well as arational thinking abilities to
life situations in order to push boundaries, realize possibilities, and
deepen their interdisciplinary and general understanding of the world.
2. Effective Communication
Graduates are proficient in the four macro skills in communication
(reading, writing, listening, and speaking) and are able to use these skills
in solving problems. Making decisions, and articulating thoughts when
engaging with people in various circumstances.
3. Strong Service Orientation
Graduates exemplify the potentialities of an efficient, well-rounded and
responsible professional deeply committed to service excellence
4. Community Engagement
Graduates take an active role in the promorion and fulfillment of various
advocacies (educational, social and environmental) for the advancement
of community welfare.
5. Adeptness in the Responsible Use of Technology
Graduates demonstrate optimized use of digital learning abilities,
including technical and numerical skills.
6. Passion to Lifelong Learning
5th Floor, Dome, PUP A. Mabini Campus, Anonas Street, Sta. Mesa, Manila 1016
Direct Line: 335-1752 | Trunk Line: 335-1787 or 335-1777 local 364, 365 and 263
Website: www.pup.edu.ph | lmlcafpup@gmail.com
st
THE COUNTRY’S 1 POLYTECHNICU
BSA graduates must demonstrate the ability to review, interpret, evaluate
financial data and systems in compliance with established policies, procedures,
guidelines, agreements and/or legislation.
He must be able to link data, knowledge and insight together with different
sources and disciplines to make informed decisions.
He should possess active listening skills and the ability to communicate
effectively one’s point of view, both orally and in writing, at all organizational
levels; be able to explain verbally and/or writing financial, statistical,
administrative matters/policies/procedures/regulatory matters/audit results at a
level appropriate to the audience and must be able to negotiate effectively.
A BSA graduate should develop an ability to work in groups, possess skills to
participate as member of a team or/and contribute to group effort; be able to
teach others new skills; be able to work to the satisfaction of the clients;
negotiate and work with diversity or work well with men and women from
diverse backgrounds.
A BSA graduate must work with the highest standards of professionalism, to
attain higher level of performance and generally to meet the public interest, he
must conform to the ethical standards of the profession that include: Integrity,
Upon completion of the course, the students will be able to:
a. Have a clear understanding of the ovedrall conceptual framework of
auditing in CIS environment;
b. Have acquired a thorough knowledge about auditing, assurance,
internal control and IT governance controls;
c. Have equipped themselves with a clear understanding and
knowledge about auditing operating systems and networks, auditing
database systems, systems development programs and application of
CAATTs;
d. Apply knowledge acquired in different transaction cycles – Revenue
Cycle, Expenditure Cycle, Production and Conversion Cycle, Payroll
Cycle, Investing Cycle and Financing Cycle;
e. Have assumed responsibility, integrity, accuracy, timeliness, and
confidentiality of the auditied financial statements through the use of
an Audit Command Language; and
f. Keep in mind the business ethics, professionalism and understanding
of fraud and fraud detection.
 Graduates are enabled to perform and function in the society by taking
responsibility in their quest toknow more about the world through
lifelong learning.
7. High Level of Leadership and Organizational Skills
Graduates are developed to become the best professionals in their
respective disciplines by manifesting the appropriate skills and
leaderships qualities.
8. Sense of Personal and Professional Ethics
Graduates show desirable attitudes and behavior either in their personal
and professional circumstances.
9. Sense of National and Global Responsiveness
Graduates’ deep sense of national compliments the need to live in a
global village where one’s culture and other people culture are respected.
objectivity and independence, professional competence and due care,
confidentiality, professional behavior and moral values.
A BSA graduate should possess general knowledge in gaining and
understanding of the different cultures in the world and developing an
international objective thus, he must possess competency in English language,
adaptability to foreign business practices, level of trainability and good
capabilities in dealing with foreign partners.
A BSA graduate should not only be conversant with IT concepts for business
systems but sound knowledge on internal control in computer-based systems,
development standards and practices for business systems, management of the
adoption, implementation and use of IT, evaluation of computer business
systems, and managing the security information.

A BSA graduate should possess broad base of knowledge concerning

macro-environmental, economic and industry issues, business process structures,
functions and practices. It includes knowledge in areas such as economics,
quantitative models and busines statistics, organizational behavior, international
business, professional ethics and corporate governance.

Course Plan

Week Topic Learning Outcomes Methodology Resources Assessment

At the end of the lecture, the
learner will be able to:
● Understand all the ● Harmonizing the student’s
policies and in-house expectation from the subject and from the
classroom management professor.
of the professor. ● Presentation of a classic example in order to Elect classroom officers;
● Orientation of the course syllabus, grading system to be
● Make students at ease connect the subject to the course by citing a
1 used, class management policies, preffered requirements Copy of course syllabus
and have an eagerness particular entity. Prepare Seat Plan for the class; and
by the respective faculty for completing the course
in learning new ● Requiring the class to make a research or
successfully.
knowledge in the world interview a company using a computerized Information Technology Auditing Students to submit reflection paper on
● Overview of the topic: Auditing in a computerized
of accounting. accounting system. and Assurance
accounting system as a whole. their realization from the initial
● Acquire the relation of ● Entertaining students’ inquiries, questions and
the subject to their clarifications to a particular idea and allowing discussion.
course and ultimately them to express those things generously.
give importance to each ● Emphazising the important role of the financial
topic to be discussed in officer in preparing financial fact recorder to a
the succeding meetings. strategic financial analyst and adviser.

Page 2 of 14
 After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Understand the primary
objective of auditing.
● Know the difference
between attest services
and advisory services
and be able to explain its
2 relationship.
● Grasp the conceptual ● Lecture and discussion of the topic. Quiz 1 on the previous and current
Auditing, Assurance, and Internal Control elements of the ● PPT presentation for the assigned reporters. Information Technology topic.
systematic process of ● Giving an illustration and example. Auditing and Assurance
auditing.
● Understand internal
control presented in the
COSO framework.
● Comprehend the
ralationship between
general controls,
application controls, and
financial data integrity.
● Understand the technical
or role of an Audit
Committee.

After thorough discussion of

the topics, at the end of the
lecture the learner will be
able to:
● Describe and apply to
Understand the risk of Quiz 2 on the topic.
incompatible functions ● Lecture/discussion
Auditing IT Governance Controls and how to structure ● PPT presentation for the assigned reporters.
3 the IT function. ● Recitation Information Technology Auditing
● Comprehend the IT and Assurance
audit function, why it
exist, what it does and
how to manage it.
● Familiarize with the
controls and
precautions required to

Page 3 of 14
 ensure the security of
an organization’s
computer facilities.
● Grasp the different
benefits, risks, and
audit issues related to
IT oursourcing.
● Understand the
elements of a disaster
recovery plan.
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Identify the principal
threats to the operating
system and the control
techniques used to
minimize the possibility
of actual exposures.
4-5 ● Familiarize with the
principal risk associated
with commerce
conducted over intranets ● Lecture/discussion Information Technology
Security Part I: Auditing Operating Systems and Networks and the internet. Quiz 3 on the topic.
● PPT presentation for the assigned reporters. Auditing and Assurance
● Understand the
management techniques
used to reduce the risks
from e-commerce and
from personal computing
systems.
● Recognize the unique
exposure that arise in
connection with
electronic data
interchange (EDI) and
understand how to
reduce the risk
associated with this
exposure.
After thorough discussion of
the topics, at the end of the
Information Technology Quiz 4 on the topic.
Security Part II: Auditing Database Systems lecture the learner will be ● Lecture/discussion on the topic Auditing and Assurance
able to: ● PPT presentation for the assigned reporters.

Page 4 of 14
 ● Understand the
operational problems
inherent in the flat-file
approach to data
management that give
6–7 rise to the database
management approach.
● Understand the
relationships among the
fundamental
componenets of the
database concept.
● Recognize the defining
characteristics of three
database models:
hierarchical, network and
relational.
● Understand the
operational features and
associated risks of
deploying centralized,
partitioned, and
replicated database
models in the distributed
data processing (DDP)
environment.
● Grasp audit objectives
and its procedures used
to test data management
controls.

After thorough discussion of

the topics, at the end of the
lecture the learner will be
able to:
● Enumerate and identify
the different stages in the ● Lecture/discussion on the topic Information Technology
Systems Development and Program Change Activities Quiz 5 on the topic.
systems development life ● PPT presentation for the assigned reporters. Auditing and Assurance
cycle (SDLC).
Familiarize with
common problems that
can lead to failure in the
systems development
process.

Page 5 of 14
8 ● Understand the
importance of strategic
system planning.
● Grasp in general how
accountants participate
in the SDLC.
● Identify the basic
features of both the
structured and
object-oriented
approaches to systems
design.
● Explain the major steps
involved in a
cost-benefit analysis or
proposed inforation
systems.
● Understand fully the
advantages and
disadvantages of the
commercial software
option, and be able to
discuss the
decision-making process
used to select
commercial software.
● Exemplify the main
purpose of a system
walkthrough.
● Familiarize with the
different types of system
documentation and the
purpose they serve.
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Grasp the main
objectives of the three
transaction cycles and
the types of transactions
processed by each of ● Lecture/discussion on the topic Information Technology Quiz 6 on the topic.
them. ● PPT presentation for the assigned reporters.
Auditing and Assurance
Understand the
relationship between

Page 6 of 14
 Transaction Processing and Financial Reporting Systems traditional accounting
9 Overview records and their digital
equivalents in
computer-based systems.
● Familiarize with the
documentation
techniques used to
represent the manual and
computer-based systems.
● Understand the
technologies used to
automate and reengineer
accounting information.
● Grasp the operational
features of the general
ledger system (GLS) and
the financial reporting
system (FRS).
MIDTERM DEPARTMENTAL EXAMINATION
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Grasp the ways to define
system requirements.
● Familiarize with the
10 classes of transaction
input controls used by
accounting application.
Computer-Assisted Audit Tools and Techniques (CAATTs) ● Understand the ● Lecture/discussion on the topic Information Technology
objectives and ● PPT presentation for the assigned reporters. Quiz 7 on the topic.
Auditing and Assurance
techniques used to ● Recitation
implement the
processing controls,
including run-to-run,
operator intervention,
and audit trail controls.
● Exemplify on how to use
and test application
controls.
● Discuss the methods
used to establish
effective output controls

Page 7 of 14
 for both batch and
real-time systems.
Compare the difference
between black and white
box auditing.
● Grasp the key features of
CATT’s discussed in the
chapter.
● Understand and use
CAATTs for testing
controls.
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Grasp the procedures for
the data extraction and
analysis.
● Understand the
components of data
structures and how these
are used to achieve
data-processing
11 operations.
● Familiarize with the
structures used in ● Lecture/discussion on the topic
flat-file systems, Information Technology
Data Structures and CAATTs for Data Extraction ● PPT presentation for the assigned reporters. Quiz 8 on the topic.
including sequential, Auditing and Assurance
● Recitation
indexes, hashing, and
pointer structures.
● Familiarize with
relational database
structures and the
principles of
normalization.
● Enumerate and explain
the different features,
advantages, and
disadvantages of the
embeeded audit module
approach to data
extraction.
● Identify and know the
capabilities and primary

Page 8 of 14
 features of generalized
audit software.
● Familiarize in using
Audit Command
Language (ACL).
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Understand the
operational tasks
associated with the
revenue cycle under
different
levels of technology.
● Grasp the objectives of
auditing those accounts
affecting revenue cycle.
● Familiarize with revenue
cycle control issues
related to alternative
technologies.
12 – 13 ● Recognize the
relationship between ● Lecture/discussion on the topic
revenue cycle audit ● PPT presentation for the assigned reporters.
Auditing the Revenue / Collection Cycle Information Technology Quiz 9 on the topic.
objectives, controls, and ● Recitation
test of controls. Auditing and Assurance
● Exemplify the nature of
substantive tests in
achieving revenue cycle
audit objectives.
● Familiarize with
common features and
functions of ACL that
are used to perform
substantive tests under
this cycle.
After thorough discussion of
the topics, at the end of the ● Lecture/discussion on the topic
lecture the learner will be ● PPT presentation for the assigned reporters. Information Technology
Auditing the Expenditure / Disbursement Cycle Quiz 10 on the topic.
able to: ● Recitation Auditing and Assurance
● Understand the
operational and primary
tasks associated with the

Page 9 of 14
 expenditure cycle under
different levels of
technology.
● Grasp the objectives of
14 - 15 auditing those accounts
affecting expenditure
cycle.
● Familiarize with
expenditure cycle control
issues related to
alternative technologies.
● Recognize the
relationship between
expenditure cycle audit
objectives, controls, and
test of controls.
● Exemplify the nature of
substantive tests in
achieving expenditure
cycle audit objectives.
● Familiarize with
common features and
functions of ACL that
are used to perform
substantive tests under
this cycle.
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Understand the
operational and primary
tasks associated with the
different cycles under ● Lecture/discussion on the topic
Auditing the Payroll, Conversion and Production, Investing under this topic. Information Technology
● PPT presentation for the assigned reporters. Quiz 11 on the topic.
and Financing Cycle ● Grasp the objectives of Auditing and Assurance
● Recitation
16 auditing those accounts
affecting this different
cycles.
● Familiarize with these
fdiffrent cycles control
issues related to
alternative technologies.
● Recognize the
relationship between

Page 10 of 14
 these cycles to audit
objectives, controls, and
test of controls.
● Exemplify the nature of
substantive tests in
achieving these cycles
audit objectives.
● Familiarize with
common features and
functions of ACL that
are used to perform
substantive tests under
these cycles.
After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Grasp the general
functionality and key
elements of enterprise
resource planning system
17 (ERP).
● Understand how to
configure an ERP system
including servers,
databases, the use of
bolt-on software and the ● Lecture/discussion on the topic Information Technology
Enterprise Resource Planning System (ERP) risk associated with it. ● PPT presentation for the assigned reporters. Quiz 12 on the topic.
Auditing and Assurance
● Recognize the purpose ● Recitation
of data warehousing as a
strategic tool and
recognize the issues
related to the design,
maintenance, and
operation of a data
warehouse.
● Exemplify the key
considerations related to
implementing ERP.
● Recognize the internal
control and audit of
implications of an ERP
system.

Page 11 of 14
 After thorough discussion of
the topics, at the end of the
lecture the learner will be
able to:
● Understand the broad
issues in regards to
business ethics and
what constitutes Information Technology
faudulent behavior. Auditing and Assurance
● Discuss further the
fraud-motivating forces.
● Acquire skills and
18 exemplify the typical
fraud schemes
perpetrated by managers
and employees. ● Lecture/discussion on the topic
Business Ethics, Fraud, and Fraud Detection and Audit ● Familiarize with Quiz 13 on the topic.
Command Language (ACL) ● PPT presentation for the assigned reporters.
common anti-fraud ● Recitation
techniques used in both ● Giving an illustration and example.
manual computer-based
systems.
● Infer and know how to
use ACL in the detection Application of Computers in
Print-out of audit reports and
of fraud. Accounting Series: Auditing in a
● Recognise the Hands-on activities using ACL Software related outputs to substantiate
Computerized Information System
responsibility of the results of the findings.
Environment
auditor for detecting
fraud.
● Grasp the relationship
between business ethics
and fraud.

Use the ACL program in

performing audits.

FINAL DEPARTMENTAL EXAMINATION

Total Number of Hours – 54 Hrs.
Reading and References

Reference Section QA 76.9 A93H34 2011, Hall, James A., Information Technology Auditing and Assurance, 2011
Reference Section HF 5630 W388 2012, Weirich, Thomas R., Accounting and Auditing Research & Database: Practitioner’s Desk Reference, 2012
Circulation Section HF 5679 S55 2013, Simkim, Mark G., Accounting Information Systems, 2013
ONLINE/URL: ils@pup.edu.ph

Page 12 of 14
 Practice Set/Hands-on Module Application of Computers in Accounting Series:Auditing in a Computerized Information System Environment by Prof. Leandro Fua / Prof. Glenn Magadia

Course Grading System

Class Standing 70%

Quizzes 70%
Hands-on 10%
Recitation/Participation/Reporting 10%
Attendance, Right Conduct 10%
Departmental examination 30%
Total 100%

Final Grade = (1st Grading Period + 2nd Grading Period)

2

Classroom Policy
The allowed number of absences for students enrolled in ACCO 30083 with once-a-week meeting is four (4). Request for excused absences or waiver of absences must be presented upon reporting back to class. Special examinations will
be allowed only in special cases, such as prolonged illness. It is the responsibility of the student to monitor his/her own tardy incidents and absences that might accumulate leading to a grade of “FA,” (Failed due to Absences). It is also
his/her responsibility to consult with the teacher, chair or dean should his/her case be of special nature.

Consultation Time
Schedule of meeting with the teacher to discuss a particular problem with a student in order to provide advice.

Prepared By: Reviewed By:

JOHN CHRISTOPHER RETARDO, CPA, MBA (Original Signed) DR. GLORIA A. RANTE, CPA, Chairperson, Higher Accounting and Accountancy (Original Signed)
LEANDRO C. FUA, CPA, MBA (Original Signed) MARIETTA M. DOQUENIA, CPA, MBA, Chairperson, Basic Accounting and Management Accounting (Original Signed)
MELINDA S. BALBARINO, CPA, MBA (Original Signed)
GLENN A. MAGADIA, CPA, MBA (Original Signed)

Noted By:
LILIAN DE LA MERCED-LITONJUA, CPA, MBA, Dean (Original Signed)

Approved By:
DR. MANUEL M. MUHI, Vice-President for Academic Affairs (Original Signed)

Page 13 of 14
Student’s Copy

I have read the course syllabus and I understand that I have to comply with the requirements of the course and the expectations from me as a student of ACCO 30083 during the Second Semester of SY 2020-2021. I am
fully aware of the consequences of non-compliance with the above-mentioned requirements and expectations.

Printed name and signature of student

____________________________________

Date

---------------------------------------------------------------------------------------------------------------------------

Teacher’s Copy

I have read the course syllabus and I understand that I have to comply with the requirements of the course and the expectations from me as a student of ACCO 30083 during the Second Semester of SY 2020-2021. I am
fully aware of the consequences of non-compliance with the above-mentioned requirements and expectations.

Printed name and signature of student

______________________________

Date

Page 14 of 14