COMM 456 - Information Technology Risks, Protection and Audit
Business and society are incredibly dependent on information technology. This is especially evident when systems break down or are misused. This course concentrates on what can go wrong with information systems, the role of management in implementing controls to prevent, detect, and correct such exposures, and the role of the audit and security functions in designing, understanding, and testing those controls. Best practices for IT governance are examined and techniques for reviewing and auditing computerized systems and controls are discussed and evaluated.
The purpose of this very practical and case-based course is for students to learn:
- the impact of new laws (e.g., the Sarbanes-Oxley Act) on managing and using IT in business.
- significant risks businesses face due to their reliance on IT, and their implications, e.g.:
- the need to align IT strategies with business strategies.
- the risks that can occur when the development of core business systems is outsourced to third parties or developed by offshore parties.
- the need to maintain business continuity in the face of severe natural or human threats (e.g., earthquakes, hurricanes, or terrorist actions).
- risks due to malicious acts such as hacking, deliberate sabotage, and white-collar crimes.
- controls that businesses can institute to mitigating such significant IT-related risks.
- procedures for identifying and testing controls (both manual and software-based), including forensic auditing techniques.
- management of the IS governance and audit function.
- careers in IS governance, auditing, and security.
Prerequisite: COMM 335.