IT for Auditing

Base Knowledge

There are no prerequisites to attend this Course.

 

Teaching Methodologies

In the CAATTs classes, 21 hours (Professor Isabel Pedrosa)

i. The classes are theoretical-practical with Caseware IDEA.
ii. The evaluation of Caseware IDEA will be carried out through an individual test on the computer and a practical work, with IDEA, to detect anomalies ina a data set. 

In the classes of Security in Information Systems and on the Internet, 9 hours (Professor Duarte Raposo)
i. will be taught through a theoretical-practical approach.
ii. The evaluation of Computer Security will be carried out through a theoretical test.

Learning Results

  • Acquisition of knowledge of Information Technologies for Auditing (CAATTs, Computer-Assisted Audit Tools and Techniques) and fundamental practical skills with regard to the role that the auditor plays, namely in the detection of anomalies using analysis tools and data extraction for auditing ( Caseware IDEA Analytics), for performing substantive tests;
  • Expand the range of knowledge of Computer Tools for Audit Support, promoting the holding of Seminars with specific Software companies for Auditing;
  • Master fundamental aspects of Information Systems Security.

Program

1. Information Systems (IS) in Auditing (Isabel Pedrosa)
1.1. Notion of IS: generic aspects of an Information system (definition, basic elements)
1.2. Evolution of IS
1.3. Applicability of IS in Organizations
1.4. The importance of Information in Auditing: information versus knowledge.
1.5. New challenges for the auditor

2. Computer Tools for Audit Support (Isabel Pedrosa)
2.1 Definition and applicability of Computer-Assisted Audit Tools and Techniques, CAATTs
2.2 Type of CAATTs
2.3 Tools for the Management of Audit Work Papers
2.4 Tools for data analysis and extraction
2.5 IDEA: contextualization of the application
2.5.1 The various stages of using IDEA
2.5.2 Components of IDEA
2.5.3 Project Management – IDEA workbooks
2.5.4 File Explorer toolbar
2.5.5 Managing Databases – Retrieving and Importing Data from ASCII Files, EBCDIC, Maps, and other formats
2.5.6 Field statistics
2.5.7 Examine the Data
2.5.8 How to Isolate Specific Records, Criteria
2.5.9 Using the Equation Editor
2.5.10 Direct Extraction (Search Items)
2.5.11 The Data Profile, Stratification, Summarization, Pivot Tables
2.5.12 Identify Irregularities, Duplications, or Failures in Numerical Sequences.
2.5.13 Manipulate and Add new Fields
2.5.14 Building Complex Equations and @ Functions
2.5.15 Using Multiple Databases, Adding and Joining Databases, Comparing Two Databases
2.5.16 Displaying Results and Exporting Databases
2.5.17 Project Review and History (diary), Project Overview
2.5.18 Apply analytical methods to detect anomalies:
2.5.18.1 Benford’s Law
2.5.18.2 Z-score
2.5.18.3 Same-same-same and same-same-different
2.5.18.4 Even amounts
2.6 Case Studies using IDEA:
2.6.1 Data Analysis and Preparation;
2.6.2 Questions to be asked about the data;
2.6.3 Data extraction with IDEA, analysis of results, the inclusion of elements in an audit report;
2.6.4 Preparation for the final assessment about IDEA.

3. New Concepts (Isabel Pedrosa)
3.1 Evolution of concepts
3.2 Big Data
3.3 Data Mining and Fraud Detection
3.4 Cloud Auditing
3.5 Continuous Auditing
3.6 BYOD – Bring Your Own Device

4. Internet security (Prof. Duarte Raposo)
4.1 Introduction
– Why is it necessary to protect networks?
– What level of security is needed?
– Security policies
4.2 Internet security
– TCP / IP architecture
– Problems and vulnerabilities associated with the various levels
– Characterization of attacks
• Sniffing attacks
• DOS attacks
• Spoofing attacks
4.3 Protection Techniques and Mechanisms
– IPSec and VPNs
– SSL and TLS
– X.509 Certificates
– Firewalls
– Intrusion detection systems (IDS)
– Monitoring and Auditing Tools

Curricular Unit Teachers

Internship(s)

NAO

Bibliography

Main Bibliography:

• Caseware IDEA Workbook (available at Inforestudante);
• Gee, Sunder. Fraud and Fraud Detection: a Data Analytics Approach, John Willey and Sons, 2015

• Aghili,Shaun. Fraud Auditing Using CAATT: A Manual for Auditors and Forensic Accountants to Detect Organizational Fraud (Internal Audit and IT Audit), Auerbach Publications, 2019

• André Zúquete, Segurança em Redes Informáticas, 5.ª edição atualizada, FCA Editora, 2018
• Edmundo Monteiro e Fernando Boavida, Engenharia de Redes Informáticas, 10.ª edição atualizada e atualizada, FCA Editora, 2011

Optional Biliography:

• ISACA Journal articles about computer-assisted audit tools  (available at Inforestudante); 

• David Coderre, Internal Audit: Efficiency Through Automation, IIA, Institute of Internal Auditors Series, John Wiley & Sons, Dec2008, ISBN-10: 0470392428

• Henrique Mamede, Segurança Informática nas Organizações, FCA Editora, 2006.

PARTNERSHIPS
Coimbra Business School – ISCAC has a partnership with Caseware International for the use of IDEA in an educational context (includes Education and Manual Licenses).