IT for Auditing

Base Knowledge

There are no prerequisites to attend this Course.

 

Teaching Methodologies

In the Audit Support IT Tools classes, 21 hours (Professor Isabel Pedrosa)

  • Classes are theoretical-practical using Caseware IDEA and active teaching methods.
  • Learning is carried out through Caseware IDEA, using specific data sets dedicated to exploring different themes of data analysis for the detection of anomalies and fraud. All data sets are provided at the beginning of the semester so that students can prepare questions that can typify data anomalies.
  • In class, for the teaching of these contents, an active teaching methodology “1,2, 4, all” is used for each of the exercises. Students are invited to prepare their questions individually at home. In the classroom, each student joins another, discusses each other’s questions, and produces an improved version. Subsequently, 2 groups get together and obtain a final version of the questions they intend to answer and propose these questions to the class. This dynamic will be carried out before the beginning of the practical component of each exercise.

The practical work of data analysis with IDEA can be carried out in a group composed of a maximum of 3 students. The methodologies adopted are “problem-based learning” and “project-based learning”, with the work consisting of several stages, all with independent evaluation. Particular emphasis will be given to the discussion of the work.

 

In Security classes in Information Systems and the Internet, 9 hours (Professor Duarte Raposo)

  • will be taught through a theoretical-practical approach.
  • Case studies are used.

Learning Results

The objectives of the Curricular Unit of Information Technologies for Auditing are:

  • Acquisition of knowledge of Information Technologies for Auditing (CAATTs, Computer-Assisted Audit Tools and Techniques)
  • Expand the range of knowledge of IT Tools to Support the Audit
  • Master key aspects of Information Systems Security.

The student is expected to acquire the following skills:

  • practices regarding the role that the auditor plays in the detection of anomalies using analysis tools and data extraction for auditing (Caseware IDEA Analytics), for the execution of substantive tests;
  • know how to advise on the most appropriate functionalities for the execution of substantive tests in auditing, through the use of tools, as well as identify situations that may denounce fraud
  • Recommend appropriate policies and behaviors regarding the security of information systems considering the organization/company where it operates.

Program

1. Information Systems (IS) in Auditing (Isabel Pedrosa)
1.1. Notion of IS: generic aspects of an Information system (definition, basic elements)
1.2. Evolution of IS
1.3. Applicability of IS in Organizations
1.4. The importance of Information in Auditing: information versus knowledge.
1.5. New challenges for the auditor

2. Computer Tools for Audit Support (Isabel Pedrosa)
2.1 Definition and applicability of Computer-Assisted Audit Tools and Techniques, CAATTs
2.2 Type of CAATTs
2.3 Tools for the Management of Audit Work Papers
2.4 Tools for data analysis and extraction
2.5 IDEA: contextualization of the application
2.5.1 The various stages of using IDEA
2.5.2 Components of IDEA
2.5.3 Project Management – IDEA workbooks
2.5.4 File Explorer toolbar
2.5.5 Managing Databases – Retrieving and Importing Data from ASCII Files, EBCDIC, Maps, and other formats
2.5.6 Field statistics
2.5.7 Examine the Data
2.5.8 How to Isolate Specific Records, Criteria
2.5.9 Using the Equation Editor
2.5.10 Direct Extraction (Search Items)
2.5.11 The Data Profile, Stratification, Summarization, Pivot Tables
2.5.12 Identify Irregularities, Duplications, or Failures in Numerical Sequences.
2.5.13 Manipulate and Add new Fields
2.5.14 Building Complex Equations and @ Functions
2.5.15 Using Multiple Databases, Adding and Joining Databases, Comparing Two Databases
2.5.16 Displaying Results and Exporting Databases
2.5.17 Project Review and History (diary), Project Overview
2.5.18 Apply analytical methods to detect anomalies:
2.5.18.1 Benford’s Law
2.5.18.2 Z-score
2.5.18.3 Same-same-same and same-same-different
2.5.18.4 Even amounts
2.6 Case Studies using IDEA:
2.6.1 Data Analysis and Preparation;
2.6.2 Questions to be asked about the data;
2.6.3 Data extraction with IDEA, analysis of results, the inclusion of elements in an audit report;
2.6.4 Preparation for the final assessment about IDEA.

3. New Concepts (Isabel Pedrosa)
3.1 Evolution of concepts
3.2 Big Data
3.3 Data Mining and Fraud Detection
3.4 Cloud Auditing
3.5 Continuous Auditing
3.6 BYOD – Bring Your Own Device

4. Internet security (Prof. Duarte Raposo)
4.1 Introduction
– Why is it necessary to protect networks?
– What level of security is needed?
– Security policies
4.2 Internet security
– TCP / IP architecture
– Problems and vulnerabilities associated with the various levels
– Characterization of attacks
• Sniffing attacks
• DOS attacks
• Spoofing attacks
4.3 Protection Techniques and Mechanisms
– IPSec and VPNs
– SSL and TLS
– X.509 Certificates
– Firewalls
– Intrusion detection systems (IDS)
– Monitoring and Auditing Tools

Curricular Unit Teachers

Internship(s)

NAO

Bibliography

Main Bibliography:

• Caseware IDEA Workbook (available at Inforestudante);
• Gee, Sunder. Fraud and Fraud Detection: a Data Analytics Approach, John Willey and Sons, 2015

• Aghili,Shaun. Fraud Auditing Using CAATT: A Manual for Auditors and Forensic Accountants to Detect Organizational Fraud (Internal Audit and IT Audit), Auerbach Publications, 2019

• André Zúquete, Segurança em Redes Informáticas, 5.ª edição atualizada, FCA Editora, 2018
• Edmundo Monteiro e Fernando Boavida, Engenharia de Redes Informáticas, 10.ª edição atualizada e atualizada, FCA Editora, 2011

Optional Biliography:

• ISACA Journal articles about computer-assisted audit tools  (available at Inforestudante); 

• David Coderre, Internal Audit: Efficiency Through Automation, IIA, Institute of Internal Auditors Series, John Wiley & Sons, Dec2008, ISBN-10: 0470392428

• Henrique Mamede, Segurança Informática nas Organizações, FCA Editora, 2006.

PARTNERSHIPS
Coimbra Business School – ISCAC has a partnership with Caseware International for the use of IDEA in an educational context (includes Education and Manual Licenses).