| CODE | CIS5208 | ||||||||||||
| TITLE | I.S. Risk, Quality, Audit and Control | ||||||||||||
| UM LEVEL | 05 - Postgraduate Modular Diploma or Degree Course | ||||||||||||
| MQF LEVEL | 7 | ||||||||||||
| ECTS CREDITS | 5 | ||||||||||||
| DEPARTMENT | Computer Information Systems | ||||||||||||
| DESCRIPTION | With its key role, technology has become the most critical factor for today’s businesses. There are substantial consequences whereby businesses fail to deal appropriately with technology related risks. This unit will focus on the various approaches available relating to the identification, quantification, treatment, and monitoring of IT related risks. Strong general IT controls constitute a prerequisite for the establishment of a reliable information systems environment that effectively support the business objectives and reduces risks and information threats. At its core, this unit will focus on four areas of IT controls: the management of risk, IT governance, IT assurance through audit practices and information security for the implementation of IT controls. This study-unit equips students to establish and maintain a risk management framework to provide assertion that information security, audit principles and assurance strategies are aligned with business objectives and compliant with legal and regulatory obligations. The unit will also discuss proactive measures for managing risk through the development of appropriate approaches of Business Continuity and Disaster Recovery Planning. This study-unit will also form the basis of any further studies to approved professional certification in these areas. Study-unit Aims: This study-unit aims to provide students the opportunity to apply academic and professional skills learnt in other parts of the programme, to practical and professional issues, and to enhance the value that the enterprise obtains from its Information Systems. Upon completion of this unit, students will be equipped with tools that will proactively allow them to plan and implement appropriate control measures to continuously manage and mitigate risks without stifling innovation and transformative efforts. Experts and professionals within the ICT industry will be invited to illustrate and share experiences of risk management frameworks implemented by their organisation. Learning Outcomes: 1. Knowledge & Understanding: By the end of the study-unit the student will gain an understanding of: - the various tools available to proactively manage IT related risks, through risk management processes, IT governance, IT assurance and implementation of general IT controls; - applying a risk-based approach through the development of risk management strategies by aligning with business objectives; - understand the role of the risk department and the internal auditor function in a corporation; - understand the role of the IT department in relation to risk; - understand the main frameworks, such as ISO31000 and COBIT 5. 2. Skills: By the end of the study-unit the student will be able to: - apply the acquired knowledge to practical situations; - develop a Risk Management Framework; - apply IT governance concepts through the development of policies and procedures; - acquire a good orientation and develop skills to conduct research in the relevant areas of IT risk management; - develop good presentation skills; - self-evaluate their theoretical achievements by comparing and contrasting various approaches to IT risk management and select appropriate measures for a given scenario; - establish and understand the conceptual idea of risk culture and make risk-aware business decisions; - identify threats and opportunities and determine what actions to undertake. Main Text/s and any supplementary readings: - Karolak P., Software Engineering Risk Management, Wiley-IEEE Computer Society Press. ISBN:0818671947 - Carter B., Introducing RISKMAN Methodology, NCC Blackwell. ISBN-13: 978-1855543560 - Oskarsson O., ISO9000 Approach to building quality software, Prentice Hall. ISBN-13: 978-0132289252 - Hawker Andrew, Security and Control in Information Systems, Routledge. ISBN-13: 978-0415205351 - Kramer John, The CISA Prep Book, Wiley Publishers. ISBN-13: 978-0471250326 - ISACA, CRISC Review Manual, 2015, Information Systems Audit and Control Association. ISBN-13: 978-1604203714 - BugTraq: SecurityFocus http://www.securityfocus.com/archive/1 - Microsoft Security Bulletins: Microsoft Security Techcenter http://technet.microsoft.com/en-gb/security/ - Generic research on www.isaca.org |
||||||||||||
| STUDY-UNIT TYPE | Lecture and Independent Study | ||||||||||||
| METHOD OF ASSESSMENT |
|
||||||||||||
| LECTURER/S | |||||||||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2023/4. It may be subject to change in subsequent years. |
|||||||||||||