University of Malta

Study-Unit Description
UOM Main Page
Apply - Admissions 2016
Campus Map button


TITLE I.S. Risk, Quality, Audit and Control

LEVEL 05 - Postgraduate Modular Diploma or Degree Course


DEPARTMENT Computer Information Systems

DESCRIPTION With its key role, technology has become the most critical factor for today’s businesses. There are substantial consequences whereby businesses fail to deal appropriately with technology related risks. This unit will focus on the various approaches available relating to the identification, quantification, treatment, and monitoring of IT related risks.

Strong general IT controls constitute a prerequisite for the establishment of a reliable information systems environment that effectively support the business objectives and reduces risks and information threats. At its core, this unit will focus on four areas of IT controls: the management of risk, IT governance, IT assurance through audit practices and information security for the implementation of IT controls.

This study-unit equips students to establish and maintain a risk management framework to provide assertion that information security, audit principles and assurance strategies are aligned with business objectives and compliant with legal and regulatory obligations. The unit will also discuss proactive measures for managing risk through the development of appropriate approaches of Business Continuity and Disaster Recovery Planning.

This study-unit will also form the basis of any further studies to approved professional certification in these areas.

Study-unit Aims:

This study-unit aims to provide students the opportunity to apply academic and professional skills learnt in other parts of the programme, to practical and professional issues, and to enhance the value that the enterprise obtains from its Information Systems.

Upon completion of this unit, students will be equipped with tools that will proactively allow them to plan and implement appropriate control measures to continuously manage and mitigate risks without stifling innovation and transformative efforts.

Experts and professionals within the ICT industry will be invited to illustrate and share experiences of risk management frameworks implemented by their organisation.

Learning Outcomes:

1. Knowledge & Understanding:

By the end of the study-unit the student will gain an understanding of:
- The various tools available to proactively manage IT related risks, through risk management processes, IT governance, IT assurance and implementation of general IT controls;
- Applying a risk-based approach through the development of risk management strategies by aligning with business objectives.

2. Skills:

By the end of the study-unit the student will be able to:
- Apply the acquired knowledge to practical situations;
- Develop a Risk Management Framework;
- Apply IT governance concepts through the development of policies and procedures;
- Acquire a good orientation and develop skills to conduct research in the relevant areas of IT risk management;
- Develop good presentation skills;
- Self-evaluate their theoretical achievements by comparing and contrasting various approaches to IT risk management and select appropriate measures for a given scenario.

Main Text/s and any supplementary readings:

Karolak P., Software Engineering Risk Management, Wiley-IEEE Computer Society Press. ISBN:0818671947

Carter B., Introducing RISKMAN Methodology, NCC Blackwell. ISBN-13: 978-1855543560

Oskarsson O., ISO9000 Approach to building quality software, Prentice Hall. ISBN-13: 978-0132289252

Hawker Andrew, Security and Control in Information Systems, Routledge. ISBN-13: 978-0415205351

Kramer John, The CISA Prep Book, Wiley Publishers. ISBN-13: 978-0471250326

BugTraq: SecurityFocus

Microsoft Security Bulletins: Microsoft Security Techcenter

Generic research on

STUDY-UNIT TYPE Lecture and Independent Study

Assessment Component/s Resit Availability Weighting
Assignment Yes 20%
Presentation Yes 20%
Examination (2 Hours) Yes 60%


The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints.
Units not attracting a sufficient number of registrations may be withdrawn without notice.
It should be noted that all the information in the study-unit description above applies to the academic year 2017/8, if study-unit is available during this academic year, and may be subject to change in subsequent years.
Study-unit Registration Forms 2017/8


For Undergraduate (Day) and Postgraduate students.


Academic Advisors 2017/8


Academic Advisors for ICT 1st year students (Intake 2017/8), NOW available

Faculty of ICT Timetables


ICT Timetables are available from Here.

Health and Safety Regulations for Labs Form

The Faculty of ICT Health and Safety Regulations for Laboratories form can be found here



Log In back to UoM Homepage