Model Curriculum for Information Systems Auditing at the Undergraduate and Graduate Level

Table of Contents

Introduction  & IS Auditing Trends                  2

IS Auditing Education                                      5

Proposed IS Auditing Education Curriculum   10

Undergraduate Model                                    11

Graduate Model                                            15

Conclusion                                                    22

Bibliography and Endnotes                            24

Illustration I - Relevance of Undergraduate IS Model Curriculum to CobiT Conceptual                                      Framework

Illustration II - Relevance of Graduate IS Audit Model Curriculum to CobiT Conceptual                                     Framework

Illustration III - Relevance of IS Audit Undergraduate Curriculum to 1996 CISA Examination                              Domain 

Illustration IV - Relevance of IS Audit Graduate Curriculum to 1996 CISA Examination                                       Domain

 

Exhibit I - Structure of Undergraduate Model Curriculum

Exhibit II - Sample Syllabus of the Information Systems Auditing Undergraduate Core Course

Exhibit III - Structural Flowchart for the Graduate Model Curriculum

Exhibit IV - 1996 CISA Examination Domains

Exhibit VI - Sample of Undergraduate or Graduate Course Topics for Special Topics or                               Electives

Classes Syllabi in this Document:

Intro to Information Systems Auditing  /CAATS  CIS 433
Legal Environment in Information Systems  GBA 560
Information Systems Auditing/CAATs Accounting 863
Security and Privacy in Information Systems   GBA 578
Networks and Telecommunications        GBA 557
Advanced Information Systems Auditing   ACC 591 or GBA 577

Introduction & IS Auditing Trends      

    Computing has become indispenable to organizations' activities. The CobiT Framework (IS Audit & Control Foundation, 1995) emphasizes this point and substantiates the need to research, develop, publicize and promote an up-to-date, internationally accepted, information technology control objectives for day-to-day use by business managers.  In their 1993 discussion paper, "Minimum Skill Levels in Information Technology for Professional Accountants" and their 1992 final Report, " The Impact of Information Technology on the Accountancy Profession ", the International Federation of Accountants (IFAC) acknowledges the need for better university level education to address growing information technology control concerns and issues.

     Around the world, reports of information theft, computer fraud, information abuse, and other information/technology control concerns are being heard more frequently in the news. Organizations are more information conscious, people are scattered due to decentralization, and computers are used more extensively in all areas of commerce. Due to the rapid diffusion of computer technologies and the ease of information accessibility, knowledgeable and well-trained information systems auditors are needed to ensure more effective controls in place to maintain data integrity and to manage access to information.  The need for better controls over IS has been echoed in prior studies such as  the AICPA's Committee of Sponsoring Organizations of the Treadway Commission (COSO), ISO 9000, IIA's Systems Auditability and Control Report , Guidelines for the Security of IS by the Organization for Economic Cooperation and Development (OECD) and the U.S. President's Council on Integrity & Efficiency in "Computer Audit Training Curriculum".  The most recent addition to these major studies is the Control Objectives for Information and Related Technology (CobiT): Framework:

  IS auditing (formerly called electronic data processing (EDP) auditing):  

is not just a simple extension of traditional auditing. Recognition of the need for an EDP audit function came from two directions. First, auditors realized that computers had impacted their ability to perform the attest function. Second, both corporate and information processing management recognized computers were valuable resources that needed controlling like any other valuable resource within the organization. 1

    The theory and methodologies of IS auditing are integrated from four other areas: traditional auditing, information systems management, behavior science, and computer science.

Traditional auditing contributes knowledge of internal control practices and overall control philosophy. Information systems management provides methodologies necessary to achieve successful design and implementation of systems. Behavioral science indicates when and why information systems are likely to fail because of people problems. Computer science contributes knowledge about control theory and the formal models that underlie hardware and software design as a basis for maintaining data integrity.2

     IS auditing is an integral part of the audit function because it is a function that "supports the auditor's judgment on the quality of computer systems."3  Information systems auditors are the technological resource for the audit staff.  The audit staff often looks to them for technical assistance. Within IS auditing, there are organizational IS Audits (management control over information technology), technical IS Audits (infrastructure, data centers, data communication), application oriented (business/financial) IS Audits and compliance IS Audits involving national or international standards.  Ever since the Information Systems Audit and Control Association (ISACA) , formerly the EDPAA, was formed in Los Angeles in 1969, there has been a growing demand for well-trained and skilled IS audit professionals.

     IS auditing is a profession with conduct, aims, and qualities that are characterized with worldwide technical and ethical standards. It requires specialized knowledge and often long and intensive academic preparation. Most accounting, auditing, and information systems professional societies believe that improvements in research and education will definitely provide a "better-developed theoretical and empirical knowledge base for the information systems audit function."4 They feel that emphasis should be placed upon education obtained at the college level.

     The breath and depth of knowledge required to audit IS is extensive.  For example, IS auditing involves: the application of risk oriented audit approaches, the uses of computer assisted audit tools and techniques (e.g. Caseware, Idea, ACL, CA-examine);  The application of standards (national or international) such as ISO-9900/3 to improve and implement quality systems in software development;  the auditing of systems under development, involving complex SDLC or new development techniques (e.g. prototyping, end-users computing, rapid systems development);  and the auditing of complex technologies involving electronic data interchange, client servers, local and wide area networks, data communications, telecommunications, integrated voice/data/video systems.

IS Auditing Education

     Worldwide, colleges and universities, have been responding to the needs of the IS auditing profession. At the undergraduate level, they have begun to integrate IS courses into their accounting programs and accounting or finance courses into their IS programs.  At the graduate level, several universities have successfully implemented and maintained IS audit oriented programs.  These universities have attempted to meet the growing demand for entry level knowledge, skills and abilities in IS auditing despite not having a model curriculum to follow.

      To their credit, these universities and colleges have been successful in generating qualified candidates for this demanding field.  They have emphasized more academic aspects in university education for preparing their graduates for the IS audit profession.  Their graduates are now employed in the IS audit, security and control profession or have advanced into corporate management.  These graduates have been encouraged to attain professional certification (CISA, CPA, CA, CIA, Certified Quality Auditor (CQA), CFE and others) and produce written products to transfer their experience and expertise to others.

     At the undergraduate level, some universities required their accounting students to take IS courses to develop computer skills in word processing, spreadsheets and database management. IS audit and control issues are also being included in undergraduate Auditing courses.  When these business students (with accounting, IS or finance emphasis) graduate, they have some awareness, but they lack the technical competence and business experience to test computer- based controls as presented by the AICPA's  Statement on Auditing Standards (e.g, SAS no. 48 and SAS  no. 55).

     The more advanced level of education in IS audit comes at the graduate level.  Candidates at this level typically have business experience and a bachelor's degree in a business field (e.g., accounting, IS or finance/commerce).  If they do not have this background, then many universities require business courses to be taken in preparation for the advanced courses.

     Worldwide, several universities have been successful in offering IS audit education. At the undergraduate level, Eastern Michigan University (US) , (Florida Atlantic University (US) , Brigham Young University (US), Curtin University of Technology (Australia), University of New Queensland (Australia) are some examples.  The published European Commission document "A Proposal for Postgraduate Curriculum in Information Security, Dependability and Safety", shows the educational resources and courses offerings of Dublin University (Ireland) , University of London (UK) , Stockholm University  (Sweden), The University of Vienna (Austria), and others to support graduate level IS audit, security and control courses.  On the American continent, California State Polytechnic University-Pomona (US), Arizona State University (US) , Georgia State University (US) , ITESM-Campus Guadalajara (MX) and University of British Columbia (CA) are successful examples.

       Certainly, support for education and training in this area has been provided by accounting oriented professional societies such as the American Institute of Certified Public Accountants (AICPA), Institute of Internal Auditors , and the Institute for Management Accountants  for many years.  The Data Processing Management Association (DPMA) , in the issuance of its Model Curriculum for Undergraduate Computer IS Education in 1981, included the need for an elective course on IS auditing . This elective course is still included in its most recent model curriculum. From an international perspective, organizations such as International Federation of Accountants and IFIP/WG11.8 (Information Security Education and Training) have published documents advocating the need for university developed training in IS auditing, security and control.

     There are two conflicting views about how IS audit should be organized.  Some view that there should be a separate IS auditing function. On the other hand, some prefer IS auditing integrated to the operational and financial auditing function.5 The uncertainty over the better approach makes it harder to design academic program for IS auditors.

     In designing a model curriculum for IS auditing, one has to recognize that there are generally two categories of individuals in the information systems auditing industry. One category comprises those individuals that have at least several years of information systems auditing experience. They are mainly accounting professionals who are IS-technically competent and IS specialists who understand the accounting and financial operations. They all have practical experience and specific industry expertise. The other category comprises new IS program graduates or accounting program graduates who enter IS auditing directly from college. These graduates usually have a very good understanding of the field of accounting or IS but generally not both, unless they graduated with a double major in information systems and accounting. Furthermore,

direct entry into the profession, as is the situation today, may change with entry- level requirements, including experience in business processes, systems and technology, as well as sound knowledge of general auditing theory supplemented by practical experience. In addition, IS auditors may require specific industry expertise, such as telecommunications, transportation, or finance and insurance to adequately address the industry specific business/technology issues.6

There is a need for model curriculum in IS Audit, Security and Control at the undergraduate and graduate levels.  Even though the undergraduate candidates may not have the business experience necessary (even though more universities are requiring internships), they are being given opportunities worldwide.  As a international professional association, ISACA needs to provide their expertise on how to prepare candidates at both educational levels.  This document represents ISACA's  guidance to the university environment.

Proposed IS Auditing Education Curriculum

     The purpose of this model is to propose IS auditing curricula at the undergraduate and graduate levels.  The model is based on the needs and the expectations of  the IS auditing profession and the prior research  of academicians, practitioners, audit organizations and professional societies. The objective of this proposal is to identify the fundamental course components of IS auditing and integrate them into the accounting, auditing, commerce, finance, and IS education provided by universities worldwide. The goals of the model curricula are to prepare students for careers in the IS auditing profession and to assist students in becoming marketable in the auditing industry.  The CobiT  Framework and 1996 CISA's domains are used as a guide to structure the core IS audit, security, and control courses at both the undergraduate and graduate levels (See Illustrations I-IV).  Although undergraduates may not possess the experience, the core courses identified are designed to provide the candidate entry level skills and capability. 

     The proposed undergraduate and graduate model curriculums provided in this paper are goals. We realize that universities can be on a quarter or semester basis and suggest that the model is a guide for courses or courses that may cover multiple topics.  For U.S. Universities, use of the AACSB  standards is an acceptable model since the accreditation process is rigorous and held in high regard. For Non-U.S. Universities, format, arrangement and content will vary depending on university accreditation requirements and government requirements. In both environments, there may be limitations in their ability to utilize resources across departments and college boundaries.

Undergraduate Model

     Employers are demanding that their accounting and audit professionals possess adequate backgrounds in computer science and IS. Typically, the student at this level lacks business experience, and seeks to gain the required knowledge, skills and abilities through academic coursework enhanced by internships. Traditional undergraduate accounting programs appear inadequate in meeting these needs. The common approach is that students take elective courses in IS or a single accounting information systems course, usually without any coordination of materials between the two disciplines.

     The proposed undergraduate model is interdisciplinary in nature and may require resources from two or more departments, schools or colleges. This is a very positive aspect of the model because interdisciplinary programs between the departments within a college of business and between colleges of business and other colleges are highly encouraged by the American Assembly of Collegiate Schools of Business (AACSB ) and other accrediting bodies in the U.S.7.

     The courses to be offered as in this program are classified into three groups: accounting, IS and internal auditing:

Accounting

Accounting Principles I

Accounting Principles II

Intermediate Accounting I

Process control/Internal Control

Accounting Information Sytems

Information Systems

Introduction to Computers

Computer Programming

Systems Analysis & Design

Data Base Management Systems

Communication & Networks

Management of Information Systems

Auditing

Internal Auditing I

Intro to Information Systems Auditing  /CAATS ie:  CIS 433

Special Topics 

     Except for the accounting principles and introduction to computers courses, which are normally taken within the common body of knowledge in any AACSB -accredited institution, all the other courses are normally taken after the core portion of a business program.  Exhibit I displays these courses in a sample sequencing appropriate for most U.S. institutions.  Some of the recommended courses to help build IS Audit skills are Process Controls/Internal Control, Accounting Information Systems/ Computer Assisted Audit Techniques(CAATs), Internal Auditing and the Introduction to IS Audit.  The inclusion of a Special Topics course is to allow modification of coverage to encompass recent technologies, contemporary business philosophies, international business systems, newer audit domains such as quality audits and not-for-profit issues, and other topics not sufficiently covered sufficiently.

     In the computer programming course, languages such as C++ and Cobol or others relevant could be covered; a second course might be desirable, although more advanced courses such as communications and networks can include additional programming work such as object-oriented programming.  IS related courses provide both exposure to and awareness of the complexities of Information Technology (IT) operations and the management of IT. 

     This proposed curriculum does not include all the courses that would need to be taken for the CPA examination. However, the task force believes that the graduates are able to sit for more relevant certification examinations such as Certified Information Systems Auditor (CISA) (see attachment III and illustrations III and IV), Certified Internal Auditor (CIA) and Certified Quality Auditor (CQA).  Should they pass, then they must meet the experience requirement before they can be certified. The curriculum is designed to train IS auditors within the scope of a normal four- year undergraduate program.

     It appears that the CPA profession is heading toward a five-year program, and students wishing to become CPAs as well as IS auditors could take Intermediate Accounting II, Governmental Accounting, Tax Accounting and other course within a five-year plan. To date, 33 states in the US have passed the 150 hour requirement.  It could easily be argued that with the management consulting and outsourcing of various activities becoming a larger percentage of a CPA firm's revenue, such a program could provide CPA firms with employees capable of growing with the firm.  Further, depending upon the number of university basic study requirements and college of business core requirements, a student might have scheduling room to take these courses as electives in a four-year program.   Internationally, this requirement is not a factor now.

     A sample syllabus of the undergraduate version of the Information Systems Auditing course is provided in Exhibit II. At a minimum, the content of this course should cover the most current ISACA CISA domains, so that the student has a basic knowledge and awareness of the field. If coursework can include simulated or actual IS audit projects that involve use of computer assisted audit techniques (CAATs) then the student can apply what has been learned.  Also, through oral presentations and written form(audit reports, workingpaper writeups, etc), students can build their writing skills for documenting work performed and writing reports to management. Such a curriculum at the undergraduate level can provide basic skills and abilities (minimal exposure) to be competent and function as an entry level IS audit professional.

     In lieu of the above, undergraduates who major in both accounting and information systems, or major/minor in both areas, can also be recognized as possessing the basic skills for entry into the IS audit profession.  An introductory IS Audit course as part of their senior electives could be recognized as a capstone course for such an emphasis.  Several universities have been very successful in providing undergraduate entry level talent to both external and internal IS audit environments.

Graduate Model

     

     The proposed graduate model is designed for individuals interested in pursuing a graduate level degree in IS auditing. Typically, these candidates have studied and/or have experience in IS, accounting, commerce or finance field.  At minimum, potential students qualified for participating in such a program should possess an undergraduate business-related degree in either IS, accounting, commerce, finance, or a combination.  Students deficient in this background would generally be required to take a number of prerequisite IS, business or commerce courses typically expected of first-year graduate business students.

     The courses within this proposed program is classified into four sections: Basic Understanding, Required IS Auditing Related Courses, Directed Electives, Business Research Methods & Project/Thesis.  The corresponding courses within each section are:

 

Basic Understanding*

 Weighted Unit

Information Systems Management

4

Auditing Practice and Theory  

4

International Business/Business Organization/Finance

4

 

-----------------

 

8*

 

Required IS Auditing Related Courses

Weighted Unit

Legal Environment in Information Systems  GBA 560

4

Information Systems Auditing/CAATs Accounting 863

4

Security and Privacy in Information Systems   GBA 578

4

Networks and Telecommunications        GBA 557

4

Advanced Information Systems Auditing   ACC 591 or GBA 577

4

 

-----------------

 

20

 

Business Research Project Electives

Weighted Unit

Directed Elective I

1

Directed Elective II

4

Directed Elective III

4

 

-----------------

 

9

 

Business Research Project Electives

Weighted Unit

Business Research Methods & Application

4

Business Research Project or Thesis

4

 

-----------------

 

8

                                                                   45 Units Total

                * Must take 2 of 3 based on undergraduate business degree             

     Exhibit III shows the model curriculum for graduate IS auditing.  Also, Exhibit V shows example syllabi for the IS audit core courses.  Under the Basic Understanding section, students are required to take two courses from the those available. However, the CIS degree holder cannot take Information Systems Management, the accounting degree holder cannot take Auditing Practice and Theory, and the Commerce/Finance degree holder cannot take International Business or Business Organization/Finance Theory.  That means, computer information systems graduates can only take "Auditing Practice & Theory" and "International Business" or "Corporate Finance Theory"; accounting graduates can only take "IS Management" and "International Business" or "Business Organization/Finance Theory"; and international business /finance/commerce graduates can only take "IS Managment" and "Auditing Practice and Theory".  The purpose of these Basic Understanding courses are to build a basic common knowledge for IS auditing students. 

        The second section, Required IS Auditing Related Courses, consists of five IS auditing core courses. The five courses cover eleven areas, which can be identified within the Domains of the CobiT Framework (see illustration II) and the 1996 ISACA CISA  examination domains (see Exihibit IV).  These courses cover eleven areas are easily recognizable in the IFAC study, "The Impact of Information Technology on the Accountancy Profession" and their follow-on discussion paper, "Minimum Skill Levels In Information Technology For Professional Accountants".  Thus, the blend of Accounting, Business and IS education at the graduate university level can produce a person with basic skills to perform in these areas. The eleven areas are:

Information technology and Use

Systems analysis, design, development and implementation

Internal controls and documentation of information systems

Data structures and data base concepts and management

Information systems applications and processing cycles

Management of information systems

Computer programming languages and procedures

Computer communications and networks

Model based systems (decision support and expert systems)

Systems security and disaster recovery planning

Auditing of information systems

     A program beyond the bachelor's degree should be designed to provide the eight technical proficiency requirements8 below:

Proficiency as an auditor;

Ability to review and recommend the extent of audit procedures required;

Understanding IS system design and operations;

Knowledge of programming languages and the ability to apply computer assisted audit techniques and assess their results;

General familiarity with computer operating systems and software;

Ability to identify and reconcile problems with client data file format and structure;

Ability to bridge the communications gap between the auditor and the IS professional; and

Know when to seek the assistance of an IS Professional

The proposed program includes these proficiencies.

         The model curriculum for IS auditing at the graduate level has also taken into account the technological challenge and issues involving improvement of oral and written communication abilities.  IS auditors are constantly working with new technology. They cannot lose sight of the changing technology and its impact on the control functions surrounding business functions. They need to be able to cope with the pace of rapid change of new technologies; they need to update themselves regularly with competent technical knowledge.

The role of IS auditors and the basic audit methodologies remain unchanged; however, the IS auditor must understand the new technologies, be capable of determining their impact on controls and audit procedures, and ensure that evidence collection tools and techniques have been developed.

   "It is not enough that information systems auditors have technical skills to successfully diagnose control issues or problems, but they must be able to communicate key issues to higher levels of management in oral and written form."9  As a result, the five required courses offer students basic, intermediate & advanced exposure to concepts and methodologies in the application of IS audit, security and control knowledge, risk analysis and preventive law approach, and technological challenge in IS auditing. The additional challenges come from having to communicate audit results to faculty and/or management, their project members and peers in oral and written form, and meeting the professional demands placed on the IS Auditor.

     To the extent possible, team audit projects should be assigned in each of these required core courses, so that students can gain IS auditing experiences such as developing audit steps and work papers, interviewing with clients, putting together audit projects, planning for and using CAATs, and presenting audit findings. This way students will have actual hands- on audit experiences and opportunities for them to improve their communication skills. Three commonly accepted methods of obtaining an IS auditing education are first.

to participate in on-the-job training and in-house programs. These are most appropriate where the technology presented has been adopted by the organization, but not fully implemented by the auditing department.

The second method is to participate in seminars presented by professional organizations or vendors. These are valuable in presenting information that is new or for exploring various approaches to information systems auditing problems. In the seminar environment, a peer group can share perspectives not available from a single instructor. However, seminars involve costs, not only for the program, but for travel, accommodations and loss of time at work. Also some seminars do not provide the in-depth technical hands-on competence required in information systems auditing.

The third method is found in the traditional academic environment. Studies have shown that as much as 70 percent of audit training is on-the-job, compared to only 8 percent learned in school. 10

The audit experience and training that these proposed programs offer are comparable to the combination of participating in seminars and the on-the-job audit training with a much lower price.

     After the completion of the Basic Understanding section and the Required IS Auditing Related Courses section, students will be able to proceed to the third section. At the end of this third section, students will gain substantial knowledge in the selected area of study (see Exhibit VI). Notice that Directed Elective I is only weighted for 1 unit hours. Basically, students are expected to develop a proposal for their business research project. Students can take various approaches in achieving this one-unit course. Students already working in accounting, commerce, finance or IS can perform research on a topic within their workplace that examines IS controls. Non-working students can take this opportunity to participate in internship program in the related areas.  Directed Elective II and Elective III require students to take courses relating to their business research project topic or thesis. Directed electives can be focused toward relevant support courses offered by other colleges or departments, or off- campus distance learning11.

    The last section consists of a Business Research Project or Thesis, and Business Research Methods & Application.  The Business Research Methods & Application course will provide the student training, direction and guidance in state of the art research tools, techniques and methodologies. This course will assist in their development of their final research project or thesis in their selected area as the terminal requirement for their degree at the graduate level. A major advantage to the students doing this research project is that they can begin developing their specific industry expertise in the ID auditing field before they enter into the profession.

Conclusion

     

      In the information-based business environment, business professionals who are technically competent in IS or IS specialists who understand the accounting, commerce and financial operations are in high demand for IS auditing.  The IS specialist and the IS auditor must continue to receive training, retraining, and upgrading of knowledge, skills and abilities.  Because most accounting and IS professions believe that education is necessary, proactive IS auditing curricula at the undergraduate and graduate level is very desirable. The ISACA  Model Curriculum for IS Auditing Education at the Undergraduate and Graduate levels are presented in this paper.  These models are a goal for universities worldwide to strive toward meeting the demand for IS auditing.

     These models can also serve those who are interested in obtaining an IS auditing education or or interested educational institutions worldwide who are developing curricula in the IS auditing. The sample syllabi of courses identified are offered as examples of what content and requirements courses may include or contain. They are provided by universities that have been successful in starting and maintaining such programs at the undergraduate and graduate level.  Non-US educational institutions may substitute sequence, courses and content due to government or educational requirements/restrictions imposed within their environment.

Bibliography

Accounting Education Change Commission. 1990. Objectives of education for accountants: Position Statement number one. "Issues In Accounting Education"   (Fall): pp. 307-312.

American Institute of Certified Public Accountants ( AICPA), IIS Spring 1987, Statement on Auditing Statement 55, "Consideration of the Internal Control Structure in a Financial Statement," April 1988.

Cangemi, Michael P. and Gallegos, Frederick. CIS Auditing: A Career Plan, New Accountant (February 1991)

Culpepper, R.C., T.H. Oxner, and J. Kusel. 1991. "USA Demand for Internal Auditors - The EDP Advantage", The EDP Auditor Journal, Volume 1, pp 45-52.

Gallegos, Frederick. "A Decade of Excellence in EDP Audit Education", The EDP Auditor Journal (1991) Vol. I.

Information Systems Audit & Control CobiT Steering Committee, " CobiT Framework - Exposure Draft", Information Systems Audit & Control Foundation, Exposure Draft, Rolling Meadows, Illinois, 1995.

Information Systems Audit & Control Association, "1996 CISA  Examination Domains", ISACA Certification Board, Rolling Meadows, IL, 1995.

International Federation of Accountants Education Committee, 1993. "Minimum Skill Levels In Information Technology for Professional Accountants", Discussion Paper issued by the International Federation of Accountants, November 1993.

International Federation of Accountants, "The Impact of Information Technology on the Accountancy Profession", IFAC, September 1992.

Katsikas, Sokratis and Gritzalis, Dimitris A., editors, "A Proposal For a Postgraduate Curriculum in Information Security, Dependability and Safety," New Technology Publications-Athens, Greece, September 1995.

Kneer, Dan, Vyskoc, Jozef, Manson, Dan, and Gallegos, Frederick. Information Systems Audit Education, IS Audit & Control Journal (1994) Vol. IV.

McCombs, G. and Sharifi, M. " Meeting the Market Needs: An Undergraduate

Owen, Laura. "The Future of Information Systems Audit & Control", IS Audit & Control Journal (1994) Vol. IV.

Parker, Robert. "EDP Auditing: The Heights Still Have Not Been Reached," IS Audit & Control Journal (1994) Vol. IV.

President's Council On Integrity and Efficiency, "Computer Audit Training Curriculum", PCIE, Washington, DC, September 1989.

Singleton, Tommie and Flesher, Dale L. "The Developments of EDP Auditing Education Research and Literature in North America: 1977 to 1994," IS Audit & Control Journal (1994) Vol. IV.

Singleton, Tommie and Flesher, Dale L. "The Evolution of EDP Auditing in North America: 1977 to 1994," IS Audit & Control Journal (1994) Vol. IV.

Stachchenko, Patrick. "New CISA Exam Domains Emphasize IS Link to Business Objectives," Global Communique (1995) Vol. 5.

Weber, Ron. EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

Endnotes

1Weber, Ron.  EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

2Weber, Ron.  EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

3Weber, Ron.  EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

4Weber, Ron.  EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

5Kneer, Dan, Vyskoc, Jozef, Manson, Dan, and Gallegos, Frederick. "Information Systems Audit Education," IS Audit & Control Journal (1994) Vol. IV.

6Parker, Robert.  "EDP Auditing: The Heights Still Have Not Been Reached," IS Audit & Control Journal (1994) Vol. IV.

7Kneer, Dan, Vyskoc, Jozef, Manson, Dan, and Gallegos, Frederick. "Information Systems Audit Education," IS Audit & Control Journal (1994) Vol. IV.

8Weber, Ron.  EDP Auditing Conceptual Foundations and Practice (United States: McGraw-Hill, Inc., 1988) 2nd Edition.

9Gallegos, Frederick.  "A Decade of Excellence in EDP Audit Education,"  The EDP Auditor Journal (1991) Vol. I.

10Cangemi, Michael P. and Gallegos, Frederick.  "CIS Auditing: A Career Plan,"  New Accountant (February 1991).

11Katsikas, Sokratis K. and Gritzalis, Dimitris A., edsl, "A Proposal for a Postgraduate Curriculum in Information Security, Dependability and Safety," Athen, Greece: New Technology Publication, September 1995.

                                                   Return to Main  Page