Thank you,It was enjoyable learning

High level course suitable for gaining an overview of certain aspects of IT audit. It discusses risks and controls and then goes to focus on SDLC and Change Management processes, with other key areas (e.g. security) mentioned in passing. There's very little detail about the practicalities of auditing itself, other than the assessment of risk.

The instructor is enthusiastic and the slides were clear.

Some of the quiz questions were not written in clear English so it was not always easy to work out what was being asked.

I found the interviews with the Big 4 partner very uncomfortable and saddening to watch as she was repeatedly talked over and interrupted. I feel she could have provided a lot more insight into her line of work if she was allowed to complete her trains of thought.

Poor presentation skills and grammar. Bad sound on video 4.8. Exams are of higher level than course itself, that made it challenging.

Thank you very much for the course "Information Systems Auditing, Controls and Assurance", which was incredibly interesting and informative. Sincere thanks to the lecturer for the availability and interesting presentation of the material, as well as practical examples!

This course really helped me gain knowledge regarding IS audits, controls and assurance. Professors explanation was good and easily understandable. Guest interview made me acquire practical knowledge.

This is the first course that I have taken in Coursera. As an internal auditing student, I would say that this course helped me a lot to gain more knowledge when it comes to information systems. The lessons/topics on the first week of the course are already very familiar to me as we already tackled them in my actual course (internal auditing). The following weeks/topics are very new to me, and I spend so much time understanding them very well. I chose to take this course because it will help me gain knowledge when I take the CISA examination someday. I also want to use my time wisely during this time of the pandemic so I decided to enroll to this course.

Personally, this course was great if you want some basics of IS Auditing. Of course, you are not a professional after this course. You will need to take additional more detailed courses. But, this is a great start!

Professor Dias is a very good instructor who is enthusiastic about IS systems and who teaches you very valuable information on the field of IS auditing. Very good to show to employers.

Its an excellent course designed to give a brief & quick knowledge about IS Auditing, Risk Management, Change Management, Business Application Development, System Maintenance.

The course content lacked the essentials of IS/IT risk management/assessment and mitigation strategies or methods. The course looks more for the students of IT than any professional auditor or IT professional. There was not a single illustration of practical risk-control environment with case studies of internal control lapses to enrich the skill of the participants. The most annoying thing is that the post course survey/feedback is open for all options against each question rather than having only option to select one i.e. whether I agree or Disagree, which is vague and it did not let the course finish until I gave positive remarks to all 15 questions. That is ridiculous!

introductory material is covered. The method of presentation is unconventional to those of us who are used to university level lectures in the United States, and is closer to some trade school style lectures. Undue emphasis on alleged bad behavior that needs to be uncovered and prevented by developers that are possibly in cahoots with their managers. The instructor does not provide a sense to the student that he has spent any time in the industry and learned from experience. Good idea to have interviews with Ms. Gloria Luk. If only the interviewing instructor not interrupted her constantly.

Decent overview of the profession and good use of the slides. Material presents somewhat outdated view of the industry or very specific to financial domain. Certain examples and quiz questions were ambiguous or convoluted which resulted in seemingly correct answers being marked as wrong. No replies from the professor in discussion forums.

This course is VERY basic. It explains the very basics of audit but does not provide any real-life examples or experience.

An OK place to start, if you know nothing about IS auditing.

Presentations were very well prepared, but please find a native speaker as a presenter. It is difficult for us (non native speakers) to follow like this.

This is likely a decent course for folks in school/college who are yet to enter the workforce; however, the instructor does not appear to have sufficient industry/field experience in IS audit to add value for the experienced learners/ working professionals. Therefore, as a result very less was taught about audit and how IS audit is actually conducted. Further, there is inconsistency in the content related to SDLC i.e. the phases in the reading material follow a different order then order of the phases in rest of the video modules followed, and one of the reading materials was a wiki page, when content from wiki is not even accepted in schools for assignment/research purposes. There were several grammatical errors in the content and quiz questions, which at times made it difficult to focus. Further, the instructor repeatedly interrupted the Industry expert invited for the discussion each time she responded to his questions. Would have liked to hear more from the Industry expert/ Audit Practitioner (uninterrupted) to help connect theory to practice.

ISACA Outlines Five Steps to Planning an Effective IS Audit Program 

ISACA Outlines Five Steps to Planning an Effective IS Audit Program (Source: ISACA)

Rolling Meadows, IL, USA (31 March 2016)—A new report from global IT association ISACA identifies five steps organizations should take to create an effective audit program and reap the benefits of a successful information systems (IS) audit.

IS audits help enterprises ensure the effective, efficient, secure and reliable operation of the information technology that is critical to organizational success. The effectiveness of the audit depends largely on the quality of the audit program, according to a new ISACA white paper, titled Information Systems Auditing Tools and Techniques: Creating Audit Programs.

According to the guide, the audit process consists of three phases: planning, fieldwork/documentation and reporting/follow-up. The planning phase consists of five key steps.

1.    Determine audit subject.

2.    Define audit objective.

3.    Set audit scope.

4.    Perform pre-audit planning.

5.    Determine audit procedures and steps for data gathering.

“ISACA’s new white paper provides audit and assurance professionals with practical guidance on how to develop audit programs from the ground up,” said Rosemary M. Amato, CMA, CISA,  a director on ISACA’s Board, and Director, Deloitte Accountant B.V. “Audit processes are clearly defined by phase with activities clearly described. ISACA’s new guide can be leveraged in your organization to add value to the audit function.”

Setting the audit scope is critical, according to the white paper, because “the IS auditor will need to understand the IT environment and its components to identify the resources that will be required to conduct a comprehensive evaluation.” A clear scope helps the auditor determine the testing points relevant to the audit’s objective.

Pre-audit planning includes tasks such as conducting a risk assessment, identifying regulatory compliance requirements and determining the resources that will be needed to perform the audit.

The final planning step—determining audit procedures and steps for data gathering—involves activities such as obtaining departmental policies for review, developing methodology to test and verify controls, and developing test scripts plus criteria to evaluate the test.

Once planning is complete, auditors can move on to the fieldwork and documentation phase (acquiring data, testing controls, issue discovery and validation, documenting results) and the reporting phase (gathering report requirements, drafting the report, issuing the report and follow-up), both of which are described in detail in ISACA’s Information Systems Auditing Tools and Techniques: IS Audit Reporting paper.

“Creating Audit Programs” indicates three key success elements: IS auditors should be familiar with standard frameworks, the operating environment of the entity under review and the audit process used internally.

“Creating Audit Programs” and supporting materials, including a related infographic and sample audit program, are available as a free download at www.isaca.org/creating-audit-programs.

About ISACA

ISACA (www.isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.

Twitter: https://twitter.com/ISACANews LinkedIn: https://www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAHQ

Contact:

Kristen Kessinger, +1.847.660.5512, news@isaca.orgJoanne Duffer, +1.847.660.5564, news@isaca.org                           Jay Schwab, +1.847.660.5693 news@isaca.org

I recently completed the "Information Systems Auditing, Controls and Assurance" course, and I must say, it exceeded all my expectations. This comprehensive course provided an in-depth exploration of auditing principles, controls, and assurance in information systems, and I couldn't be more satisfied with the experience. One of the standout features of this course was its thoroughness. The content covered all essential aspects of information systems auditing, from the fundamentals to the advanced concepts, leaving no stone unturned. Each module was meticulously crafted to ensure a comprehensive understanding of the subject matter, and I appreciated the depth of coverage provided. Additionally, I found the pacing of the course to be just right. The material was presented in a structured manner, allowing for a smooth progression from one topic to the next. Concepts were introduced gradually, building upon each other, which facilitated a deeper comprehension of the subject matter. This approach made it easy to follow along, even for those with limited prior knowledge in auditing. Furthermore, I was impressed by how the course material was presented in a manner that was easy to understand. Complex auditing principles and techniques were explained in clear and concise language, supplemented with real-world examples and case studies that helped to contextualize the concepts. This made the learning process engaging and enjoyable, and I found myself eagerly delving into each module. In conclusion, I wholeheartedly recommend the "Information Systems Auditing, Controls and Assurance" course to anyone looking to gain a comprehensive understanding of auditing principles in information systems. Whether you're a seasoned professional or just starting out in the field, this course offers valuable insights and knowledge that will undoubtedly benefit your career. Kudos to the instructors for delivering such an outstanding learning experience!

I recently completed the Information Systems Auditing, Controls, and Assurance course, and it has been an incredibly valuable learning experience. The course provides a comprehensive overview of IS auditing, with a special focus on risk management, controls, and the essential procedures that IS auditors must follow. Prof. Percy Dias presents the material in a structured and digestible way, starting from the basics of risk and controls, making it suitable for both beginners and experienced IT professionals. One of the highlights of the course is the detailed explanation of how IS auditing differs from financial auditing, providing real-world examples and practical conversations with an IS audit practitioner. The course also covers the Systems Development Life Cycle (SDLC), which is critical for understanding how auditors play a role throughout the lifecycle of business applications. I found this part particularly useful for understanding how controls are applied in different stages of system development. The IS Maintenance and Control module was insightful as it explained the importance of change management and emergency controls in maintaining the integrity of information systems. It also gave a good introduction to emerging technologies like FinTech and how IS auditors support these industries. Overall, this course is well-structured and offers strong foundational knowledge, making it a great starting point for anyone looking to pursue IS auditing certifications, such as the Certified Information Systems Auditor (CISA). Highly recommended for those in IT and auditing roles who wish to expand their knowledge of information system controls and governance.

Hello Everyone! I recently completed the IS Auditing course, and I must say it provided a comprehensive and insightful exploration of Information Systems (IS) auditing principles. The course, divided into modules, covered key aspects of risk management, internal controls, and the overall audit process. The instructor, Prof. Dias, delivered engaging video lectures, combining theoretical knowledge with practical examples, making complex concepts more accessible. The course began by delving into the fundamental concept of risk and its three-step management process. Prof. Dias effectively demonstrated how businesses embrace risks and the critical role of controls in mitigating potential threats. To assess learning, the course included a well-structured quiz at the end, testing comprehension and retention of key concepts. In summary, the IS Auditing course provided a well-rounded understanding of the intricacies of auditing in information systems. Prof. Dias' effective teaching style, coupled with relevant examples and quizzes, ensured an engaging and educational experience. I would highly recommend this course to anyone looking to gain a solid foundation in IS auditing principles. Regards

This is a short but fruitful course. I believe no matter for a fresh graduate or an experienced IT auditor, this course can help the audience to create refreshing ideas for their next audit job.

This is a short course at the introductory level, it gives real-life examples to concrete the theory learned. I would say this is a good refreshing course. However, the course content is not broad enough to cover all the topics in IS auditing or the ISACA CISA syllabus. I wish HKUST will develop another program/s base on the skeleton of the CISA/COBIT or NIST framework. To make the courses easier to follow, the School may break the course into courses covering one area each, to make a complete series of courses for students to study. and at the end of the series. Student will be confident to take the professional exam.

As a full time employee in Hong Kong with high workload. a small commitment to study is always better than paying few thoudsand dollars for a one off but large commitement course that usually lead to failure .

This is excellent course I will recommend to the professionals working in the field of Fraud investigation , forensic investigation and Audit to learn this course.

It will help them to sharpen their knowledge and built them industry ready for investigating the new age digital frauds, Payment Bank frauds, E- banking System frauds, Virtual banking Frauds, AI systems frauds . It also help to analysis's and identifying the potential risks in the information system of the organization. The IS Auditor also advice the senior management to put preventive and adaptive controls in the information systems of the organizations.

Best Regards,

Gyana Ranjan Rath- FAFE & IS Auditor

12+ year experience in the filed of Fraud investigation & reporting

I thoroughly enjoyed the "Information Systems Auditing, Controls and Assurance" course by The Hong Kong University of Science and Technology. It covered essential topics in a clear and organized manner, making it easy to follow along. The course provided a deep dive into auditing principles, internal controls, and risk assessment strategies. I appreciated the interactive elements like quizzes and case studies, which helped reinforce learning. The instructors were knowledgeable and engaging, offering valuable insights and examples. Overall, I highly recommend this course to anyone interested in understanding information systems auditing and control mechanisms.

The course was very comprehensive and practical. I loved it a great deal.

It has cemented my existing knowledge and given me a lot of confidence concerning the subject of controls and assurance for information systems which will go a long way in my career.

The one thing that I think should be done as a value add perhaps not to the course per se but to coursera learning platform is to build in the capability to be able to message the course instructor in order to request for clarification or ask questions in a real time manner because the discussion threads by previous cohorts of students does not always have what you need.

Otherwise thank you Professor Dias

Thank you Mr. Dias for the thorough and interesting lectures on IS auditing and controls. I gained knowledge in the areas of IS change management controls, SDLC and IS Risk management controls. I loved the instructor's enthusiasm and interest to teach the students almost every important aspect of IS audit. I wish the course had few case studies so as to see how is an audit report prepared and some more material on "Incident reporting". "Business Continuity Management", "Disaster Recovery Management" etc. However, I felt the course is designed really well. I didn't lose interest or grasp. The examples provided by Mr. Dias were very appropriate and accurate.

The Coursera course on IS Auditing, Controls and Assurance by Hong Kong University is excellently designed, offering comprehensive content delivered through clear and detailed videos by Professor Dias. The pace of instruction is comfortable, ensuring thorough coverage of all essential points. The quizzes effectively assess acquired knowledge, enhancing understanding and retention. This course promises significant future benefits, particularly for those interested in auditing information systems. Highly recommended for its structured approach and quality instruction.