| Aim of Module | To enable students to be able to design appropriate controls in a simple computer system |
| Credits | 7 |
| Student Learning hours | 70 |
| Content Revised | 2004 |
| Prescription Expiry Date | Nov 2007 |
| Topics | Highest Skill Level | Suggested Assessment Percentage | |
| 1 System and Programming Controls | C | 20 | |
| 2 Threats, Exposures, and Safeguards | C | 30 | |
| 3 Designing Controls | A | 35 | |
| 4 Audit Trails and Journals | C | 15 | |
| 100 | |||
| LEARNING OUTCOMES The Student Will | ||
| C | 1 | Explain the reasons and requirements for ensuring appropriate controls are in place for computer systems. |
| C | 2 | Describe areas of possible threat and exposure to an organisation and identify safeguards that can be enacted. |
| A | 3 | Design controls using a simple case study system design exercise |
| C | 4 | Describe the entities involved in an audit trail and the purposes of journals |
| 1 | System and Programming Controls |
| > | Explaining the reasons and requirements for ensuring appropriate controls will include: | |
| - | review and approval procedures for new systems | |
| - | program testing procedures | |
| - | program change procedures | |
| - | documentation | |
| - | data conversion operations | |
| - | data entry | |
| 2 | Threats, Exposures, and Safeguards |
| > | Describing areas of possible threat and exposure to an organisation and identifying safeguards that can be enacted will include: | |
| > | Threats: | |
| - | errors and omissions, disasters and disruptions, loss of integrity | |
| - | disclosure, defalcation, theft of resources | |
| > | Safeguards: | |
| - | physical security, audit trails, backup, recovery procedures | |
| - | error detection/correction, authentication, encryption | |
| - | operational procedures, preventative maintenance | |
| - | format checking, insurance, legal contracts, fault isolation, diagnostics | |
| - | training/education, documentation, testing and reporting, statistics | |
| 3 | Designing Controls |
| > | Designing controls using a simple case study system design exercise will include: | |
| - | identifying areas where controls are required | |
| - | applying this knowledge in a simple case study system design exercise. | |
| - | placing specific emphasis on application controls and how they are complemented by administrative and general (environmental) controls, taking account of both internal and external control requirements. | |
| - | familiarising students with any statutory regulations which may apply in this area. | |
| 4 | Audit Trails and Journals |
| > | This should involve a discussion of the importance of fully documenting changes to systems | |