| Study programme competencies |
| Code | Study programme competences |
| A47 | Capacidade para determinar os requisitos dos sistemas de información e comunicación dunha organización de acordo cos aspectos de seguridade e cumprimento da normativa e a lexislación vixente. |
| A51 | Capacidade para comprender e aplicar os principios e as técnicas de xestión da calidade e da innovación tecnolóxica nas organizacións. |
| B1 | Capacidade de resolución de problemas |
| B3 | Capacidade de análise e síntese |
| B7 | Preocupación pola calidade |
| B8 | Capacidade de traballar nun equipo interdisciplinar |
| C6 | Valorar criticamente o coñecemento, a tecnoloxía e a información dispoñible para resolver os problemas cos que deben enfrontarse. |
| Learning aims | |||
| Learning outcomes | Study programme competences | ||
| Information Systems Audit | A47 A51 |
B1 B3 B7 B8 |
C6 |
| Information Systems Quality Assurance | A51 |
B3 B7 |
C6 |
| Information Systems Control | A47 |
B3 B7 |
|
| Contents |
| Topic | Sub-topic |
| Unit 1: Introduction to the Quality Assurance Concept in Information Systems. | Concept, needs, requirements. QA Levels and tasks. Quality Management Systems. QA planning and quality reviews |
| Unit 2: IS Auditing process | Concept, needs, functions Risk assessment Internal Controls Audit planning and audit evidences Performing an IS Audit |
| Unit 3: IT Governance | Concept and needs IS strategies vs corporative strategies. Frameworks: COBIT. Auditing IT governance structures. Risk management |
| Unit 4: Protection of Information Assets | Concept and needs IS Protection Logical and applied protection of IS Physical protection of IS infrastructure. Security frameworks auditing. |
| Unit 5: Business continuity plans and recovering after disasters. | General concepts. Business continuity planning and components. Auditing the BCP |
| Unit 6: Legal aspect in IS | Spanish regulatory framework. Data protection regulation. |
| Planning | ||||
| Methodologies / tests | Competencies | Ordinary class hours | Student’s personal work hours | Total hours |
| Workbook | B3 | 2 | 7 | 9 |
| Case study | B1 B8 | 10 | 25 | 35 |
| Mixed objective/subjective test | A51 B1 B7 C6 | 2 | 0 | 2 |
| Supervised projects | A47 B1 B3 B7 | 7 | 21 | 28 |
| Guest lecture / keynote speech | A47 A51 B7 | 19 | 57 | 76 |
| Personalized attention | 0 | 0 | 0 | |
| (*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. | ||||
| Methodologies |
| Methodologies | Description |
| Workbook | Readings for consolidating and complement the knowledge acquired by the student during the lessons. Topics: techniques, applications and information systems. |
| Case study | Case studies with problem analysis and achieved solutions. |
| Mixed objective/subjective test | In this test the knowledge acquired by the student about the theoretical and operative topics covered during the course will be evaluated. |
| Supervised projects | A set of guided works proposed by the professor will be developed by the students individually or in groups. |
| Guest lecture / keynote speech | Lectures for the exposition of the theoretical aspects of the course using different resources such as blackboard, slides, beamer, demonstrations, and online teaching tools. |
| Personalized attention |
|
|
| Assessment | |||
| Methodologies | Competencies | Description | Qualification |
| Case study | B1 B8 | Case studies for the independent working of the students and student participation in the lectures. It is mandatory to achieve at least the 40% of the marks in order to pass the course | 40 |
| Mixed objective/subjective test | A51 B1 B7 C6 | Questions about the acquired knowledge. Questions involving critical reasoning for solving practical problems of the real world. It is mandatory to achieve at least the 40% of the marks in order to pass the course | 40 |
| Supervised projects | A47 B1 B3 B7 | Tracking of the working process and evaluation of the final output from the students. It is mandatory to achieve at least the 40% of the marks in order to pass the course | 20 |
| Assessment comments | |||
|
Para a segunda oportunidade e as convocatorias non ordinarias, tanto as prácticas e traballos como a teorías avaliaranse no exame mixto. En lo referente a alumnos en regimen parcial, no se dispensará la asistencia a las actividades donde se realice evaluación. |
|||
| Sources of information |
| Basic |
Chris Davis, Mike Schiller, Kevin Wheeler (2006). IT Auditing: Using Controls to Protect Information Assets. McGraw-Hill
Mario G. Piattini Velthuis, Félix O. García Rubio, Ignacio García Rodríguez de Guzmán, Francisco J. (2015). Calidad de sistemas de información 2nd ed. RAMA
ISACA (2012). Cobit 5: A Business Framework for the Governance and Management of Enterprise IT..
ISACA (). http://www.isaca.org.
Sandra Senft y Frederick Gallegos (2008). Information Technology Control and Audit. Auerbach Publishers Inc |
|
|
|
| Complementary | |
|
|
| Recommendations | |
| Subjects that it is recommended to have taken before |
| Subjects that are recommended to be taken simultaneously |
| Subjects that continue the syllabus |
| Other comments | |