This course introduces students to the role of information systems governance in IT decision-making. Students will develop skills in using analytic assurance techniques and analysis to develop management recommendations to improve the business's IT capability and to investigate technology-based fraud.
Audit analytics will be used in support of forensic investigation of technology-based fraud. Topics addressed include IT governance, enterprise risk management, IS controls, audit analytic techniques, cyber security, and data privacy. This course prepares students for future management or business advisory roles in the management, governance, and assurance of digital technologies.
By studying this course, students will be exposed to the types of errors and irregularities that can occur in a digitalised business, the managerial and application controls that can be implemented to reduce expected losses from errors and fraudulent irregularities arising from the use of IT in business, approaches to managing and evaluating data-based evidence, and the use of audit analytic techniques to improve business processes and support the management of information systems.
Students will be able to apply this knowledge to solve basic to moderately difficult information systems control problems that they will confront in practice, use data query languages to gather basic evidence about the reliability of controls in an information system (including business processes supported by information systems), and undertake a business advisory (assurance or consulting) engagement under the guidance of an experienced consultant and communicate their findings to an executive audience.
Sustainable Development Goals - UQ Business School is a proud supporter and Advanced Signatory of the United Nations Principles for Responsible Management Education (UN PRME). As part of the largest global collaboration between business schools and the UN, the school emphasises its role in empowering students to drive societal transformation through the Sustainable Development Goals. The SDGs highlight that a thriving economy relies on a healthy environment, aiming to balance economic growth, social well-being, and environmental protection for a sustainable future.
As the course will be both theoretical and practical ("hands on"), students are expected to be competent and comfortable using the University's systems as well as having some understanding of how business users utilise computer database applications to automate and enhance their business applications.ᅠ
Before attempting this course, students are advised that it is important to complete (or undertake at the same time)ᅠthe appropriate co-requisite courseᅠlisted on the front of this course profile. No responsibility will be accepted by the School of Business, the Faculty of Business, Economics and Law or the University of Queensland for poor student performance occurring in courses where the appropriate prerequisite(s) has/have not been completed, for any reason whatsoever.
Please note that tutorials will be delivered on a 'Bring Your Own Device' model i.e. face-to-face tutorials will not be held in Computer Labs, and Online Tutorials will require access to your own computer (Windows, Mac, or Linux).ᅠ ᅠ
You'll need to complete the following courses at the same time:
BISM7206
You can't enrol in this course if you've already completed the following:
INFS7000 or 7221
Quota: Minimum of 15 enrolments
Consultation hours will be Thursdays 10am to 12 noon of teaching weeks. Appointments may also be made at mutually convenient times - circumstances permitting. Consultations are either by Zoom or in-person. Please request an appointment to confirm availability.
The timetable for this course is available on the UQ Public Timetable.
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
BISM7221, Information Systems Control, Governance and Audit, aims to give you an understanding of the overall aspects of IT audit,ᅠmanagement aspects and auditᅠcontrols that are important in an information systems environment and especially in a digital business. Students will also be exposed toᅠhow audit evidence is collected and evaluated to assess the reliability of these controls and preparing/delivering these outcomes.ᅠ
After successfully completing this course you should be able to:
LO1.
Assess and evaluate IT Governance mechanisms to identify issues and design solutions and provide advice to ensure the alignment of information technology capabilities with business needs.
LO2.
Explain the nature and functions of auditing in the context of organisational information systems (IS), the various types of audits, the statutory responsibilities of IS auditors and the ethical underpinnings and legal consequences of the role of IS auditors.
LO3.
Assess the integrity, efficiency, and effectiveness of digitised internal controls using audit analytics to support professional independent advice
LO4.
Review the General Controls and Application Controls surrounding organisational information systems and make recommendations for improvement using risk analysis.
LO5.
Collaborate in teams to identify key insights into the nature of information systems assurance and consulting careers through reflective analysis of course materials and their relationship to professional practice.
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Essay/ Critique | Ethical IT Decision-Making and IT Governance | 30% |
15/04/2025 3:00 pm |
| Presentation, Reflection |
Career Jam: Information Systems Advisory Roles
|
20% |
12/05/2025 - 14/05/2025
This presentation will take place during the student's assigned tutorial in Week 11. |
| Paper/ Report/ Annotation | Business Consulting Report (IS Recommendations) | 50% |
11/06/2025 3:00 pm |
15/04/2025 3:00 pm
This is an individual assignment.
This 2,000 word essay explores the relationship between ethical IT decision-making in business and IT governance. This is an individual assignment, and while students are expected to discuss the essay with their peers the submitted assessment item is to be the student's own work in line with the University's requirements for academic integrity. The essay is to be supported by current research (as outlined in the Assessment Guideline), and corroborated through examples from non-academic sources.
Key to success in this assessment item is to undertake a structured exploration of ethical IT decision-making and how this is affected by different IT governance mechanisms. Specifically, the essay will identify three IT governance (structural, process or relational mechanisms) that are most suited for ensuring ethical IT decision making. The student's depth of understanding is demonstrated and supported by the use of independent personal research. Pithy and clear writing through adherence to the conventions of essay writing is also important.
AI Statement:
Artificial Intelligence (AI) provides emerging tools that may support students in completing this assessment task. Students may appropriately use AI in completing this assessment task. Students must clearly reference any use of AI in each instance.
A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct.
Further information regarding this assessment is provided in the Assessment Guideline.
Submit through TurnItIn in the Blackboard Assessment link
You may be able to apply for an extension.
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
12/05/2025 - 14/05/2025
This presentation will take place during the student's assigned tutorial in Week 11.
This is a team assignment.
It is important for students learning in advanced courses to critically reflect upon their learning progress and experiences in the context of their future career. For weeks 1 to 11, students are encouraged to write a personal journal entry reflecting on what they learnt each week both in tutorials and lectures.
This personal journal is private to the student and completely optional.
The assessment item is due in Week 11 to enable your reflection to consider the major concepts and guest speaker comments provided during the course. A guest speaker panel will take place in Week 8. Students will be asked to form a team by Week 4 of the course in their tutorial. In Week 11, the students will present a reflection on the Week 8 Industry Panel provided in lectures. This reflection is to relate an aspect or aspects of the panel presentation to a topic in the course to this point (weeks 1 to 10) and its relevance to an archetypal career role that a graduate of this course might undertake in the future. After this reflection, the group is to develop and present a portfolio of professional development activities of potential interest to the student audience. The presentation should be between 8 and 10 minutes in length.
Key to success in this assessment item is for the 'Career Jam' presentation to be professional, engaging, and relevant to students in the course.
AI Statement:
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct.
Further information regarding this assessment is provided in the Assessment Guideline.
The presentation will be recorded for marking purposes.
You may be able to defer this exam.
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
11/06/2025 3:00 pm
This is an individual assignment.
Students will use their understanding from the course of IT governance, fraud detection, and internal controls to prepare a Business Consulting Report with recommendations that improve business performance.
This report is derived from a case organisation described in the Assignment Specification.
The Business Consulting Report will require analytical skills to assess the case organisation's portfolio of IT governance mechanisms, consider the potential for fraud arising from weaknesses in the internal control mechanisms, document any findings of fraud, and how to improve organisational performance through recommendations that strengthen the internal controls environment.
The report will document the project rationale and approach, findings, and key recommendations for IT governance, fraud prevention, and the IT general controls environment.
The report is a cohesive document that can be communicated to the (fictional) client.
The results are communicated as a Business Consulting Report of 8 to 12 pages in length (excluding appendices).
Students are to use SQL data analytic techniques discussed in tutorials for fraud detection work and use Excel data visualisations to highlight their findings in the report.
These visualisations should be to a high standard.
Software Required:
Key to success in this assessment is a professional Business Consulting Report that demonstrates completeness, attention to detail, insightful analysis, and clear communication.
AI Statement:
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct.
To pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools.
Further information regarding this assessment is provided in the Assessment Guideline.
Submit through TurnItIn in the Blackboard Assessment link.
You may be able to apply for an extension.
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment is available for this course.
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Find the required and recommended resources for this course on the UQ Library website.
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Lecture |
Course Overview Course overview; Course assessment; IT Governance; Internal control and IS; Overview of IS Assurance; Auditing new risks; Electronic footprints and Data Provenance; Sustainable Development Goals. Learning outcomes: L01, L02, L03 |
Week 2 |
Tutorial |
Tutorial 1 - Introduction to SQL Structured Group Discussion (IS Assurance); Generalized Audit Software; Introduction to Databases; Installing PostgreSQL and DBeaver and Basic SQL to record your approach; Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L02, L03 |
Lecture |
Professional IS advisory services Career Overview (Guest Speaker); Professional IS advisory services and Independence; Working in Teams; Consulting; Performance audit; Internal audit; Financial audit; Consulting techniques. Learning outcomes: L02, L05 |
|
Week 3 |
Tutorial |
Tutorial 2 - Relating Tables and Data Structured Group Discussion (IS Career Interests); OzVan and Tutorials; Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L02, L03 |
Lecture |
IT Governance IT governance; COBIT 2019; Structures; Processes; Relational mechanisms; The portfolio approach; Improving IT governance. Learning outcomes: L01 |
|
Week 4 |
Tutorial |
Tutorial 3 - Advanced Where and Aggregation Structured Group Discussion (Importance of IT Governance); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L01, L03 |
Lecture |
Information Governance Information Governance; Data Quality; Data Governance; Indigenous Data Governance; Legislative Compliance; Decision-Making Mechanisms; Data Governance Approaches. Learning outcomes: L01 |
|
Week 5 |
Tutorial |
Tutorial 4 - Inner and Outer Joins Structured Group Discussion (Challenges of Data Governance Approaches); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L01, L03 |
Lecture |
Business Ethics and Fraud Ethical issues in business information systems; Ethical Decision Making Theory; Fraud schemes; Fraud and accountants; Fraud and IS professionals; Responsibility for detecting fraud; Fraud assurance risk; Fraud detection techniques. |
|
Week 6 |
Tutorial |
Tutorial 5 - Exploring, Combining and Viewing Data Structured Group Discussion (IT Governance and ethical IT decision-making); Extension Exercises; Assessment - Essay on Ethical IT Decision-Making and IT Governance; In-Class Support with SQL (Q&A). Learning outcomes: L01, L02, L03 |
Lecture |
Managing the IT environment General IT environment vs Application environment; Structure of the Corporate IT function; Separation of Duties; Outsourcing the IT function; General IT environment risk management; Audit procedures. |
|
Week 7 |
Tutorial |
Tutorial 6 - Visualising Data Structured Group Discussion (Segregating IS/IT Functions); Extension Exercises; In-Class Support with SQL (Q&A). |
Lecture |
Protecting Business from Cyber Threats SMEs and Cyber Security; What is a Cyber Threat?; Anatomy of a Cyber-Attack; Cyber Kill Chain and Cyber defense. |
|
Week 8 |
Tutorial |
Tutorial 7 - Fraud in Payments and Receipts Structured Group Discussion (Business and Cybersecurity); Extension Exercises; Assessment - Career Jam: Information Systems Advisory Roles; In-Class Support with SQL (Q&A). Good Friday Public Holiday - Friday 18 April 2025 - Check Blackboard for announcements about affected classes. |
Lecture |
General controls Auditing operating systems; Auditing networks; Auditing databases; Audit procedures; Group Presentations; Guest Speaker Panel. |
|
Mid-sem break |
No student involvement (Breaks, information) |
In-Semester Break No Classes during this period. |
Week 9 |
Tutorial |
Tutorial 8 - Payroll Fraud Structured Group Discussion (IS Ethical Dilemmas); Extension Exercises; In-Class Support with SQL (Q&A). |
Lecture |
Building New Systems and Processes Software development; The build question; Selecting new software; Data design documentation; Process documentation; Controlling and auditing the SDLC; Audit procedures. |
|
Week 10 |
Tutorial |
Tutorial 9 - Process Compliance and Improvement Structured Group Discussion (The role of Data Design); Extension Exercises; In-Class Support with SQL (Q&A). Labour Day Public Holiday - Monday 5 May 2025 - Check Blackboard for announcements about affected classes. |
Lecture |
On the Hunt for Business and IT Business Dependence on IT; Out-of-Class Activity: IT in Business 'Scavenger Hunt' (Leave the Classroom); Return to Classroom for Debrief and Discussion. Learning outcomes: L02 |
|
Week 11 |
Tutorial |
Tutorial 10 - Career Jam Assessment Career Jam Group Presentations (Assessment - Career Jam: Information Systems Advisory Roles) Learning outcomes: L05 |
Lecture |
Accounting information systems and cycles Management assertions; Accounting records; The GL & FRS; Overview of AIS and Cycles; Expenditure cycle; Conversion cycle; Revenue cycle; Transaction processing; Audit Procedures. |
|
Week 12 |
Tutorial |
Tutorial 11 - Manipulating Data in Tables Structured Group Discussion (The role of Accounting Information Systems); Exercises; Extension Exercises; In-Class Support with SQL (Q&A). |
Lecture |
Application Control Testing vs Substantive Testing Application Control and Substantive testing; Input controls; Process controls; Access controls; Output controls; Audit procedures; Substantive tests of Expenditure Cycle accounts; Audit Procedures. |
|
Week 13 |
Tutorial |
Tutorial 12 - SQL Data Analytic Techniques Structured Group Discussion (Controls and Data Integrity); Extension Exercises; Assessment - Business Consulting Report (IS Recommendations); In-Class Support with SQL (Q&A). Learning outcomes: L03 |
Lecture |
Course Conclusion Audit reform; International standards on Auditing; IT Governance Professional Careers; Concluding remarks. |
Sustainable Development Goals
This course integrates the following Sustainable Development Goals (SDGs) through lectures and assessment.
Goal 7: Affordable and clean energy
Goal 8: Decent work and economic growth
Goal 11: Sustainable cities and communities
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.