This course introduces students to the role of information systems governance in IT decision-making. Students will develop skills in using analytic assurance techniques and analysis to develop management recommendations to improve the business's IT capability and to investigate technology-based fraud.
In this course, audit analytics will be used in support of forensic investigation of technology-based fraud. Topics addressed include IT governance, enterprise risk management, IS controls, audit analytic techniques, cyber security, and data privacy. This course prepares students for future management or business advisory roles in the management, governance, and assurance of digital technologies.
By studying this course, students will be exposed to the types of errors and irregularities that can occur in a digitalised business, the managerial and application controls that can be implemented to reduce expected losses from errors and fraudulent irregularities arising from the use of IT in business, approaches to managing and evaluating data-based evidence, and the use of audit analytic techniques to improve business processes and support the management of information systems.
Students will be able to apply this knowledge to solve basic to moderately difficult information systems control problems that they will confront in practice, use data query languages to gather basic evidence about the reliability of information systems (including business processes supported by information systems), and undertake a business advisory (assurance or consulting) engagement under the guidance of an experienced consultant and communicate their findings to an executive audience.
Course Changes in Response to Previous Student Feedback
In Semester 1 2026, the course has been changed in response to previous feedback from students along with changes necessary to ensure secure assessment as required by the University.
Specifically, the Ethical IT Decision-Making and IT Governance essay (30%) has been removed and replaced with a final, identity-verified, invigilated examination. This addresses security requirements and concerns that the essay assessment is too difficult. The requirements of the Career Jam group presentation (20%) have been clarified as part of continuous improvement. Further, the scope and weighting of the Business Consulting Report (IS Recommendations) report has been reduced to 40% in line with student feedback that the workload is too great for that assessment. The scope now excludes operational questions and application controls, and includes a small ethical advisory note as part of the report. Questions relating to the material for operational questions and application controls are incorporated into the final examination.
Tutorial and Lecture Learning activities have been re-scheduled to accommodate the changed due dates of these assessment items. Some material (e.g., application controls) has been consolidated to allow more focus on information relevant to the Career Jam and the Final Examination. Tutorials now also incorporate a purposeful focus on success in the final examination. Some lectures have been modified to include pre-recorded content that you should watch with an in-class case analysis similar to that of the Final Examination. These seminars are noted in the course profile and will be identified in Blackboard.
Sustainable Development Goals - UQ Business School is a proud supporter and Advanced Signatory of the United Nations Principles for Responsible Management Education (UN PRME). As part of the largest global collaboration between business schools and the UN, the school emphasises its role in empowering students to drive societal transformation through the Sustainable Development Goals. The SDGs highlight that a thriving economy relies on a healthy environment, aiming to balance economic growth, social well-being, and environmental protection for a sustainable future.
You'll need to complete the following courses at the same time:
BISM7206
You can't enrol in this course if you've already completed the following:
INFS7000 or 7221
Quota: Minimum of 15 enrolments
Consultation hours will be Thursdays 10am to 12 noon of teaching weeks. Appointments may also be made at mutually convenient times - circumstances permitting. Consultations are either by Zoom or in-person. Please request an appointment to confirm availability.
The timetable for this course is available on the UQ Public Timetable.
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
BISM7221, Information Systems Control, Governance and Audit, aims to give you an understanding of the overall aspects of IT audit,ᅠmanagement aspects and auditᅠcontrols that are important in an information systems environment and especially in a digital business. Students will also be exposed toᅠhow audit evidence is collected and evaluated to assess the reliability of these controls and preparing/delivering these outcomes.ᅠ
After successfully completing this course you should be able to:
LO1.
Evaluate systems of IT Governance mechanisms to develop solutions that ensure the alignment of information technology capabilities with future business needs.
LO2.
Explain the ethical underpinnings and legal consequences in business roles involved in providing or adopting professional independent advice.
LO3.
Examine the General Control(s) and/or Application Control(s) surrounding organisational information systems for security, confidentiality, integrity, availability, accountability, efficiency, and effectiveness through the application of digital forensic techniques, audit analytics and/or controls testing.
LO4.
Develop and convey recommendations for improvement using risk assessment frameworks supported with clear explanations.
LO5.
Collaborate in teams to identify key insights into the nature of information systems assurance and consulting careers through reflective analysis of course materials and their relationship to professional practice.
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Presentation |
Career Jam: Information Systems Advisory Roles
|
20% |
Week 7 Mon - Fri
This presentation will take place during the student's assigned tutorial in Week 7. |
| Paper/ Report/ Annotation | Business Consulting Report (IS Recommendations) | 40% |
22/05/2026 3:00 pm |
| Examination |
Final Examination
|
40% |
End of Semester Exam Period 6/06/2026 - 20/06/2026 |
Week 7 Mon - Fri
This presentation will take place during the student's assigned tutorial in Week 7.
This is a team assignment.
It is important for students learning in advanced courses to critically reflect upon their learning progress and experiences in the context of their future career.
The assessment item is due in Week 7 to enable your group to consider the major concepts and comments from the guest speaker panel scheduled to take place in Week 3. Students will be asked to form a team by Week 4 of the course in their tutorial. In Week 7, the students will reflect on the Industry Panel and its implications for their careers. This reflection is to relate an aspect or aspects of the panel presentation and this course to its relevance to an archetypal career role that a graduate of this course might undertake in the future. These careers should be informed by the Skills Framework for the Information Age (SFIA) discussed in lectures. After this reflection, the group is to develop and present a portfolio of professional development activities of potential interest to the student audience. The presentation should be between 8 and 10 minutes in length.
Four groups that successfully address this challenge well will be selected by the Teaching Team and given the opportunity to present to the wider class in the final seminar of the course (in the last week of the semester). Members of these groups that present will receive certificates outlining their achievements. This opportunity does NOT form part of the assessment and is not assessed.
Key to success in this assessment item is for the 'Career Jam' presentation to be professional, engaging, and relevant to students in the course.
Please Note: The assessment will be recorded for marking purposes per UQ Policy.
AI Statement:
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct.
Further information regarding this assessment is provided in the Assessment Guideline.
The presentation will be recorded for marking purposes.
You may be able to apply for an extension.
The maximum extension allowed is 14 days. Extensions are given in multiples of 24 hours.
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
22/05/2026 3:00 pm
This is an individual assignment.
Students will use their understanding from the course of IT governance, fraud detection, and internal controls to prepare a Business Consulting Report with recommendations that improve business governance.
This report is derived from a case organisation described in the Assignment Specification.
The Business Consulting Report will require analytical skills to assess the case organisation's portfolio of IT governance mechanisms, actual fraud as well as the potential for fraud, and weaknesses in the internal general control mechanisms. Students are to provide recommendations for improving governance and the general controls environment along with any findings of fraud.
The report is a cohesive document that can be communicated to the (fictional) client.
The results are communicated as a Business Consulting Report of 8 to 12 pages in length (excluding appendices).
Students are to use SQL data analytic techniques discussed in tutorials for assessment of general controls along with fraud detection. Excel data visualisations are used highlight the report's findings.
Software Required (also required for tutorials):
Key to success in this assessment is a professional Business Consulting Report that demonstrates completeness, attention to detail, insightful analysis, and clear communication.
AI Statement:
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct.
To pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools.
Further information regarding this assessment is provided in the Assessment Guideline.
Submit through TurnItIn in the Blackboard Assessment link.
You may be able to apply for an extension.
The maximum extension allowed is 14 days. Extensions are given in multiples of 24 hours.
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
End of Semester Exam Period
6/06/2026 - 20/06/2026
The final exam will be held during the University examination period at the end of the semester. The timetabling, administration and supervision of this exam is the responsibility of the University of Queensland Examinations Section.
This is an invigilated, closed-book exam held on-campus focusing on the knowledge and analytical skills addressed in the course.
The exam comprises short answer, problem solving, and case study questions.
AI Statement:
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) or Machine Translation (MT) tools will not be permitted. Any attempted use of AI or MT may constitute student misconduct under the Student Code of Conduct.
| Planning time | 10 minutes |
|---|---|
| Duration | 120 minutes |
| Calculator options | Casio FX82 series calculator only |
| Open/closed book | Closed book examination - no written materials permitted |
| Materials | None. |
| Exam platform | Paper based |
| Invigilation | Invigilated in person |
You may be able to defer this exam.
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment is available for this course.
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Find the required and recommended resources for this course on the UQ Library website.
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Lecture |
Course Overview Course overview; Course assessment; IT Governance; Internal control and IS; Overview of IS Assurance; Auditing new risks; Electronic footprints and Data Provenance; Sustainable Development Goals. Learning outcomes: L01, L02, L03 |
Week 2 |
Tutorial |
Tutorial 1 - Introduction to SQL Exam Lab (IS Assurance); Generalized Audit Software; Introduction to Databases; Installing PostgreSQL and DBeaver and Basic SQL to record your approach; Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L02, L03 |
Lecture |
Professional IS advisory services Professional IS advisory services and Independence; Working in Teams; Consulting; Performance audit; Internal audit; Financial audit; Consulting techniques; Skills Framework for the Information Age (SFIA); SFIA Careers; In-Class Case Analysis |
|
Week 3 |
Tutorial |
Tutorial 2 - Relating Tables and Data Exam Lab (Career Interests); OzVan and Tutorials; Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L02, L03 |
Lecture |
Career Jam: Guest Speaker Panel Careers Overview; Guest Speaker Panel; Career Jam Assessment Overview; Group Presentations. |
|
Week 4 |
Tutorial |
Tutorial 3 - Advanced Where and Aggregation Exam Lab (SFIA Careers); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L01, L03 |
Lecture |
IT Governance IT governance; COBIT 2019; Structures; Processes; Relational mechanisms; The portfolio approach; Improving IT governance; In-Class Case Analysis. Learning outcomes: L01 |
|
Week 5 |
Tutorial |
Tutorial 4 - Inner and Outer Joins Exam Lab (Importance of IT Governance); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L01, L03 |
Lecture |
Information Governance Information Governance; Data Quality; Data Governance; Indigenous Data Governance; Legislative Compliance; Decision-Making Mechanisms; Data Governance Approaches. Learning outcomes: L01 |
|
Week 6 |
Tutorial |
Tutorial 5 - Exploring, Combining and Viewing Data Exam Lab (Challenges of Data Governance Approaches); Extension Exercises; Assessment - Career Jam: Information Systems Advisory Roles; In-Class Support with SQL (Q&A). Good Friday Public Holiday - Friday 3rd April 2026 - Check Blackboard for announcements about affected classes. Learning outcomes: L01, L02, L03 |
Lecture |
Business Ethics and Fraud Ethical issues in business information systems; Ethical Decision Making Theory; Fraud schemes; Fraud and accountants; Fraud and IS professionals; Responsibility for detecting fraud; Fraud assurance risk; Fraud detection techniques; In-Class Case Analysis. Learning outcomes: L04 |
|
Mid-sem break |
No student involvement (Breaks, information) |
In-Semester Break No Classes during this period. |
Week 7 |
Tutorial |
Tutorial 6 - Career Jam Assessment Career Jam Group Presentations (Group Assessment - Career Jam: Information Systems Advisory Roles will be assessed in tutorials this week). |
Lecture |
Managing the IT environment General IT environment vs Application environment; Structure of the Corporate IT function; Separation of Duties; Outsourcing the IT function; General IT environment risk management; Audit procedures. Learning outcomes: L03, L04 |
|
Week 8 |
Tutorial |
Tutorial 7 - Visualising Data Exam Lab (Segregating IS/IT Functions - IT governance and ethical IT decision-making); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L03, L04 |
Lecture |
Protecting Business from Cyber Threats SMEs and Cyber Security; What is a Cyber Threat?; Anatomy of a Cyber-Attack; Cyber Kill Chain and Cyber defense; In-Class Case Analysis. Learning outcomes: L04 |
|
Week 9 |
Tutorial |
Tutorial 8 - Fraud in Payments and Receipts Exam Lab (Business and Cybersecurity); Extension Exercises; In-Class Support with SQL (Q&A). |
Lecture |
General controls Auditing operating systems; Auditing networks; Auditing databases; Audit procedures. |
|
Week 10 |
Tutorial |
Tutorial 9 - Payroll Fraud Exam Lab (IS Ethical Dilemmas and Auditing IT Environment); Extension Exercises; In-Class Support with SQL (Q&A). Labour Day Public Holiday - Monday 4th May 2026 - Check Blackboard for announcements about affected classes. Learning outcomes: L02, L03, L04 |
Lecture |
Building New Systems and Processes Software development; The build question; Selecting new software; Data design documentation; Process documentation; Controlling and auditing the SDLC; Audit procedures; In-Class Case Analysis Learning outcomes: L01, L04 |
|
Week 11 |
Tutorial |
Tutorial 10 - Process Compliance and Improvement Exam Lab (The role of Data Design); Assessment - Business Consulting Report (IS Recommendations); Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L03, L04 |
Lecture |
Accounting information systems and cycles Management assertions; Accounting records; The GL & FRS; Overview of AIS and Cycles; Expenditure cycle; Conversion cycle; Revenue cycle; Transaction processing; Audit Procedures. Learning outcomes: L03, L04 |
|
Week 12 |
Tutorial |
Tutorial 11 - Manipulating Data in Tables Exam Lab (The Role of Accounting Information Systems); Exercises; Extension Exercises; In-Class Support with SQL (Q&A). Learning outcomes: L03, L04 |
Lecture |
Application Control Testing vs Substantive Testing Application Control and Substantive testing; Input controls; Process controls; Access controls; Output controls; Audit procedures; Substantive tests of Expenditure Cycle accounts; Audit Procedures. Learning outcomes: L04 |
|
Week 13 |
Tutorial |
Tutorial 12 - SQL Data Analytic Techniques Exam Lab (Controls and Data Integrity); Assessment - Final Examination; In-class Support (Course). Learning outcomes: L03 |
Lecture |
Career Jam Showcase and Course Review IT Governance Professional Careers; Career Jam Showcase; Exam Preparation; Final Exam Format and Tips; Course Review; Concluding remarks. Learning outcomes: L01, L02, L03, L04 |
Sustainable Development Goals
This course integrates the following Sustainable Development Goals (SDGs) through lectures and assessment.
Goal 7: Affordable and clean energy
Goal 8: Decent work and economic growth
Goal 11: Sustainable cities and communities
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.