ACTG420: ACCOUNTING INFORMATION SYSTEMS ANALYSIS AND DESIGN -- Spring 2008
Tuesday/Thursday 12-1:50, Bexell Hall Room 412
CONTENTS
|
INSTRUCTOR
Byron Marshall, Ph.D.
Bexell Hall 426
(541) 737-6054
byron.marshall@bus.oregonstate.edu
Byron's web site
|
OFFICE HOURS
- Tuesday 2:00 - 3:00 PM
- Wed 10:30 - 11:30 PM
- Thursday 10:30 - 11:30 AM
- And gladly by appointment
I would enjoy talking to you!
|
COURSE DESCRIPTION -- ACTG420 is a four unit course.
The Catalog Description: Extends processing and control functions of accounting systems. Emphasizes analysis and design of accounting systems using database management systems. State-of-the-art programs are used to solve business problems. PREREQS: ACTG 317 and ACTG 378
Informally: Given the recent expansion of internal control regulation and the increasing importance and vulnerability of information technology in today's organization's, accountants need to better understand IT planning, acquisition, delivery, and monitoring. ACTG420 surveys key IT issues that are important to managers, accountants, and auditors. This year's offering will touch on IT audits, increasing spreadsheet skills and understanding spreadsheet vulnerabilities, IT acquisition and development, IT service delivery, and IT security in an internetworked world. In addition to reading and discussing a text on IT auditing, students will:
- hear from outside speakers who can provide real-world context and content,
- investigate technologies individually and in groups,
- develop and evaluate spreadsheets with the kind of formulas used by accountants in the real world,
- try out ACL software for data analysis, and
- learn about computer network components and their vulnerabilities.
COURSE MATERIALS
Core Concepts of Information Technology Auditing, James E. Hunton, Stephanie M. Bryant, Nancy A. Bagranoff
ISBN: ISBN: 978-0-471-22293-4 Wiley
Some course material will be available in Blackboard.
Return to Contents
|
|
CC# refers to a chapter in Core Concepts. Please read Reading assignments in preparation for class.
|
| Week |
Tuesday |
Thursday |
1
Apr 1 |
Welcome - introduction, team assignments, register for COBIT, and introduce the spreadsheet assignment
|
Read: CC Chp#1: IT Audit Overview
Due:
Individual Course Plan (a bunch of stuff!)
|
2
Apr 8 |
Read:CC Chp#3: Information Technology Risks and Controls
Due: List Group Members and Topic Preferences
|
Information System Security: Dr. V.T. Raja
Read:CC Chp#6: IT Networks and Telecommunications Risks
|
3
Apr 15 |
Guest Speaker: RedRover Software - Spreadsheet Errors Matter
How do we avoid or detect them?
Erik Rehn from RedRover Software
|
Guest Speaker: Neal E. Weatherspoon, CPA, CISA, CISSP, Audit Manager, State of Oregon Audit Division
Kate Riley , CISA IT Audit Principal
IT Audit Planning
PERS
CNIC
AFAMIS
CSEAS
|
4
Apr 22 |
Spreadsheet Lab
Meet in Bexell 324
Due: COBIT process preferences
|
Read:CC Chp#4: IT Deployment Risks
|
5
Apr 29 |
Revisit:CC Chp#6: IT Networks and Telecommunications Risks
Due: Spreadsheet Proposal
|
In class work day - bringing together what we know so far
Kris Rosenberg - COB Director of Information Services
|
6
May 6 |
Mid Term Exam All material including Chapters 1,3,4, & 6 slides and speaker notes. |
More on Spreadsheets Meet in computerized classroom 324
Due:Group Presentation Outline
|
7
May 13 |
Read:CC Chp#5: Managing the IT Function
First half of the Individual Presentations
|
Project Feasibility
Second half of the Individual Presentations
|
8
May 20 |
Guest Speaker: Host Based Security
Due: Turn In Your Spreadsheet
|
CC Chp#9: Conducting the IT Audit
Revisit the cases from the State of Oregon
PERS
CNIC
AFAMIS
CSEAS
|
9
May 27 |
Student Group Presentations
Hands On Network Administration Lab
|
Student Group Presentations
Due: Group Paper
|
10
June 3 |
Read:CC Chp#8: Using CAATTS - ACL Walk through
Due: Audit Two Spreadsheets
- Evaluation Form
Meet in computerized classroom 324
|
Assemble a computer - XBRL - Wrap up.
|
| Wednesday, June 11 |
6:00 PM in Bexell 412 (our regular classroom)
University Final Schedule
|
Return to Contents
STUDENT EVALUATION
Student evaluation will consist of three related areas--the understanding of basic concepts, the ability to apply accounting-related tools and techniques, and the ability to communicate about IT issues. Students will demonstrate their understanding of concepts by participating in classroom discussions and completing quizzes and examinations. Students will demonstrate their ability to use tools and techniques in labs and assignments. Students will demonstrate their ability to communicate about IT issues in individual and group presentations and papers.
| Final grade percentages |
| Grade | Minimum Score |
| A | 93% |
| A- | 90% |
| | |
| |
| Grade | Minimum Score |
| B+ | 87% |
| B | 83% |
| B- | 80% |
| |
| Grade | Minimum Score |
| C+ | 77% |
| C | 73% |
| C- | 70% |
| |
| Grade | Minimum Score |
| D+ | 67% |
| D | 63% |
| D- | 60% |
|
- A list of group and individual assignments describing what is to be turned in and showing due dates:
- Notification that you have created your class subdirectories
Return to Contents
Quizzes and Assignments
- Quizzes may be given at any class meeting. Quizzes will be given during class and are usually discussed immediately after completion. Individuals not in class will not be allowed to make up the quiz once it is discussed in class. Quizzes will be based upon the assigned readings or material previously presented in class. I will drop one quiz score to allow for an off day or an absence.
- Coursework includes 3 significant Assignments:
- Spreadsheet Assignment
We will be doing a spreadsheet lab covering a variety of "more advanced" spreadsheet functions. (See Lab Document for details.)
In addition, each student will create a reasonably complex spreadsheet on their own. While you may discuss your spreadsheets with others, each student will turn in a unique submission.
Requirements:
- Create a brief (1 page) proposal for your spreadsheet. Your final spreadsheet does not have to match your plan but you need to have a solid plan to start with.
- Identify the purpose of the spreadsheet. Examples: Summarize and analyze payroll info; Import a text file list of data then parse and analyze it; Compare budget to actual expenses in a fictitious IT project, etc...
- Describe the data you will include in your spreadsheet. Where will it come from, how much will there be, and what fields will be included?
- List 3 functions from the lab you will use. You have to meaningfully apply some of what you learn in the lab.
- Demonstrate that you can explore new capabilities by including at least 2 "advanced" functions not used in the lab.
- Use at least 3 different worksheets or tabs in addition to the document description tab described below.
- Include at least 50 rows of data.
-
Submit your spreadsheet. Spreadsheets are to be stored in a directory in your personal account. Please create your directories during the first week of class so I can make sure I can access them for use during the term. Save your submission in your /mywork/ subdirectory.
One worksheet (tab) in your spreadsheet should be a document description:
- Write one paragraph describing the business use of the spreadsheet.
- Give the reviewer brief instructions on how to "use" the spreadsheet. This should be easy to do with few instructions.
- Briefly list the functions used (from the lab example and the other "advanced" functions). For each, tell in one sentence what is accomplished and give a cell reference so the reviewer can easily find it.
- As you plan and build your spreadsheet, you should review the evaluation criteria. If I were you, I would have a friend grade your spreadsheet in advance using the evaluation form and adjust your project as appropriate based on the feedback.
-
Review others' work. Once the spreadsheet submissions are in, I will be putting two spreadsheets (submissions from other students) into your ...\classwork\actg420\ folders. You will have at least a week to look over those spreadsheets. You will be looking for errors, checking to see if they meet the requirements, and evaluating their quality.
-
Your score on your spreadsheet will depend on the evaluations you receive. However, you should look over the reviews to see if they are fair. I will look over the reviews (reserving the right to assign a different score) and will be glad to address any concerns. Students are generally fair when grading projects.
Scoring will be as follows:
- Total possible: 100 pts (which will be applied as 15% of your course grade).
- 80 pts as an average of the two reviews on your spreadsheet (subject to instructor review).
- 20 pts (10 each) based on the quality of the reviews you did. Were they accurate? Were they fair (a good faith effort)?
Group Topic Report and Presentation
- By the third day of class,
form groups of 3 and submit one email per group listing your names, a group name, and your preferences (1st, 2nd, and 3rd) for a group topic from the following list: Copy the message to everyone in your group to ensure that you have each other's email addresses correct.
- IT Failure / Business Failure
- Biometrics and Security
- Locking Down a Database Server
- Locking Down a Windows Server
- Disaster Planning and Recovery
- Wireless Network Security
- Network Storage Options
- Server Virtualization
- Data Center Planning
- Submit a group presentation outline and make an appointment to discuss it with me. In this meeting we will verify that you have acceptable sources and a reasonable scope for your project
- Make a presentation in class. Control your time (20-25 minutes), present professionally with high quality presentation materials.
- Submit a report on your topic. 10-20 pages as needed. Include a cover page, table of contents, captions for figures and tables, and professional business-quality writing. Click here for more on formatting. Electronic and printed copies are required. Also include a one page max study guide and at least 3 multiple choice questions drawn from the presentation and study guide.
- Submit Group member evaluations because being a good group member is important!
When the paper is finished, each student should submit a single sheet rating each of the other members of the team on the following scale. These ratings will largely determine the individual score associated with the group topic report.
- 1 - small or none
- 2 - less than expected
- 3 - acceptable contribution
- 4 - good work
- 5 - above average
- 6 - exceptional
I reserve the right to adjust this grade for low class participation.
Individual COBIT Process Brief
COBIT and other IT frameworks provide guidance for implementing, controlling, and auditing organizational IT operations. This exercise allows you to explore COBIT as it relates to your group topic. Each team member chooses one of the 34 COBIT processes. Submit your individual COBIT process preferences in order (1st, 2nd, and 3rd choices) by 4:00 pm the first day of the fourth week of class. I will coordinate class choices so that no COBIT processes are covered more than twice.
In 2 minutes or 2-3 pages you can't say much so be concise but say something informative and something of value.
- Each team member chooses a different COBIT process.
- Write a 2-3 page, single spaced brief on your topic.
- Make up a one paragraph narrative describing a company where both your topic and your process might apply.
- How would this COBIT process relate to your group topic in an organization?
- Describe the process you might use in investigating the related risks and controls.
- Describe the key control objectives in a narrative format.
- List 3 measures which can be used to monitor related controls.
- Provide fictitious results for those measures over a 3 year period.
- Interpret the results.
- Give a two minute presentation in class. Say something informative about the risks, controls, and measures related to your process. Presentation scoring will focus on professionalism (but it's not about dressing up fancy!) and your effectiveness in presenting potentially useful information.
Return to Contents
- Your spreadsheet will be reviewed and graded by two of your colleagues and you will review the work of two of your colleagues. The reviews will be double-blind; i.e., you will not know by whom you are reviewed and you will not know who you are reviewing.
- Anonymize!!!: To ensure anonymity, please 'anonymize' your spreadsheet and its explanation document. In other words, remove information that would allow your reviewer to identify you.
- Store your spreadsheet and reviews in a predetermined folder structure. Please take a few moments and set up the following folder structure in your ...\classwork\
folder:
...\classwork\actg420\assignment\
\mywork\
\review_1\
\review_2\
- Guess what? You put your spreadsheet in the "mywork" directory and the spreadsheets you review will go in the "review_1" and "review_2" directories. :)
- It is your responsibility to store materials in your ...\classwork\actg420\ folder in accordance with these rules. If your spreadsheet cannot be found for copying to your reviewers, or your reviews cannot be found for copying to your reviewees, you will not receive credit for those items.
- Learning to read and review spreadsheets is important for your learning in this course and your future work as an accountant. Please complete your reviews on time if you want to receive credit for the spreadsheet project.
Return to Contents
A few things to keep in mind:
- A business document as a whole, and each part separately, should be structured to help the reader gain the most in the least amount of time.
- Headings and paragraph topic sentences should accurately guide the reader.
- Tables and figures
- should be presented in the body of the text not in an appendix,
- should be referenced in the text, and
- should have a descriptive caption as well as a name. Many readers only look at the pictures and captions. Make sure they get the main ideas.
- Include a title page. Every business project write up should tell who created it and who the work was done for.
- HAVE SOMEONE ELSE PROOFREAD IT!
- Poor organization, typos, bad grammar, and unclear writing characterize unprofessional work. Unprofessional work cannot receive better than a C.
- FOLLOW THE DIRECTIONS. Business organizations like innovation but they do not tolerate work that does not cooperate with organizational protocol.
Format requirements:
- Use headings and separate your text in logical blocks and segments.
- Number pages (Title page has no number; First page with content has page number 1).
- Integrate figures and tables into the text; do not add them as an appendix in the back of the report.
- Caption figures and tables (use Microsoft Word support for this).
- Spell check (both automatically and manually!).
- Grammar check!
- Peer review!!
Return to Contents
COURSE POLICIES
Academic Honesty Policy:
Individuals are encouraged to discuss the projects and assignments outside of class and share ideas. However, unless specified as a team assignment, each person must individually complete and submit his/her own work.
Students are expected to uphold the OSU standard of conduct for students relating to academic dishonesty. Academic dishonesty is defined as an intentional act of deception in which a student seeks to claim credit for the work or effort of another person or uses unauthorized materials or fabricated information in any academic work
Students assume full responsibility for the content and integrity of the academic work they submit. The guiding principle of academic integrity is that a student's submitted work, examinations, reports, and projects must be that student's own work for individual assignments, and the group's own work for group assignments/projects. Students are guilty of academic dishonesty if they:
- Use or obtain unauthorized materials or assistance in any academic work; i.e., cheating.
Falsify or invent any information regarded as cheating by the instructor; i.e., fabrication.
Give unauthorized assistance to other students; i.e., assisting in dishonesty.
Represent the work of others as their own; i.e., plagiarism.
Modify, without instructor approval, an examination, paper, record or report for the purpose of obtaining additional credit; i.e., tampering.
The penalty for academic dishonesty is severe. Any student guilty of academic dishonesty may be subject to receive a failing grade for the exam, assignment, quiz, or class participation exercise as deemed appropriate by the instructor. In addition, the penalty could also imply that the student receive a failing grade for the course and be reported to the University officials at the College of Business, and the officials at the Office of Student Affairs.
Behavior in Class:
- Behavior in class should be professional at all times. The atmosphere within the classroom should be the same as you might expect in a casual business meeting. People must treat each other with dignity and respect in order for scholarship to thrive. Behaviors that are disruptive to learning will not be tolerated and may be referred to the Office of the Dean of Students for disciplinary action.
Accommodations:
-
Students who have any emergency medical information the instructor should know of, who need special arrangements in the event of evacuation, or students with documented disabilities who may need accommodations should make an appointment with the instructor as early as possible, no later than the first week of the term. If additional assistance is required the student should contact the Office of Disability Services.
This statement is gladly included in cooperation with University policy: "Accommodations are collaborative efforts between students, faculty and Services for Students with Disabilities (SSD). Students with accommodations approved through SSD are responsible for contacting the faculty member in charge of the course prior to or during the first week of the term to discuss accommodations. Students who believe they are eligible for accommodations but who have not yet obtained approval through SSD should contact SSD immediately at 737-4098."
Discrimination or Harassment:
-
Discrimination or harassment will not be tolerated in the classroom. Most cases of discrimination or harassment violate Federal and State laws and University Policies and Regulations. Intentional discrimination or harassment will be referred to the Affirmative Action Office and dealt with in accordance with the appropriate rules and regulations.
-
Unintentional discrimination or harassment is just as damaging to the offended party, but it usually results from people not understanding the impact of their remarks or actions on others, or an insensitivity to the feelings of others. We must all strive to work together to create a positive learning environment. This means that each individual should be sensitive to the feelings of others and tolerant of the remarks and actions of others. If you find the remarks and actions of another individual offensive, please bring it to their attention. If you believe those remarks and actions constitute intentional discrimination or harassment, please bring it to your instructor's attention.
Arbitration:
-
There will be a one-week arbitration period after graded items (projects, assignments, etc.) are returned. Within that one-week period, you are encouraged to discuss any assumptions and/or misinterpretations that you made about the activity that may have influenced your grade.
Return to Contents
Upon completion of this course, a successful student will be able to:
- List and describe different types of IT audits.
- Identify basic concepts related to organizational IT risks and controls.
- List describe key IT-auditing standards and certifications.
- Intelligently discuss IT deployment methodologies and the associated risks.
- List and describe key concepts related to IT project feasibility analysis and IT component testing.
- Recognize the role of hardware and software architecture in establishing reliable IT systems.
- Describe how a stored procedure works and where it is stored. Give at least one advantage and disadvantage related to the use of stored procedures.
- List and describe several key issues related to IT service delivery.
- List and describe key components of an effective organizational IT security strategy.
- Describe the role of Computer Assisted Audit Tools and Techniques. And list several functions an auditor can perform using the ACL software used in class.
- Describe the parts of an XBRL (extensible business reporting language) document. Tell why XBRL is important to the accounting community and report on the current status of XBRL adoption.
- Research and report on technology issues, communicating about them effectively from an organizational and accounting perspective.
- Create analysis spreadsheets able to organize data using relatively advanced functions to address an accounting-related analysis task.
These objectives were selected after reviewing existing courses in our program, talking to industry practitioners, and reviewing the model curriculum proposed by ISACA (Information Systems Audit and Control Association). The text, examinations, assignments, and project formulation have all been chosen to support these objectives.
- College of Business Specific Learning Outcomes
- Each student must understand and be able to use team building, collaborative behaviors and project management in the accomplishment of group tasks.
- Each student shall demonstrate information technology skills as they apply to today’s business environment.
- Each student shall be able to converse and to write at an acceptable level for business communications in English.
- Accounting Option Specific Learning Outcomes
- Each student shall be able to apply accounting concepts, principles, standards, and processes.
- Each student shall demonstrate information technology skills as they apply to today’s business environment to solve business problems and to communicate those solutions.
- Each student must demonstrate analytical skills through finding, organizing, assessing, and analyzing data appropriate to a given situation.
- Each student shall be able to impart the knowledge and skills listed above to provide insightful advisory judgments and recommendations regarding the accounting for and the business implications of events, conditions, circumstances, and transactions that give rise to business opportunities or problems.
- Each student must demonstrate strong organizational skills and a capacity for responsive and timely work.
This page is maintained by Byron Marshall
Send E-mail to byron.marshall@bus.oregonstate.edu.
