Course content
Successful IIA Qualification in Computer Auditing students are awarded the designation QiCA, showing that they are able to:
- Demonstrate professional competence in their specialist field
- Apply computer auditing skills in practical day-to-day situations
- Give assurances on risk and control issues relating to information systems
- Acquire the knowledge and skills necessary to monitor their organisation's information systems in depth.
The IIA Qualification in Computer Auditing comprises two Theory Modules and one Professional Experience Module. It is assessed by examination and students submitting a log of work experience. The content of these elements is set out below.
Q1: Business Information Systems Auditing
This module aims to increase your general understanding of the principles and practices of information systems auditing. It is recognised that auditors work in different types of computing environments so you are not required to give examples of specific hardware or software environments at this level. Those who have successfully completed the module will be able to:
- Appreciate the relationship between risk and control as applied to the use of computers
- Understand the role of the auditor in relation to information systems
- Understand the use of information systems' audit techniques
- Appreciate how the computer can assist the audit process.
Q2: Specialist Information Systems Auditing
The module aims to give a detailed understanding of the principles and practices of information systems auditing at an advanced practitioner level. This module focuses on some of the more technical issues. It is aimed at those who carry out 'hands-on' computer audits of a technical nature. You will be expected to provide examples and illustrations of how systems software deals with specific control issues drawn from your own experience. There are five specialist areas in the syllabus:
- IT Management is a compulsory part of the module. Assessment may require illustrations of practical approaches to IT strategy, project management, systems development or performance planning.
- Systems Software is an optional part of the module covering a number of elements, in particular operating systems software and the audit of systems programmer activities and database systems.
- Security and Contingency Planning is an optional part of the module covering security and disaster recovery and contingency planning.
- Networks and On-Line Systems is an optional part of the module covering technical topics such as technical considerations and approaches to LANs, WANs, client server approaches and distributed systems.
- Auditing Applications and Advanced Systems is an optional part of the module covering specific advanced systems and control, security and audit matters.
Those who have successfully completed the module will be able to:
- Understand and illustrate the control and audit issues relating to information systems
- Understand the contribution which technical audits make to overall audit objectives.
Professional Experience Module
IIA Qualification in Computer Auditing students also need to keep a detailed log of their work experience for two years, showing 1600 hours computer auditing related work. They can start recording their experiences as soon as they enrol using the log provided by the Institute. The log comprises: Basic experience showing at least 250 hours of computer auditing work including;
- The audit of a system under development
- The audit of an operational system
- The writing of an interrogation programme
- An installation audit
Specialist topics in three out of five specialist areas showing at least 250 hours work in each area;
- IT management, strategy development and systems development
- Operating systems software
- Security and contingency planning
- Networks and communications
- Database systems
Employers should note that an appropriate manager is asked to validate the evidence provided by students in their log.