Information Systems Auditing, Controls and Assurance
Offered by the Hong Kong University of Science and Technology (HKUST) through Coursera, this course provided a comprehensive understanding of information systems (IS) auditing, the process of ensuring that IT systems operate efficiently, reliably, and securely.
It bridged the domains of risk management, internal control, and assurance, emphasizing the frameworks auditors use to assess technology environments in financial and operational contexts.
Through detailed case studies and practical exercises, I learned how IS audits safeguard data integrity, support compliance, and strengthen enterprise governance structures.
Category
Information Security
Issued By
The Hong Kong University of Science and Technology
Platform
Coursera
Completion Date
28th April 2024
Verification Link
Curriculum
Foundations of Information Systems Auditing – Objectives, standards, and frameworks (COBIT, ISO 27001, ITIL).
Risk Management and Controls – Identifying, evaluating, and mitigating IT risks.
Audit Methodology – Planning, fieldwork, evidence gathering, and reporting.
Auditing Across the System Lifecycle – Change management, SDLC, access and configuration controls.
Emerging Risks – Cloud computing, fintech, and data-driven systems.
Assurance Reporting – Developing audit opinions and communicating findings.
Key Learning Outcomes
Understood the linkage between business risks and IT controls.
Learned to evaluate control design and operating effectiveness across applications and infrastructure.
Developed a structured approach to audit documentation and testing.
Strengthened skills in governance, risk, and compliance (GRC) evaluation frameworks.
Learned to lead audit teams and manage complex audit programs.
Understood Annex A controls and their alignment with business risk management.
Enhanced capability to assess confidentiality, integrity, and availability safeguards.
Developed leadership skills for external, supplier, and certification audits.
Conclusion
This course reinforced my foundation in ITGC and IS auditing, complementing my professional work in GRC and cybersecurity assurance. It enhanced my ability to translate control objectives into measurable audit evidence, ensuring that technology environments support organizational resilience and compliance.