This course covers major concepts and techniques of information system audit and security. The topics include the design and evaluation of internal control and security system under computerized environments, risk analysis and management of an information system, system development audit, the audit of system management functions, and security evaluation and management. The students are strongly recommended to form a study group and take the CISA (Certified Information System Auditor) examination.