Chevron Left
Back to Information Systems Auditing, Controls and Assurance

Learner Reviews & Feedback for Information Systems Auditing, Controls and Assurance by The Hong Kong University of Science and Technology

3,425 ratings

About the Course

The course is awarded The Best Free Online Courses of All Time, and Best Online Courses of the Year (2021 Edition) by Class Central ( --- Information systems (IS) are important assets to business organizations and are ubiquitous in our daily lives. With the latest IS technologies emerging, such as Big Data, FinTech, Virtual Banks, there are more concerns from the public on how organizations maintain systems’ integrity, such as data privacy, information security, the compliance to the government regulations. Management in organizations also need to be assured that systems work the way they expected. IS auditors play a crucial role in handling these issues. In the course “Information Systems Auditing, Controls and Assurance”, you will explore risks of information systems, and how to mitigate the risks by proper IS Controls. You will also get familiar with the IS Audit procedures and how they are applied during the IS development throughout the Systems Development Life Cycle (SDLC). Finally, you will get to observe how we can make the system changes more manageable using formal IS Management practices, such as Change Management Controls and Emergency Changes. The conversations between the course instructor - Prof. Percy Dias, and the IS auditing practitioner will give you a concrete idea on how IS auditors perform their duties, the qualities to become IS auditors and future prospects of IS auditing industry. This course is suitable for students and graduates from Information Systems, Information Technology and Computer Science, and IT practitioners who are interested to get into the IS auditing field. It is also a good starting point for learners who would like to pursue further studies for IS audit certifications – such as Certified Information Systems Auditor (CISA)....

Top reviews


Feb 10, 2023

This course really helped me gain knowledge regarding IS audits, controls and assurance. Professors explanation was good and easily understandable. Guest interview made me acquire practical knowledge.


Dec 28, 2020

Superb course, the instructor lecture and material is precise and concise. A worthwhile for any current and future IS auditor. Pity that I can only give 5 stars as the course deserve 10 stars rating!

Filter by:

26 - 50 of 932 Reviews for Information Systems Auditing, Controls and Assurance


Jul 19, 2020

Thank you,It was enjoyable learning

By Simone L

Jul 15, 2023

High level course suitable for gaining an overview of certain aspects of IT audit. It discusses risks and controls and then goes to focus on SDLC and Change Management processes, with other key areas (e.g. security) mentioned in passing. There's very little detail about the practicalities of auditing itself, other than the assessment of risk.

The instructor is enthusiastic and the slides were clear.

Some of the quiz questions were not written in clear English so it was not always easy to work out what was being asked.

I found the interviews with the Big 4 partner very uncomfortable and saddening to watch as she was repeatedly talked over and interrupted. I feel she could have provided a lot more insight into her line of work if she was allowed to complete her trains of thought.

By Thijs D

Mar 27, 2021

Poor presentation skills and grammar. Bad sound on video 4.8. Exams are of higher level than course itself, that made it challenging.

By Mariia N

Jun 4, 2020

Thank you very much for the course "Information Systems Auditing, Controls and Assurance", which was incredibly interesting and informative. Sincere thanks to the lecturer for the availability and interesting presentation of the material, as well as practical examples!

By Yami y

Feb 11, 2023

This course really helped me gain knowledge regarding IS audits, controls and assurance. Professors explanation was good and easily understandable. Guest interview made me acquire practical knowledge.

By Sean R M

Oct 3, 2021

This is the first course that I have taken in Coursera. As an internal auditing student, I would say that this course helped me a lot to gain more knowledge when it comes to information systems. The lessons/topics on the first week of the course are already very familiar to me as we already tackled them in my actual course (internal auditing). The following weeks/topics are very new to me, and I spend so much time understanding them very well. I chose to take this course because it will help me gain knowledge when I take the CISA examination someday. I also want to use my time wisely during this time of the pandemic so I decided to enroll to this course.

By Reena M

Jul 2, 2020

Personally, this course was great if you want some basics of IS Auditing. Of course, you are not a professional after this course. You will need to take additional more detailed courses. But, this is a great start!

By Anthony G

Sep 28, 2020

Professor Dias is a very good instructor who is enthusiastic about IS systems and who teaches you very valuable information on the field of IS auditing. Very good to show to employers.

By Adeel A

Sep 18, 2022

Its an excellent course designed to give a brief & quick knowledge about IS Auditing, Risk Management, Change Management, Business Application Development, System Maintenance.

By Prasant K P

Apr 20, 2020

The course content lacked the essentials of IS/IT risk management/assessment and mitigation strategies or methods. The course looks more for the students of IT than any professional auditor or IT professional. There was not a single illustration of practical risk-control environment with case studies of internal control lapses to enrich the skill of the participants. The most annoying thing is that the post course survey/feedback is open for all options against each question rather than having only option to select one i.e. whether I agree or Disagree, which is vague and it did not let the course finish until I gave positive remarks to all 15 questions. That is ridiculous!

By Vlad

Dec 28, 2020

introductory material is covered. The method of presentation is unconventional to those of us who are used to university level lectures in the United States, and is closer to some trade school style lectures. Undue emphasis on alleged bad behavior that needs to be uncovered and prevented by developers that are possibly in cahoots with their managers. The instructor does not provide a sense to the student that he has spent any time in the industry and learned from experience. Good idea to have interviews with Ms. Gloria Luk. If only the interviewing instructor not interrupted her constantly.

By Pavel S

May 8, 2020

Decent overview of the profession and good use of the slides. Material presents somewhat outdated view of the industry or very specific to financial domain. Certain examples and quiz questions were ambiguous or convoluted which resulted in seemingly correct answers being marked as wrong. No replies from the professor in discussion forums.

By Yaki M

Jul 9, 2020

This course is VERY basic. It explains the very basics of audit but does not provide any real-life examples or experience.

An OK place to start, if you know nothing about IS auditing.

By Evelin C

May 31, 2021

Presentations were very well prepared, but please find a native speaker as a presenter. It is difficult for us (non native speakers) to follow like this.

By Navish C

Feb 9, 2023

This is likely a decent course for folks in school/college who are yet to enter the workforce; however, the instructor does not appear to have sufficient industry/field experience in IS audit to add value for the experienced learners/ working professionals. Therefore, as a result very less was taught about audit and how IS audit is actually conducted. Further, there is inconsistency in the content related to SDLC i.e. the phases in the reading material follow a different order then order of the phases in rest of the video modules followed, and one of the reading materials was a wiki page, when content from wiki is not even accepted in schools for assignment/research purposes. There were several grammatical errors in the content and quiz questions, which at times made it difficult to focus. Further, the instructor repeatedly interrupted the Industry expert invited for the discussion each time she responded to his questions. Would have liked to hear more from the Industry expert/ Audit Practitioner (uninterrupted) to help connect theory to practice.

By Tadele L

Nov 29, 2022

ISACA Outlines Five Steps to Planning an Effective IS Audit Program 

ISACA Outlines Five Steps to Planning an Effective IS Audit Program (Source: ISACA)

Rolling Meadows, IL, USA (31 March 2016)—A new report from global IT association ISACA identifies five steps organizations should take to create an effective audit program and reap the benefits of a successful information systems (IS) audit.

IS audits help enterprises ensure the effective, efficient, secure and reliable operation of the information technology that is critical to organizational success. The effectiveness of the audit depends largely on the quality of the audit program, according to a new ISACA white paper, titled Information Systems Auditing Tools and Techniques: Creating Audit Programs.

According to the guide, the audit process consists of three phases: planning, fieldwork/documentation and reporting/follow-up. The planning phase consists of five key steps.

1.    Determine audit subject.

2.    Define audit objective.

3.    Set audit scope.

4.    Perform pre-audit planning.

5.    Determine audit procedures and steps for data gathering.

“ISACA’s new white paper provides audit and assurance professionals with practical guidance on how to develop audit programs from the ground up,” said Rosemary M. Amato, CMA, CISA,  a director on ISACA’s Board, and Director, Deloitte Accountant B.V. “Audit processes are clearly defined by phase with activities clearly described. ISACA’s new guide can be leveraged in your organization to add value to the audit function.”

Setting the audit scope is critical, according to the white paper, because “the IS auditor will need to understand the IT environment and its components to identify the resources that will be required to conduct a comprehensive evaluation.” A clear scope helps the auditor determine the testing points relevant to the audit’s objective.

Pre-audit planning includes tasks such as conducting a risk assessment, identifying regulatory compliance requirements and determining the resources that will be needed to perform the audit.

The final planning step—determining audit procedures and steps for data gathering—involves activities such as obtaining departmental policies for review, developing methodology to test and verify controls, and developing test scripts plus criteria to evaluate the test.

Once planning is complete, auditors can move on to the fieldwork and documentation phase (acquiring data, testing controls, issue discovery and validation, documenting results) and the reporting phase (gathering report requirements, drafting the report, issuing the report and follow-up), both of which are described in detail in ISACA’s Information Systems Auditing Tools and Techniques: IS Audit Reporting paper.

“Creating Audit Programs” indicates three key success elements: IS auditors should be familiar with standard frameworks, the operating environment of the entity under review and the audit process used internally.

“Creating Audit Programs” and supporting materials, including a related infographic and sample audit program, are available as a free download at



ISACA ( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.

Twitter: LinkedIn:



Kristen Kessinger, +1.847.660.5512, news@isaca.orgJoanne Duffer, +1.847.660.5564,                           Jay Schwab, +1.847.660.5693


By Ulises C

Mar 19, 2024

I recently completed the "Information Systems Auditing, Controls and Assurance" course, and I must say, it exceeded all my expectations. This comprehensive course provided an in-depth exploration of auditing principles, controls, and assurance in information systems, and I couldn't be more satisfied with the experience. One of the standout features of this course was its thoroughness. The content covered all essential aspects of information systems auditing, from the fundamentals to the advanced concepts, leaving no stone unturned. Each module was meticulously crafted to ensure a comprehensive understanding of the subject matter, and I appreciated the depth of coverage provided. Additionally, I found the pacing of the course to be just right. The material was presented in a structured manner, allowing for a smooth progression from one topic to the next. Concepts were introduced gradually, building upon each other, which facilitated a deeper comprehension of the subject matter. This approach made it easy to follow along, even for those with limited prior knowledge in auditing. Furthermore, I was impressed by how the course material was presented in a manner that was easy to understand. Complex auditing principles and techniques were explained in clear and concise language, supplemented with real-world examples and case studies that helped to contextualize the concepts. This made the learning process engaging and enjoyable, and I found myself eagerly delving into each module. In conclusion, I wholeheartedly recommend the "Information Systems Auditing, Controls and Assurance" course to anyone looking to gain a comprehensive understanding of auditing principles in information systems. Whether you're a seasoned professional or just starting out in the field, this course offers valuable insights and knowledge that will undoubtedly benefit your career. Kudos to the instructors for delivering such an outstanding learning experience!

By Arvino Z

Dec 25, 2023

Hello Everyone! I recently completed the IS Auditing course, and I must say it provided a comprehensive and insightful exploration of Information Systems (IS) auditing principles. The course, divided into modules, covered key aspects of risk management, internal controls, and the overall audit process. The instructor, Prof. Dias, delivered engaging video lectures, combining theoretical knowledge with practical examples, making complex concepts more accessible. The course began by delving into the fundamental concept of risk and its three-step management process. Prof. Dias effectively demonstrated how businesses embrace risks and the critical role of controls in mitigating potential threats. To assess learning, the course included a well-structured quiz at the end, testing comprehension and retention of key concepts. In summary, the IS Auditing course provided a well-rounded understanding of the intricacies of auditing in information systems. Prof. Dias' effective teaching style, coupled with relevant examples and quizzes, ensured an engaging and educational experience. I would highly recommend this course to anyone looking to gain a solid foundation in IS auditing principles. Regards

By Rick C

May 11, 2023

This is a short but fruitful course. I believe no matter for a fresh graduate or an experienced IT auditor, this course can help the audience to create refreshing ideas for their next audit job.

This is a short course at the introductory level, it gives real-life examples to concrete the theory learned. I would say this is a good refreshing course. However, the course content is not broad enough to cover all the topics in IS auditing or the ISACA CISA syllabus. I wish HKUST will develop another program/s base on the skeleton of the CISA/COBIT or NIST framework. To make the courses easier to follow, the School may break the course into courses covering one area each, to make a complete series of courses for students to study. and at the end of the series. Student will be confident to take the professional exam.

As a full time employee in Hong Kong with high workload. a small commitment to study is always better than paying few thoudsand dollars for a one off but large commitement course that usually lead to failure .

By Gyana R R

Oct 3, 2021

This is excellent course I will recommend to the professionals working in the field of Fraud investigation , forensic investigation and Audit to learn this course.

It will help them to sharpen their knowledge and built them industry ready for investigating the new age digital frauds, Payment Bank frauds, E- banking System frauds, Virtual banking Frauds, AI systems frauds . It also help to analysis's and identifying the potential risks in the information system of the organization. The IS Auditor also advice the senior management to put preventive and adaptive controls in the information systems of the organizations.

Best Regards,

Gyana Ranjan Rath- FAFE & IS Auditor

12+ year experience in the filed of Fraud investigation & reporting

By Md. j U

Apr 9, 2024

I thoroughly enjoyed the "Information Systems Auditing, Controls and Assurance" course by The Hong Kong University of Science and Technology. It covered essential topics in a clear and organized manner, making it easy to follow along. The course provided a deep dive into auditing principles, internal controls, and risk assessment strategies. I appreciated the interactive elements like quizzes and case studies, which helped reinforce learning. The instructors were knowledgeable and engaging, offering valuable insights and examples. Overall, I highly recommend this course to anyone interested in understanding information systems auditing and control mechanisms.

By Satisiwe N

Mar 20, 2023

The course was very comprehensive and practical. I loved it a great deal.

It has cemented my existing knowledge and given me a lot of confidence concerning the subject of controls and assurance for information systems which will go a long way in my career.

The one thing that I think should be done as a value add perhaps not to the course per se but to coursera learning platform is to build in the capability to be able to message the course instructor in order to request for clarification or ask questions in a real time manner because the discussion threads by previous cohorts of students does not always have what you need.

Otherwise thank you Professor Dias

By Tanmayee P

Jun 6, 2021

Thank you Mr. Dias for the thorough and interesting lectures on IS auditing and controls. I gained knowledge in the areas of IS change management controls, SDLC and IS Risk management controls. I loved the instructor's enthusiasm and interest to teach the students almost every important aspect of IS audit. I wish the course had few case studies so as to see how is an audit report prepared and some more material on "Incident reporting". "Business Continuity Management", "Disaster Recovery Management" etc. However, I felt the course is designed really well. I didn't lose interest or grasp. The examples provided by Mr. Dias were very appropriate and accurate.

By Shahab U A

Jan 19, 2022

The instructor was very keen to the audience who started at the very initial level of the course which the newly person who just started career in IT side know the base and foundations about what is IS audit and she explained it very well. His honesty was showing when he delivered all his knowledge to the students as well as the interview was very helpful to understand what's current happening in IT environment. I am very grateful to be a part of this course and especially for Prof. Dias. Many good wishes to him for doing the fantastic job.

By seng c T

Nov 2, 2021

Extremely useful to revise and being reinforced on the salient IS audit, control and assurance elements and focus areas. The section covering future trends and insights on disruptive trends (already happening and pervasive) are well summarised and remind us on the ever changing landscapes and its associated risks and threat landscapes which the IT/IS audit profession have to catch up with the automated tools, and updating frameworks, standards, guidelines and industry best practices. A well taught course worth recommending. Thank you!