MIS 5902 – IT Capstone – Syllabus

The whole purpose of education is to turn mirrors into windows (of opportunities).
- Sidney T. Harris

Instructor Thu Nguyen

Information Thu.nguyen@wellsfargo.com or
tuc74059@temple.edu
Office Information (215) 833-8400

Office Hrs. By appointment on-line or on campus any day.

How to reach me By appointment before or after class on scheduled class day
CRN 3926 Section 012 Location TBD Time Weekdays 5:30 PM – 8:00 PM

Required Course Material:

CISA Review Manual 2019 ($105.00)
2020 CISA Practice Question Database online ($299.00/12 months) manual ($129)
These materials can be purchase from ISACA ( https://www.isaca.org/bookstore/Pages/CISA-Exam-Resources.aspx)

Community site: http://community.mis.temple.edu/mis5902sum119/

CISA Exam Requirement: All students MUST registered to take the exam by the last day of the semester. Students must provide
the professor your exam registration confirmation by the 4th week of class. Provide professor the preliminary results of the exam.

CISA EXAM Information:

Visit https://www.isaca.org/credentialing/cisa/get-cisa-certified for guidance on exam requirements and CISA exam
procedures.

Additional CISA Study Guide

http://cisaexamstudy.com/cisa-domain-1-testing-concepts/

Course Objectives
In this course you will learn how to prepare for the Certified Information Systems Auditor (CISA) exam, perform research,
give presentation and write an executive reports on topics related to current emerging IT risks and controls.
Key topics of the course are:
1. To prepare for national CISA examinations by reviewing key points in areas of:
a. IT Auditing Process,
b. Governance & Management of IT
c. Information System Acquisition, Development and Implementation
d. Information System Operations, Maintenance and Support
e. Protection of Information Asset
2. Present in-depth knowledge of IT auditing concepts through research and audit an existing corporate policy and
providing results and recommendations related to the policy. Formulate Thesis and document the study for final
representation and defense of you position about the policy under review. A grading rubric for written work can be
found below.

Grading

Item Percent of Total Points

Participation 20%
Practice CISA Quizzes & Exam 50%
Research/Thesis 20%
Presentation 10%

Total 100%
Participation

Page 1 of 9
 MIS 5902 – IT Capstone - Syllabus

Much of your learning will occur as you prepare for and participate in discussions about the course material. The
assignments, cases, and readings have has been carefully chosen to bring the real world into class discussion while also
illustrating fundamental concepts.

1) Preparation before class – By the start of all classes you will have completed the assigned readings and practice
exam and bring a copy for your score of the practice exam and listing of questions that was not answered correctly.
Be prepared to discuss topics for which you did NOT get correct on the practice exam. Items to discuss:
a. Two key points you took from each practice exam or assigned readings.
b. Minimum two questions that you would ask your fellow classmates to facilitate discussion on the topics or
questions you did not answer correctly on the practice exam.

2) Participation during class – We will typically start each discussion with “opening” questions about the practice
exam and a round table discussion of the assigned Article readings for the week. I may ask for volunteers, or I may
call on you. Students called on to answer should be able to summarize the key points, and challenges in the area of
examination or topic under discussion. 20% of the course grade is earned by discussing the topics brought fourth in
class. Evaluation is based on a consistently demonstrating your engagement with the material. Assessment is based
on what you contribute, not simply what you know.

3) On-line class - Some classes will be held via on-line learning. You’ll be connected via the WebX or Zoom link
which will be sent to your email the day before the scheduled class meeting and also available in your TUPortal.
You’ll need a PC with internet connection, audio and webcam.

4) Attendance – you are expected to attend every scheduled class. More than two absences will result in a lowering of
a full alphabetical grade (regardless of earned grade). More than four absences will result in a "FAILURE" for the
course. Any in class assignment, quiz, commentary, or homework submission that is missed due to late arrival to
class or absence will not be accepted and will receive a grade of zero. No make-ups will be allowed. You are
expected to be on time, and remain until the end. Continual lateness, surfing on other websites during class or early
exit from class can be counted as an absence.

5) Team presentations for Class Materials– Individuals are paired into teams to prepare and present study materials
for assigned classes. Presentation must be prepared in Powerpoint or Prezi format using materials from the ISACA
CISA study manual.

6) Thesis and presentation- Final thesis along with the presentation must be turned into the Professor by last week of
class.

The criteria for participation includes attendance, punctuality, level of preparation, professionalism, answering questions,
discussing readings, discussing incorrect practice questions, contributing to group activities, and contributing to a positive
learning environment. Recognizing that students sometimes have unavoidable conflicts, the baseline for expected
participation is assessed on one less week than the number of assigned weekly write-ups.

Research Analyses, Presentation and Thesis Report

Learning Objectives:
 To related the IT governance, process, risks and controls framework you‘ve learned to auditing real policy of an
organization.
 To take the lessons learned from the class to apply to your current or future jobs.
 To learn how to deliver thesis and presentations to corporate Executives

Students will paired up in groups to perform in-depth analysis and audit of an existing corporate policy. Using the
information learned in class, students will perform risks and control analysis of the policy and provide results and practical
recommendations to Management to enhance the policy. Students will present the results of their research during weeks
noted in the “Schedule Summary” below and turn in Thesis and Presentation of the research and results. Students will
submit a proposal for the topics during week two of the semester and provide periodic updates to their research analysis every
3 week subsequent. Final presentation will comprise of a visual (PowerPoint, Preso) presentation and a final Thesis word
document. The research analysis, presentation and thesis will be grated using the criteria and guideline noted in the class
rubric. The research scenario is that the Executives wants to know how if there policy is in compliant with law, regulations,
best practices, practical, effective and sustainable in guiding their employees and company to be good corporate citizen.
Similarly, organization performed due diligence or higher 3rd parties to assess on their governance and oversight processes to
Page 2 of 9
 MIS 5902 – IT Capstone - Syllabus

ensure adequate protection of assets and that their IT operations are in compliant to laws, regulations, standards, policy and
procedures. Researched topic must be approved by the professor prior to execution.

Research Presentation Format

Below are sample questions and guidance you can use to start thinking about the policy you will research and audit and write
your thesis. These are not all inclusive, use the information you learn from class to formulate good thesis questions and
research analysis.

1. Executive Summary must describe:

a. What is the technology policy under review?
b. What risks is the policy trying to mitigate?
c. Does the policy comply with law and regulations?
d. Does the policy direct employees to actions that mitigate risks to an acceptable level?
e. What are the controls being put in place to mitigate the risks?
f. Is the policy practical and effective at addressing the risks?
g. Is the policy executable at all levels?
h. Is the controls noted in the policy sustainable?
i. How should the policy be deployed?
j. How should it be monitored
k. How often is it reviewed & updated
l. Is the policy approved by leadership?
m. Does the policy reflect current operating environment?
n. What are your recommendations to mitigate the risk gaps or enhance the policy and why?

2. Based on what you’ve learned about IT auditing classes, what are your Conclusions and Recommendations to the
company regarding their policy?
3. Be creative in the presentation and use whatever is necessary (preso, video, demo, simulate, etc) to sale your point
and convince Management to do what you recommend.
4. Turn in the Thesis paper along with your presentation work.

Master in IT Auditing Research Rubric

Trait Unsatisfactory Satisfactory Excellent
Determines Discerns some of the Mostly discerns the Completely discerns the
Information Needed to information needed to information needed to information needed to
Understand Risks, understand technology policy understand technology policy understand technology policy
Controls, Governance risks and control needs but risks & control with a few risks and control needs.
requirements and there are several omissions. minor omissions.
recommendations
associated with the
Policy under review
Gathers information from a Gathers good information Gathers optimal information
limited range of sources; rely from a variety of sources, from a variety of quality
too much on one kind of including subscription electronic and print sources,
source or on general web databases. Does a good job including subscription
Gathers Information searches and uses too many evaluating the quality, databases. Evaluates and selects
and Evaluate that are poor or tangential. credibility, and usefulness of only the best sources for
Information sources. credibility, usefulness, and
quality.

Page 3 of 9
 MIS 5902 – IT Capstone - Syllabus

Conclusions could have been Uses information to draw Uses information effectively to
better supported. Question or appropriate conclusions, draw appropriate conclusions,
problem minimally resolved. answer a question, or solve a and optimally answer a
Some necessary ideas/points problem. Some minor question or solve a problem. All
Uses Information are missing. ideas/points are missing. relevant ideas/points included.

Thesis is disorganized, Thesis flows Thesis is

disconnected or choppy; takes smoothly with smooth, polished
effort for audience to follow, occasional and well organized;
Thesis formulation, too little information for confusion or rough follows the subject well and is
analysis and audience to gain meaningful patches between relevant to the topic using
conclusion insights or relevance to the ideas. Information presented detailed and current examples
topic generally touch on the with practical, logical
relevancy of the topic. conclusions
Presentation is confusing and Presentation flows Presentation is
disorganized, disconnected or smoothly with smooth, polished
choppy; takes effort for occasional and well organized;
audience to follow, too little confusion or rough follows the subject well and is
information for listener to patches between relevant to the topic using
gain meaningful insights or ideas. Information presented detailed and current examples.
Presentation and relevance to the topic. generally touch on the
Content relevancy of the topic.

Quizzes
Every week, we will have a short quiz using CISA practice examination questions. You are required to submit the results of your 50
Q&A practice test from the ISACA CISA Q&A databases. You will be able to miss (or drop) one quiz during the semester. Any
additional misses will receive a grade of 0. Your average score over the semester will be your grade.

Mid-Term Exam
The mid-term will be the 150 multiple-choice CISA practice examination questions to covers topics we’ve learned.

Final Exam
The final exam will be the 150 multiple-choice CISA practice examination questions. The exam will be comprehensive. Everything
we cover during the semester could appear on the Exam.

CLASS AGENDA

Class Topic Sub-topic Readings

Assignments
Course Introduction and Strategic Plans
1&2 Part A: CISA Review Manual Section 1.0 – 1.5 Complete 50
Planning  IS Audit Standards, Guideline & Code of Ethics questions
 Business Processes from the
 Types of Controls Database
Chapter 1  Risks-based Auditing

Page 4 of 9
 MIS 5902 – IT Capstone - Syllabus

Process of Part B: CISA Review Manual Section 1.6 – 1.11 Complete 50

Auditing Execution  Audit Project Management questions
Information  Sampling Methodology from the
Systems  Audit Evidence Collection Techniques Database
 Data Analytics
 Reporting & Communication techniques
 Quality Assurance & Improvements of Audit Process
Part A: Info CISA Review Manual Section 5.0 - 5.11.3 Complete 50
Asset Security  Info Asset Security Frameworks, Standards & questions
& Control Guidelines from the
 Privacy Principles Database
 Physical Access & Environmental Controls
 Identity & Access Management
 Network & Endpoint Security
 Data Classification
Chapter 5  Data Encryption & Encryption related Techniques
Protection of
3&4&  Public Key Infrastructure
Information
5  Web-based Communication
Assets
 Virtualized Environment
 Mobile, Wireless & Internet of things Devices
Part B: Security CISA Review Manual Section 5.12- 5.17 Complete 50
Event Mgnt  Security Awareness Training & Program questions
 Info Sys Attack Methods & Techniques from the
 Security Testing Tools & Techniques Database
 Security Monitoring Tools and Techniques
 Incident Respond Management
 Evidence Collection & Forensics
Part A: Info Sys CISA Review Manual Section 4.1-4.11 Complete
Operations 7-3-  Common Technology Components 150
2021  IT Asset Management Questions
 Job Scheduling Y production Process Automation Comprehens
 System Interfaces ive Practice
 End User Computing Exam
Chapter 4  System Performance Management
Info Sys  Problem & Incident Management
6&7 Operations,  Change Configuration, Release & Patch Mgnt
Maintenance &  Service Level Mgnt
Support  Database Management
Part: B CISA Review Manual Section 4.12 -4.16 Complete 50
Business  Business Impact Analysis questions
Resiliency  System Resiliency from the
 Data Backup, Storage & Restoration Database
 Business Continuity Plan
 Disaster Recovery Plan
Part A: CISA Review Manual Section 3.1-3.4
Info Sys  Benefit Realization
Acquisition,  Project Management Structure Complete 50
Chapter 3 Development &  Project Management Practice questions
Info Sys Implementation  Business Application Development from the
8&9 Acquisition,  Business Application Systems Database
Development & Part B: Info Sys CISA Review Manual Section 3.5-3.8
Implementation Implementation  Testing Methodologies Complete 50
 System Migration, Infrastructure Deployment & Data questions
Conversion from the
 Post Implementation Review Database
Page 5 of 9
 MIS 5902 – IT Capstone - Syllabus

Part A: IT CISA Review Manual Section 2.1-2.8 Complete 50

Governance  IT Governance & IT Strategy questions
 IT related Frameworks from the
 IT Standards, Policies & Procedures Database
 Organization Structure
 Enterprise Architecture
Chapter 2  Enterprise Risk Management
Governance &  Maturity Model
10 & 11 Management of  Law, Regulations & Industry Standards Affecting the
IT Org.

Part B: IT CISA Review Manual Section 2.9-2.12 Complete

Management  IT Resource Mgnt 150
 IT Service Provider Acquisition & Mgnt Questions
 IT Performance Monitoring & Reporting Comprehens
 Quality Assurance & Quality Management of IT ive Practice
Exam
12 Research Presentation & 1-2 page Executive Summary Report Due- Group Presentation
Take Scheduled Exam Following the last week of class

Class Topic Sub-topic Readings

Assignments
Governance of
Governance and Enterprise IT The Logical Reason for Consideration of IT, by Tommie W.
2
Management of IT Singleton, Ph.D., CISA, CGEIT, CITP, CPA

Risk Management
IT Risks: Present and Future, by Tommie W. Singleton,
3 Risk Management Ph.D., CISA, CGEIT, CITP, CMA, CPA

Information Security
Protection of Risk to Entities Regarding Data Breaches, by Tommie W.
4 Management
Information Assets Singleton, CISA, CGEIT, CPA
Logical Access
Evaluating Access Controls Over Data, by Tommie W.
5 Protection of Assets
Singleton, Ph.D., CISA, CGEIT, CITP, CPA
Information Disaster Recovery
What Every IT Auditor Should Know About Backup and
Systems Operations, Planning
Recovery, by Tommie W. Singleton, Ph.D., CISA, CGEIT,
6 Maintenance and
CITP, CPA
Service
Management
Auditing Application
Auditing Applications, Part 1, by Tommie W. Singleton,
Controls
Information Ph.D., CISA, CGEIT, CITP, CPA
Systems
8 Acquisition, Auditing Applications, Part 2, by Tommie W. Singleton,
Development and Ph.D., CISA, CGEIT, CITP, CPA
Implementation

Risk Management
Governance and IT Risks: Present and Future, by Tommie W. Singleton,
10
Management of IT Ph.D., CISA, CGEIT, CITP, CMA, CPA

Class Schedule Summary

Page 6 of 9
 MIS 5902 – IT Capstone - Syllabus

Schedule noted below are subject to change. Changes to schedule dates will be communicated to the students via in class
announcements and/or email communication

Class Day Dates Text Ref Time  

1 Mon 5/11/20 Intro & Chapter 1 5:30 pm - 8:00 pm  
2 Mon 5/18/20 Chapter 1 5:30 pm - 8:00 pm  
3 Mon 5/25/20 Chapter 5 5:30 pm - 8:00 pm  
4 Mon 6/1/20 Chapter 5 5:30 pm - 8:00 pm  
5 Mon 6/8/20 Chapter 5 5:30 pm - 8:00 pm  
Mon 6/15/20 Chapter 4 5:30 pm - 8:00 pm
6  
EXAM 1 due
7 Mon 6/22/20 Chapters 4 5:30 pm - 8:00 pm  
8 Mon 6/29/20 Chapter 3 5:30 pm - 8:00 pm  
9 Mon 7/6/20 Chapter 3 5:30 pm - 8:00 pm  
10 Mon 7/13/20 Chapter 2 5:30 pm - 8:00 pm
Mon 7/20/20 Chapter 2 5:30 pm - 8:00 pm
11  
EXAM 2 due
Mon 7/27/20 Thesis & Group 5:30 pm - 8:00 pm
12  
Research Presentation
 
8/3/20 Take CISA EXAM  

Grading Criteria

The following are the criteria used for evaluating assignments. You can roughly translate a letter grade as the
midpoint in the scale (for example, an A- equates to a 91.5). Grades will include cumulative scores from the
practice exams.

Criteria Grade
The assignment consistently exceeds expectations. It demonstrates originality of thought and A- or A
creativity throughout. Beyond completing all of the required elements, new concepts and
ideas are detailed that transcend general discussions along similar topic areas. There are few
mechanical, grammatical, or organization issues that detract from the ideas.
The assignment consistently meets expectations. It contains all the information prescribed for the B-, B, B+
assignment and demonstrates a command of the subject matter. There is sufficient detail to cover the
subject completely but not too much as to be distracting. There may be some procedural issues, such
as grammar or organizational challenges, but these do not significantly detract from the intended
assignment goals.

Page 7 of 9
 MIS 5902 – IT Capstone - Syllabus

Criteria Grade
The assignment fails to consistently meet expectations. That is, the assignment is complete but C-, C, C+
contains problems that detract from the intended goals. These issues may be relating to content detail,
be grammatical, or be a general lack of clarity. Other problems might include not fully following
assignment directions.
The assignment constantly fails to meet expectations. It is incomplete or in some other way Below C-
consistently fails to demonstrate a firm grasp of the assigned material.

Additional Information
Availability of o Please free to schedule (with appointment) time to discuss any issues
Instructor related to this class.
o While every student is encouraged to meet with me when they need help
understanding the course material. However, meeting is NOT intended
for helping students catch up on material they missed because they were
absent. Student should work with their classmates to catch-up on missed
classes.
Attendance Policy o Class discussion in intended to be an integral part of the course.
Accordingly, full attendance is expected by every member of the class.
o If you are absent from class, speak with your classmates to catch up on
what you have missed and continue to follow and complete the
assignments on the syllabus.
Class Etiquette o Please be respectful of the class environment.
o Class starts promptly at the start time. Please make EVERY effort to be
on time, as I will communicate important information in the first few
minutes of class.
o Cell phones must be turned off and put away during class.
o Refrain from personal discussions during class. Please leave the room if
you need to speak to another student for more than a few words. If a
student cannot refrain from engaging in private conversation and this
becomes a pattern, the students will be asked to leave the classroom to
allow the remainder of the students to work.
o There will be two examinations during the semester. The exams cannot
be made up, regardless of the reason for absence.
Appropriate use of o Please turn off cell phones at the start of class. If you have an urgent,
Technology in the personal situation and may be receiving an important phone call during
classroom class, please let me know this at the beginning of class, sit near the door,
and step out of the classroom if you need to take a call.
o Please bring your laptop or tablet to class. We want to explore these
topics and there is a wealth of materials available online. I do expect that
you will use your laptop for our course only while in class.
Disability o Temple University is committed to the inclusion of students with
accommodations disabilities and provides accessible instruction, including accessible
technology and instructional materials. The process for requesting access
and accommodations for this course is: 1) Advise me of the need for
access or accommodations; 2) Contact Disability Resources and Services
to request accommodations; 3) DRS will consult with me as needed about
essential components of the program; 4) present me with a DRS
accommodation letter.

Page 8 of 9
 MIS 5902 – IT Capstone - Syllabus

Plagiarism, Academic Dishonesty and Citation Guidelines

If you use text, figures, and data in reports that was created by others you must identify the source and clearly
differentiate your work from the material that you are referencing. If you fail to do so you are plagiarizing. There
are many different acceptable formats that you can use to cite the work of others (see some of the resources
below). The formats are not as important as the intent. You must clearly show the reader what is your work and
what is a reference to somebody else’s work.

Plagiarism is a serious offence and could lead to reduced or failing grades and/or expulsion from the university.
The Temple University Student Code of Conduct specifically prohibits plagiarism (see
http://www.temple.edu/assistance/udc/coc.htm).

The following excerpt defines plagiarism:

Plagiarism is the unacknowledged use of another person’s labor, ideas, words, or assistance. Normally,
all work done for courses — papers, examinations, homework exercises, laboratory reports, oral
presentations — is expected to be the individual effort of the student presenting the work. There are many
forms of plagiarism: repeating another person’s sentence as your own, adopting a particularly apt phrase
as your own, paraphrasing someone else’s argument as your own, or even presenting someone else’s line
of thinking in the development of a thesis as though it were your own. All these forms of plagiarism are
prohibited both by the traditional principles of academic honesty and by the regulations of Temple
University. Our education and our research encourage us to explore and use the ideas of others, and as
writers we will frequently want to use the ideas and even the words of others. It is perfectly acceptable to
do so; but we must never submit someone else’s work as if it were our own, rather we must give
appropriate credit to the originator.
Source: Temple University Graduate Bulletin, 2000-2001. University Regulations, Other Policies,
Academic Honesty. Available online at: http://www.temple.edu/gradbulletin/

 For a more detailed description of plagiarism:

o Princeton University Writing Center on Plagiarism:
o http://web.princeton.edu/sites/writing/Writing_Center/WCWritingRes.htm
 How to successfully quote and reference material:
o University of Wisconsin Writers Handbook
o http://www.wisc.edu/writing/Handbook/QuotingSources.html
 How to cite electronic sources:
o Electronic Reference Formats Recommended by the American Psychological Association
o http://www.apastyle.org/elecmedia.html

isaca.surgent.com/ICISA/ICISA/dashboard

Page 9 of 9