The course provides a comprehensive approach for auditing information systems. It covers fundamental concepts of risk management for Information Systems (IS) auditors to perform risk assessment, and risk analysis at various business levels, including systems, administrative and organizational levels. The course also covers business cases for students to study, and provides opportunities for them to apply their IS auditing skills to solve those cases from IS auditing perspectives. Typical solutions to those cases are effective, reasonable, and practical controls. Other IS auditing practices, such as compliance audit and governance audit, and auditing system development life cycle are covered as well, in order to provide a holistic training of IS auditing to students.