Students are required to select an organization that uses information systems to perform daily business operations. They have to identify some assets of the organizations and discuss how and why they are vulnerable to destruction, error, abuse, and system quality problems. The students have to describe and evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization. Identification and illustration on the types of general management controls and application controls related to the selected organization must to be analysed. The students have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.