Published on April 15, 2014
CA. R Vittal Raj 1
This Webcast On Current Syllabi Also Discuss Shortcomings Found by Examiners - Points to Take Care New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week) Applicable from November, 2014 Exams Details available on Institute Website - http://126.96.36.199/30545bos20300.pdf 2
Relevance of the Paper in CA Final Course Understanding layout of topics Some key perspective to topics General pattern of Exam Questions & Exam Preparation tips Fundamentals you should know before you start 3
1 • Information Systems Concepts 2 • Systems Development Life Cycle Methodology 3 • Control Objectives 4 • Testing – General & Automated Controls 5 • Risk Assessment Methodologies and Applications 6 • Business Continuity Planning and Disaster Recovery Planning 7 • Overview of ERP: IS Auditing Standards, Guidelines and Best Practices 8 • IS Auditing Standards, Guidelines , Best Practices 9 • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective 10 • Information Technology (Amendment) Act, 2008 4
Before You Start! 5
Value of Information to Business IT – not mere enabler but a business driver Business risks arising from use of IT Need for managing multi risks from IT 6
Role of IT in effectively achieving business as well as governance objectives Auditors’ Role in providing assurance Audit Risk arising from ignorance/ inappropriate understanding of impact of IT in planning, designing and performing audit procedures 7
Two Volumes • Volume 1 – Study Material • Volume 2 – Practice Manual Topics – 10 Learning Objective Sub topics 8
Not merely conceptual knowledge but applied knowledge A final student is expected to have conceptual knowledge but also applied knowledge & capability Conceptual Knowledge – Volume 1 & Other sources Applied Knowledge - Volume 2, other sources and Practical exposure, field visits, ‘look beyond’ Pre-supposes knowledge of IT fundamental concepts (IPCC Material) Jargons! Technical! Managerial/Control Concepts 9
From Exam Perspective 10
Key Topics: • Definition of a System • Types of System • Systems Model & Environment • Information • Information Systems role in management • Operational Support Systems - TPS, MIS, ERP, • Management Support Systems – DSS, EIS, Expert Systems, • Office Automation Systems 11 Overview of Learning Objective: Expert understanding of information, systems, their elements, types and their application in day to day business life
Key Topics: • Systems Development Process • Systems Development Methodologies • Systems Development Life Cycle • In Depth understanding of Phases • Preliminary Study, Systems Requirements Analysis, Systems Design, Systems Acquisition, Systems Development, Systems Testing, Systems Implementation, Post Implementation Review and Systems Maintenance, Documentation • Auditors Role in SDLC 12 Overview of Learning Objective: In depth understanding of concepts, and approaches in SDLC, Phases, tools, Auditors Role in SDLC
Key Topics: • IS Controls and their need • Considerations arising from use of computers – Internal Control & Audit perspective • Overview of IS Audit Process, audit objectives vs. control objectives • IS Control Techniques, types, roles and responsibilities • End User Controls • Controls in SDLC - Systems Development and Acquisition, Change Management, Quality Assurance, Systems Implementation & Maintenance 13 Overview of Learning Objective: In depth understanding of Internal Controls , control objectives, controls & techniques of control across various facets of systems protection, role of IS audit
Key Topics: • Controls over Data Integrity, Privacy and Security • Security concepts and techniques • Data Security and Public Networks, Unauthorised Intrusion, Hacking • Logical Access Controls, Malware & related controls • Physical & Environmental Controls 14
Key Topics: • Testing – Concepts, need and types • Audit Planning Considerations for testing • Audit Testing – IS Controls identification, Prioritising, Performing tests • General Controls vs. Application Controls • Audit Testing techniques • Testing of Technical Controls – Hardware, Systems Software, Network • Concurrent or Continuous Audit and Embedded Audit Module • Audit Reporting 15 Overview of Learning Objective: Expert Knowledge of testing concepts, types, methods, audit planning
Key Topics: • Indepth understanding of Risk Management Concepts • Asset, Threats, Vulnerabilities, Severity and Likelihood, Exposure, Countermeasures, Acceptable Risk, Residual Risk • Understanding of Threats in Computerised Environments • Risk Assessment vs. Risk Management • Risk Identification, Ranking, Mitigation and role of Controls 16 Overview of Learning Objective: Working Knowledge on concepts and application of Risk Management, components thereof and phases in Risk Management, Controls
Key Topics: • Goals and objectives of BCP • Steps to developing a BCP • Types of Plans • Emergency, Backup, Recovery • Business Impact Analysis & Risk Assessment • Backup Techniques • Full, Incremental, Differential, Mirror • Alternate Processing Arrangements • Cold, Hot, Warm Site, Reciprocal Arrangement • Disaster Recovery Procedures • Insurance • BCP Testing Objectives and Steps • Audit of Disaster Recovery/Business Resumption Plan 17 Overview of Learning Objective: In depth understanding of purpose and objectives of BCP/DRP, phases thereof and role of audit
Key Topics: • ERP Fundamentals • Definition, Evolution, Features, Benefits • Business Process Re-Engineering • A Critical success factor for ERP, • ERP Implementation • Key considerations, Methodology, Phases • Post Implementation Issues • Risk Governance Issues in ERP • ERP & E-Commerce • Overview of some popular products and Case studies 18 Overview of Learning Objective: Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in Implementation, Importance of BPR
Key Topics: • ICAI Standards – SA 315, SA 330 • ISO 27001 – Information Security Management Standard • Capability Maturity Model (CMM) • COBIT – IT Governance Framework • CoCo Guidance – Criteria of Control Model (CICA) • ITIL (IT Infrastructure Library) • Systrust and Webtrust from AICPA • HIPAA • SA 402 19 Overview of Learning Objective: Gain overview and relevance of global standards in IS Control, Security, Audit and It Governance
Key Topics: • Importance of Information Security to Enterprise • Information Security Policy • Purpose, scope, types, allocation of roles and responsibilities • Asset Classification, Access Control, Physical Security, SDLC, BCP • Audit Policy • Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency, Linkage to IT Governance Framework, Audit Communication • Audit Working Papers and Documentation • Planning Documentation, Gathering and Organising Information, Writing Documentation • IS Audit Reports • Structure, Format, Distribution, Context, Objectives, Findings, Opinion, Substantiation, Evidence 20 Overview of Learning Objective: Expert knowledge in drafting of Information Systems Security Policy, Audit Policy and Audit Documentation and Reporting
Key Topics: • IT Act 2000 & the Amendment Act, 2008 • Purpose, Definitions • Authentication, Digital & Electronic Signature • Obligations of Subscribers, Body Corporates, Intermediaries and users • Electronic Governance • Electronic Contracts • Certifying Authorities • Penalties, Adjudication and Authorities under the Act • Offences 21 Overview of Learning Objective: Working Knowledge on Purpose of the Act, knowledge of key provisions, application of certain provisions
Don’t rule out any topic, Questions may test concepts across chapters. Marks weightage may vary by chapter (not necessarily a set pattern) Questions may test concepts as well as applied understanding One Question may test concepts from more than one chapter Both conceptual as well as applied knowledge is tested 22
Total Marks – 100 No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered Hours - 3 Questions based on Scenario/Brief Case Study Questions directly testing conceptual understanding Questions testing practical application Short notes ( 4 of 5 Questions) 23
Cyberphobia and allergy with technical terms/jargons! Technical perspective than risk perspective Inability to relate the IT concept to Business & Audit Risk Last moment rushing through material without reading and seeing it apply in real life Memorising concepts without understanding Reading material without devoting adequate time to solving sample/past question papers Writing lengthy/irrelevant answers, not answering to the point and not organising your answers 24
Ein Audit untersucht, ob Prozesse, Anforderungen und Richtlinien die geforderten Standards erfüllen. Ein solches Untersuchungsverfahren erfolgt häufig im ...
Auditing (von lateinisch audire ‚hören‘) steht für: Auditing (Informationstechnik), im Bereich der Informationstechnik das detaillierte ...
Auditing stellt Fähigkeit wieder her und ist der Pfad zu höheren spirituellen Zuständen. Ein ausgebildeter Auditor verwendet exakte, erprobte Prozesse ...
Übersetzung für auditing im Englisch-Deutsch-Wörterbuch dict.cc.
Description "Auditing" in the context of Dianetics or Scientology is an activity where a person trained in auditing listens and gives auditing commands to ...
On the fourth day the auditing of the marshal's accounts took place at the high table of the marshal of the province.
Für die Scientologen stellt das Auditing einen methodischen spirituellen Weg dar, es ist sozusagen das "höchste Sakrament" der Scientology. Seit 1971 ...
noun 1. an official examination and verification of accounts and records, especially of financial accounts. 2. a report or statement reflecting an audit; a ...
The International Auditing and Assurance Standards Board®(IAASB®) is an independent standard-setting body that serves the public interest by setting high ...
Auditing refers to a systematic and independent examination of books, accounts, documents and vouchers of an organization to ascertain how far the ...