CA-Final:G II Info. Sys.Control & Audit

CA-Final:G II Info. Sys.Control & Audit

Created On: | 454 Views

CA-Final:Group II-Information Systems Control and Audit

 CA-Final:Group II-Information Systems Control and Audit


CA :: Final 
Group II
Paper 6: Information Systems Control and Audit
[One paper: Three Hours – 100 marks]

Level of Knowledge :

Advanced knowledge.


To gain application ability of necessary controls, laws and standards in computerized Information system.


1. Information Systems Concepts
  General Systems Concepts – Nature and types of systems, nature and types of information, attributes of information.
  Management Information System – Role of information within business
  Business information systems –various types of information systems – TPC, MIS, DSS, EIS, ES
2. Systems Development Life Cycle Methodology
  Introduction to SDLC/Basics of SDLC
  Requirements analysis and systems design techniques
  Strategic considerations : Acquisition decisions and approaches
  Software evaluation and selection/development
  Alternate development methodologies- RAD, Prototype etc
  Hardware evaluation and selection
  Systems operations and organization of systems resources
  Systems documentation and operation manuals
  User procedures, training and end user computing
  System testing, assessment, conversion and start-up
  Hardware contracts and software licenses
  System implementation
  Post-implementation review
  System maintenance
  System safeguards
  Brief note on IS Organisation Structure
3. Control objectives
(a) Information Systems Controls
  Need for control
  Effect of computers on Internal Audit
  Responsibility for control – Management, IT, personnel, auditors
  Cost effectiveness of control procedure
  Control Objectives for Information and related Technology (COBIT)
(b) Information Systems Control Techniques
  Control Design: Preventive and detective controls, Computer-dependent control, Audit trails, User Controls (Control balancing, Manual follow up)
  Non-computer-dependent (user) controls: Error identification controls, Error investigation controls, Error correction controls, Processing recovery controls
(c) Controls over system selection, acquisition/development
  Standards and controls applicable to IS development projects
  Developed / acquired systems
  Vendor evaluation
  Structured analysis and design
  Role of IS Auditor in System acquisition/selection
(d) Controls over system implementation
  Acceptance testing methodologies
  System conversion methodologies
  Post implement review
  Monitoring, use and measurement
(e) Control over System and program changes
  Change management controls
  Authorization controls
  Documentation controls
  Testing and quality controls
  Custody, copyright and warranties
  Role of IS Auditor in Change Management
(f) Control over Data integrity, privacy and security
  Classification of information
  Logical access controls
  Physical access controls
  Environmental controls
  Security concepts and techniques – Cryptosystems, Data Encryption Standards (DES), Public Key Cryptography & Firewalls
  Data security and public networks
  Monitoring and surveillance techniques
  Data Privacy
  Unauthorised intrusion, hacking, virus control
  Role of IS Auditor in Access Control
4. Audit Tests of General and Automated Controls
(a) Introduction to basics of testing (reasons for testing);
(b) Various levels/types of testing such as: (i) Performance testing, (ii) Parallel testing, (iii) Concurrent Audit modules/Embedded audit modules, etc.
5. Risk assessment methodologies and applications:
  (a) Meaning of Vulnerabilities, Threats, Risks, Controls, (b) Fraud, error, vandalism, excessive costs, competitive disadvantage, business, interruption, social costs, statutory sanctions, etc. (c) RiskAssessment and Risk Management, (d) Preventive/detective/corrective strategies
6. Transfer pricing
  (a) Fundamentals of BCP/DRP, (b) Threat and risk management, (c) Software and data backup techniques, (d) Alternative processing facility arrangements,(e) Disaster recovery procedural plan, (f) Integration with departmental plans, testing and documentation, (g) Insurance
7. An over view of Enterprise Resource Planning (ERP)
8. Information Systems Auditing Standards, guidelines, best practices (BS7799, HIPPA, CMM etc.)
9. Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - a practical perspective
10. Information Technology Act, 2000








Login to Comment