{"id":21754,"date":"2013-02-23T19:14:25","date_gmt":"2013-02-23T13:44:25","guid":{"rendered":"http:\/\/www.kopykitab.com\/blog\/?p=21754"},"modified":"2013-02-23T19:14:25","modified_gmt":"2013-02-23T13:44:25","slug":"information-systems-control-and-audit-ca-final-syllabus","status":"publish","type":"post","link":"https:\/\/www.kopykitab.com\/blog\/information-systems-control-and-audit-ca-final-syllabus\/","title":{"rendered":"Information Systems Control and Audit CA Final Syllabus"},"content":{"rendered":"<h1 style=\"text-align: center;\">Information Systems Control and Audit CA Final Syllabus<\/h1>\n<p style=\"text-align: center;\"><strong>Information Systems Control and Audit<\/strong><br \/>\n<strong>(One Paper \u2013 Three hours \u2013 100 marks)<\/strong><br \/>\n<strong>Level of knowledge: Advanced knowledge<\/strong><\/p>\n<p>Objective:<\/p>\n<p>To gain application ability of necessary controls, laws and standards in computerized Information system.<\/p>\n<p>Contents:<\/p>\n<p>1. Information Systems Concepts General Systems Concepts \u2013 Nature and types of systems, nature and types of information, attributes of information.<br \/>\nManagement Information System \u2013 Role of information within business Business information systems \u2013various types of information systems \u2013 TPC, MIS, DSS,<br \/>\nEIS, ES<\/p>\n<p>2. Systems Development Life Cycle Methodology<\/p>\n<ul>\n<li>Introduction to SDLC\/Basics of SDLC<\/li>\n<li>Requirements analysis and systems design techniques<\/li>\n<li>Strategic considerations : Acquisition decisions and approaches<\/li>\n<li>Software evaluation and selection\/development<\/li>\n<li>Alternate development methodologies- RAD, Prototype etc<\/li>\n<li>Hardware evaluation and selection<\/li>\n<li>Systems operations and organization of systems resources<\/li>\n<li>Systems documentation and operation manuals<\/li>\n<li>User procedures, training and end user computing<\/li>\n<li>System testing, assessment, conversion and start-up<\/li>\n<li>Hardware contracts and software licenses<\/li>\n<li>System implementation<\/li>\n<li>Post-implementation review<\/li>\n<li>System maintenance<\/li>\n<li>System safeguards<\/li>\n<li>Brief note on IS Organisation Structure<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>3. Control objectives<br \/>\n(a) Information Systems Controls<\/p>\n<ul>\n<li>Need for control<\/li>\n<li>Effect of computers on Internal Audit<\/li>\n<li>Responsibility for control \u2013 Management, IT, personnel, auditors<\/li>\n<li>Cost effectiveness of control procedure<\/li>\n<li>Control Objectives for Information and related Technology (COBIT)<\/li>\n<\/ul>\n<p>(b) Information Systems Control Techniques<br \/>\nControl Design: Preventive and detective controls, Computer -dependent control, Audit trails, User Controls (Control balancing, Manual follow up)<br \/>\nNon-computer-dependent (user) controls: Error identification controls, Error investigation controls, Error correction controls, Processing recovery controls<\/p>\n<p>(c) Controls over system selection, acquisition\/development Standards and controls applicable to IS development projects Developed \/ acquired systems<\/p>\n<ul>\n<li>Vendor evaluation<\/li>\n<li>Structured analysis and design<\/li>\n<li>Role of IS Auditor in System acquisition\/selection<\/li>\n<\/ul>\n<p>(d) Controls over system implementation<\/p>\n<ul>\n<li>Acceptance testing methodologies<\/li>\n<li>System conversion methodologies<\/li>\n<li>Post implement review<\/li>\n<li>Monitoring, use and measurement<\/li>\n<\/ul>\n<p>(e) Control over System and program changes<\/p>\n<ul>\n<li>Change management controls<\/li>\n<li>Authorization controls<\/li>\n<li>Documentation controls<\/li>\n<li>Testing and quality controls<\/li>\n<li>Custody, copyright and warranties<\/li>\n<li>Role of IS Auditor in Change Management<\/li>\n<\/ul>\n<p>(f) Control over Data integrity, privacy and security<\/p>\n<ul>\n<li>Classification of information<\/li>\n<li>Logical access controls<\/li>\n<li>Physical access controls<\/li>\n<li>Environmental controls<\/li>\n<li>Security concepts and techniques \u2013 Cryptosystems, Data Encryption Standards (DES),<\/li>\n<li>Public Key Cryptography &amp; Firewalls<\/li>\n<li>Data security and public networks<\/li>\n<li>Monitoring and surveillance techniques<\/li>\n<li>Data Privacy<\/li>\n<li>Unauthorised intrusion, hacking, virus control<\/li>\n<li>Role of IS Auditor in Access Control<\/li>\n<\/ul>\n<p>4. Audit Tests of General and Automated Controls<br \/>\n(a) Introduction to basics of testing (reasons for testing);<br \/>\n(b) Various levels\/types of testing such as: (i) Performance testing,<\/p>\n<p>(ii) Parallel testing,<\/p>\n<p>(iii) Concurrent Audit modules\/Embedded audit modules, etc.<\/p>\n<p>5. Risk assessment methodologies and applications:<\/p>\n<p>(a) Meaning of Vulnerabilities,Threats, Risks, Controls,<\/p>\n<p>(b) Fraud, error, vandalism, excessive costs, competitive<br \/>\ndisadvantage, business, interruption, social costs, statutory sanctions, etc.<\/p>\n<p>(c) Risk Assessment and Risk Management,<\/p>\n<p>(d) Preventive\/detective\/corrective strategies<br \/>\n6. Business Continuity Planning and Disaster recovery planning:<\/p>\n<p>(a) Fundamentals of BCP\/DRP,<\/p>\n<p>(b) Threat and risk management,<\/p>\n<p>(c) Software and data backup techniques,<br \/>\n(d) Alternative processing facility arrangements,<\/p>\n<p>(e) Disaster recovery procedural plan,<\/p>\n<p>(f) Integration with departmental plans, testing and documentation,<\/p>\n<p>(g) Insurance<\/p>\n<p>7. An over view of Enterprise Resource Planning (ERP)<\/p>\n<p>8. Information Systems Auditing Standards, guidelines, best practices (BS7799, HIPPA, CMM etc.)<\/p>\n<p>9. Drafting of IS Security Policy, Audit Policy, IS Audit Reporting &#8211; a practical perspective<\/p>\n<p>10. Information Technology Act, 2000<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Information Systems Control and Audit CA Final Syllabus Information Systems Control and Audit (One Paper \u2013 Three hours \u2013 100 marks) Level of knowledge: Advanced knowledge Objective: To gain application ability of necessary controls, laws and standards in computerized Information system. Contents: 1. Information Systems Concepts General Systems Concepts \u2013 Nature and types of systems, &#8230; <a title=\"Information Systems Control and Audit CA Final Syllabus\" class=\"read-more\" href=\"https:\/\/www.kopykitab.com\/blog\/information-systems-control-and-audit-ca-final-syllabus\/\" aria-label=\"More on Information Systems Control and Audit CA Final Syllabus\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":""},"categories":[4731],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/posts\/21754"}],"collection":[{"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/comments?post=21754"}],"version-history":[{"count":0,"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/posts\/21754\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/media?parent=21754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/categories?post=21754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kopykitab.com\/blog\/wp-json\/wp\/v2\/tags?post=21754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}