SlideShare a Scribd company logo

Auditing

Mahanteshgouda Patil
Mahanteshgouda Patil
EducationTechnologyBusiness
1 of 26
Download to read offline
CA. R Vittal Raj 1
This Webcast On Current Syllabi Also Discuss Shortcomings Found by Examiners - Points to Take Care New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week) Applicable from November, 2014 Exams Details available on Institute Website - http://220.227.161.86/30545bos20300.pdf 2
Relevance of the Paper in CA Final Course Understanding layout of topics Some key perspective to topics General pattern of Exam Questions & Exam Preparation tips Fundamentals you should know before you start 3
1 • Information Systems Concepts 2 • Systems Development Life Cycle Methodology 3 • Control Objectives 4 • Testing – General & Automated Controls 5 • Risk Assessment Methodologies and Applications 6 • Business Continuity Planning and Disaster Recovery Planning 7 • Overview of ERP: IS Auditing Standards, Guidelines and Best Practices 8 • IS Auditing Standards, Guidelines , Best Practices 9 • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective 10 • Information Technology (Amendment) Act, 2008 4
Before You Start! 5
Value of Information to Business IT – not mere enabler but a business driver Business risks arising from use of IT Need for managing multi risks from IT 6
Role of IT in effectively achieving business as well as governance objectives Auditors’ Role in providing assurance Audit Risk arising from ignorance/ inappropriate understanding of impact of IT in planning, designing and performing audit procedures 7
Two Volumes • Volume 1 – Study Material • Volume 2 – Practice Manual Topics – 10 Learning Objective Sub topics 8
Not merely conceptual knowledge but applied knowledge A final student is expected to have conceptual knowledge but also applied knowledge & capability Conceptual Knowledge – Volume 1 & Other sources Applied Knowledge - Volume 2, other sources and Practical exposure, field visits, ‘look beyond’ Pre-supposes knowledge of IT fundamental concepts (IPCC Material) Jargons! Technical! Managerial/Control Concepts 9
From Exam Perspective 10
Key Topics: • Definition of a System • Types of System • Systems Model & Environment • Information • Information Systems role in management • Operational Support Systems - TPS, MIS, ERP, • Management Support Systems – DSS, EIS, Expert Systems, • Office Automation Systems 11 Overview of Learning Objective: Expert understanding of information, systems, their elements, types and their application in day to day business life
Key Topics: • Systems Development Process • Systems Development Methodologies • Systems Development Life Cycle • In Depth understanding of Phases • Preliminary Study, Systems Requirements Analysis, Systems Design, Systems Acquisition, Systems Development, Systems Testing, Systems Implementation, Post Implementation Review and Systems Maintenance, Documentation • Auditors Role in SDLC 12 Overview of Learning Objective: In depth understanding of concepts, and approaches in SDLC, Phases, tools, Auditors Role in SDLC
Key Topics: • IS Controls and their need • Considerations arising from use of computers – Internal Control & Audit perspective • Overview of IS Audit Process, audit objectives vs. control objectives • IS Control Techniques, types, roles and responsibilities • End User Controls • Controls in SDLC - Systems Development and Acquisition, Change Management, Quality Assurance, Systems Implementation & Maintenance 13 Overview of Learning Objective: In depth understanding of Internal Controls , control objectives, controls & techniques of control across various facets of systems protection, role of IS audit
Key Topics: • Controls over Data Integrity, Privacy and Security • Security concepts and techniques • Data Security and Public Networks, Unauthorised Intrusion, Hacking • Logical Access Controls, Malware & related controls • Physical & Environmental Controls 14
Key Topics: • Testing – Concepts, need and types • Audit Planning Considerations for testing • Audit Testing – IS Controls identification, Prioritising, Performing tests • General Controls vs. Application Controls • Audit Testing techniques • Testing of Technical Controls – Hardware, Systems Software, Network • Concurrent or Continuous Audit and Embedded Audit Module • Audit Reporting 15 Overview of Learning Objective: Expert Knowledge of testing concepts, types, methods, audit planning
Key Topics: • Indepth understanding of Risk Management Concepts • Asset, Threats, Vulnerabilities, Severity and Likelihood, Exposure, Countermeasures, Acceptable Risk, Residual Risk • Understanding of Threats in Computerised Environments • Risk Assessment vs. Risk Management • Risk Identification, Ranking, Mitigation and role of Controls 16 Overview of Learning Objective: Working Knowledge on concepts and application of Risk Management, components thereof and phases in Risk Management, Controls
Key Topics: • Goals and objectives of BCP • Steps to developing a BCP • Types of Plans • Emergency, Backup, Recovery • Business Impact Analysis & Risk Assessment • Backup Techniques • Full, Incremental, Differential, Mirror • Alternate Processing Arrangements • Cold, Hot, Warm Site, Reciprocal Arrangement • Disaster Recovery Procedures • Insurance • BCP Testing Objectives and Steps • Audit of Disaster Recovery/Business Resumption Plan 17 Overview of Learning Objective: In depth understanding of purpose and objectives of BCP/DRP, phases thereof and role of audit
Key Topics: • ERP Fundamentals • Definition, Evolution, Features, Benefits • Business Process Re-Engineering • A Critical success factor for ERP, • ERP Implementation • Key considerations, Methodology, Phases • Post Implementation Issues • Risk Governance Issues in ERP • ERP & E-Commerce • Overview of some popular products and Case studies 18 Overview of Learning Objective: Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in Implementation, Importance of BPR
Key Topics: • ICAI Standards – SA 315, SA 330 • ISO 27001 – Information Security Management Standard • Capability Maturity Model (CMM) • COBIT – IT Governance Framework • CoCo Guidance – Criteria of Control Model (CICA) • ITIL (IT Infrastructure Library) • Systrust and Webtrust from AICPA • HIPAA • SA 402 19 Overview of Learning Objective: Gain overview and relevance of global standards in IS Control, Security, Audit and It Governance
Key Topics: • Importance of Information Security to Enterprise • Information Security Policy • Purpose, scope, types, allocation of roles and responsibilities • Asset Classification, Access Control, Physical Security, SDLC, BCP • Audit Policy • Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency, Linkage to IT Governance Framework, Audit Communication • Audit Working Papers and Documentation • Planning Documentation, Gathering and Organising Information, Writing Documentation • IS Audit Reports • Structure, Format, Distribution, Context, Objectives, Findings, Opinion, Substantiation, Evidence 20 Overview of Learning Objective: Expert knowledge in drafting of Information Systems Security Policy, Audit Policy and Audit Documentation and Reporting
Key Topics: • IT Act 2000 & the Amendment Act, 2008 • Purpose, Definitions • Authentication, Digital & Electronic Signature • Obligations of Subscribers, Body Corporates, Intermediaries and users • Electronic Governance • Electronic Contracts • Certifying Authorities • Penalties, Adjudication and Authorities under the Act • Offences 21 Overview of Learning Objective: Working Knowledge on Purpose of the Act, knowledge of key provisions, application of certain provisions
Don’t rule out any topic, Questions may test concepts across chapters. Marks weightage may vary by chapter (not necessarily a set pattern) Questions may test concepts as well as applied understanding One Question may test concepts from more than one chapter Both conceptual as well as applied knowledge is tested 22
Total Marks – 100 No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered Hours - 3 Questions based on Scenario/Brief Case Study Questions directly testing conceptual understanding Questions testing practical application Short notes ( 4 of 5 Questions) 23
Cyberphobia and allergy with technical terms/jargons! Technical perspective than risk perspective Inability to relate the IT concept to Business & Audit Risk Last moment rushing through material without reading and seeing it apply in real life Memorising concepts without understanding Reading material without devoting adequate time to solving sample/past question papers Writing lengthy/irrelevant answers, not answering to the point and not organising your answers 24
25
26

Recommended

apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays
 
Marsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberMarsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberChris Marsden
 
Legal Tech Ethics
Legal Tech EthicsLegal Tech Ethics
Legal Tech EthicsAaron Vick
 
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) ijasuc
 
Cloud Mobility SIG
Cloud Mobility SIGCloud Mobility SIG
Cloud Mobility SIGALessio Patatìn
 
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...DheerajPawar4
 
Privacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumPrivacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumMobile Monday Brussels
 
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Dr. Thiti Vacharasintopchai, ATSI-DX, CISA
 

Recommended

apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays
 
Marsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberMarsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberChris Marsden
 
Legal Tech Ethics
Legal Tech EthicsLegal Tech Ethics
Legal Tech EthicsAaron Vick
 
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) ijasuc
 
Cloud Mobility SIG
Cloud Mobility SIGCloud Mobility SIG
Cloud Mobility SIGALessio Patatìn
 
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...DheerajPawar4
 
Privacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumPrivacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumMobile Monday Brussels
 
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Dr. Thiti Vacharasintopchai, ATSI-DX, CISA
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBig Data Value Association
 
Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025DheerajPawar4
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesInfinity Software Solutions
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerCapgemini
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsGiulio Coraggio
 
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussionData Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussionOECD Directorate for Financial and Enterprise Affairs
 
Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...DheerajPawar4
 
Wearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemWearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemGiulio Coraggio
 
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...Lviv Startup Club
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Raheel Ahmad
 
Remote patient monitoring system
Remote patient monitoring systemRemote patient monitoring system
Remote patient monitoring systemcarlajong
 
Solving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSolving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSmarsh
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceGwanhoo Lee
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal PerspectiveAgustin Argelich Casals
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installationOm Kumar
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015Vilas Fulsundar
 
Pm02 system design
Pm02 system designPm02 system design
Pm02 system designDaniyal Ali
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Support for Improvement in Governance and Management SIGMA
 
System design
System designSystem design
System designSlideshare
 
Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2MISY
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design PresentationSCOUT9989
 

More Related Content

What's hot

Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025DheerajPawar4
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesInfinity Software Solutions
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerCapgemini
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsGiulio Coraggio
 
Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...DheerajPawar4
 
Wearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemWearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemGiulio Coraggio
 
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...Lviv Startup Club
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Raheel Ahmad
 
Remote patient monitoring system
Remote patient monitoring systemRemote patient monitoring system
Remote patient monitoring systemcarlajong
 
Solving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSolving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSmarsh
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceGwanhoo Lee
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installationOm Kumar
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015Vilas Fulsundar
 

What's hot (17)

BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
 
Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rights
 
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussionData Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
 
Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...
 
Wearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemWearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring system
 
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models?
 
Remote patient monitoring system
Remote patient monitoring systemRemote patient monitoring system
Remote patient monitoring system
 
Solving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSolving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online Environments
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installation
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015
 

Viewers also liked

Pm02 system design
Pm02 system designPm02 system design
Pm02 system designDaniyal Ali
 
Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2MISY
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design PresentationSCOUT9989
 
System analysis and design
System analysis and design System analysis and design
System analysis and design Razan Al Ryalat
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMSkoolkampus
 
System Analysis and Design (SAD)
System Analysis and Design (SAD)System Analysis and Design (SAD)
System Analysis and Design (SAD)Sachith Perera
 
Introduction to system analysis and design
Introduction to system analysis and designIntroduction to system analysis and design
Introduction to system analysis and designTwene Peter
 
data resource management
data resource management data resource management
data resource managementsoodsurbhi123
 

Viewers also liked (13)

Pm02 system design
Pm02 system designPm02 system design
Pm02 system design
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
 
System design
System designSystem design
System design
 
Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design Presentation
 
System analysis and design
System analysis and design System analysis and design
System analysis and design
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMS
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
System Analysis and Design (SAD)
System Analysis and Design (SAD)System Analysis and Design (SAD)
System Analysis and Design (SAD)
 
Introduction to system analysis and design
Introduction to system analysis and designIntroduction to system analysis and design
Introduction to system analysis and design
 
System design
System designSystem design
System design
 
Data integrity
Data integrityData integrity
Data integrity
 
data resource management
data resource management data resource management
data resource management
 

Similar to Auditing

Identifying the Identity Managers
Identifying the Identity ManagersIdentifying the Identity Managers
Identifying the Identity ManagersJISC Netskills
 
Chapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptxChapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptxAxmedMaxamuudYoonis
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfAxmedMaxamuud6
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentSam Bowne
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxkoushikDutta62
 
Module 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdfModule 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdfMASantos15
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurancea3virani
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsPECB
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxssusere84743
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
10 - Project Management
10 - Project Management10 - Project Management
10 - Project ManagementRaymond Gao
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & cAmit Patil
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Similar to Auditing (20)

Chapter 02
Chapter 02Chapter 02
Chapter 02
 
Identifying the Identity Managers
Identifying the Identity ManagersIdentifying the Identity Managers
Identifying the Identity Managers
 
Chapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptxChapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptx
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
 
Module 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdfModule 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdf
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
10 - Project Management
10 - Project Management10 - Project Management
10 - Project Management
 
ISA 3 COBIT
ISA 3 COBITISA 3 COBIT
ISA 3 COBIT
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
 
Sadchap02
Sadchap02Sadchap02
Sadchap02
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
 

Recently uploaded

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 

Recently uploaded (20)

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 

Auditing

  • 1. CA. R Vittal Raj 1
  • 2. This Webcast On Current Syllabi Also Discuss Shortcomings Found by Examiners - Points to Take Care New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week) Applicable from November, 2014 Exams Details available on Institute Website - http://220.227.161.86/30545bos20300.pdf 2
  • 3. Relevance of the Paper in CA Final Course Understanding layout of topics Some key perspective to topics General pattern of Exam Questions & Exam Preparation tips Fundamentals you should know before you start 3
  • 4. 1 • Information Systems Concepts 2 • Systems Development Life Cycle Methodology 3 • Control Objectives 4 • Testing – General & Automated Controls 5 • Risk Assessment Methodologies and Applications 6 • Business Continuity Planning and Disaster Recovery Planning 7 • Overview of ERP: IS Auditing Standards, Guidelines and Best Practices 8 • IS Auditing Standards, Guidelines , Best Practices 9 • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective 10 • Information Technology (Amendment) Act, 2008 4
  • 6. Value of Information to Business IT – not mere enabler but a business driver Business risks arising from use of IT Need for managing multi risks from IT 6
  • 7. Role of IT in effectively achieving business as well as governance objectives Auditors’ Role in providing assurance Audit Risk arising from ignorance/ inappropriate understanding of impact of IT in planning, designing and performing audit procedures 7
  • 8. Two Volumes • Volume 1 – Study Material • Volume 2 – Practice Manual Topics – 10 Learning Objective Sub topics 8
  • 9. Not merely conceptual knowledge but applied knowledge A final student is expected to have conceptual knowledge but also applied knowledge & capability Conceptual Knowledge – Volume 1 & Other sources Applied Knowledge - Volume 2, other sources and Practical exposure, field visits, ‘look beyond’ Pre-supposes knowledge of IT fundamental concepts (IPCC Material) Jargons! Technical! Managerial/Control Concepts 9
  • 11. Key Topics: • Definition of a System • Types of System • Systems Model & Environment • Information • Information Systems role in management • Operational Support Systems - TPS, MIS, ERP, • Management Support Systems – DSS, EIS, Expert Systems, • Office Automation Systems 11 Overview of Learning Objective: Expert understanding of information, systems, their elements, types and their application in day to day business life
  • 12. Key Topics: • Systems Development Process • Systems Development Methodologies • Systems Development Life Cycle • In Depth understanding of Phases • Preliminary Study, Systems Requirements Analysis, Systems Design, Systems Acquisition, Systems Development, Systems Testing, Systems Implementation, Post Implementation Review and Systems Maintenance, Documentation • Auditors Role in SDLC 12 Overview of Learning Objective: In depth understanding of concepts, and approaches in SDLC, Phases, tools, Auditors Role in SDLC
  • 13. Key Topics: • IS Controls and their need • Considerations arising from use of computers – Internal Control & Audit perspective • Overview of IS Audit Process, audit objectives vs. control objectives • IS Control Techniques, types, roles and responsibilities • End User Controls • Controls in SDLC - Systems Development and Acquisition, Change Management, Quality Assurance, Systems Implementation & Maintenance 13 Overview of Learning Objective: In depth understanding of Internal Controls , control objectives, controls & techniques of control across various facets of systems protection, role of IS audit
  • 14. Key Topics: • Controls over Data Integrity, Privacy and Security • Security concepts and techniques • Data Security and Public Networks, Unauthorised Intrusion, Hacking • Logical Access Controls, Malware & related controls • Physical & Environmental Controls 14
  • 15. Key Topics: • Testing – Concepts, need and types • Audit Planning Considerations for testing • Audit Testing – IS Controls identification, Prioritising, Performing tests • General Controls vs. Application Controls • Audit Testing techniques • Testing of Technical Controls – Hardware, Systems Software, Network • Concurrent or Continuous Audit and Embedded Audit Module • Audit Reporting 15 Overview of Learning Objective: Expert Knowledge of testing concepts, types, methods, audit planning
  • 16. Key Topics: • Indepth understanding of Risk Management Concepts • Asset, Threats, Vulnerabilities, Severity and Likelihood, Exposure, Countermeasures, Acceptable Risk, Residual Risk • Understanding of Threats in Computerised Environments • Risk Assessment vs. Risk Management • Risk Identification, Ranking, Mitigation and role of Controls 16 Overview of Learning Objective: Working Knowledge on concepts and application of Risk Management, components thereof and phases in Risk Management, Controls
  • 17. Key Topics: • Goals and objectives of BCP • Steps to developing a BCP • Types of Plans • Emergency, Backup, Recovery • Business Impact Analysis & Risk Assessment • Backup Techniques • Full, Incremental, Differential, Mirror • Alternate Processing Arrangements • Cold, Hot, Warm Site, Reciprocal Arrangement • Disaster Recovery Procedures • Insurance • BCP Testing Objectives and Steps • Audit of Disaster Recovery/Business Resumption Plan 17 Overview of Learning Objective: In depth understanding of purpose and objectives of BCP/DRP, phases thereof and role of audit
  • 18. Key Topics: • ERP Fundamentals • Definition, Evolution, Features, Benefits • Business Process Re-Engineering • A Critical success factor for ERP, • ERP Implementation • Key considerations, Methodology, Phases • Post Implementation Issues • Risk Governance Issues in ERP • ERP & E-Commerce • Overview of some popular products and Case studies 18 Overview of Learning Objective: Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in Implementation, Importance of BPR
  • 19. Key Topics: • ICAI Standards – SA 315, SA 330 • ISO 27001 – Information Security Management Standard • Capability Maturity Model (CMM) • COBIT – IT Governance Framework • CoCo Guidance – Criteria of Control Model (CICA) • ITIL (IT Infrastructure Library) • Systrust and Webtrust from AICPA • HIPAA • SA 402 19 Overview of Learning Objective: Gain overview and relevance of global standards in IS Control, Security, Audit and It Governance
  • 20. Key Topics: • Importance of Information Security to Enterprise • Information Security Policy • Purpose, scope, types, allocation of roles and responsibilities • Asset Classification, Access Control, Physical Security, SDLC, BCP • Audit Policy • Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency, Linkage to IT Governance Framework, Audit Communication • Audit Working Papers and Documentation • Planning Documentation, Gathering and Organising Information, Writing Documentation • IS Audit Reports • Structure, Format, Distribution, Context, Objectives, Findings, Opinion, Substantiation, Evidence 20 Overview of Learning Objective: Expert knowledge in drafting of Information Systems Security Policy, Audit Policy and Audit Documentation and Reporting
  • 21. Key Topics: • IT Act 2000 & the Amendment Act, 2008 • Purpose, Definitions • Authentication, Digital & Electronic Signature • Obligations of Subscribers, Body Corporates, Intermediaries and users • Electronic Governance • Electronic Contracts • Certifying Authorities • Penalties, Adjudication and Authorities under the Act • Offences 21 Overview of Learning Objective: Working Knowledge on Purpose of the Act, knowledge of key provisions, application of certain provisions
  • 22. Don’t rule out any topic, Questions may test concepts across chapters. Marks weightage may vary by chapter (not necessarily a set pattern) Questions may test concepts as well as applied understanding One Question may test concepts from more than one chapter Both conceptual as well as applied knowledge is tested 22
  • 23. Total Marks – 100 No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered Hours - 3 Questions based on Scenario/Brief Case Study Questions directly testing conceptual understanding Questions testing practical application Short notes ( 4 of 5 Questions) 23
  • 24. Cyberphobia and allergy with technical terms/jargons! Technical perspective than risk perspective Inability to relate the IT concept to Business & Audit Risk Last moment rushing through material without reading and seeing it apply in real life Memorising concepts without understanding Reading material without devoting adequate time to solving sample/past question papers Writing lengthy/irrelevant answers, not answering to the point and not organising your answers 24
  • 25. 25
  • 26. 26