2. This Webcast
On Current Syllabi
Also Discuss Shortcomings Found by
Examiners - Points to Take Care
New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week)
Applicable from November, 2014 Exams
Details available on Institute Website -
http://220.227.161.86/30545bos20300.pdf
2
3. Relevance of the Paper in CA Final Course
Understanding layout of topics
Some key perspective to topics
General pattern of Exam Questions & Exam Preparation tips
Fundamentals you should know before you start
3
4. 1
• Information Systems Concepts
2
• Systems Development Life Cycle Methodology
3
• Control Objectives
4
• Testing – General & Automated Controls
5
• Risk Assessment Methodologies and Applications
6
• Business Continuity Planning and Disaster Recovery Planning
7
• Overview of ERP: IS Auditing Standards, Guidelines and Best Practices
8
• IS Auditing Standards, Guidelines , Best Practices
9
• Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective
10
• Information Technology (Amendment) Act, 2008
4
6. Value of Information to Business
IT – not mere enabler but a business driver
Business risks arising from use of IT
Need for managing multi risks from IT
6
7. Role of IT in effectively achieving business as well as governance
objectives
Auditors’ Role in providing assurance
Audit Risk arising from ignorance/ inappropriate understanding of
impact of IT in planning, designing and performing audit procedures
7
8. Two Volumes
• Volume 1 – Study Material
• Volume 2 – Practice Manual
Topics – 10
Learning Objective
Sub topics
8
9. Not merely conceptual knowledge but applied knowledge
A final student is expected to have conceptual knowledge but also applied knowledge
& capability
Conceptual Knowledge – Volume 1 & Other sources
Applied Knowledge - Volume 2, other sources and
Practical exposure, field visits, ‘look beyond’
Pre-supposes knowledge of IT fundamental concepts (IPCC Material)
Jargons! Technical! Managerial/Control Concepts
9
11. Key Topics:
• Definition of a System
• Types of System
• Systems Model & Environment
• Information
• Information Systems role in management
• Operational Support Systems - TPS, MIS, ERP,
• Management Support Systems – DSS, EIS, Expert Systems,
• Office Automation Systems
11
Overview of Learning Objective:
Expert understanding of information, systems, their elements, types and their
application in day to day business life
12. Key Topics:
• Systems Development Process
• Systems Development Methodologies
• Systems Development Life Cycle
• In Depth understanding of Phases
• Preliminary Study, Systems Requirements Analysis, Systems Design,
Systems Acquisition, Systems Development, Systems Testing,
Systems Implementation, Post Implementation Review and Systems
Maintenance, Documentation
• Auditors Role in SDLC
12
Overview of Learning Objective:
In depth understanding of concepts, and approaches in SDLC, Phases, tools,
Auditors Role in SDLC
13. Key Topics:
• IS Controls and their need
• Considerations arising from use of computers – Internal Control &
Audit perspective
• Overview of IS Audit Process, audit objectives vs. control objectives
• IS Control Techniques, types, roles and responsibilities
• End User Controls
• Controls in SDLC - Systems Development and Acquisition, Change
Management, Quality Assurance, Systems Implementation &
Maintenance
13
Overview of Learning Objective:
In depth understanding of Internal Controls , control objectives, controls &
techniques of control across various facets of systems protection, role of IS audit
14. Key Topics:
• Controls over Data Integrity, Privacy and Security
• Security concepts and techniques
• Data Security and Public Networks, Unauthorised
Intrusion, Hacking
• Logical Access Controls, Malware & related controls
• Physical & Environmental Controls
14
15. Key Topics:
• Testing – Concepts, need and types
• Audit Planning Considerations for testing
• Audit Testing – IS Controls identification, Prioritising, Performing tests
• General Controls vs. Application Controls
• Audit Testing techniques
• Testing of Technical Controls – Hardware, Systems Software, Network
• Concurrent or Continuous Audit and Embedded Audit Module
• Audit Reporting
15
Overview of Learning Objective:
Expert Knowledge of testing concepts, types, methods, audit planning
16. Key Topics:
• Indepth understanding of Risk Management Concepts
• Asset, Threats, Vulnerabilities, Severity and Likelihood,
Exposure, Countermeasures, Acceptable Risk, Residual
Risk
• Understanding of Threats in Computerised Environments
• Risk Assessment vs. Risk Management
• Risk Identification, Ranking, Mitigation and role of Controls
16
Overview of Learning Objective:
Working Knowledge on concepts and application of Risk Management,
components thereof and phases in Risk Management, Controls
17. Key Topics:
• Goals and objectives of BCP
• Steps to developing a BCP
• Types of Plans
• Emergency, Backup, Recovery
• Business Impact Analysis & Risk Assessment
• Backup Techniques
• Full, Incremental, Differential, Mirror
• Alternate Processing Arrangements
• Cold, Hot, Warm Site, Reciprocal Arrangement
• Disaster Recovery Procedures
• Insurance
• BCP Testing Objectives and Steps
• Audit of Disaster Recovery/Business Resumption Plan
17
Overview of Learning Objective:
In depth understanding of purpose and objectives of BCP/DRP, phases thereof
and role of audit
18. Key Topics:
• ERP Fundamentals
• Definition, Evolution, Features, Benefits
• Business Process Re-Engineering
• A Critical success factor for ERP,
• ERP Implementation
• Key considerations, Methodology, Phases
• Post Implementation Issues
• Risk Governance Issues in ERP
• ERP & E-Commerce
• Overview of some popular products and Case studies
18
Overview of Learning Objective:
Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in
Implementation, Importance of BPR
19. Key Topics:
• ICAI Standards – SA 315, SA 330
• ISO 27001 – Information Security Management Standard
• Capability Maturity Model (CMM)
• COBIT – IT Governance Framework
• CoCo Guidance – Criteria of Control Model (CICA)
• ITIL (IT Infrastructure Library)
• Systrust and Webtrust from AICPA
• HIPAA
• SA 402
19
Overview of Learning Objective:
Gain overview and relevance of global standards in IS Control, Security,
Audit and It Governance
20. Key Topics:
• Importance of Information Security to Enterprise
• Information Security Policy
• Purpose, scope, types, allocation of roles and responsibilities
• Asset Classification, Access Control, Physical Security, SDLC, BCP
• Audit Policy
• Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency,
Linkage to IT Governance Framework, Audit Communication
• Audit Working Papers and Documentation
• Planning Documentation, Gathering and Organising Information, Writing
Documentation
• IS Audit Reports
• Structure, Format, Distribution, Context, Objectives, Findings, Opinion,
Substantiation, Evidence
20
Overview of Learning Objective:
Expert knowledge in drafting of Information Systems Security Policy, Audit
Policy and Audit Documentation and Reporting
21. Key Topics:
• IT Act 2000 & the Amendment Act, 2008
• Purpose, Definitions
• Authentication, Digital & Electronic Signature
• Obligations of Subscribers, Body Corporates, Intermediaries and users
• Electronic Governance
• Electronic Contracts
• Certifying Authorities
• Penalties, Adjudication and Authorities under the Act
• Offences
21
Overview of Learning Objective:
Working Knowledge on Purpose of the Act, knowledge of key provisions,
application of certain provisions
22. Don’t rule out any topic, Questions may test concepts across chapters.
Marks weightage may vary by chapter (not necessarily a set
pattern)
Questions may test concepts as well as applied understanding
One Question may test concepts from more than one chapter
Both conceptual as well as applied knowledge is tested
22
23. Total Marks – 100
No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered
Hours - 3
Questions based on Scenario/Brief Case Study
Questions directly testing conceptual understanding
Questions testing practical application
Short notes ( 4 of 5 Questions)
23
24. Cyberphobia and allergy with technical terms/jargons!
Technical perspective than risk perspective
Inability to relate the IT concept to Business & Audit Risk
Last moment rushing through material without reading and seeing it apply in real life
Memorising concepts without understanding
Reading material without devoting adequate time to solving sample/past question
papers
Writing lengthy/irrelevant answers, not answering to the point and not organising
your answers
24