Sub: Revision of syllabus of Group – II – Paper – 6 Information Systems Control and Audit
As per the decision of the Council taken at its 324th held in March, 2013, it is notified for information of students and the public at large that the examination in the following papers effective from November 2014 examination and onwards shall be held as per the revised syllabus, as specified by the Council in terms of its authority as vested in Regulation 28E (3) and 31(iii) in respect of Intermediate (IPC)/Accounting Technician Examination and Final Examination respectively.
Paper-6: Information Systems Control and Audit
(One Paper – Three Hours - 100 Marks)
Level of Knowledge: Advanced Knowledge
Objective: “To develop competencies and skill-sets in evaluation of controls and relevant evidence gathering in an IT environment using IT tools and techniques for effective and efficient performance of accounting, assurance and compliance services provided by a Chartered Accountant”.
Governance, Risk and compliance and relationship between governance and management. Role of information technology and IS Strategy in business strategy, operations and control , business value from use of IT, business impact of IS risks different types of Information Systems Risks, IS Risk management overview, IT Compliance overview – Role and responsibilities of top management as regards IT-GRC. Role of Information Systems Assurance. Overview of Governance of Enterprise IT and COBIT
2. Information Systems Concepts
Overview of information systems in IT environment and practical aspects of application of information systems in enterprise processes. Information as a key business asset and its relation to business objectives, business processes and relative importance of information systems from strategic and operational perspectives. Various types of business applications, overview of underlying IT technologies.
3. Protection of Information Systems
Need for protection of Information systems, types of controls, IT general controls, logical access controls & application controls. Technologies and security management features, IS Security Policies, procedures, practices, standards and guidelines, IT controls and control objectives, Role of technology systems in
control monitoring, segregation of duties. Impact of IT controls on Internal controls over financial reporting,
cyber frauds and control failures.
4. Business Continuity Planning and Disaster recovery planning
Assessing Business Continuity Management, Business Impact Analysis and Business Continuity Plans,
Disaster recovery from perspective of going concern, Recovery Strategies
5. Acquisition, Development and Implementation of Information Systems (SDLC)
Business process design (integrated systems, automated, and manual interfaces), Software procurement, RFP process, evaluation of IT proposals, computing ROI, Computing Cost of IT implementation and cost
benefit analysis, systematic approach to SDLC and review of SDLC controls at different stages.
Different types of IS audit and assurance engagements. Evaluating IT dependencies for audit planning.
Overview of continuous auditing. Auditing Information Systems- Approach methodology, and standards for auditing information systems. IS Audit planning, performing an IS audit, rules of digital evidence, best practices and standards for IS audit. Reviewing General Controls, Application Controls, Application control reviews: Review of controls at various levels/layers such as: Parameters, user creation, granting of access rights, input, processing and output controls.
7. Information Technology Regulatory issues
Overview of Specific section of IT Act 2008 & Rules as relevant for assurance: Electronic Contracting,
digital signatures, cyber offences, etc. Need for systems audit as per various regulations such as: SEBI
Clause 49 listing requirements and internal controls, systems control & audit requirements as per RBI,
SEBI, IRDA. Concepts of Cyber forensics/Cyber Fraud investigation, Overview of Information Security
Standards ISO 27001, ISAE 3402/SA 402, ITIL
8. Emerging Technology:
Overview of Cloud Computing, Software as a Service, Mobile Computing & BYOD, Web 2.0 & social media, Green IT and related security and audit issues
Happy learning .
Committed to your Success
Praveen Jain .