06 October 2018
Paper 6 – Information Systems Control and Audit Chapter – I – Concept of Governance (Average 14 – 20 Marks) MAJOR BENEFITS OF GOVERNANCE & IT GOVERNANCE KEY GOVERNANCE PRACTICES - RISK MANAGEMENT KEY MANAGEMENT PRACTICES - IT EXTERNAL COMPLIANCE AREAS OF REVIEW BY INTERNAL AUDITOR AS A PART OF REVIEW OF GRC INTERNAL CONTROL AS PER COSO KEY MATRIX USED FOR BENEFIT EVALUATION KEY BENEFITS OF GEIT KEY GOVERNANCE PRACTICES - OF GEIT ASSET, VULNERABILITY, THREAT, EXPOSURE, LIKELIHOOD, ATTACK, RISK DEFINITION VARIOUS RISK MANAGEMENT STRATEGIES COBIT 5 – BENEFITS COBIT 5 - SEVEN ENABLERS COBIT 5 – COMPONENTS Chapter – II – Information systems concepts (Average 12 – 18 Marks) IMPORTANT CHARACTERISTICS OF CBIS INFORMATION SYSTEM ATTRIBUTES TPS – KEY ACTIVITIES, COMPONENTS, BASIC FEATURES MIS – MAJOR CHARACTERISTICS MIS – MAJOR MISCONCEPTION MIS – PRE-REQUISITES MIS – CONSTRAINTS MIS – MAJOR LIMITATIONS DSS – CHARACTERISTICS EIS – CHARACTERISTICS DSS VS. TRADITIONAL MIS EIS VS. TRADITIONAL INFORMATION SYSTEMS BUSINESS APPLICATION OF EXPERT SYSTEMS KNOWLEDGE MANAGEMENT SYSTEM COMPONENT OF ERP BENEFIT OF ERP ELEMENT OF CORE BANKING SYSTEM Chapter – III – Protection of Information Systems (20 – 30 Marks) INFORMATION SECURITY OBJECTIVE IMPACT OF TECHNOLOGY ON INTERNAL CONTROL INFORMATION SECURITY POLICY AND THEIR HIERARCHY COMPONENTS OF GOOD SECURITY POLICY 5 INTERRELATED COMPONENTS OF INTERNAL CONTROLS CRITICAL CONTROL LACKING IN A COMPUTERIZED ENVIRONMENT FINANCIAL CONTROL – TECHNIQUES DATE BASE CONTROL – UPDATE AND REPORT CONTROL 8 CATEGORIES/DESCRIPTION OF MANAGEMENT CONTROL 5 TYPES OF CLASSIFICATION OF INFORMATION 6 CATEGORIES OF DATA INTEGRITY CONTROL DATA INTEGRITY POLICY ASYNCHRONOUS ATTACKS – VARIOUS TYPES ACCESS CONTROL MECHANISM – 3 STEPS PHYSICAL ACCESS CONTROL – TECHNIQUES CYBER FRAUD – TECHNIQUES AND DIMENSION3 Chapter – IV – Business Continuity Planning (10 – 16 Marks) DEFINITION OF BUSINESS CONTINUITY PLANNING OBJECTIVE AND GOALS OF BCP BCP METHODOLOGY AND PHASES COMPONENTS OF BCP PROCESS BCM DOCUMENTATION AND RECORDS RISK ASSESSMENT MAINTENANCE TASKS UNDERTAKEN IN DEVELOPMENT OF BCP REVIEWING BCM ARRANGEMENTS TYPES /KINDS OF PLAN TYPES OF BACK UPS THIRD PARTY RECOVERY – ISSUES CONSIDERED BY SECURITY ADMINISTRATOR DRP DOCUMENTATION SOUND METHODOLOGY OF BUSINESS RESUMPTION PLANNING Chapter – V – Development of system (8 – 14 Marks) AGILE MODEL STRENGTH AND WEAKNESSES SYSTEM DEVELOPMENT METHODOLOGY IS AUDIT ADVANTAGES – SDLC SYSTEM REQUIREMENT ANALYSIS – OBJECTIVES SYSTEM REQUIREMENT SPECIFICATION – DOCUMENT FEASIBILITY STUDY – DIMENSION FACT FINDING TECHNIQUES ANALYSIS OF PRESENT SYSTEM METHOD OF VALIDATING VENDOR PROPOSAL GOOD CODED PROGRAM – CHARACTERISTICS SYSTEM TESTING – UNIT, INTEGRATION, SYSTEM, FINAL IMPLEMENTATION STRATEGIES IMPLEMENTATION ACTIVITIES SYSTEM MAINTENANCE Chapter – VI – Audit of Information Systems (12 – 20 Marks) FACTORS INFLUENCING AN ORGANIZATION TOWARDS CONTROL AND AUDIT OF COMPUTERS CHANGES TO EVIDENCE COLLECTION AND EVALUATION SET OF SKILLS EXPECTED WITH AN IS AUDITOR FUNCTIONS OF IS AUDITOR 5 TYPES/CATEGORIES OF IS AUDITS 6 STAGES OF INFORMATION SYSTEM AUDIT PRELIMINARY REVIEW – LEGAL CONSIDERATION AND AUDIT STANDARD 4 STEPS TO BE FOLLOWED FOR RISK BASED APPROACH OVERVIEW OF APPLICATION CONTROL AND AUDIT TRAIL INPUT & COMMUNICATION CONTROL – ACCOUNTING & OPERATIONS AUDIT TRAIL SNAPSHOT SCARF – TECHNIQUES ADV AND DISADV OF CONTINUOUS AUDIT TECHNIQUES CONTINUOUS AND INTERMITTENT SIMULATION AUDIT TRAIL OBJECTIVE AUDIT OF ENVIRONMENTAL CONTROL4 Chapter – VII – Information Technology Regulatory Issues (8 – 14 Marks) THE OBJECTIVE OF IT ACT SECTION 3 TO 15 AND SECTION 43, 44, 85 OF IT ACT SEBI – SYSTEM AUDIT RBI – SYSTEM CONTROL & SYSTEM AUDIT FOUR PHASES OF ISMS AND PLAN PHASE, DO PHASE STEPS ITIL FRAMEWORK Four key benefits ISO 27001 Chapter – VIII – Emerging Technologies (8 – 14 Marks) CLOUD VS. GRID SIMILARITIES AND DIFFERENCES CLOUD COMPUTING – PERTINENT ISSUES CLOUD COMPUTING – CHARACTERISTICS CLOUD COMPUTING – ADVANTAGES FIVE MOBILE COMPUTING BENEFITS FOUR AREAS OF BYOD THREATS WEB 2.0 MAJOR COMPONENTS CATEGORIES IDENTIFIED FOR SOCIAL NETWORKING GREEN IT – MAJOR STEPS
CAclubindia
