Contents:
(a) Computer hardware
Classification of computers – personal computer, workstation, servers and super computers
Computer components – CPU, input output devices, storage devices
(b) BUS, I/O CO processors, ports (serial, parallel, USB ports), expansion slots, add on cards, on board
chips, LAN cards, multi media cards, cache memory, buffers, controllers and drivers
(c) Computer software
Systems software – operating system, translators (compilers, interpreters and assemblers), system
utilities
General purpose software/ utilities - word processor, spread sheet, DBMS, scheduler / planner,
internet browser and e-mail clients
Application software – financial accounting, payroll, inventory
Specialised systems – Enterprise Resource Planning (ERP), artificial intelligence, expert systems,
decision support systems – an overview
2. Data Storage, Retrievals and Data Base Management Systems
(a) Data and information concepts: bits, bytes, KB, MB, GB, TB
(b) Data organization and access
Storage concepts : records, fields, grouped fields, special fields like date, integers, real, floating,
fixed, double precision, logical, characters, strings, variable character fields (Memo); key, primary
key, foreign key, secondary key, referential integrity, index fields.
Storage techniques: sequential, block sequential, random, indexed, sequential access, direct access,
random access including randomizing
Logical structure and physical structure of files
(c) DBMS models and classification:
Need for database, administration, models, DML and DDL (query and reporting); data dictionaries,
distributed data bases, object oriented databases, client server databases, knowledge databases
(d) Backup and recovery – backup policy, backup schedules, offsite backups, recycling of backups,
frequent checking of recovery of backup
(e) Usage of system software like program library management systems and tape and disk management
systems – features, functionalities, advantages(f) Data mining and data warehousing - an overview
3. Computer Networks & Network Security
(a) Networking concepts – need and scope, benefits
Classification: LAN, MAN, WAN, VPN; peer-to-peer, client server
Components - NIC, router, switch, hub, repeater, bridge, gateway, modem
Network topologies – bus, star, ring, mesh, hybrid, architecture : token ring, ethernet
transmission technologies and protocols – OSI, TCP/IP, ISDN etc.
Network operating system
(b) Local Area Networks – components of a LAN, advantages of LAN
(c) Client server technology
Limitation of single user systems and need for client server technology
Servers – database, application, print servers, transaction servers, internet servers, mail servers, chat
servers, IDS
Introduction to 3-tier and “n” tier architecture (COM, COM+)
(d) Data centres: features and functions, primary delivery centre and disaster recovery site
(e) Network security need; threats and vulnerabilities; security levels; techniques
4. Internet and other technologies
(a) Internet and world-wide web, intranets, extranets, applications of internet, internet protocols
(b) E-commerce - nature, types (B2B, B2C, C2C), supply chain management, CRM, Electronic Data
Interchange (EDI), Electronic Fund Transfers (EFT), payment portal, e-commerce security;
(c) Mobile commerce, bluetooth and Wi-Fi
5. Flow charts, Decision Tables.
Contents:
1. Business Environment
General environment - demographic, socio-cultural, macro-economic, legal/political, technological, and
global; competitive environment.
2. Business Policy and Strategic Management
Meaning and nature; strategic management imperative; vision, mission and objectives; strategic levels in
organisations.3. Strategic Analyses
Situational analysis – SWOT analysis, TOWS matrix, portfolio analysis - BCG matrix.
4. Strategic Planning
Meaning, stages, alternatives, strategy formulation.
5. Formulation of Functional Strategy
Marketing strategy, financial strategy, production strategy, logistics strategy, human resource strategy.
6. Strategy Implementation and Control
Organisational structures; establishing strategic business units; establishing profit centers by business,
product or service, market segment or customer; leadership and behavioural challenges.
7. Reaching Strategic Edge
Business process re-engineering, benchmarking, total quality management, six sigma, contemporary
strategic issues.
Paper 6: Information Systems Control and Audit
(One Paper – Three hours – 100 marks)
Level of knowledge: Advanced knowledge
Objective:
To gain application ability of necessary controls, laws and standards in computerized
Information system.
Contents:
1. Information Systems Concepts
General Systems Concepts – Nature and types of systems, nature and types of
information, attributes of information.
Management Information System – Role of information within business
Business information systems –various types of information systems – TPC, MIS, DSS,
EIS, ES
2. Systems Development Life Cycle Methodology
Introduction to SDLC/Basics of SDLC
Requirements analysis and systems design techniques
Strategic considerations : Acquisition decisions and approaches
Software evaluation and selection/development
Alternate development methodologies- RAD, Prototype etc
Hardware evaluation and selection
Systems operations and organization of systems resources
Systems documentation and operation manuals
User procedures, training and end user computing
System testing, assessment, conversion and start-up
Hardware contracts and software licenses
System implementation
Post-implementation review
System maintenance
System safeguards
Brief note on IS Organisation Structure
3. Control objectives
(a) Information Systems Controls14
Need for control
Effect of computers on Internal Audit
Responsibility for control – Management, IT, personnel, auditors
Cost effectiveness of control procedure
Control Objectives for Information and related Technology (COBIT)
(b) Information Systems Control Techniques
Control Design: Preventive and detective controls, Computer-dependent control, Audit
trails, User Controls (Control balancing, Manual follow up)
Non-computer-dependent (user) controls: Error identification controls, Error investigation
controls, Error correction controls, Processing recovery controls
(c) Controls over system selection, acquisition/development
Standards and controls applicable to IS development projects
Developed / acquired systems
Vendor evaluation
Structured analysis and design
Role of IS Auditor in System acquisition/selection
(d) Controls over system implementation
Acceptance testing methodologies
System conversion methodologies
Post implement review
Monitoring, use and measurement
(e) Control over System and program changes
Change management controls
Authorization controls
Documentation controls
Testing and quality controls
Custody, copyright and warranties
Role of IS Auditor in Change Management
(f) Control over Data integrity, privacy and security
Classification of information
Logical access controls15
Physical access controls
Environmental controls
Security concepts and techniques – Cryptosystems, Data Encryption Standards (DES),
Public Key Cryptography & Firewalls
Data security and public networks
Monitoring and surveillance techniques
Data Privacy
Unauthorised intrusion, hacking, virus control
Role of IS Auditor in Access Control
4. Audit Tests of General and Automated Controls
(a) Introduction to basics of testing (reasons for testing);
(b) Various levels/types of testing such as: (i) Performance testing, (ii) Parallel testing,
(iii) Concurrent Audit modules/Embedded audit modules, etc.
5. Risk assessment methodologies and applications: (a) Meaning of Vulnerabilities,
Threats, Risks, Controls, (b) Fraud, error, vandalism, excessive costs, competitive
disadvantage, business, interruption, social costs, statutory sanctions, etc. (c) Risk
Assessment and Risk Management, (d) Preventive/detective/corrective strategies
6. Business Continuity Planning (BCP) and Disaster recovery planning (DRP) :
(a) Fundamentals of BCP/DRP,
(b) Threat and risk management,
(c) Software and data backup techniques,
(d) Alternative processing facility arrangements,
(e) Disaster recovery procedural plan,
(f) Integration with departmental plans, testing and documentation,
(g) Insurance
7. An over view of Enterprise Resource Planning (ERP)
8. Information Systems Auditing Standards, guidelines, best practices (BS7799, HIPPA,
CMM etc.)
9. Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - a practical perspective
10. Information Technology Act, 200016
No comments:
Post a Comment