SlideShare une entreprise Scribd logo

Auditing

Mahanteshgouda Patil
Mahanteshgouda Patil
FormationTechnologieBusiness
1  sur  26
Télécharger pour lire hors ligne
CA. R Vittal Raj 1
This Webcast On Current Syllabi Also Discuss Shortcomings Found by Examiners - Points to Take Care New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week) Applicable from November, 2014 Exams Details available on Institute Website - http://220.227.161.86/30545bos20300.pdf 2
Relevance of the Paper in CA Final Course Understanding layout of topics Some key perspective to topics General pattern of Exam Questions & Exam Preparation tips Fundamentals you should know before you start 3
1 • Information Systems Concepts 2 • Systems Development Life Cycle Methodology 3 • Control Objectives 4 • Testing – General & Automated Controls 5 • Risk Assessment Methodologies and Applications 6 • Business Continuity Planning and Disaster Recovery Planning 7 • Overview of ERP: IS Auditing Standards, Guidelines and Best Practices 8 • IS Auditing Standards, Guidelines , Best Practices 9 • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective 10 • Information Technology (Amendment) Act, 2008 4
Before You Start! 5
Value of Information to Business IT – not mere enabler but a business driver Business risks arising from use of IT Need for managing multi risks from IT 6
Role of IT in effectively achieving business as well as governance objectives Auditors’ Role in providing assurance Audit Risk arising from ignorance/ inappropriate understanding of impact of IT in planning, designing and performing audit procedures 7
Two Volumes • Volume 1 – Study Material • Volume 2 – Practice Manual Topics – 10 Learning Objective Sub topics 8
Not merely conceptual knowledge but applied knowledge A final student is expected to have conceptual knowledge but also applied knowledge & capability Conceptual Knowledge – Volume 1 & Other sources Applied Knowledge - Volume 2, other sources and Practical exposure, field visits, ‘look beyond’ Pre-supposes knowledge of IT fundamental concepts (IPCC Material) Jargons! Technical! Managerial/Control Concepts 9
From Exam Perspective 10
Key Topics: • Definition of a System • Types of System • Systems Model & Environment • Information • Information Systems role in management • Operational Support Systems - TPS, MIS, ERP, • Management Support Systems – DSS, EIS, Expert Systems, • Office Automation Systems 11 Overview of Learning Objective: Expert understanding of information, systems, their elements, types and their application in day to day business life
Key Topics: • Systems Development Process • Systems Development Methodologies • Systems Development Life Cycle • In Depth understanding of Phases • Preliminary Study, Systems Requirements Analysis, Systems Design, Systems Acquisition, Systems Development, Systems Testing, Systems Implementation, Post Implementation Review and Systems Maintenance, Documentation • Auditors Role in SDLC 12 Overview of Learning Objective: In depth understanding of concepts, and approaches in SDLC, Phases, tools, Auditors Role in SDLC
Key Topics: • IS Controls and their need • Considerations arising from use of computers – Internal Control & Audit perspective • Overview of IS Audit Process, audit objectives vs. control objectives • IS Control Techniques, types, roles and responsibilities • End User Controls • Controls in SDLC - Systems Development and Acquisition, Change Management, Quality Assurance, Systems Implementation & Maintenance 13 Overview of Learning Objective: In depth understanding of Internal Controls , control objectives, controls & techniques of control across various facets of systems protection, role of IS audit
Key Topics: • Controls over Data Integrity, Privacy and Security • Security concepts and techniques • Data Security and Public Networks, Unauthorised Intrusion, Hacking • Logical Access Controls, Malware & related controls • Physical & Environmental Controls 14
Key Topics: • Testing – Concepts, need and types • Audit Planning Considerations for testing • Audit Testing – IS Controls identification, Prioritising, Performing tests • General Controls vs. Application Controls • Audit Testing techniques • Testing of Technical Controls – Hardware, Systems Software, Network • Concurrent or Continuous Audit and Embedded Audit Module • Audit Reporting 15 Overview of Learning Objective: Expert Knowledge of testing concepts, types, methods, audit planning
Key Topics: • Indepth understanding of Risk Management Concepts • Asset, Threats, Vulnerabilities, Severity and Likelihood, Exposure, Countermeasures, Acceptable Risk, Residual Risk • Understanding of Threats in Computerised Environments • Risk Assessment vs. Risk Management • Risk Identification, Ranking, Mitigation and role of Controls 16 Overview of Learning Objective: Working Knowledge on concepts and application of Risk Management, components thereof and phases in Risk Management, Controls
Key Topics: • Goals and objectives of BCP • Steps to developing a BCP • Types of Plans • Emergency, Backup, Recovery • Business Impact Analysis & Risk Assessment • Backup Techniques • Full, Incremental, Differential, Mirror • Alternate Processing Arrangements • Cold, Hot, Warm Site, Reciprocal Arrangement • Disaster Recovery Procedures • Insurance • BCP Testing Objectives and Steps • Audit of Disaster Recovery/Business Resumption Plan 17 Overview of Learning Objective: In depth understanding of purpose and objectives of BCP/DRP, phases thereof and role of audit
Key Topics: • ERP Fundamentals • Definition, Evolution, Features, Benefits • Business Process Re-Engineering • A Critical success factor for ERP, • ERP Implementation • Key considerations, Methodology, Phases • Post Implementation Issues • Risk Governance Issues in ERP • ERP & E-Commerce • Overview of some popular products and Case studies 18 Overview of Learning Objective: Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in Implementation, Importance of BPR
Key Topics: • ICAI Standards – SA 315, SA 330 • ISO 27001 – Information Security Management Standard • Capability Maturity Model (CMM) • COBIT – IT Governance Framework • CoCo Guidance – Criteria of Control Model (CICA) • ITIL (IT Infrastructure Library) • Systrust and Webtrust from AICPA • HIPAA • SA 402 19 Overview of Learning Objective: Gain overview and relevance of global standards in IS Control, Security, Audit and It Governance
Key Topics: • Importance of Information Security to Enterprise • Information Security Policy • Purpose, scope, types, allocation of roles and responsibilities • Asset Classification, Access Control, Physical Security, SDLC, BCP • Audit Policy • Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency, Linkage to IT Governance Framework, Audit Communication • Audit Working Papers and Documentation • Planning Documentation, Gathering and Organising Information, Writing Documentation • IS Audit Reports • Structure, Format, Distribution, Context, Objectives, Findings, Opinion, Substantiation, Evidence 20 Overview of Learning Objective: Expert knowledge in drafting of Information Systems Security Policy, Audit Policy and Audit Documentation and Reporting
Key Topics: • IT Act 2000 & the Amendment Act, 2008 • Purpose, Definitions • Authentication, Digital & Electronic Signature • Obligations of Subscribers, Body Corporates, Intermediaries and users • Electronic Governance • Electronic Contracts • Certifying Authorities • Penalties, Adjudication and Authorities under the Act • Offences 21 Overview of Learning Objective: Working Knowledge on Purpose of the Act, knowledge of key provisions, application of certain provisions
Don’t rule out any topic, Questions may test concepts across chapters. Marks weightage may vary by chapter (not necessarily a set pattern) Questions may test concepts as well as applied understanding One Question may test concepts from more than one chapter Both conceptual as well as applied knowledge is tested 22
Total Marks – 100 No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered Hours - 3 Questions based on Scenario/Brief Case Study Questions directly testing conceptual understanding Questions testing practical application Short notes ( 4 of 5 Questions) 23
Cyberphobia and allergy with technical terms/jargons! Technical perspective than risk perspective Inability to relate the IT concept to Business & Audit Risk Last moment rushing through material without reading and seeing it apply in real life Memorising concepts without understanding Reading material without devoting adequate time to solving sample/past question papers Writing lengthy/irrelevant answers, not answering to the point and not organising your answers 24
25
26

Recommandé

apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays
 
Marsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberMarsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 October
Chris Marsden
 
Legal Tech Ethics
Legal Tech EthicsLegal Tech Ethics
Legal Tech Ethics
Aaron Vick
 
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
ijasuc
 
Cloud Mobility SIG
Cloud Mobility SIGCloud Mobility SIG
Cloud Mobility SIG
ALessio Patatìn
 
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
DheerajPawar4
 
Privacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumPrivacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 Belgium
Mobile Monday Brussels
 
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Dr. Thiti Vacharasintopchai, ATSI-DX, CISA
 

Recommandé

apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays LIVE Paris 2021 - APIs and Privacy in the European Legal Context by M...
apidays
 
Marsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 OctoberMarsden Interoperability European Parliament 13 October
Marsden Interoperability European Parliament 13 October
Chris Marsden
 
Legal Tech Ethics
Legal Tech EthicsLegal Tech Ethics
Legal Tech Ethics
Aaron Vick
 
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC)
ijasuc
 
Cloud Mobility SIG
Cloud Mobility SIGCloud Mobility SIG
Cloud Mobility SIG
ALessio Patatìn
 
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...Intrusion detection and prevention systems market is expected to grow $7.1 bi...
Intrusion detection and prevention systems market is expected to grow $7.1 bi...
DheerajPawar4
 
Privacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 BelgiumPrivacy and mobile apps - status 2013 Belgium
Privacy and mobile apps - status 2013 Belgium
Mobile Monday Brussels
 
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
Dr. Thiti Vacharasintopchai, ATSI-DX, CISA
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
Big Data Value Association
 
Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025
DheerajPawar4
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
Infinity Software Solutions
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rights
Giulio Coraggio
 
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussionData Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...
DheerajPawar4
 
Wearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemWearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring system
Giulio Coraggio
 
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
Lviv Startup Club
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
Ching-Yu Wu
 
Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models?
Raheel Ahmad
 
Remote patient monitoring system
Remote patient monitoring systemRemote patient monitoring system
Remote patient monitoring system
carlajong
 
Solving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSolving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online Environments
Smarsh
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
Gwanhoo Lee
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
Agustin Argelich Casals
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installation
Om Kumar
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015
Vilas Fulsundar
 
Pm02 system design
Pm02 system designPm02 system design
Pm02 system design
Daniyal Ali
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Support for Improvement in Governance and Management SIGMA
 
System design
System designSystem design
System design
Slideshare
 
Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2
MISY
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design Presentation
SCOUT9989
 

Contenu connexe

Tendances

BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
Big Data Value Association
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installation
Om Kumar
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015
Vilas Fulsundar
 

Tendances (17)

BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
 
Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025Penetration testing market is expected to grow $4.5 billion by 2025
Penetration testing market is expected to grow $4.5 billion by 2025
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Wearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rightsWearable technologies, privacy and intellectual property rights
Wearable technologies, privacy and intellectual property rights
 
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussionData Portability and Interoperability – SWIRE – June 2021 OECD discussion
Data Portability and Interoperability – SWIRE – June 2021 OECD discussion
 
Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...Physical identity and access management market vendors by share & growth ...
Physical identity and access management market vendors by share & growth ...
 
Wearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring systemWearable technologies and remote patient remote monitoring system
Wearable technologies and remote patient remote monitoring system
 
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
INNA POLIAKOVA «5 key legal issues of outsourcing agreements to be negotiated...
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models? Explainable AI: Building trustworthy AI models?
Explainable AI: Building trustworthy AI models?
 
Remote patient monitoring system
Remote patient monitoring systemRemote patient monitoring system
Remote patient monitoring system
 
Solving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online EnvironmentsSolving Compliance Issues for Office365/Exchange Online Environments
Solving Compliance Issues for Office365/Exchange Online Environments
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 
An American Legal Perspective
An American Legal PerspectiveAn American Legal Perspective
An American Legal Perspective
 
Experience and perspective_of_security_installation
Experience and perspective_of_security_installationExperience and perspective_of_security_installation
Experience and perspective_of_security_installation
 
Aditech Customer Meet-2015
Aditech Customer Meet-2015Aditech Customer Meet-2015
Aditech Customer Meet-2015
 

En vedette

Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2
MISY
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design Presentation
SCOUT9989
 
System analysis and design
System analysis and design System analysis and design
System analysis and design
Razan Al Ryalat
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMS
koolkampus
 
Introduction to system analysis and design
Introduction to system analysis and designIntroduction to system analysis and design
Introduction to system analysis and design
Twene Peter
 
data resource management
data resource management data resource management
data resource management
soodsurbhi123
 

En vedette (13)

Pm02 system design
Pm02 system designPm02 system design
Pm02 system design
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
 
System design
System designSystem design
System design
 
Systems Analysis And Design 2
Systems Analysis And Design 2Systems Analysis And Design 2
Systems Analysis And Design 2
 
System Design Presentation
System Design PresentationSystem Design Presentation
System Design Presentation
 
System analysis and design
System analysis and design System analysis and design
System analysis and design
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMS
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
System Analysis and Design (SAD)
System Analysis and Design (SAD)System Analysis and Design (SAD)
System Analysis and Design (SAD)
 
Introduction to system analysis and design
Introduction to system analysis and designIntroduction to system analysis and design
Introduction to system analysis and design
 
System design
System designSystem design
System design
 
Data integrity
Data integrityData integrity
Data integrity
 
data resource management
data resource management data resource management
data resource management
 

Similaire à Auditing

Identifying the Identity Managers
Identifying the Identity ManagersIdentifying the Identity Managers
Identifying the Identity Managers
JISC Netskills
 
Chapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptxChapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptx
AxmedMaxamuudYoonis
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
AxmedMaxamuud6
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
koushikDutta62
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
PECB
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
ssusere84743
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed
 

Similaire à Auditing (20)

Chapter 02
Chapter 02Chapter 02
Chapter 02
 
Identifying the Identity Managers
Identifying the Identity ManagersIdentifying the Identity Managers
Identifying the Identity Managers
 
Chapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptxChapter 2 Analyzing the Business Case .pptx
Chapter 2 Analyzing the Business Case .pptx
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
 
Module 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdfModule 6 - Systems Planning bak.pptx.pdf
Module 6 - Systems Planning bak.pptx.pdf
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptxC2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
10 - Project Management
10 - Project Management10 - Project Management
10 - Project Management
 
ISA 3 COBIT
ISA 3 COBITISA 3 COBIT
ISA 3 COBIT
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
 
Sadchap02
Sadchap02Sadchap02
Sadchap02
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
 

Dernier

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Dernier (20)

Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 

Auditing

  • 1. CA. R Vittal Raj 1
  • 2. This Webcast On Current Syllabi Also Discuss Shortcomings Found by Examiners - Points to Take Care New Syllabus – Study Material Would be Hosted in Sep, 13 (First Week) Applicable from November, 2014 Exams Details available on Institute Website - http://220.227.161.86/30545bos20300.pdf 2
  • 3. Relevance of the Paper in CA Final Course Understanding layout of topics Some key perspective to topics General pattern of Exam Questions & Exam Preparation tips Fundamentals you should know before you start 3
  • 4. 1 • Information Systems Concepts 2 • Systems Development Life Cycle Methodology 3 • Control Objectives 4 • Testing – General & Automated Controls 5 • Risk Assessment Methodologies and Applications 6 • Business Continuity Planning and Disaster Recovery Planning 7 • Overview of ERP: IS Auditing Standards, Guidelines and Best Practices 8 • IS Auditing Standards, Guidelines , Best Practices 9 • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective 10 • Information Technology (Amendment) Act, 2008 4
  • 6. Value of Information to Business IT – not mere enabler but a business driver Business risks arising from use of IT Need for managing multi risks from IT 6
  • 7. Role of IT in effectively achieving business as well as governance objectives Auditors’ Role in providing assurance Audit Risk arising from ignorance/ inappropriate understanding of impact of IT in planning, designing and performing audit procedures 7
  • 8. Two Volumes • Volume 1 – Study Material • Volume 2 – Practice Manual Topics – 10 Learning Objective Sub topics 8
  • 9. Not merely conceptual knowledge but applied knowledge A final student is expected to have conceptual knowledge but also applied knowledge & capability Conceptual Knowledge – Volume 1 & Other sources Applied Knowledge - Volume 2, other sources and Practical exposure, field visits, ‘look beyond’ Pre-supposes knowledge of IT fundamental concepts (IPCC Material) Jargons! Technical! Managerial/Control Concepts 9
  • 11. Key Topics: • Definition of a System • Types of System • Systems Model & Environment • Information • Information Systems role in management • Operational Support Systems - TPS, MIS, ERP, • Management Support Systems – DSS, EIS, Expert Systems, • Office Automation Systems 11 Overview of Learning Objective: Expert understanding of information, systems, their elements, types and their application in day to day business life
  • 12. Key Topics: • Systems Development Process • Systems Development Methodologies • Systems Development Life Cycle • In Depth understanding of Phases • Preliminary Study, Systems Requirements Analysis, Systems Design, Systems Acquisition, Systems Development, Systems Testing, Systems Implementation, Post Implementation Review and Systems Maintenance, Documentation • Auditors Role in SDLC 12 Overview of Learning Objective: In depth understanding of concepts, and approaches in SDLC, Phases, tools, Auditors Role in SDLC
  • 13. Key Topics: • IS Controls and their need • Considerations arising from use of computers – Internal Control & Audit perspective • Overview of IS Audit Process, audit objectives vs. control objectives • IS Control Techniques, types, roles and responsibilities • End User Controls • Controls in SDLC - Systems Development and Acquisition, Change Management, Quality Assurance, Systems Implementation & Maintenance 13 Overview of Learning Objective: In depth understanding of Internal Controls , control objectives, controls & techniques of control across various facets of systems protection, role of IS audit
  • 14. Key Topics: • Controls over Data Integrity, Privacy and Security • Security concepts and techniques • Data Security and Public Networks, Unauthorised Intrusion, Hacking • Logical Access Controls, Malware & related controls • Physical & Environmental Controls 14
  • 15. Key Topics: • Testing – Concepts, need and types • Audit Planning Considerations for testing • Audit Testing – IS Controls identification, Prioritising, Performing tests • General Controls vs. Application Controls • Audit Testing techniques • Testing of Technical Controls – Hardware, Systems Software, Network • Concurrent or Continuous Audit and Embedded Audit Module • Audit Reporting 15 Overview of Learning Objective: Expert Knowledge of testing concepts, types, methods, audit planning
  • 16. Key Topics: • Indepth understanding of Risk Management Concepts • Asset, Threats, Vulnerabilities, Severity and Likelihood, Exposure, Countermeasures, Acceptable Risk, Residual Risk • Understanding of Threats in Computerised Environments • Risk Assessment vs. Risk Management • Risk Identification, Ranking, Mitigation and role of Controls 16 Overview of Learning Objective: Working Knowledge on concepts and application of Risk Management, components thereof and phases in Risk Management, Controls
  • 17. Key Topics: • Goals and objectives of BCP • Steps to developing a BCP • Types of Plans • Emergency, Backup, Recovery • Business Impact Analysis & Risk Assessment • Backup Techniques • Full, Incremental, Differential, Mirror • Alternate Processing Arrangements • Cold, Hot, Warm Site, Reciprocal Arrangement • Disaster Recovery Procedures • Insurance • BCP Testing Objectives and Steps • Audit of Disaster Recovery/Business Resumption Plan 17 Overview of Learning Objective: In depth understanding of purpose and objectives of BCP/DRP, phases thereof and role of audit
  • 18. Key Topics: • ERP Fundamentals • Definition, Evolution, Features, Benefits • Business Process Re-Engineering • A Critical success factor for ERP, • ERP Implementation • Key considerations, Methodology, Phases • Post Implementation Issues • Risk Governance Issues in ERP • ERP & E-Commerce • Overview of some popular products and Case studies 18 Overview of Learning Objective: Role of ERP in business, Goals & Benefits, Challenges and Risks, Phases in Implementation, Importance of BPR
  • 19. Key Topics: • ICAI Standards – SA 315, SA 330 • ISO 27001 – Information Security Management Standard • Capability Maturity Model (CMM) • COBIT – IT Governance Framework • CoCo Guidance – Criteria of Control Model (CICA) • ITIL (IT Infrastructure Library) • Systrust and Webtrust from AICPA • HIPAA • SA 402 19 Overview of Learning Objective: Gain overview and relevance of global standards in IS Control, Security, Audit and It Governance
  • 20. Key Topics: • Importance of Information Security to Enterprise • Information Security Policy • Purpose, scope, types, allocation of roles and responsibilities • Asset Classification, Access Control, Physical Security, SDLC, BCP • Audit Policy • Purpose, Scope, Competence, Audit Framework, Testing Approach, Frequency, Linkage to IT Governance Framework, Audit Communication • Audit Working Papers and Documentation • Planning Documentation, Gathering and Organising Information, Writing Documentation • IS Audit Reports • Structure, Format, Distribution, Context, Objectives, Findings, Opinion, Substantiation, Evidence 20 Overview of Learning Objective: Expert knowledge in drafting of Information Systems Security Policy, Audit Policy and Audit Documentation and Reporting
  • 21. Key Topics: • IT Act 2000 & the Amendment Act, 2008 • Purpose, Definitions • Authentication, Digital & Electronic Signature • Obligations of Subscribers, Body Corporates, Intermediaries and users • Electronic Governance • Electronic Contracts • Certifying Authorities • Penalties, Adjudication and Authorities under the Act • Offences 21 Overview of Learning Objective: Working Knowledge on Purpose of the Act, knowledge of key provisions, application of certain provisions
  • 22. Don’t rule out any topic, Questions may test concepts across chapters. Marks weightage may vary by chapter (not necessarily a set pattern) Questions may test concepts as well as applied understanding One Question may test concepts from more than one chapter Both conceptual as well as applied knowledge is tested 22
  • 23. Total Marks – 100 No. of Questions – 7. One Compulsory Question and 5 out of 6 others to be answered Hours - 3 Questions based on Scenario/Brief Case Study Questions directly testing conceptual understanding Questions testing practical application Short notes ( 4 of 5 Questions) 23
  • 24. Cyberphobia and allergy with technical terms/jargons! Technical perspective than risk perspective Inability to relate the IT concept to Business & Audit Risk Last moment rushing through material without reading and seeing it apply in real life Memorising concepts without understanding Reading material without devoting adequate time to solving sample/past question papers Writing lengthy/irrelevant answers, not answering to the point and not organising your answers 24
  • 25. 25
  • 26. 26