File Content -
INFORMATION SYSTEM S CONTROL AND AUDIT
SHORT NOTES
HAND WRITTEN
Sumit Rathi (CA, Bcom.)
THINGS TO BE KEPT IN MIND EVERY TIME YOU TAKE ISCA BOOK:
1. ISCA is not a technical/computer subject INFORMATION SYSTEM S CONTROL AND AUDI T by
its name itself , i t is an AUDIT subject and t he word COMPUTER is hardly even used in the ICAI
material.
2. This subject is to educate an auditor to audit various information system plans in place in an
organization, and related controls (to audit information system one should know it).
3. It is subject where maximum marks can be scored –
1. only 8 chapters
2. relatively less to study
3. Normally a bout 8 0% of marks are covered from 4 - 5 chapters .
4. They test knowledge but memory – take best use of your grammar knowledge , draft smart sentences
to answer a question .
5. Answer need not be 100% same as ICAI suggested answers, but if smart sentence and key words are
used, marks will be allotted.
6. R ead the question prope rly, don’t get confused by synonyms used in the question – make note o f key
words that helps to know the correct answer for a question.
7. Refer previous 8 to 10 attempts question p aper, most of the times questions asked in exams prior to
2 - 3 attempts may be lifted as it is for about 10 - 15 marks .
8. You may do a rough study of the questions asked in immediate last attempt, normally there will not
be repetition of those question s the exam – you will save your time and can focus on other topics.
( disclaimer – exceptional cases questions are lifted directly form immediate preceding at tempt’s
question paper for about 5 - 10 marks)
9. Use dictionary to understand the meaning of unknown/new words, don’t mug up.
10. Read, write, revise and write.
11. Prepare for 100 marks, attempt for 100 marks.
12. Don’t generalize the answer, keep it specific and to the point – quality & quantity both are
important.
13. Read case studies from the practice manual and RTPs – same case study may not be asked in exam,
but can expect similar questions.
Chapter wise important topics:
Chapter : 1 (Around 5 - 10 marks)
1. COBIT 5 – Benefits and Component (V imp..)
2. Key Governance practice of GEIT.
3. Internal control component of COSO.
Chapter : 2 (Around 15 marks)
1. Classification of system.
2. Attribute of information.
3. Characteristics of MIS, prerequisites of MIS (5 pillars),limitation and constrains of MIS.
4. EIS definition, Characteristics of EIS, measures and indicators to be included in EIS. (V imp..)
5. Expert system, benefits, characteristics and usage.
6. DSS, characteristics and applicability. (V imp..)
Chapter : 3 (Around 20 Mark s)
1. Types of Information system. (imp..)
2. Component of security policy.
3. Impact of technology on internal control.
4. Component of internal control. (V imp..)
5. Components of Controls, Data Integrity Policies, Cyber Frauds - Types of cyber attacks & techniques.
6. Int ernet & Intranet Controls, Firewall, Cryptography, Access Control Mechanism, System
Development Controls & Computer Centre Security Controls as a part of General Controls.
Chapter : 4 (Around 12 marks)
1. BCP deviation, methodology of BCP. (V imp..)
2. Business impact analysis.
3. Types of backup.
4. Objectives of BCP. (imp..)
Chapter : 5 (Around 20 marks)
1. Fact finding techniques.
2. System implementation conversation strategies.
3. Post implementation review. (V imp..)
4. System development methodology.
5. Methods of system development . (V V imp.. especially waterfall, incremental and spiral ) .
6. Methods and grounds of vendor evaluation, Roles involved in SDLC
7. System testing.
Chapter : 6 (Around 15 Marks)
1. Functions of Auditor.
2. Categories of IS Audits (V imp..)
3. Concurre nt Audit Tools(especially SCARF, Audit Hooks). (V imp..)
4. Critical Factors to be considered by IS Auditor in Preliminary Review of IS Audit, Approaches to
Application Security Controls Audit. (V imp..)
Chapter : 7 (Around 8 - 10 marks)
1. System Audit & Contro ls of IRDA & RBI, Cyber Security Policy 2013, Objectives (V V imp..)
2. ITIL
3. Penalty sections etc..
Chapter : 8 (Around 10 - 12 marks)
1. Cloud computing, objectives, characteristics of cloud computing, advantages of cloud computing (V
V imp..).
2. Benefits of Mobile Computing, BYOD,Types of Social Networks, Components of Web 2.0 (V
imp..)
3. Disadvantage of cloud.
4. Pertailmaint issues in cloud computing. (V imp..)
5. Cloud v/s Grid computing.
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner
Scanned by CamScanner