Take This Quiz & Predict Your Score in the coming CA CS or CMA Exam!
  • How important it is for you to pass the exam in this attempt?
  • What percentage of course you have finished well so far roughly?
  • How many hours you study in a day?
  • How many times you have revised the topics you have finished
  • Have you taken online or pen drive or live class from a renowned faculty?
  • What percentage of the classes you have watched?
  • Have you attempted mock tests or practice tests yet?
  • Are you planning to attempt mock tests conducted by external bodies- ICAI, ICSI, ICMAI or other institute?
  • How many tests you have taken?
  • Did you manage to finish the test papers on time?
  • Are you strictly following study material provided by the exam conducting authority such as ICAI/ICSI/ICMAI/Other Body?
  • How is your health in general?
  • How is your food habit?
  • Any interest in yoga or exercise or play sports regularly?
  • Planning to sleep well nights before the exams?
  • Planning to have light food and water before exams?

CA Final Information Systems Control and Audit Syllabus (ISCA)

Information systems control and audit syllabus

Information systems control and audit syllabus

CA Final Information Systems Control and Audit Syllabus (ISCA)

Information Systems Control and Audit  Syllabus (ISCA) 

Through this article you will come to know about CA final information systems and audit syllabus.

You can also get the information  about the contents of CA final information systems and audit syllabus.

The main objective of ISCA is to gain application ability of necessary controls, laws and standards in computerised information system.

Information Systems Control and Audit

CA Final Information Systems Control and Audit Syllabus (ISCA) Contents:

  •  Information Systems Concepts

    • General Systems Concepts – Nature and types of systems, nature and types of information, attributes of information.
    • Management Information System – Role of information within business
    • Business information systems –various types of information systems – TPC, MIS, DSS, EIS, ES
  • Systems Development Life Cycle Methodology

    • Introduction to SDLC/Basics of SDLC
    • Requirements analysis and systems design techniques
    • Strategic considerations : Acquisition decisions and approaches
    • Software evaluation and selection/development
    • Alternate development methodologies- RAD, Prototype etc
    • Hardware evaluation and selection
    • Systems operations and organization of systems resources
    • Systems documentation and operation manuals
    • User procedures, training and end user computing
    • System testing, assessment, conversion and start-up
    • Hardware contracts and software licenses
    • System implementation
    • Post-implementation review
    • System maintenance
    • System safeguards
    • Brief note on IS Organisation Structure
  • Control objectives

    • Information Systems Controls
      • Need for control
      • Effect of computers on Internal Audit
      • Responsibility for control – Management, IT, personnel, auditors
      • Cost effectiveness of control procedure
      • Control Objectives for Information and related Technology (COBIT)
    • Information Systems Control Techniques
      • Control Design: Preventive and detective controls, Computer-dependent control, Audit trails, User Controls (Control balancing, Manual follow up)
      • Non-computer-dependent (user) controls: Error identification controls, Error investigation controls, Error correction controls, Processing recovery controls
    • Controls over system selection, acquisition/development
      • Standards and controls applicable to IS development projects
      • Developed / acquired systems
      • Vendor evaluation
      • Structured analysis and design
      • Role of IS Auditor in System acquisition/selection
    • Controls over system implementation
      • Acceptance testing methodologies
      • System conversion methodologies
      • Post implement review
      • Monitoring, use and measurement
    • Control over System and program changes
      • Change management controls
      • Authorization controls
      • Documentation controls
      • Testing and quality controls
      • Custody, copyright and warranties
      • Role of IS Auditor in Change Management
    • Control over Data integrity, privacy and security
      • Classification of information
      • Logical access controls
      • Physical access controls
      • Environmental controls
      • Security concepts and techniques – Cryptosystems, Data Encryption Standards (DES), Public Key Cryptography & Firewalls
      • Data security and public networks
      • Monitoring and surveillance techniques
      • Data Privacy
      • Unauthorised intrusion, hacking, virus control
      • Role of IS Auditor in Access Control
  • Audit Tests of General and Automated Controls

    • Introduction to basics of testing (reasons for testing);
    • Various levels/types of testing such as: (i) Performance testing, (ii) Parallel testing, (iii) Concurrent Audit modules/Embedded audit modules, etc.
  • Risk assessment methodologies and applications:

    • (a) Meaning of Vulnerabilities, Threats, Risks, Controls,
    • (b) Fraud, error, vandalism, excessive costs, competitive disadvantage, business, interruption, social costs, statutory sanctions, etc.
    • (c) Risk Assessment and Risk Management,
    • (d) Preventive/detective/corrective strategies
  • Business Continuity Planning and Disaster recovery planning:

    • Fundamentals of BCP/DRP,
    • Threat and risk management,
    • Software and data backup techniques,
    • Alternative processing facility arrangements,
    • Disaster recovery procedural plan,
    • Integration with departmental plans, testing and documentation,
    • Insurance
  • An overview of Enterprise Resource Planning (ERP)

  • Information Systems Auditing Standards, guidelines, best practices (BS7799, HIPPA, CMM etc.)

  • Drafting of IS Security Policy, Audit Policy, IS Audit Reporting – a practical perspective

  • Information Technology Act, 2000

Information systems control and audit syllabus:

CA Final Information Systems Control and Audit Syllabus (ISCA) Contents:

1. Concepts of Governance and Management of Information Systems

Governance, Risk and compliance and relationship between governance and management.

Role of information technology and IS Strategy in business strategy, operations and control , business value from use of IT, business impact of IS risks different types of Information Systems Risks, IS Risk management overview, IT Compliance overview – Role and responsibilities of top management as regards IT-GRC. Role of Information Systems Assurance. Overview of Governance of Enterprise IT and COBIT

2. Information Systems Concepts

Overview of information systems in IT environment and practical aspects of application of information systems in enterprise processes. Information as a key business asset and its relation to business objectives, business processes and relative importance of information systems from strategic and operational perspectives. Various types of business applications, overview of underlying IT technologies.

3. Protection of Information Systems

Need for protection of Information systems, types of controls, IT general controls, logical access controls & application controls. Technologies and security management features, IS Security Policies, procedures, practices, standards and guidelines, IT controls and control objectives, Role of technology systems in control monitoring, segregation of duties. Impact of IT controls on Internal controls over financial reporting, cyber frauds and control failures.

4. Business Continuity Planning and Disaster recovery planning

Assessing Business Continuity Management, Business Impact Analysis and Business Continuity Plans, Disaster recovery from perspective of going concern, Recovery Strategies

5. Acquisition, Development and Implementation of Information Systems (SDLC)

Business process design (integrated systems, automated, and manual interfaces), Software procurement, RFP process, evaluation of IT proposals, computing ROI, Computing Cost of IT implementation and cost benefit analysis, systematic approach to SDLC and review of SDLC controls at different stages.

6. Auditing & Information Systems

– Different types of IS audit and assurance engagements. Evaluating IT dependencies for audit planning. Overview of continuous auditing. Auditing Information Systems- Approach methodology, and standards for auditing information systems. IS Audit planning, performing an IS audit, rules of digital evidence, best practices and standards for IS audit.

– Reviewing General Controls, Application Controls, Application control reviews: Review of controls at various levels/layers such as: Parameters, user creation, granting of access rights, input, processing and output controls.

7. Information Technology Regulatory issues

Overview of Specific section of IT Act 2008 & Rules as relevant for assurance: Electronic Contracting, digital signatures, cyber offences, etc. Need for systems audit as per various regulations such as: SEBI Clause 49 listing requirements and internal controls, systems control & audit requirements as per RBI, SEBI, IRDA. Concepts of Cyber forensics/Cyber Fraud investigation, Overview of Information Security Standards ISO 27001, ISAE 3402/SA 402, ITIL

8. Emerging Technology

Overview of Cloud Computing, Software as a Service, Mobile Computing & BYOD, Web 2.0 & social media, Green IT and related security and audit issues

Conclusion – CA Final Information Systems Control and Audit Syllabus (ISCA)

Here in this article we have covered the syllabus of the subject CA final information systems control and audit (ICAI) and the contents covered in it.

Hope you found the article useful. If you have the any doubts or queries let us know through the below comment box.

Leave a comment

Your email address will not be published. Required fields are marked *