| 1. | Information Systems Concepts |
|---|
| General Systems Concepts – Nature and types of systems, nature and types of information, attributes of information. |
| Management Information System – Role of information within business |
| Business information systems –various types of information systems – TPC, MIS, DSS, EIS, ES |
| 2. | Systems Development Life Cycle Methodology |
|---|
| Introduction to SDLC/Basics of SDLC |
| Requirements analysis and systems design techniques |
| Strategic considerations : Acquisition decisions and approaches |
| Software evaluation and selection/development |
| Alternate development methodologies- RAD, Prototype etc |
| Hardware evaluation and selection |
| Systems operations and organization of systems resources |
| Systems documentation and operation manuals |
| User procedures, training and end user computing |
| System testing, assessment, conversion and start-up |
| Hardware contracts and software licenses |
| System implementation |
| Post-implementation review |
| System maintenance |
| System safeguards |
| Brief note on IS Organisation Structure |
| 3. | Control objectives |
|---|
| | (a) | Information Systems Controls | | Need for control | | Effect of computers on Internal Audit | | Responsibility for control – Management, IT, personnel, auditors | | Cost effectiveness of control procedure | | Control Objectives for Information and related Technology (COBIT) | | (b) | Information Systems Control Techniques | | Control Design: Preventive and detective controls, Computer-dependent control, Audit trails, User Controls (Control balancing, Manual follow up) | | Non-computer-dependent (user) controls: Error identification controls, Error investigation controls, Error correction controls, Processing recovery controls | | (c) | Controls over system selection, acquisition/development | | Standards and controls applicable to IS development projects | | Developed / acquired systems | | Vendor evaluation | | Structured analysis and design | | Role of IS Auditor in System acquisition/selection | | (d) | Controls over system implementation | | Acceptance testing methodologies | | System conversion methodologies | | Post implement review | | Monitoring, use and measurement | | (e) | Control over System and program changes | | Change management controls | | Authorization controls | | Documentation controls | | Testing and quality controls | | Custody, copyright and warranties | | Role of IS Auditor in Change Management | | (f) | Control over Data integrity, privacy and security | | Classification of information | | Logical access controls | | Physical access controls | | Environmental controls | | Security concepts and techniques – Cryptosystems, Data Encryption Standards (DES), Public Key Cryptography & Firewalls | | Data security and public networks | | Monitoring and surveillance techniques | | Data Privacy | | Unauthorised intrusion, hacking, virus control | | Role of IS Auditor in Access Control |
|
| 4. | Audit Tests of General and Automated Controls |
|---|
| | (a) | Introduction to basics of testing (reasons for testing); | | (b) | Various levels/types of testing such as: (i) Performance testing, (ii) Parallel testing, (iii) Concurrent Audit modules/Embedded audit modules, etc. |
|
| 5. | Risk assessment methodologies and applications: |
|---|
| (a) Meaning of Vulnerabilities, Threats, Risks, Controls, (b) Fraud, error, vandalism, excessive costs, competitive disadvantage, business, interruption, social costs, statutory sanctions, etc. (c) RiskAssessment and Risk Management, (d) Preventive/detective/corrective strategies |
| 6. | Transfer pricing |
|---|
| (a) Fundamentals of BCP/DRP, (b) Threat and risk management, (c) Software and data backup techniques, (d) Alternative processing facility arrangements,(e) Disaster recovery procedural plan, (f) Integration with departmental plans, testing and documentation, (g) Insurance |
| 7. | An over view of Enterprise Resource Planning (ERP) |
|---|
| 8. | Information Systems Auditing Standards, guidelines, best practices (BS7799, HIPPA, CMM etc.) |
|---|
| 9. | Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - a practical perspective |
|---|
| 10. | Information Technology Act, 2000 |
|---|
