BM E1 – Information System Audit and Governance
Objective : To learn IS audit methods, controls, IS strategies through case studies.
Prerequisites: IT fundamentals , Computer operations , Network concepts , and
Internet concepts, Exposure to programming languages , Exposure to SSAD and
Database concepts, Commercial Applications, Management Concepts and Practice
1 Auditing concepts ISA need, concept, standards,
performance, steps , techniques ,
methodologies , around and through
computer.
2 Controls – Concept objectives, types,
risk, exposure
3 IT environment – hardware, system
software, OS, DBMS, Infrastructure,
network concepts, Personnel,
documentation, review of performance,
procurement, and other controls
Network concepts, LAN, WAN, Client-
Server architecture, Internet, EDI, email,
encryption, digital signatures –
review of performance, procurement
and other controls.
4 Software procurement and development
–SDLC – Meaning and IS auditor’s roletraditional
SSAD , OOM , prototyping ,
4GL , project management , testing ,
implementation review.
5 Is-operations -planning, organizing,
scheduling, SCM, problem management
, record management, QA and QC ,
review and controls
6 Controls – Input , process , validation ,
output, logical access, physical access ,
database , network , environment ,
BCP
7 Evidence collection, evaluation and
reporting methodologies
8 IS strategies and management –
organization structure , long term and
short term plans , steering and other
committees , HR policies , segregation
of duties
9 IT crimes , viruses , security , privacy
issues
10 Broad introduction to concepts and
practice of e-commerce and legal
framework for e-commerce
11 Case studies and assignments 4 2,3
Note :
Two case studies and two assignments need also be covered.
The syllabus is expected to be completed within approx 40 sessions of 90
minutes each. Session-wise suggested contents are enclosed
Many topics will have to be covered at a broad level only.
Role of IS auditor and relation of each topic to ISA controls and review should
be part of all lectures. Emphasis should be on Audit , security, control, review
and documentation aspects and usage of relevant standards as relevant to all
the IT facets.
References :
1. Names of ISA related material is given. For all other IT related topics, e.g. EIT
, SSAD , DBMS , Network etc various standard books are available in the
market and also recommended by the University.
2. “EDP Auditing Conceptual Foundations And Practices” by Ron Weber –
McGraw-Hill publication
3. Latest CISA review manual by ISACA , USA – This may be procured by
individual institutes and made available to students on library basis
4. IS audit standards and control objectives of ISAXA which are non-copyrighted
and relevant , refer www.isaca.org
5. IS control journals from ISACA
Reference http://www.unipune.ernet.in/stud_info/Syllabi/Syllabus_2008.html
|
No responses found. Be the first to respond...
|