Professional Documents
Culture Documents
Revision Capsule by ICAI
Revision Capsule by ICAI
An Enterprise Information System (EIS) may be defined as any kind of information system which improves the functions of an
enterprise business processes by integration. This means classically offering high quality services, dealing with large volumes of data
and capable of supporting some huge and possibly complex organization or enterprise. All parts of EIS should be usable at all levels
of an enterprise as relevant. A Business Process is an activity or set of activities that will accomplish a specific organizational goal.
e. Risk Response
Step 8: Testing the Before making the process live, the BPA
BPA. solutions should be fully tested.
Seize than just risks, and by considering a full range of data may not be accurate, an organisation from
opportunities events, management gains an understanding of complete and authorised. accomplishing its
how certain events represent opportunities. objectives.
All files and data Risk that could result in a
Financial
More robust information on an entity’s total transmitted may not be negative financial impact
Rationalize risk allows management to more effectively processed accurately to the organisation.
capital assess overall capital needs and improve capital and completely, due to
allocation. network error.
Reputational
and accurate due to organisation to negative t 4FU VQ mSTU UJNF EVSJOH JOTUBMMBUJPO BOE UIFTF BSF DIBOHFE
Output
program error or bugs publicity. whenever the business process rules or parameters are changed.
and is distributed to t &YBNQMFTBSF7FOEPS.BTUFS
$VTUPNFS.BTUFS
.BUFSJBM.BTUFS
unauthorised personnel Accounts Master, Employee Master etc.
due to weak access control.
Valid input data may Risk that could expose Transactions
(Compliance)
Regulatory
Processing
operations.
t )FMQT FOTVSF UIF SFMJBCJMJUZ PG JOUFSOBM BOE Companies
An Internal Act, 2013
external financial reporting. Section 143 of the Companies Act
Control
t "TTJTUT DPNQMJBODF XJUI BQQMJDBCMF MBXT BOE 2013, on “Powers and duties of
System regulations. auditors and auditing standards”
t )FMQTTBGFHVBSEJOHUIFBTTFUTPGUIFFOUJUZ
This chapter provides an in-depth knowledge about the concept of Financial and Accounting Systems, Integrated
and Non-integrated Systems and further acquaint the students about Regulatory and Compliance requirements
with Financial and Accounting systems.
In accounting language, a Voucher is a documentary evidence of 'SPN B CVTJOFTT QFSTQFDUJWF
B Process is a coordinated
a transaction. There may be different documentary evidences for and standardized flow of activities performed by people or
different types of transactions. machines, which can traverse functional or departmental
Voucher Types boundaries to achieve a business objective and creates value
1 Contra 'PS SFDPSEJOH PG GPVS UZQFT PG for internal or external customers.
USBOTBDUJPOTBTVOEFS
t $BTIEFQPTJUJOCBOL
t $BTIXJUIESBXBMGSPNCBOL
DATA TYPES
t $BTI USBOTGFS GSPN POF MPDBUJPO UP
another.
t 'VOE USBOTGFS GSPN PVS POF CBOL MASTER DATA NON - MASTER DATA
account to our own another bank (Relatively permanent) (Expected to change frequently)
account.
2 Payment 'PS SFDPSEJOH PG BMM UZQFT PG QBZNFOUT
Whenever the money is going out of Accounting Inventory Payroll Statutory
business by any mode (cash/bank).
3 Receipt 'PS SFDPSEJOH PG BMM UZQFT PG SFDFJQUT
Whenever money is being received into Steps involved in the Accounting Flow
business from outside by any mode
Accounting
(cash/bank) Transactions
4 Journal For recording of all non-cash/bank HUMANS
transactions. E.g. Depreciation, Provision,
Voucher Entry
Write-off, Write-back, discount given/
received, Purchase/Sale of fixed assets on
credit, etc. Posting
5 Sales For recording all types of trading sales by
any mode (cash/bank/credit). SOFTWARE
Balancing
6 Purchase 'PS SFDPSEJOH BMM UZQFT PG USBEJOH QVS-
chase by any mode (cash/bank/credit).
7 Credit 'PS NBLJOH DIBOHFT DPSSFDUJPOT Trial Balance
Note in already recorded sales / purchase
transactions.
8 Debit 'PS NBLJOH DIBOHFTDPSSFDUJPOT Profit & Loss Account Balance Sheet
Note in already recorded sales/purchase
transactions.
9 Memo- 'PS SFDPSEJOH PG USBOTBDUJPO XIJDI XJMM
randum be in the system but will not affect the
trial balance. Types of Ledgers
10 Purchase 'PSSFDPSEJOHPGBQVSDIBTFPSEFSSBJTFE
Order on a vendor.
11 Sales 'PS SFDPSEJOH PG B TBMFT PSEFS SFDFJWFE Debit Balance Credit Balance
Order from a customer.
12 Stock 'PS SFDPSEJOH PG QIZTJDBM NPWFNFOU PG
Inventory
Journal stock from one location to another. Asset Expense Income Liability
13 Physical 'PS NBLJOH DPSSFDUJPOT JO TUPDL BGUFS
Stock physical counting.
Profit & Loss Account
14 Delivery 'PS SFDPSEJOH PG QIZTJDBM EFMJWFSZ PG
Note goods sold to a customer.
15 Receipt 'PS SFDPSEJOH PG QIZTJDBM SFDFJQU PG
Balance Sheet
Note goods purchased from a vendor.
16 Attend- 'PSSFDPSEJOHPGBUUFOEBODFPG
Payroll
ance employees.
17 Payroll 'PSTBMBSZDBMDVMBUJPOT
used by user, it needs maintenance/updating of s/w t Financials: Accounts payable, accounts receivable,
to be installed on every becomes extremely easy. fixed assets, general ledger and cash management, etc.
computer one by one. t Human Resources: Benefits, train-
Maintenance & updating ing, payroll, time and attendance, etc.
of s/w may take lot time t Supply Chain Management: Inventory, sup-
and efforts. ply chain planning, supplier scheduling, claim
As software is installed on As software is not installed on processing, order entry, purchasing, etc.
t Projects:
Accessibility
the hard disc of the user’s the hard disc of user’s comput- Costing, billing, activi-
computer, user needs to er and its used through brows- ty management, time and expense, etc.
go to the computer only. er and internet, it can be used t Customer Relationship Management (CRM): CRM
It cannot be used from any from any computer in the world software is used to support processes, such as sales,
computer. 24 x 7. marketing, customer service, training, professional
Using the software through Using mobile applica- development, performance management, HR
Mobile
App.
mobile application is tion becomes very easy Development, and compensation etc., storing
difficult in this case. as data is available 24 x 7. information on current and prospective customers.
Data is physically stored in Data is not stored in the user’s t Data Warehouse: Data warehouse is a repository of
Data Storage
the premises of the user, server computer. It is stored an organization’s electronically stored data. These are
i.e. on the hard disc of the on a web server. Hence user designed to facilitate reporting and analysis. The
user’s server computer.
Thus user has full control will not have any control over process of transforming data into information and
over data. the data. making it available to the user in a timely enough man-
As the data is in physical Data security is a big ner to make a difference is known as data warehousing.
Data Security
application shall always be server using internet, speed central data. This creates Access to be given on
faster than web applica- of operation may be slower. a possibility of access to “Need to know” and
tion. non-relevant data. Need to do” basis only.
Installed applications shall Web applications do As there is only one set Back up arrangement
Flexibility
Safety
Data
have more flexibility and not even compare to the of data, if this data is lost, needs to be very strong.
controls as compared to flexibility of desktop whole business may come Also, strict physical control
web application. applications. to stand still. is needed for data.
As data is maintained This can be controlled by
Operation
ENTERPRISE RESOURCE PLANNING ERP data size becomes more using techniques like data
An ERP System is based on a common database and a mod- and more and it may warehousing and updating
ular software design. The common database can allow every reduce the speed of hardware on a continuous
department of a business to store and retrieve information in operation. basis.
real-time. The information should be reliable, accessible, and As the overall system All the processes must be
Change in
easily shared. An ERP system supports most of the business is integrated, a small documents carefully in
process
system that maintains in a single database the data needed for change in process for one beginning of
a variety of business functions such as Manufacturing, Supply department may require implementation
$IBJO .BOBHFNFOU
'JOBODJBMT
1SPKFDUT
)VNBO 3FTPVSDFT lot of efforts and money. itself to avoid any
and Customer Relationship Management. discomfort in future.
As the overall system is This can be controlled
Staff Turnover
Advantages of an ERP System integrated & connected and minimized with help
with each other of proper staff training
t "CJMJUZUPDVTUPNJ[FBOPSHBOJ[BUJPOTSFRVJSFNFOUT department, it becomes system, having help
t *OUFHSBUFCVTJOFTTPQFSBUJPOTXJUIBDDPVOUJOHmOBODJBM complicated and difficult manuals, having backup
reporting function; to understand. plans for staff turnover, etc.
t *ODSFBTFEEBUBTFDVSJUZBOEBQQMJDBUJPODPOUSPMT As everybody is connected This can be controlled
System Failure
This chapter provides a deep understanding about various components of an Information system and its working,
types of threats and their mitigating controls and audit aspects of various components of Information Systems.
An Information System is a combination of people, hardware, software, communicating devices, network and data
resources that processes can be storing, retrieving, transforming information) data and information for a specific purpose.
INPUT PROCESSING OUTPUT Data are the raw bits and pieces of information with
(Business problems (Solution to no context. Data can either be quantitative which is
Data
(Software,
in form of data, Programs, people, problems in numeric (the result of a measurement, count, or some
information, equipment, the form of other mathematical calculation) or Qualitative data which
instructions, storage) reports, graphics,
opportunities) calculations, voices) is descriptive.
These consist of both physical devices and
and Communi-
cation Systems
Networking
software, links the various pieces of hardware and
CONTROL FEEDBACK transfers the data from one physical location to another.
Computers and communications equipment can be con-
(Decision Makers, nected in networks for sharing voice, data, images, sound
Auto Control)
and video.
USER
Hardware Software
Virtual Memory
that block alphabetic characters from being entered in networking controls, access to database
numeric fields, access controls that protect sensitive objects, encryption controls etc. The key
data/ system resources from unauthorised people, and factors considered in designing logical access
complex and dynamic technical controls such as antivirus
controls include confidentiality and privacy
software, firewalls, and intrusion prevention systems.
requirements, authorization, authentication and
These controls are designed to detect errors, omis- incident handling, reporting and follow-up, virus
sions or malicious acts that occur and report the
Detective
Controls
once they have been detected. They vary from simple must be performed to ensure the development,
Controls
Managerial
Controls
correction of data-entry errors, to identifying and re- implementation, operation and maintenance of informa-
moving unauthorised users or software from systems tion systems in a planned and controlled manner in an
or networks, to recovery from incidents, disruptions, organization. The controls at this level provide a
or disasters. stable infrastructure in which information systems can
Nature of Information Systems’ Resources be built, operated and maintained on a day-to-day basis.
These are the controls relating to IT environment These include the programmatic routines
Environ-
Controls
Application Controls
mental
such as power, air-conditioning, Un-interrupted within the application program code. The objective of
Power Supply (UPS), smoke detection, fire-extin- application controls is to ensure that data remains
guishers, dehumidifiers etc. complete, accurate and valid during its input, update and
These are the controls relating to physical security of the storage. The specific controls could include form
Controls
Physical
tangible IS resources and intangible resources stored on design, source document controls, input, processing and
Access
tangible media etc. These include Access control doors, output controls, media identification, movement and
Security guards, door alarms, restricted entry to secure library management, data back-up and recovery, authen-
areas, visitor logged access, CCTV monitoring etc. tication and integrity, legal and regulatory requirements.
MANAGERIAL CONTROLS
I. Top Mgt. & IS Mgt. Controls II. Programming Mgt. Controls IV. Data Resource Mgt. Controls V. Security Mgt. Controls
'VODUJPOTQFSGPSNFECZB4FOJPS To acquire and implement high- Data must be available to users Information security
Manager quality programs when it is needed, in location administrators are
where it is needed, and in form in responsible for ensuring that
which it is needed. information systems assets
are secure.
t Planning: determining III. System Development Management
goals of information systems Controls
function and means of Has responsibility for functions t Definition Controls: To
achieving these goals; concerned with analyzing, designing, ensure that database always
t Organizing: gathering, building, implementing & maintaining IS corresponds and comply VI. Quality Assurance
allocating, & coordinating with its definition standards. Mgt. Controls
resources needed to t Existence Controls: To To achieve certain quality
accomplish goals; ensure existence of database goals and standards.
t Leading: motivating, t System Authorization Activities: by establishing backup
guiding, and communicating Systems must be properly recovery procedures.
with personnel; authorized to ensure their economic t Access Controls: Access
t Controlling: Comparing justification and feasibility. controls are designed to
actual performance with t User Specification Activities: The prevent unauthorized
VII. Operations Mgt.
planned performance user can create a detailed written individual from viewing,
Controls
description of the logical needs that retrieving, computing/
Responsible for the daily
destroying entity’s data.
t Planning: Using WBS, must be satisfied by the system.
t running of hardware
Gantt Charts, PERT; t Technical Design Activities: These Update Controls: Restrict
and software facilities.
update of database
t Control: Over software translate user specifications into a set
to authorized users.
development, acquisition, of detailed technical specifications
and implementation tasks; of system that meets user’s needs. t Concurrency Controls:
t Design: Systematic t Internal Auditor’s Participation: Provide solutions, agreed- t Computer operation;
approach to program design Auditor’s involvement should upon schedules and t Network operation;
t Coding: Using Top-down be continued throughout all strategies to overcome the t Data Preparation & Entry;
or bottom-up approach; phases of development process data integrity problems. t Production Control;
t Testing: Could be Unit and into maintenance phase. t Quality Controls: These t 'JMF -JCSBSZ
Testing, Integration t Program Testing: All modules must controls ensure the t Documentation &
be tested before they are implemented. accuracy, completeness Program Library;
Testing and Whole- t
of-Program Testing t User Test and Acceptance Procedures: and consistency of data Help Desk & Technical support;
maintained in database. t Capacity Planning
t Operation and Just before implementation,
& Performance;
Maintenance: Could be individual modules of the system
must be tested as a unified whole. t Management of
Repair Maintenance, Adaptive outsourced operations.
and Perfective Maintenance
I. Boundary Controls II. Communication III. Processing Controls V. Database Controls VI. Output Controls
An Access control mechanism Controls Responsible for computing, Protects integrity Ensure that data
having three steps - Responsible for sorting, classifying, of a database when delivered to users is
Identification, Authentication transporting data and summarizing data. application s/w act as presented, formatted and
and Authorization. among all other an interface between delivered in a consistent
subsystems. user and the database. and secured manner.
It is defined as the process of attesting objectives (those of the external auditor) that focus on asset safeguarding, data integrity
and management objectives (those of the internal auditor) that include effectiveness and efficiency both.
Objectives a system of internal controls from unauthorised to top management in be concerned about how well
access. relation to long-run top management acquires and
Data Integrity Data integrity important from the business per- policy. manages staff resources.
Objectives spective of the decision maker, competition and t Leading: Auditors examine
the market environment. variables that often indicate
when motivation problems
System Effectiveness of a system is evaluated by auditing exist or suggest poor
Effectiveness the characteristics and objective of the system to leadership.
Objectives meet business and user requirements. t Controlling: Auditors
must evaluate whether top
System To optimize the use of various information sys- management’s choice to the
Efficiency tem resources along with the impact on its com- means of control over the
Objectives puting environment. users of IS services is likely to
be effective or not.
TYPES OF AUDIT TOOLS Provides a contingency t Concurrent Audit: Auditors
Snapshots perspective on models assist the team in improving
System Development Management Controls
ͳF4$"3'UFDIOJRVFJOWPMWFTFNCFEEJOHBVEJUTPGUXBSF
Management
modules within a host application system to provide and the important t Control: Auditors must
continuous monitoring of the system’s transactions. The controls that should evaluate whether the nature of
information collected is written onto a special audit be exercised in each and extent of control activities
mMFUIF4$"3'NBTUFSmMFT"VEJUPSTUIFOFYBNJOFUIF phase. undertaken are appropriate
information contained on this file to see if some aspect of for different types of s/w that
the application system needs follow-up. are developed or acquired.
database administrator what controls are exercised to transaction; and a light pen versus
Controls
and the controls that maintain data integrity. They t ͳF OVNCFS PG UIF a mouse.
should be exercises in might employ test data to physical or logical batch
each phase. evaluate whether access controls to which the transaction
and update controls are working. belongs.
Discusses major Auditors might use interviews, COMMUNICATION t 6OJRVF JEFOUJmFS PG UIF t /VNCFS PG
functions that observations and reviews of CONTROLS source/sink node; messages that
Management Controls
management should how well Quality Assurance This maintains a node in the network that each link and
perform to ensure (QA) personnel perform chronology of the traverses the message; each node;
that development, their monitoring role. events from the time Unique identifier of t 2VFVF MFOHUIT
implementation, a sender dispatches a the person or process at each node;
operation, and message to the time authorizing dispatch Number of errors
maintenance of a receiver obtains the of the message; Time occurring on each
information systems message. and date at which the link or at each
conform to quality
message was dispatched; node; Number of
standards.
t 5JNF BOE EBUF BU retransmissions
Discusses major Auditors must evaluate whether which the message was that have
Security Management Controls
functions performed security administrators are received by the sink occurred across
by operations conducting ongoing, high- node; each link; Log of
by security quality security reviews or not. t 5JNF BOE EBUF BU XIJDI errors to identify
administrators to
node in the network locations and
identify major threats
to IS functions and to was traversed by the patterns of errors;
design, implement, message; and t -PH PG TZTUFN
operate, and maintain t .FTTBHF TFRVFODF restarts; and
controls that reduce number; and the image t .FTTBHF USBOTJU
expected losses from of the message received times between
these threats to an at each node traversed in nodes and at
acceptable level. the network. nodes.
Discusses the major Auditors should pay PROCESSING t 5PUSBDFBOESFQMJDBUFUIF t " DPNQSFIFOTJWF
CONTROLS processing performed on log on hardware
Management
Controls
This chapter provides an insight about meaning, components and architecture of E-Commerce, various risks and controls
associated with e-commerce and applicable laws and guidance governing e-commerce. The chapter further deals with the
emerging technologies like Cloud Computing, Mobile Computing, Green Computing etc. and their perspectives.
Benefits to Government
Step 8: Based on delivery t Instrument to fight corruption
terms, the product is t Reduction in use of ecologically damaging materials
delivered to you.
$5&+,7(&785(2)1(7:25.('6<67(06
Architecture is a term to define the style of design and method of construction used in generally for buildings and other physical
structures. In e-commerce, it denotes the way network architectures are built.
t ͳF TZTUFN t 1 F S G P S N B O D F
performance is deteriorates
higher because if number of
business logic users increases.
and database are t ͳFSF JT SFTUSJDUFE
physically close. flexibility and
t .PSF VTFST DPVME choice of DBMS
interact with system. since data language
t *U JT FBTZ UP TFUVQ used in the server
and maintain entire tPresentation Tier (Client Application/Client Tier): This is the interface is proprietary
system smoothly. that allows user to interact with the e-commerce / m-commerce vendor. to each vendor.
tDatabase Tier (Data Tier): The product data / price data / customer
data and other related data are kept here.
Advantages Three Tier Architecture Disadvantages
I. Virtualization
Virtualization means to create a virtual version of a device or resource, such Application Areas
as a server, storage device, network or even an operating system where the t 4FSWFS$POTPMJEBUJPO
framework divides the resource into one or more execution environments. t %JTBTUFS3FDPWFSZ
This refers to technologies designed to provide a layer of abstraction between t 5FTUJOHBOE5SBJOJOH
computer hardware systems and the software running on them. t 1PSUBCMF"QQMJDBUJPOT
t 1PSUBCMF8PSLTQBDFT
Types of Virtualization
Hardware Virtualization Network Virtualization Storage Virtualization
This refers to the creation of a virtual It is a method of combining the available It is the apparent pooling of data
machine that acts like a real computer with an resources in a network by splitting up the from multiple storage devices, even
operating system. The basic idea of Hardware available bandwidth into channels, each different types of storage devices,
virtualization is to consolidate many small of which is independent from the others, into what appears to be a single
physical servers into one large physical server and each of which can be assigned device that is managed from a
so that the processor can be used more (or reassigned) to a particular server central console. It helps the storage
FĉFDUJWFMZ 'PS FYBNQMF
B DPNQVUFS UIBU JT or device in real time. It is intended to administrator perform the tasks
running Microsoft Windows may host a virtual optimize network speed, reliability, of backup, archiving, and recovery
machine that looks like a computer with the flexibility, scalability, and security. more easily and in less time by
Linux operating system; based software that disguising the actual complexity of a
can be run on the virtual machine. Storage Area Network (SAN).
II. Grid Computing: It is a computer network in which each computer’s resources are shared with every other computer in the
system. It is a distributed architecture of large numbers of computers connected to solve a complex problem. In the grid computing
model, servers or personal computers run independent tasks and are loosely linked by the Internet or low-speed networks.
Benefits Types of Resources Security
Making use of Underutilized Computation. Single Sign-on.
Resources. Storage. Protection of Credentials.
Resource Balancing. Communications. Interoperability with local security
Parallel CPU Capacity. Software and Licenses. solutions.
Access to additional resources. Special equipment, capacities, Exportability
Virtual resources and virtual architectures, and policies. Support for secure group
organizations for collaboration. communication.
Reliability. Support for multiple implementations.
Management.
III. Cloud Computing: Cloud Computing is both, a combination of software and hardware based computing resources delivered
as a networked service. This model of IT enabled services enables anytime access to a shared pool of applications and resources.
These applications and resources can be accessed using a simple front-end interface such as a Web browser, and thus enabling users
to access the resources from any client device including notebooks, desktops and mobile devices.
Characteristics Advantages
Elasticity & Scalability Achieve economies of scale
Pay-Per-Use Reduce spending on technology infrastructure
On-demand Globalize the workforce
Resiliency Streamline business processes
Multi-Tenancy Reduce capital costs
Workload Movement Pervasive accessibility
Monitor projects more effectively
Less personnel training is needed
Minimize maintenance & licensing software
Improved flexibility
Types of Cloud
Private Cloud Public Cloud Community Cloud Hybrid Cloud
It resides within the It is the cloud infrastructure It is the cloud infrastructure This is a combination of both, at
boundaries of an that is provisioned for open that is provisioned for least one private (internal) and
organization and is use by the general public. It exclusive use by a specific at least one public (external)
used exclusively for the may be owned, managed, community of consumers from cloud computing environments
organization’s benefits. and operated by a business, organizations that have shared - usually, consisting of
Private Clouds can either be academic, or government concerns (eg. mission security infrastructure, platforms and
private to the organization organizations, or some requirements, policy, and applications. The usual method
and managed by the combination of them. compliance considerations). of using the hybrid cloud is to
single organization (On- Typically, public clouds It may be owned, managed, have a private cloud initially, and
Premise Private Cloud) or are administrated by third and operated by one or more then for additional resources, the
can be managed by third parties or vendors over the of the organizations in the public cloud is used.
party (Outsourced Private Internet, and the services are community, a third party or
Cloud). offered on pay-per-use basis. some combination of them, and
it may exist on or off premises.
Characteristics of Cloud Computing
Secure Highly Scalable Collaborative & Scalable
Central Control Affordable Distributive maintenance Partially Secure
Weak Service Level Less Secure Partially secure Stringent SLAs
Agreements (SLAs) Highly available Cost effective Complex Cloud Management
Stringent SLAs
Cloud Computing Service Models
Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
IaaS, a hardware-level service, provides PaaS provides the users the ability to SaaS provides ability to the end users
computing resources such as processing power, develop and deploy an application on the to access an application over the
memory, storage, and networks for cloud users development platform provided by the Internet that is hosted and managed
to run their application on-demand. service provider. by the service provider.
This allows users to maximize the utilization of PaaS changes the application development SaaS is delivered as an on-demand
computing capacities without having to own and from local machine to online. service over the Internet, there is no
manage their own resources. need to install the software to the end-
user’s devices.
Different instances are - Network as a Service PaaS providers may provide programming Different instances of SaaS include
(NaaS), Storage as a Service (STaaS), Database as languages, application frameworks, Testing as a Service (TaaS), API as a
a Service (DBaaS), Backend as a Service (BaaS), databases, and testing tools apart from Service (APIaaS), Email as a Service
and Desktop as a Service (DTaaS). some build tools, deployment tools and (EaaS), Communication as a Service
software load balancers as a service in (CaaS), Data as a Service (DaaS),
some cases. Security as a Service (SECaaS), and
Identity as a Service (IDaaS).
IV. Mobile Computing: This refers to technology that allows transmission of data via a computer without having to be connected
to a fixed physical link.
Components Limitations Benefits
Mobile Communication 3FGFST UP Insufficient Bandwidth Mobile workforce with remote access
infrastructure put in place to ensure that Security Standards to work order details.
seamless and reliable communication goes Power consumption Enables mobile sales personnel to
on. Transmission interferences update work order status in real-time.
Mobile Hardware ͳJT JODMVEFT NPCJMF Potential health hazards 'BDJMJUBUFTBDDFTTUPDPSQPSBUFTFSWJDFT
devices/device components that range from Human interface with and information at any time.
Portable laptops, Smart Phones, Tablet PCs, device. Provides remote access to the corporate
and Personal Digital Assistants (PDA). knowledge base at job location.
Mobile Software*UJTUIFBDUVBMQSPHSBNNF Enables to improve management
that runs on the mobile hardware and deals effectiveness by enhancing information
with the characteristics and requirements of quality, information flow, and ability to
mobile applications. control a mobile workforce.
Example: The application that uses content management systems along with artificial intelligence. This helps to achieve a more
connected open and intelligent web applications using concepts of natural language processing machine learning, machine
reasoning and autonomous agents.
Risks
VII. Internet of Ability to transfer data over a network
To product manufacturer
Things (IoT) without requiring human-to-human or
To user of these products human-to-computer interaction.
Technology Risk
Environmental Risk Application Areas
Home Appliances
Office Machines
VIII. Artificial Intelligence may be defined as the ability to use memory, knowledge, experience, understanding, reasoning,
imagination and judgement to solve problems and adapt to new situations. Applications Areas include Medical diagnosis; in
cancer research; Predicting the chances of an individual getting ill by a disease; Creating art such as poetry; Proving mathematical
theorems; Playing games (such as Chess or Go) and predicting the outcomes etc.
IX. Machine Learning is a type of Artificial Intelligence (AI) that provides computers with the ability to learn without being
explicitly programmed. Machine learning focuses on the development of computer programs that can change when exposed to
OFXEBUBͳFQSPDFTTPGNBDIJOFMFBSOJOHJTTJNJMBSUPUIBUPGEBUBNJOJOH'PSFYBNQMF.BDIJOFMFBSOJOHIBTCFFOVTFEGPS
image, video, and text recognition, as well as serving as the power behind recommendation engines.
Involves transfer of funds from one place to another. Two of These include Back operations, Retail Banking, High Net-worth
most common modes of remittance of funds are demand drafts Individuals (HNI), Risk Management and Specialized Services
& Telegraphic/ Mail Transfers (TT/ MT). such as insurance broking, claims, underwriting, life insurance,
non-life insurance, etc.
5,6.6$1'&21752/6 Planning
Implementation of CBS should be done as per strategic and Application The application software, resides in the
business objectives of bank. Server application server and is always the latest
version as accepted after adequate testing.
Approval
Database The Database Server of Bank contains
The decision to implement CBS must be approved by the Server entire data of Bank which would consist
Board of Directors as high investment and recurring costs are of various accounts of customers & master
involved. data.
Selection ATM Channel This server contains the details of ATM
Server account holders. Soon after the facility of
Bank should select the right solution considering various using the ATM is created by the Bank, the
parameters as defined by the bank to meet their specific details of such customers are loaded on to
requirements and business objectives. the ATM server.
CBS must be maintained as required. E.g. program bugs Anti-Virus The Anti-Virus Server is used to host anti-
fixed, version changes implemented, etc. Software virus s/w which is deployed for ensuring
Server all the s/w deployed are first scanned to
ensure that appropriate virus/ malware
Support scans are performed.
CBS must be supported to ensure that it is working effectively.
Updation
Current
CBS modules must be updated based on requirements of & Savings
business processes, technology updates and regulatory Account
requirements. (CASA)
Internet Credit
Audit Cards
Banking
Audit of CBS must be done internally and externally as
required to ensure that controls are working as envisaged. Core
Business
Process Flow
&%6,7(19,5210(17
The CBS facilities providing banking services for branches Loans
and Trade Mortgages
of a bank which are networked and connected to common
data center. This facilitates staff to process transactions Finance
of customers of any branch. The Server is a sophisticated
computer that accepts service requests from different Treasury
machines called clients. The requests are processed by the
server and sent back to the clients. There are different types of
TFSWFSTVTFEJOEFQMPZJOH$#4XIJDIBSFBTGPMMPXT
5,6.6$662&,$7(':,7+&%6 ,75HODWHG5LVNV
'SPNBCVTJOFTTQFSTQFDUJWF
UIFSJTLTUIBUDBOCFDMBTTJmFECBTFE
Ownership of Data/ Process POGPMMPXJOH*OGPSNBUJPODSJUFSJBBSFBTGPMMPXT
Data resides at the Data Centre. Establish clear ownership. Efficiency
Section 43 Section 65: Section 66: Section 66-B: Section 66-C: Section 66-D: Section 66-E:
provides Tampering Computer Punishment Punishment for Punishment Punishment
for Penalty with Related for dishonestly identity theft for cheating by for violation of
and Computer Offences receiving stolen personation by privacy
compensation Source computer using computer
for damage Documents resource or resource
to computer, communication
computer device
system, etc.