Professional Documents
Culture Documents
EIS Chapter 3 Charts
EIS Chapter 3 Charts
Om Trivedi
CA Intermediate – Group II (New Course)
• Collection of raw facts • Data that have been BP is a sequence of co- A group of mutually
and figures. processed so that ordinated activities to related, cooperating
• Consists of numbers, they are transforms input into elements working
words, or images, meaningful. output which creates towards reaching a
particularly as • Organized data that some value to the common goal by taking
measurements or has been arranged customer as well as the inputs and producing
observations of a set of for better organization. outputs in organized
variables. comprehension, transformation processes.
understanding
and/or retrieval.
Information System: It refers to a system that collects, stores, analyses, processes and distributes information
in the enterprise for decision-making, co-ordination and control. It can be manual as well as computer-based
information system (CIS).
Information Technology: It refers to the applications of Computer systems – Hardware and Software,
Telecommunications and Networks, DBMS and Other Information Processing Technologies to collect, store,
transmit and manipulate data for processing of information in the enterprise.
• Data is raw facts and figures. • Information is facts or figures ready for
communication or use.
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
HARDWARE
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
PROCESSING DEVICES
Memory Unit
Internal External
RAM ROM CMOS
Memory Memory
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
• Cache is a smaller, faster memory, which stores copies of the data from the most frequently used main
memory locations so that Processor/Registers can access it more rapidly than main memory.
PRIMARY MEMORY
1. Read Only Memory (ROM):
• It is only readable memory.
• The data written on it cannot be modified.
• The instructions required during booting of a system are retrieved from ROM.
2. Random Access Memory (RAM):
• RAM is temporary and is erased when computer is switched off.
• RAM is read/write type of memory, and thus, can be written by user.
VIRTUAL MEMORY
• VM is not a separate device; but an imaginary memory area
• Supported by operating systems in conjunction with the hardware.
• If a computer, that lacks RAM, needs to run a program or operation, Windows uses virtual memory to
compensate.
• Virtual memory combines computer’s RAM with temporary space on the hard disk.
• When RAM runs low, virtual memory moves data from RAM to a space called a paging file.
• Moving data to and from the paging file frees up RAM to complete its work.
• Virtual memory is an allocation of hard disk space to help RAM.
SOFTWARE
System Software Application Software
A computer software designed to operate the computer hardware and to Application software has been
provide and maintain a platform for running any application software. created to perform a specific task
for a user.
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
3. Hardware Independence
4. Memory Management
5. Task Management
6. Networking Capability
7. Logical access security
8. File management
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
04-11-2020
1
04-11-2020
Database
● A collection of interrelated data stored together to serve
multiple applications.
Database System
Computer Based Record-Keeping System.
2
04-11-2020
ER Diagram
3
04-11-2020
Network
Relational
Object
Oriented
www.eissmpendrive.in Help Desk: 9953922272
7
Advantages of Database
● Permitting data Sharing
● Integrity can be maintained
● Minimizing Data Redundancy
● Program and file Consistency
● Achieving program/data Independence
● Faster Application development
● Improved Security
● User-friendly
www.eissmpendrive.in Help Desk: 9953922272
8
4
04-11-2020
Disadvantages of Database
● Cost
● Security
Big Data
● Big data is
○ high-volume and
○ high-velocity and/or
○ high-variety information assets
● that demand
○ cost-effective
○ innovative
● forms of information processing that enable enhanced
insight, decision-making, and process automation.
www.eissmpendrive.in Help Desk: 9953922272
10
5
04-11-2020
Data Warehouse
databases.
analysis.
6
04-11-2020
● Data is time-variant
● Data is standardized
www.eissmpendrive.in Help Desk: 9953922272
13
● Bottom-Up Approach
● Top-Bottom Approach
7
04-11-2020
8
04-11-2020
● Truth Finding
● Consistency in Data
● Trend Analysis
Data Mining
9
04-11-2020
Data Mining
• Data mining is a major use of data warehouse
business activity.
www.eissmpendrive.in Help Desk: 9953922272
19
10
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Key: (R2BC)
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Chapter 3 Unit II
Information Systems Controls and Auditing (ISCA)
Audit
• Audit is a systematic and independent examination of FI of an Entity.
• To express an opinion on the FS.
• And to ascertain that –
o How far the FS
o As well as Non-financial disclosures
• Present a TRUE AND FAIR VIEW of an Entity.
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Objectives of Controls
Causes of the Exposure to Critical controls lacking in a CIS
Potential Loss Environment
1. Errors or omissions 1. Lack of management’s understanding of
2. Improper authorizations IS risks
3. Improper accountability 2. Lack of IT staff’s knowledge of IS risks
4. Inefficient activity 3. Weak general controls and IS controls
4. Complexity of implementation of controls
Controls
• Policies, procedures, practices and organization structure
• Designed to provide reasonable assurance that business objectives are achieved and
• Undesired events are prevented or detected and corrected.
IS’s Controls
Controls Based on Objectives of Control
Preventive Detective Corrective Compensatory
Prevent errors, Detect errors, Correct errors, Alternative control
omissions, omissions or omissions, or that is put in place
malicious acts or malicious acts incidents once to satisfy the
security incidents that occur and they have been requirement for a
from occurring. report the detected. security measure
occurrence. that is deemed too
Example: Example: Example: difficult or
• Access Control • Monitoring • Removing impractical to
• IPS, Firewall, • Review unauthorized implement at the
Anti-virus • Cash count users present time.
• SOD • Anti-virus • Disaster recovery Example:
• Documentation • Bank • Back-up • Data Centre
• Training Reconciliation Procedure • Biometric
• Authorization • Internal Audit • BCP Installation
• Validation • IDS • Resolving queries • SOD
• Passwords • Budgeted Vs. • Correcting • Log Storage –
Actual Expenses Entries Extra Hard-disk
• MOC Space to store
Logs
• Encryption
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
04-11-2020
ISCA
IN FO RM A TIO N SYSTE M
C ON TR OL S A ND AUD ITI NG
www.eissmpendrive.in Help Desk: 9953922272
1
Auditor
1
04-11-2020
SA 200 SA 210
Conduct of Audit as per SA Terms of Engagement
Types of Audit
2
04-11-2020
Approaches of Audit
Black-Box White-Box
Audit Audit
3
04-11-2020
Privilege Violations
USP
Processes become wrong of
PM-2
Malware
Manual Intervention
www.eissmpendrive.in Help Desk: 9953922272
7
Controls
• Policies, procedures, practices and
organization structure
• Designed to provide reasonable
assurance that business objectives are
achieved and
• Undesired events are prevented or
detected and corrected.
www.eissmpendrive.in Help Desk: 9953922272
8
4
04-11-2020
Controls
Controls
Based on Audit Functions
5
04-11-2020
Controls
6
04-11-2020
Controls
E NV I R ONM E NTAL
CONTROLS
www.eissmpendrive.in Help Desk: 9953922272
14
7
04-11-2020
Technical Exposure
8
04-11-2020
Asynchronous Attack
9
04-11-2020
Privilege management
MC
User’s
User’s Access Review Privilege
@
User Registration PAR
10
04-11-2020
User Responsibilities
Password use
11
04-11-2020
Event Logging
Clock Synchronization
www.eissmpendrive.in Help Desk: 9953922272
24
12
04-11-2020
Controls
Based on Audit Functions
Managerial Control
Top Mgt. Ctrl. Quality Assurance Mgt. Ctrl.
13
04-11-2020
Application Controls
Managerial Control
14
04-11-2020
Program Testing
15
04-11-2020
Design
Coding
Testing
Operations
Maintenance
www.eissmpendrive.in Help Desk: 9953922272
31
16
04-11-2020
17
04-11-2020
Safeguarding of Assets
Environmental Controls
Application Control
18
04-11-2020
Boundary Control
Access Controls
Biometric Devices
Cryptographic Controls
Digital Signature
PIN
Plastic Card
Input Control
Source
Data Coding Batch Validation
Document
Controls Controls Controls
Control
Valid MC
Batch
and Source
Data Code
19
04-11-2020
Transcription Transposition
Error Error
20
04-11-2020
Batch Control
• Invoices
• Bank Statements
Physical • Payroll Transactions Logical
Controls Controls
21
04-11-2020
Validation Control
Process Control
Processor Control
Real Memory Control
Virtual Memory Control
Data Processing Control
Run to Run Total
Field Check
Reasonableness Check
Edit Check
Exception report
www.eissmpendrive.in Help Desk: 9953922272
44
22
04-11-2020
Communication Control
Physical Components Control
Line Error Control
Channel Access Control
Link Control
Internetworking Control
Flow Control
Topology Control
www.eissmpendrive.in Help Desk: 9953922272
45
Output Control
Storage and logging of Sensitive and
Critical forms
Printing Control
Logging of Output Program execution
Report Distribution and Collection Control
Retention Control
23
04-11-2020
Database Control
Update Report
Control Control
Sequence Check between Master and Standing Data
Non-master Print Run to Run Control
Ensure All records are Processed Totals
Process Transactions in the correct Print Suspense Account
order. Entries
Maintain a Suspense Account Recovery Control
www.eissmpendrive.in Help Desk: 9953922272
47
24
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
Audit Trail
• Step-by-step record by which accounting data can be traced to their source.
• Logs that can be designed to record activity at the system, application, and user level
Types Objectives
1. Detecting Unauthorized
Access (Detective)
2. Personal Accountability
(Preventive)
3. Restructuring Events
(Corrective)
Concurrent Audit
Definition Tools
Real-time auditing to provide continuous 1. Snapshot
assurance about the quality of the data that is 2. ITF – Integrated Test Facility
3. SCARF – System Control Audit Review File
continuous auditing, through:
4. CIS – Continuous and Intermittent
1. Embedded Modules Simulation
2. Special Audit Records 5. Audit Hooks
ITF
SCARF
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI
EIS Quick Bites by Prof. Om Trivedi
CA Intermediate – Group II (New Course)
CIS
Prof. Om Trivedi, IIMC Alumnus, EIS-SM External Subject Expert at BOS, Faculty of LVC of BOS, NIRC & WIRC of ICAI