IPCC – PAPER 7A

2
EIS 1.O
SUMMARY
NOTES ON EIS
Edition 1

CA AKHIL KUMAR MITTAL

Founder - Commerce Harbour Academy || SRCC
Alumni

Super Summary on EIS – Paper 7 – IPCC New Syllabus.

Prepared & crafted for easy revision at exam time.

Strictly as per updated ICAI syllabus.

Applicable for May 2022 exams and onwards.

Immediate dispatch of PDF.

Revision material in JUST 70 pages.

 REVISION BOOKLET FOR EIS || MAY 2022

Chapter 1 : Automated Business Process

Enterprise Business Processes
A business process is an activity that will accomplish a specific business goal. Business process
management (BPM) is a systematic approach to improvise all the business processes.

Categories of Enterprise Business Process Business Process Automation

Benefits of Business Process Automation Process which requires Business Process Automation

Code to Remember → T.V. - Q. - G.I.R2 Code to Remember → H.I.M.A.T.

High-volume of tasks or repetitive tasks

Automating these processes results in cost and work effort
reductions.

Impact of processes on other processes and systems

Some processes are cross-functional and have significant impact
on other processes and systems.

Multiple people required to execute tasks

A business process which requires multiple people to execute
tasks results in waiting time that can lead to increase in costs

Audit trail compliances

With business process automation, every detail of a particular process is
recorded. These details can be used for compliance during audits

Time-sensitive processes
The streamlined processes eliminate wasteful activities and focus
on enhancing tasks that add value.

CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal 02

 REVISION BOOKLET FOR EIS || MAY 2022

Challenges in business Process Risks & its Management

Code to Remember → R2.I.D.
Risk Management is the process of assessing risk,
taking steps to reduce risk to an acceptable level
Automating
Redundant
Implementation and maintaining that level of risk. Risk
Processes
Cost management involves identifying, measuring,
and minimizing uncertain events affecting
resources.
Defining
Staff Resistance Complex Exposure is the extent
Asset can be defined as
Processes of the loss to the
something of value to
organisation when a
risk (occurs) the organisation

Steps in BPA Implementation

Likelihood is estimation Vulnerability is the
of probability that threat weakness in the system
will succeed in achieving safeguard that exposes
undesirable threat. system to threats.

Threat is an action, event Attack is the set of action

or condition where there designed to compromise
is compromise in the confidentiality, integrity
quality and ability to & availability of an
harm the organisation. information system.

RISKS

▪ Commercial and Legal Relationships ▪ Natural Events

Sources of ▪ Economic Circumstances ▪ Technology and Technical Issues
Risk ▪ Human Behavior ▪ Management Activities and Controls

CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal 03

 REVISION BOOKLET FOR EIS || MAY 2022

Types of Risks

Business Technology Data

Risks Risks related risks

C.H.O.R. – S. F V.G. - S.A.D.- C.O.M.E.T

• Compliance Risks. • Vendor related concentration risk. • Data diddling.

• Hazards Risks • Governance processes requirement • Bomb
• Operational Risks • Segregation of Duties (SoD). • Christmas Card.
• Residual Risks • Alignment with business objectives. • Worm.
• Strategic Risks • Dependence on vendors due to • Rounding Down.
• Financial Risks outsourcing of IT services. • Salami Technique.
• Complexity of systems • Trap Doors.
• Obsolescence or frequent changes • Spoofing.
of technology. • Asynchronous Attacks.
• Multiple types of controls.
• Employee actions.
• Threats leading to cyber frauds/
crimes.
Risk Management Enterprise Risks Benefits of Risks
Strategies Management Management

Accept the Risk

(जोखिम को स्वीकार करना)
Eliminate the Ris
(जोखिम को समाप्त करना)
Share the Risk
(जोखिम शेयर करना)
Mitigate the Risk
(जोखिम शेयर करना)
Enterprise Risk Management (ERM)
may be defined as a process affected
by an entity’s Board of Directors,
management and other personnel,
applied in strategy setting and across
the enterprise, designed to identify
potential events that may affect the
entity, and manage risk to be within
its risk appetite, to provide
reasonable assurance regarding
achievement of entity objectives.
ERM in business includes
methods & processes used by
organizations to manage risks and
seize opportunities related to the
achievement of their objectives.
R3 - M. - C. O. L. A
• Risk Response Decision.
• Rationalize capital.
• Response to multiple risks.
• Minimize operational surprises
& Losses.
• Cross enterprise risk identify &
its management.
• Opportunities.
• Link growth, risk and return.
• Align risk appetite & strategy.

CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal 04

 REVISION BOOKLET FOR EIS || MAY 2022

Enterprise Risk management framework

Code to Remember: E - M.I2.C.R2.O.

Information and
Event Identification Monitoring Internal Environment
communication

•Potential events that •Entire ERM process •This encompasses •Relevant information
might have an impact should be monitored tone of an is identified,
on entity should be and modified organisation & sets captured and
identified. wherever necessary. the basis of how risk communicated in a
is viewed and form and stipulated
addressed by an time frame .
entity’s people.

Control Activities Risks Assessment Risks Response Objective Setting

•Policies & •Risks which are •Management selects •ERM should ensure
procedures that are identified are an approach to align that management
established by analyzed to form assessed risk with has a process in
company ensures basis of determining entity’s risk place to set
that risk responses how they should be tolerance and risk objectives.
that mgmt. selected managed. appetite.
are effectively
carried out.

CONTROLS

Based on the implementation of controls, it

can be categorized under manual, semi-
automated and automated. The objective of
these controls is to mitigate the risk
associated with the business. Below are the
3 categories:
• Manual
• Semi-Automated
• Automated

Classification of controls-
• General Controls
• Application Controls

Objectives of IT controls-
Statement of desired result or purpose to
be achieved by implementation of
control procedures within a particular IT
activity.

CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal 05


General Controls
General Controls are macro in nature and are
applicable to all applications & data resources.
Application Controls are controls which are
specific to the application software.
Examples or types of general controls:
Code to Remember: S2I.M.B.A. - D.U.M. – V.C.C. ▪ Data edits (editing of data is allowed only for
(S2IMBA में DUM है – Very Cool Cop)
▪ Security Policy (Information)
▪ Separation of key IT functions
▪ Incident response and management
▪ Management of Systems Acquisition and
Implementation
▪ Backup, Recovery and Business Continuity.
▪ Administration, Access, and Authentication.
▪ Development & Implementation of the
application software.
▪ User training & qualification of Operations ▪ Exception Reporting (all exceptions are
personnel.
▪ Monitoring of Applications & supporting
Servers.
▪ Value Added areas of Service Level
Agreements (SLA).
▪ Change Management.
▪ Confidentiality, Integrity and Availability of
Software and data files.
Indicators of effective IT controls
Code to Remember: C.A.R .E .S 2 2 Ongoing & separate evaluations or some
• Clear communication to management.
• Availability and reliability.
• Resources allocation.
• Recovery from new vulnerabilities.
• Execution of new work.
• Effective development of projects.
• Security awareness on the part of the users.
CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal
REVISION BOOKLET FOR EIS || MAY 2022
Application Controls
Application Controls are controls which are
implemented in an application to prevent or
detect and correct errors. These controls are in-
built in the application software to ensure
accurate and reliable processing.
Examples or types of application controls:
permissible fields);
▪ Separation of business functions (e.g.,
transaction initiation versus authorization);
▪ Balancing of processing totals (debit & credit
of all transactions are tallied);
▪ Transaction logging (all transactions are
identified with unique id and logged);
▪ Error reporting (errors in processing are
reported); and
reported).
5 components of any internal control
• Monitoring:
combinations are used to ascertain whether each of
the 5 components are present & functioning.
• Information & communication:
Info. Is necessary for entity to carry out internal
control responsibilities to achieve the objectives.
• Control activities:
Actions which are established through policies &
procedures that help ensure that mgmt.’s directive
to mitigate risks.
• Risk assessment:
Basis for determining how risks will be managed.
• Control environment:
Set of standards, processes and structures that
provide basis of carrying out internal control across
the organisation.
06
 REVISION BOOKLET FOR EIS || MAY 2022

Controls checking Diagrammatic presentation of business

Processes
In computer system, controls should be checked at
three levels namely configuration, master and Flowcharts-
transaction level. Flowcharts are used to design and document
simple processes or programs. There are different
Configuration types of flowcharts and each one has its different
▪ It refers to a way software system is set up. It is boxes. The most 2 common types of boxes in
methodogical process of defining options that flowchart are as follows:
are provided.
▪ When any software is updated, values for various A processing step:
perimeters should be set up & business process Usually called activity & denoted as rectangular
work flow and business process rules of the box.
enterprise. A decision:
A decision; usually denoted as diamond.
Master
▪ Refers to way various parameters are set up for Advantages-
all the modules of software like purchase, (a) Documentation.
inventory, finance etc. (b) Maintenance of program.
▪ Masters are first set up during installation and (c) Responsibilities Identification.
these changes whenever business parameters (d) Communication.
are changed. (e) Control Establishment.
(f) Analysis.
Transactions (g) Debugging of program.
▪ Implementation or review of specific business (h) Relationship understanding.
process can be done from risk or control (i) Effective Coding.
perspective.
▪ In case of risk perspective, we need to consider Disadvantages-
(a) Complex Logics.
each of key sub-processes or activities
(b) Modifications.
performed in a business process & look at
(c) Link B/w condition & Actions
existing & related control objectives & existing
(d) Standardization.
controls & residual risks after application of
(e) Reproduction.
controls.
Data flow diagram-
Data FLOW Diagram shows the flow of data from
Processes & control checking:
one place to another DFDs’ describe the process
▪ Procure to pay (P2P).
showing how these processes are linked through
▪ Order to cash (O2C).
data stores and how processes relate to the user
▪ Inventory Cycle.
and the outside world.
▪ Human resource.
DFD is mainly used by technical staff for
▪ Fixed Assets.
graphically communicating between systems
▪ General Ledger.
analysts and programmers.

To buy full notes, click at below link:

https://www.commerceharbour.com/product-page/eis-summary-notes-may-2022-exams-onwards

CA Akhil Kumar Mittal || 0-9582333276 || https://t.me/cainternotes_akhilkumarmittal 07