PDF -Download Ca Ipcc Question Paper Nov 2009 PDF - CA Final ISCA Summary Notes
Wait Loading...

PDF :1 PDF :2 PDF :3 PDF :4 PDF :5 PDF :6 PDF :7 PDF :8 PDF :9 PDF :10

Like and share and download

CA Final ISCA Summary Notes

Download Ca Ipcc Question Paper Nov 2009 PDF

casansaar files 1375350964Set II CA Final Deterministic system Probabilistic system gives exact output operate in a predictable manner behavior of the system is known with finappfiles files wordpress 2017 01 audit CHAPTER X Audit and Auditors

Related PDF


casansaar files 1375350964Set II CA Final Deterministic system Probabilistic system gives exact output operate in a predictable manner behavior of the system is known with

CHAPTER X-Audit and Auditors - FinApp | CA CPT IPCC Final

finappfiles files wordpress 2017 01 audit CHAPTER X Audit and Auditors Ravi Kiran Vustela 8187065642 Page 3 A relative of an auditor may hold securities in the company of face value Not exceeding 1,00,000 [limit is on Face Value not on market value] Don‖t Confuse Note Exemption Regarding holding of securities upto 1,00,000 is available only for relative

Ca Final Audit Notes Hjxthey - ilhadocampecheorg

ilhadocampeche ca final audit notes pdf Final Accounts or Financial Reporting notes, CA Final SFM Notes, CA Final Law Notes, CA Final Audit Notes, CA Final Costing (AMA) Notes, CA Final ISCA Notes, CA Final Direct Tax Notes & CA Final Indirect Tax Notes for May 2019 Exams you may download all CA Final notes from below links CA Final Notes, Amendments, Updates for May 2019 all at

Mnemonics for the ISCA CA final from Dinesh Madan Sir book

carockstar files wordpress 2015 03 isca Mnemonics for the ISCA CA final from Dinesh Madan Sir book relevant for May 2015 Note Relevant for those who are preparing from Dinesh Madan Sir Book, on self study basis Chapter 2 Information System Concepts 1 OEID =Classification of System O = Output Working E = Element I=Interactive Behavior D = Degree of human intervention 2

Indirect Tax For Ca Final Pdf PDF Download

paulsandprojects indirect indirect tax for ca Indirect Tax For Ca Final Pdf Ca final direct tax notes (dt) pdf summary notes finapp, ca final direct taxes (dt) notes and summary notes for may 2017 & nov 2016 exams have been provided in pdf format the direct taxes (dt) notes are mobile compatible and can be easily read on mobile devices with small screens the notes includes latest mock test

Rabindranath Tagore - WordPresscom

studentsofcacs files wordpress 2015 02 isca CA Final Summary Notes on Information Systems Control and Audit (ISCA) Quick Revision Points Sumit Shanker Dandowtiya (FCA, DISA, CISA) Course Duration Two month 48 Lectures Approx For new batch announcement check cafinal cafinal QRP May15 Click Here to Get More Updates On CA & CS On WHATSAPP

Download Tirature 96 PDF - nichollsbaranscaffoldingcom

nichollsbaranscaffolding tirature 96 pdf 70001 and up, ca final isca summary notes for may 2017 exam cakart, by harriet lerner marriage rules a manual for the married and the coupled up reprint, daewoo g25 s service manual, 2007 ford edge owners manual pdf , restaurant emergency procedure manual, restauri

6 FINAL ISCA May 2015 - Ca Ultimates

caultimates files wordpress 2015 05 download Gurukripa’s Guideline Answers for May 2015 CA Final Information Systems Control and Audit Exam May 2015 2 Q No Question Answer Reference M (b) Different Auditors go about IS Auditing in different ways Despite this, IS Audit Process can be organized into broad categories Discuss the statement, explaining broad steps involved in the process

Identifying Lapses in Financial Reporting Disclosures

isca sg media 3088 130802 final isca finance An entity shall disclose, in the summary of significant accounting policies or other notes, the judgments, apart from those involving estimations (see paragraph 125) that management has made in the process of applying the entity’s accounting policies that have the most significant effects on the amounts recognised in the financial statements

Download Ca Ipcc Question Paper Nov 2009 PDF


ca final law

CA Final Course Paper 4 Chapter 23 Corporate And Allied Laws CA

PDF CA Final Audit and Law Amendments for May 2018 Read More kgma in KGMA CA Final Audit and Law Amendments for May 2018 Examinations pdf PDF ca final law by ca kartik iyer WIRC

  1. ca final law amendments for may 2018
  2. ca final law sebi icdr notes
  3. ca final law sebi notes
  4. ca final law notes
  5. ca final law amendments for nov 2018
  6. ca final law amendments for may 2019
  7. ca final law amendments for nov 2018 pdf
  8. ca final law quick revision notes

CA Final Sfm Formula Booklet by CA Aaditya Jain

Effective Communications: Raising the profile of your archive

casansaar files CA Final SFM Formula concepts & formulae booklet for ca final index s no topic page no 1 mergers & acquistion 3 2 dividend policy 8 3 bond valuation 14 4 mutual funds 21 5 portfolio management 22

CA June 2016 Eng Xaam.in

Download Professional Engineer Exam Questions PDF - Book library

PDF Cs Foundation Syllabus June 2019 Dec 2019 New Changesgumuslukhouses zebra tr cs foundation syllabus june 2019 dec 2019 new changes pdf PDF 2014 March Physical Science Exam Papernewsletter insegnareonline 2014 march physical science exam paper pdf PDF Vision Ias Prelims 2019


Buffet Paket Arundaya - Alfabet Catering

soulkeeper28 files wordpress 2009 01 artikel Lidah Buaya (Oleh Agung Wijaya Setiabudi) Tanaman lidah buaya (Aloe vera) lebih dikenal sebagai tanaman hias dan banyak digunakan sebagai bahan dasar obat obatan dan kosmetika, baik secara langsung dalam keadaan segar atau diolah oleh perusahaan dan dipadukan dengan bahan bahan yang lain

CA Serviks Dan Kehamilan


digilib unimus ac id files disk1 135 jtptunimus gdl Kanker serviks merupakan gangguan pertumbuhan seluler dan merupakan kelompok penyakit yang dimanifestasikan dengan gagalnya untuk mengontrol proliferasi dan maturasi sel pada jaringan serviks Kanker serviks biasanya menyerang wanita berusia 35 55 tahun, 90 dari kanker serviks berasal

CA-Tiger Beer-competitive Watch Summary

Sample Grant Proposal - Kurzweil Edu

CA Unified Infrastructure Management CA Uim Trial Run Book

CAT-540, CA Unified Infrastructure Management 8x Proven

ca content dam ca us files ebook ca uim 2 | CA UNIFIED INFRASTRUCTURE MANAGEMENT MOST COMPREHENSIVE HYBRID CLOUD AND IT MONITORING CA Unified Infrastructure Management (CA UIM) is the only solution that provides unified analytics to proactively resolve issues ca content dam ca


Thane Heins Coils Document

PDF Free Energy Research WordPress ferd041 files wordpress 2016 07 fe research3 pdf PDF ferd041 F transformer WordPress ferd041 files wordpress 2016 07 ferd041 pdf PDF Leistungsverstärker der Firma STEHO borderlands

Ca705 en Col15 Ilt Fv Inst a4

Adm900 Sap System Security The Fundamentals - Ian Kilgore | iank

PDF Scm550 En Col15 Labeliumytanalytics labelium scm550 en col15 pdf PDF Adm900 Sap System Security The Fundamentals hort iastate edu adm900 sap system security the fundamentals pdf PDF Scm550 En Col15 ASSEaudubon assewp scm550 en col15

Home back Next


QRP Ch 1

Information Systems Concepts (Pg 1)

Sumit Shanker (FCA,


◙ General classification of system: SYSTEM



Interactive behavior


Degree of human intervention





Classification of system based on “Elements” Physical system

Abstract system

Classification of system based on “Interactive behavior” Open system

Closed system


“use and throw” sealed digital watch

Classification of system based on “Human intervention” Manual system

Automated system

software controlled processes,

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 2)

Sumit Shanker (FCA,

Classification of system based on “Working/Output” Deterministic system

Probabilistic system

the output cannot be known with certainty

System environment: external world which is outside the system boundary

System boundary: boundary separates the system from its surrounding environment

Subsystem: smaller systems with forming part of a bigger system are called subsystem

Interface: interconnections and interactions between the subsystems

Supra system: system immediately above a sub-system

System entropy: measure of disorder in a system

System Stress and System Change: force transmitted by a system’s supra-system on the subsystem

Characteristic of sub-system: i

Decomposition (Factoring): dividing a system into smaller units i

Simplification: reduce the number of interconnections between all the sub-systems

Decoupling: each sub-system is as independent as possible Decoupling mechanism: a) Inventories,

or waiting lines b) Slack resources c) Standards ◙ Information: Information: Information is data that has been arranged into meaningful and useful context DATA




Data: Data is unorganized collection of facts or events

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 3)

Sumit Shanker (FCA,

◙ Attributes (Characteristics) of information: 1

Availability 2

Purpose 3

Mode and format 4

Decay 5

Frequency 7

Completeness 8

Reliability 9

Cost benefit analysis 10

Validity 11

Quality 12

Transparency 13

Value of information ◙ Types of Information: Internal Information

External Information

Govt policies,

◙ Role of Information System in management: 1

Effective decision making

Competitive advantage

Pooling of resources

Enhanced operational efficiency

Enhanced control environment

◙ Factors on which information requirements of executives depends: Factors affecting information requirement of executives 1

Operational functions

Type of decision making

Level of management

Operational functions i

Production ii

Finance iii

Marketing iv

Purchase v

Material management etc 2

Type of decision making: i

Structured (Programmed) ii

Unstructured (Non-programmed) iii

Semi-structured 3

Level of management: In broader terms there can be following three levels of management i

Top level management (Strategic level) Middle level management (Tactical level) Lower level management (Operational level)

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 4)

Sumit Shanker (FCA,

◙ Components of Computer Based Information System: 1) Hardware 2) Software 3) Data 4) Procedures 5) People Characteristics of Computer Based Information Systems are as follows:

Finance and accounting 2

Marketing and sales 3

Production 4

Inventory management 5

Human resource management ◙ Types of Information Systems: INFORMATION SYSTEMS

Operations Support Systems 1) TPS 2) MIS 3) ERP

Management Support Systems 1) DSS 2) EIS 3) ES

Office Automation Systems 1) Text Processing Systems 2) Electronic Document Management Systems 3) Electronic Message Communication Systems 4) Teleconferencing and Video-conferencing Systems

◙ Transaction Processing System (TPS): • Implemented at operational level • Process routine business transactions • Base for higher level systems • Rapidly process transactions • Batch processing or on-line processing Generally TPS involves the following activities: i

Punching the transaction ii

Processing of transaction iii

Generating reports iv

Answering queries TPS Components: (i) Inputs (ii) Processing (iii) Storage (iv) Output Features of TPS: (i) Large volume of data (ii) Automation of basic operations (iii) Benefits are easily measurable (iv) Source of input for other systems

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 5)

Sumit Shanker (FCA,

◙ Management Information System: Definition- MIS is an integrated system of man and machine for providing the information to management for decision making and control

Characteristics of an effective MIS: 1

Management oriented 2

Management directed 3

Integrated 4

Common data flow 5

Heavy planning element 6

Sub-system concept 7

Common data base 8


Misconceptions about MIS: 1

MIS relates to computer only 2

More data means more information 3

Reports should be highly accurate Pre-requisites of an effective MIS: 1

Database 2

Qualified staff 3

Support of top management 4

Control and maintenance 5

Evaluation of MIS Constraints (Limitations) in operating MIS: 1

Non-availability of experts 2

Problem in selecting the sub-system 3

Non-standardized approach 4

Non-cooperation from staff 5

High turnover of experts 6

Difficulty in quantifying the benefits Effects of using computers in MIS: 1

Fast processing and retrieval 2

Up-to-date information 3

In-depth analysis of data 4

Handling of more complex business operations 5

Integration of sub-systems Limitations of MIS: 1

Poor quality of input data in the MIS gives the poor quality results

MIS is not a substitute for effective management but only a helping tool 3

Lack of flexibility can make the MIS obsolete very soon

MIS cannot provide direct help for unstructured decision making

MIS ignores qualitative aspects of business organization 6

MIS is highly sensitive and requires constant monitoring 7

MIS implementation can be very expensive 8

MIS becomes less effective if there is frequent change in top and middle management

◙ ERP (Enterprise Resource Planning): ERP will be discussed in chapter 7

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 6)

Sumit Shanker (FCA,

◙ Decision Support System (DSS): Definition – DSS is information systems that

Characteristics of DSS: (i) Semi-structured and Unstructured Decisions (ii) Ability to adapt to changing needs (iii) Ease of Learning and Use Components of DSS: 1) User 2) User interface (planning language) i

general purpose planning language ii

special purpose planning language 3) Model base

Model based software MS Excel Lotus 1-2-3 Foresight Omnicalc

Statistical software SPSS SAS

Display based software Chartmaster SAS Graph

Use of DSS in accounting function: 1

Cost accounting system 2

Capital budgeting system 3

Variance analysis 4

General financial analysis 5

Portfolio management Some of the DSS available in market are:

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 7)

Sumit Shanker (FCA,

◙ Executive Information System (EIS): Definition- An Executive Information System (EIS) is a type of information system which provides information to executives for decision-making Characteristics of EIS: • Same as Executive Support System (ESS)

• Complementary to Decision Support System

• Drill-down capabilities • Analyze,

highlight trends • Monitor performance • Identify opportunities and problems • Access to both internal and external data • Supports data mining Type of decisions made by executives: Executive decisions relate to the following: 1

Strategic planning 2

Tactical planning 3

Fire fighting measures 4

Control Characteristics of information used in executive decision making: For executive decision making following information is required:

Lack of structure 2

High degree of uncertainty 3

Future orientation 4

Informal source 5

Low level of detail Purpose of EIS: 1

Support learning 2

Timely access to information 3

Highlights the problem Information Contents of EIS: 1

Anything which is useful for the executives 2

Targets and budgets 3

Data about work processes 4

Performance measurement indicators

External information 6

Information contents can change according to the changing environment ◙ Expert System:

Highly developed DSS Utilizes the knowledge generally possessed by a human expert Imitate (copy) human reasoning Uses the concept of artificial intelligence Useful for solving structured and semi-structured problems

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 8)

Knowledge Base (if-then-else rules and facts)

Inference Engine (Forward chain and backward chain)

Sumit Shanker (FCA,

User Interface

End User

Knowledge Acquisition Sub-system

Knowledge Engineer

(ask questions from the user to get the input)

Expert system Components of Expert Systems: (i) Knowledge Base: stores the rules,

data and relationships (ii) Inference Engine: main processing component • forward-chain • backward chain (iii) Knowledge Acquisition Subsystem (iv) User Interface: interacts with a user Expert system can be used in the following areas: 1) Accounting and finance 2) Marketing 3) Help desk function 4) Manufacturing 5) HR Need for Expert Systems: 1

Experts are expensive 2

Experts are short in supply 3

Human experts can handle only a few factors Benefits of Expert Systems: 1) Preserve knowledge 2) Can be used anytime


Retrieval and Follow up (v) Calculations (vi) Recording Utilization of Resources

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP Ch 1

Information Systems Concepts (Pg 9)

Sumit Shanker (FCA,

Benefits of Office Automation Systems: (i) Improves communication (ii) Reduces time (iii) Reduces cost (iv) Increases accuracy Computer based office automation system

Text processors and related systems

Electronic document management system

Electronic message communication system

Teleconferencing and video conferencing system

Text Processing Systems:

- Example

- MS Word

Electronic Document Management Systems:

retrieve and manage document files or scanned copy of documents

electronic message communication systems etc

Electronic Message Communication Systems: 1) Electronic Mail o Electronic transmission o Online development and editing o Broadcasting and Rerouting o Integration with other Information systems o Portability o Economical 2) Facsimile (Fax): o Transmission of images of documents over telephone lines o Computer system permits sharing of fax facilities o uses special software and fax servers to send and receive fax messages using common communication resources o These servers have the ability to receive fax messages and automatically reroute them to the intended recipient after viewing it at the central computer 3) Voice Mail: o Variation of the email o Messages are transmitted as digitized voice IV: Teleconferencing and Video-conferencing Systems:

Best Wishes ___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 1)

Sumit Shanker (FCA,

CHAPTER 2 – QRP (Quick Revision Points) SYSTEMS DEVELOPMENT LIFE CYCLE METHODOLOGY Obstacles in achieving System Development Objectives (i) Lack of senior management support and involvement (ii) Shifting user needs (iii) Difficulty in development of strategic systems (iv) Unfamiliarity with new technologies (v) Lack of standard project management methodologies (vi) Overworked or under-trained development staff (vii) Resistance to change (viii) Lack of user participation (ix) Inadequate testing and training System Development Team • Steering committee • Project management team • System analyst • Systems designer • Accountant/auditors • End-users SYSTEMS DEVELOPMENT METHODOLOGY A system development methodology is a formalized,

documented set of activities used to manage a system development project

Common features of all systems development methodologies: • Division of project • Every stage should have some deliverables • Signoffs/approvals at every stage • Testing • User Training • Change management • Post implementation review (PIR) Approaches to System Development (i) Traditional/Waterfall/sequential: (ii) Prototyping: (iii) Incremental: (iv) Spiral: (v) Rapid Application Development (RAD): (vi) Agile Methodologies:

(Linear) (Iterative) (Linear + Iterative) (Linear + Iterative) (Iterative) (Iterative)

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 2) (i)

Sumit Shanker (FCA,

The Traditional / Waterfall Approach / Sequential Approach: (Linear) Preliminary Investigation Requirement Analysis System Design System Development System Testing System Implementation and Maintenance

Fig: Steps in Traditional Approach Basic Principles: (i) Sequential phases (ii) Some overlap and splash back (iii) Heavy planning (iv) Heavy documentation (v) Heavy controls (vi) Implementation of an entire system at one time

(vii) Reviews and approval at every stage

Strengths: (i) Support less experienced project team/manager (ii) Support project teams whose composition fluctuates (iii) Quality,

reliability and maintainability of the developed software (iv) Progress of system development is measurable (v) Conserves resources

Weaknesses: (i) Inflexible,

slow and costly (ii) Forward movement only (iii) Iteration not done (iv) User requirements to be clear at the start (v) Inconsistencies are discovered during design and coding

(vi) Problems discovered during testing (vii) Under capacity may be difficult to correct (viii) Changes are more costly (ix) Excessive documentation (x) Documentation is difficult to understand (xi) Gap between users and developers (ii)

The Prototyping Model: (Iterative) Used to develop smaller systems such as DSS,

MIS and Expert systems

First develop a small or pilot version of the new system called a prototype Built quickly and at a lesser cost Prototypes are generally throwaway Users work with the prototype and gives suggestions to improve it These suggestions are then incorporated into prototype and again evaluated Finally actual system is made

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 3)

Sumit Shanker (FCA,

Basic Principles Step 1

Strengths: (i) User participation (ii) Resolve unclear objectives (iii) Knowledge gained in an early iteration can be used in later iterations

(iv) Removes doubts (v) Innovation (vi) Flexible designs

(vii) Better definition of user needs (viii) Immediately evaluate proposed system changes (ix) Errors are detected and eliminated early Weaknesses: (i) Low approvals (ii) Low controls (iii) Incomplete or inadequate problem analysis (iv) Non-functional elements not included (v) Limits future system potential (vi) More user time is required (vii) Low testing and documentation of actual system (viii) Behavioral problems (iii)

The Incremental Model: (Linear and Iterative)

Basic Principles:

designing and development of single a “Build” or (b) Overall requirements are defined for the complete systems but designing and development of a single “Build” or (c) Overall requirements and design of architecture and system core are defined using the Waterfall approach,

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 4)

Sumit Shanker (FCA,

Requirements Design Implementation and Unit Testing Integration and systems testing Operation Fig: Incremental Model

Strengths: (i) Knowledge gained in an early increment can be used in the development of later increments

(ii) Moderate control (iii) Concrete evidence of project status (iv) More flexible (v) Early mitigation of integration risk (vi) Ease of implementation (vii) Limited negative impact Weaknesses: (i) Lack of overall consideration (ii) Do not consider interdependent parts

(iii) Poor overall system architecture (iv) Requires well-defined interfaces (v) Difficult problems may be deferred (iv)

Spiral Model: (Linear and Iterative)

Basic Principles: (i) Risk driven model (ii) Intended for large,

expensive and complicated projects

(iii) Steps A) Define user requirements B) Create a preliminary design C) Identify and resolve all the possible risks (iv) Create first prototype (v) Create second prototype: o evaluating the first prototype in terms of its strengths,

o defining the requirements of the second prototype

o planning and designing the second prototype

o constructing and testing the second prototype

Strengths: (i) Low overall project risk

(ii) Helps to select the best methodology (iii) Can incorporate Waterfall,


and Incremental methodologies Weaknesses: (i) Highly customized (ii) Complex (iii) Limited reusability (iv) Skilled and experienced project manager is required (v) More work for the next cycle (vi) No firm deadlines

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 5)

Sumit Shanker (FCA,

Spiral Model( Boehm 1988) (v)

Rapid Application Development (RAD): (Iterative)

Basic Principles (i) Minimum planning (ii) Fast development (iii) High quality system (iv) Low cost,

(v) Flexible (Ease-of-change) (vi) Fulfilling the business need (vii) Use of Computer Aided Software Engineering (CASE) tools (viii) Timeboxes (ix) Joint Application Development (JAD) (x) Active user involvement (xi) Basic documentation (xii) Standard can be fitted Strengths (i) Fats development (ii) Low cost (iii) Quick reviews (iv) Encourages user feedback (v) Commitment from stakeholders (vi) Concentrates on essential elements (vii) Ability to rapidly change (viii) Tighter fit between user requirements and system specifications

money and human effort Weaknesses (i) Lower overall system quality

(ii) Misalignment (iii) More requirements than needed (gold plating)

more and more features are added (v) Inconsistent designs (vi) Violation of programming standards (vii) Difficulty in module reusability (viii) Lacks scalability

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 6) (ix) (x) (xi) (xii)

Lacks controls Lacks reviews and audits Difficult problems to be pushed to the future Well–defined interfaces are required

Agile Methodologies: (Iterative)

Sumit Shanker (FCA,

Basic Principles: 1

Fast development 2

Iterative and Incremental 3

Working S/W is delivered frequently (Build Short – Build Often) 4

Time Box 5



Cross-functional team 6

Close co-operation between user and developers 7

Face-to-face conversation 8

Rapid and flexible response to changes Strength: 1

Adaptive 2

Face-to-face communication 3

Minimum documentation 4

High quality S/W Weakness: 1

Difficult to assess the efforts required for S/W development at the beginning 2

Lacks proper design and documentation 3

Less knowledge transfer 4

More re-work required 5

Project deviates if user in not clear about final objective/outcome 6

Experienced team is required 7

Lacks attention to outside integration _________________________x________________________x__________________________

SYSTEM DEVELOPMENT LIFE CYCLE (SDLC) The System Development Life Cycle (SDLC) key features: • Sequential in nature • Document driven • Deliverables at every stage • Process oriented The advantages of this system are as follows: • Better planning and control • Compliance • Documentation • review and signoff From the perspective of the IS Audit,

the following are the possible advantages: (i) IS auditor can understanding (ii) IS auditor and check compliance (iii) IS auditor and guide (iv) IS auditor can evaluate Risks/Shortcoming Associated with SDLC: (i) Cumbersome (ii) End product is not visible (iii) Rigid (iv) not be suitable for small and medium

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 7)

Sumit Shanker (FCA,

Stage I

THE PRELIMINARY INVESTIGATION Objective: Evaluation of project request (Cost/Benefit) Steps (i) (ii) (iii) (iv)

Identification of Problem Identification of objective Delineation of scope Feasibility Study

Issues addressed in the Feasibility Study: (i) Solution is as per the business strategy

(ii) Can existing system can rectify the situation (iii) Time frame (iv) Cost (v) Whether the vendor product offers a solution Document / Deliverable: A preliminary investigation report / feasibility report

(i) Identification of Problem:

(iii) Delineation (Description) of Scope: (i) Functionality requirements (ii) Data to be processed (iii) Control requirements (iv) Performance requirements (v) Constraints (vi) Interfaces (vii) Reliability requirements During preliminary investigation,

the analyst collects the data through two primary methods: a) b)

Reviewing internal documents Conducting Interviews

(iv) Feasibility Study: • Technical: Is the technology needed available

? • Financial: Is the solution viable financially

? • Economic: Return on Investment

? (Cost/Benefits) • Schedule / Time: Can the system be delivered on time

? • Operational: How will the solution work

? • Human resource feasibility: Availability of skilled people for the new system • Behavioral: Is the solution going to bring any adverse effect on quality of work life

? • Legal: Is the solution valid in legal terms

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 8)

Sumit Shanker (FCA,

Stage II

SYSTEM REQUIREMENT ANALYSIS The following activities are performed in this phase: • Identify the stake owners

• Consult the stake owners • Analyse requirements • Correct conflicts • Determine priorities

• Requirements are complete and consistent • Gather data • Model activities • Document activities Document/Deliverable: Systems Requirements Specification (SRS) Fact finding Techniques (i) Documents (ii) Questionnaires (iii) Interviews (iv) Observation Analysis of the Present System: The following areas should be studied in depth: (i) Review historical aspects (ii) Analyse inputs (iii) Review data files maintained (iv) Review methods,

procedures and data communications (v) Analyse outputs (vi) Review internal controls (vii) Model the existing physical system and logical system (viii) Undertake overall analysis of present system Systems Analysis of Proposed Systems

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 9)

Sumit Shanker (FCA,

We will now describe some tools in detail: (i) Structured English: Structured English (also known as Program Design Language (PDL) or Pseudo Code) English language (for simplicity) + syntax (for precision) (ii) Flowcharts: Graphical representation of inputs,

outputs and processing (iii) Data Flow Diagrams:

Data Flows,

Transformation processes,

Name Data source and data destination Data flows

Explanation The people and organizations that send data to and receive data from the system

Transformation process

The processes that transform data from inputs to outputs

Data stores

The storage of data is represented by two horizontal lines

The flow of data into or out of a process

(iv) Decision Tree: A Decision Tree uses a tree-like graph of decisions and their possible consequences,

and utility (v) Decision Table: A Decision Table is a table which defining the possible options that may be considered within the program and the suitable action for each option The four parts of the decision table are as follows: (i) Condition Stub

defect free and maintainable software

Computer aided Diagramming Tools

Screen and Report generator

Prototyping tools

Code Generation

(vii) System Components matrix:

system component matrix of a sales processing and analysis system Information systems activity Input

Hardware resources Machines Media

Software resources Programs Procedures

POS terminals

Data entry program

Data entry procedures


Mainframe computers

Sales processing program,

Sales transaction procedures

Bar tags,

People resources Specialists Users Sales clerk,

Sales clerk managers

Data resources

Information products

Customer data,

Data entry display Processing status display

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 10)

POS terminals,

Paper reports & receipts


Magnetic disk drive

Magnetic disk packs


POS terminals,

Paper doc & control reports

sales analyses program Report generator program,

graphic program Database management system Performance & security monitoring program

Sumit Shanker (FCA,

CISA) database Output use and distribution procedures

Sales clerk managers,

Correction procedures

Computer operators,


inventory & sales database Customer,

Sales receipts,

Data entry display,

Data Dictionary: Data dictionary is data about data (also called meta-data) Data dictionary contains information about a single data item o File in which it is stored o Source document o Who can access o Who cannot access o Who can read or modify

below shows a sample record from a data dictionary

(ix) Layout form and Screen Generator,

Menu Generator,

Report generator,

Code Generator Layout form and Screen Generator: Template or pre-printed electronic forms on which the size and position of titles,

data and information can be designed Customer Order Report Date Order Number Customer Name Catalog Number XXXXXXXXXXXXX XXXXXXXXXXXXX XXXXXXXXXXXXX XXXXXXXXXXXXX

MM/DD/YY 9999 XXXXXXXXXXXXXXXXXXXXXXX Available Location Cost Stock Level X XXXXXXX 999

99 99999

Menu Generator: Used for Menu and Sub-menu designing Report Generator: Used for output report designing (Header,

format etc) Code Generator: Used for generating source code from the high level specifications

Systems Requirement Specifications (SRS): Contents 1

Introduction 2

Information description 3

Functional description 4

Behavioral description 5

Validation criteria 6

SRS Review

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 11)

Sumit Shanker (FCA,

Roles involved in SDLC: (i) Steering committee: Functions

Accounts payable,

Accounts receivable module leaders

Quality Assurance: Gives standards system development Quality review Should be independent


___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 12)

Sumit Shanker (FCA,

Stage III

SYSTEMS DESIGN The design phase involves following steps: (i) Architectural Design (ii) Design of the Data / Information Flow (iii) Design of the Database (iv) Design of the User-interface (v) Physical Design

and (vi) Design of the hardware/system software platform (i)

Architectural Design: This involves designing of system in modules

Couple is data element that moves from one module to another and is shown by an arrow with circular tail

Functional decomposition diagram (ii) (iii)

Design of Data / Information flow Problems of present data flow Objective of new system Design of new data flow diagrams (DFD) Design of Database Database can be local (decentralised) or global (centralised) Design of database involves three levels I

Conceptual modelling (design for external user) II

Data modelling (logical design of database tables and structure) III

Physical modelling (storage of data on media) Design of User-Interface: User interface means how user will interact or communicate with the system

This involves designing of source documents output reports screen layouts inquiry screens graphic and colour displays special input/output device Important factors in Input / Output design: o o o o o

Content Timeliness Format Media Form

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 13) (v)

Sumit Shanker (FCA,

Physical Design: Logical design is converted into physical design which is then developed and implemented Auditor should see effectiveness and efficiency issues during designing CASE tools and simulation should be used Designing involves o Type of hardware for client application and server application o Type of Operating systems o Type Network o Processing – batch – online,

real – time o Frequency of input,

Design Principles: o Design two or three alternatives and choose the best one on pre-specified criteria

o The design should be based on the analysis

o The software should be designed as per business needs o The design should follow standards,

the user interface should have consistent colour scheme,

location of error message and the like

o The design should be modular o Modularity: A module is a small unit containing data and instructions to perform a well-defined task

Modularity is measured by two parameters: Cohesion (internal linking) and Coupling (external linking)

cohesion will be high and coupling low

Design of the Hardware / System Software Platform: New hardware and operating system may be required for new software New hardware and operating system should be modular New hardware and operating system should be compatible

Stage IV: Systems acquisition and software development SYSTEM ACQUISITION – To purchase readymade system from software vendors Acquisition Standards: Management should establish documented acquisition standards which ensures that – • Security,

and functionality already built into a product

• Managers review the appropriate vendors,

• New products are compatible with existing systems

and operational requirements are clearly defined in request-forproposals (RFP) Acquiring Systems Components from Vendors (I) Hardware Acquisition:

Software Licenses and Copyright Violations:

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 14)

Sumit Shanker (FCA,

(IV) Validation of vendors’ proposals:

• Performance capability • Costs and Benefits • Maintainability • Compatibility • Vendor Support (V) Methods of validating the proposal: i) Checklists: Simple and subjective method,

various criteria are put in check list in the form of suitable questions ii) Point-Scoring Analysis: objective method Software Evaluation Criteria Does the software meet all mandatory specifications

? Will program modifications be minimal

? Does the software contain adequate controls

? Is the performance (speed/accuracy/reliability) adequate

? Are other users satisfied with the software

? Is the software user-friendly

? Can the software be demonstrated and testdriven

? Does the software have an adequate warranty

? Is the software flexible and easily maintained

? Is online inquiry of files and records possible

? Will the vendor keep the software up to date

Points 10 10 10 10 8 10 9 8 8 10 10 123

Vendor A 7 8 9 7 6 7 8 6 5 8 8 94

Vendor B 9 9 9 9 7 8 8 7 7 9 8 106

Vendor C 6 7 8 6 5 6 7 6 5 7 7 85

Public Evaluation Reports: Industry association magazines,

Survey reports etc Bench marking problem for vendor’s proposals: Demo of software using routine input data Test problems: Demo of software using extreme test data to test the true capabilities of system

SYSTEMS DEVELOPMENT – To develop in-house software A good coded program should have the following characteristics: • Reliability • Robustness (Strength) • Accuracy • Efficiency (Consumes less resources) • Usability (Easy to use) • Readability (Easy to maintain) Some other issues in systems development: (I) Program Coding Standards:

efficient use of storage and least processing time

(II) Programming Language: There are many programming languages

like: • High – level general purpose programming language such as COBOL and C language

• Object oriented languages such as C++,

JAVA etc

• Scripting language like JAVA Script,

VB Script

• Decision Support or Expert System languages like PROLOG

Choice of Programming Language: Depends upon • Type of operating system • Type of hardware • Type of application being developed

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 15)

Sumit Shanker (FCA,

(III) Program Debugging: Debugging means to remove the errors in program script

It is done by following four steps: • Inputting the source program to the compiler,

• Letting the compiler find errors in the program,

• Correcting lines of code that are erroneous,

and • Resubmitting the corrected source program as input to the compiler

(IV) Test the program (V) Program Documentation (VI) Program Maintenance

Stage V

Systems Testing Level 1: Unit testing

Level 2: Integration testing

Level 3: System testing

Level 4: Acceptance testing

Level 1: Unit Testing – Testing of individual units of software Categories of unit testing i) Functional Tests – testing main function of S/W ii) Performance Tests – testing the speed if S/W iii) Stress Tests – testing the stress limit of S/W iv) Structural Tests – testing the logic of S/W v) Parallel Tests – testing old and new unit togther Types of Unit Testing: (a) Static testing (i

testing done by reading the program script) i) Desk Check – done by programmer himself ii) Structured walk-through – Programmer with one more person iii) Code inspection – Formal committee review the unit (b) Dynamic testing (i

testing by actual running of program on computer) i) Black Box Testing (internal logic is not examined) ii) White Box Testing (internal logic is examined) iii) Gray Box Testing (Combination of black box and white box) Level 2: Integration Testing – This involves testing the linking of different units of software to see that units connect correctly

This is carried out in the following manner: i) Bottom-up Integration:

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 16)

Sumit Shanker (FCA,

Level 3: System Testing In systems testing complete system is tested as a whole

Following testing is done: i) Recovery testing: system can recover from crash ii) Security testing: system has security controls to protect information iii) Stress testing: how much stress can the system tolerate during peak processing hours iv) Performance testing: speed of system Level 4: Final Acceptance Testing It has two major parts: i) Quality assurance testing: Quality standards are followed in developing the system ii) User acceptance testing: User requirements are fulfilled by the system a) Alpha Testing: First stage,

done in lab environment b) Beta Testing: Second stage,

Stage VI: Systems Implementation Activities: Following activities are involved in System Implementation: • Conversion of data to the new system files

• Completion of user documentation

• Evaluation of the system at regular intervals

Activities during Implementation Stage: I

Equipment Installation: (a) Site Preparation (b) Installation of new hardware / software (c) Equipment check out II

Training Personnel: (a) Managers training (b) End user training (c) IT staff training III

System Implementation Conversion Strategies:

Direct / Abrupt Conversion:

- low cost

Phased Conversion:

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 17)

Sumit Shanker (FCA,

Parallel Conversion:

- low risk

Pilot implementation: The new system is first implemented in non-critical branch and if it is successful then it is moved to larger branches

Activities involved in conversion: i) Procedure conversion: o Operating procedures for the new system are documented o Communicated to users through training ii) File conversion: o File conversion is done to make the old files compatible for the new system o This should be done in time o Controls like hash totals and record counts needs to be used while conversion o Old files should be kept for some time iii) System conversion: o Shifting daily processing to the new system o Checking and balancing should be done with old system for some time iv) Scheduling personnel and equipment: o Deciding data processing schedules for different departments o Should be done jointly by IT and department managers Post Implementation Review (PIR)

Development evaluation II

Operation evaluation III

Information evaluation System Maintenance i) Scheduled maintenance – can be planned or pre-scheduled ii) Rescue maintenance – for existing problems in system iii) Corrective maintenance – for errors when they occur iv) Adaptive maintenance – to change according to environment v) Perfective maintenance – to add features vi) Preventive maintenance – to prevent future occurrence of problems Operation manuals (user guide/Operation Manual): • Cover page,

a title page and copyright page • Introduction • Table of content • Main functions • Troubleshooting • A FAQ (Frequently Asked Questions) • Contact details • Glossary and index

___________________________________________________________________________ www

Jaipur Ph: 9314207273

QRP – SDLC Methodology (Pg 18)

Sumit Shanker (FCA,

Auditors Role in SDLC The audit of system under development can have three main objectives 1

To check the efficiency,

To check audit trails and controls 3

To check system’s operation controls The auditor can achieve the above objectives by: i

Attend project and steering committee meetings Examine project documentation Conducting interview Check the compliance with development standards Examine systems operational documentation to see operational controls The auditor can give rating (1 to 10) for various SDLC phases Auditor may ask for technical expert report on technical aspects (e

Some control considerations for an auditor to examine are: i

Documented policy and procedures Established project team Good infrastructure Trained development staff Appropriate approvals Separation of development and test environment Standards are followed User department approval before implementing Version control Safety of source code Systems maintains proper audit trail

Best Wishes

___________________________________________________________________________ www

Jaipur Ph: 9314207273

Control Objectives (Pg 1)

Sumit Shanker (FCA,


◙ Need for controls in IT environment: 1) High Cost of Data Loss 2) Incorrect Decision Making 3) Costs of Computer Abuse 4) Value of Computer Hardware,

Software and Personnel 5) High Costs of Computer Error 6) Maintenance of Privacy 7) Controlled evolution of computer Use ◙ Objective of the information systems audit function: 1) Asset Safeguarding 2) Data Integrity 3) System Effectiveness 4) System Efficiency 5) Compliance ◙ Effect of computers on internal control: (How internal controls changed due to computerization) a

Selection of personnel:

programmed credit limit approvals Record keeping:

Access to assets and records:

◙ Interrelated Elements of internal control: (as per COSO) 1) Control environment 2) Risk Assessment 3) Control activities 4) Information and communication 5) Monitoring

___________________________________________________________________________ www

Jaipur Ph: 9314207273

Control Objectives (Pg 2)

Sumit Shanker (FCA,

◙ Effects of computers on audit: Change in evidences collection and evidence evaluation technics in computerized environment (a) (b) (c) (d) (e) (f) (g) (h)

Data retention and storage: Data in binary format Temporary logs: Logs are overwritten Absence of input document Lack of visible audit trail Lack of visible output Audit evidence Legal issues New opportunities and mechanism of fraud and errors:

◙ Responsibility of controls: Management fulfills this objective by taking the following steps: 1

Develop and implement appropriate cost effective controls

Assess the adequacy of internal controls in programs and operations

Alignment of internal controls with the security policy of the company

Reporting on internal controls

Take corrective actions

Identify scope of improvement

◙ Knowledge requirement for IS auditor: 1

Knowledge of business operations 2

Knowledge of legal compliance 3

Knowledge of information technology environment 4

Knowledge of control procedures 5

Knowledge of IS audit standards and IT controls standards 6

knowledge of audit software tools ◙ Functions of IS Auditor: 1

Review IT security policies and procedures 2

Risk assessment 3

Evaluation of controls 4

Evaluation of IS in terms of economy,

Review of BCP/DRP 6

Investigating IT related frauds ◙ Categories/Types of IS audits: 1

Application systems audit 2

Operating systems audit 3

Database audit 4

Network systems audit 5

IT Infrastructure audit 6

Systems Development,

implementation and maintenance audit 7

Regulatory compliance audit 8

Investigation of IT related crimes,

frauds & forensics ◙ Steps in Information Technology Audit: 1

Scoping and pre-audit survey 2

Planning the audit 3

Fieldwork 4

Analysis 5

Reporting 6


___________________________________________________________________________ www

Jaipur Ph: 9314207273

Control Objectives (Pg 3)

Sumit Shanker (FCA,

◙ Audit Standards: Following are some of the audit standards or best practices standards related to IS audit: 1) Audit standards issued by ICAI 2) ISACA standards 3) COBIT Covered in Ch 8 4) ISO 27001 5) ITIL 6) SAS 70 7) Global Technology Audit Guide (GTAG): • Issued by The Institute of Internal Auditors (IIA),

USA • Provides control and security guidelines in IT environment • Following is the list of GTAG developed by IIA

◙ Cost effectiveness of control procedures: Internal controls are essential element in any business process but they have two problems which should be taken care of: 1st – Controls involve cost

Thus the cost of implementing internal control should not exceed the benefits derived from it

Benifites: Reduction in expected loss due to control


Definition of controls: Controls are defined as “The policies,

practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected”

___________________________________________________________________________ www

Jaipur Ph: 9314207273

Control Objectives (Pg 4)

Sumit Shanker (FCA,

◙ Categories of Controls: Categories of controls Objective of controls

Nature of IS resources

Functional nature



Accounting and finance


Physical access



Logical access



IS Operational 5

IS Management 6

Classification based on Objective of controls 1

Preventive controls: To preventive error,

omission or malicious act from occurring

These are designed by using three step process as follows: (i) Understanding the vulnerability of the asset or process (ii) Understanding the probable threats (iii) Making provision to encounter such threats

Examples of preventive controls are: