ISCA - Practice Manual - Latest - January 2011 Edition - CA Final - Group II - Paper 6 : {Courtesy: ICAI}

Friends,

ICAI has come up latest with Practice Manual. This is a booklet published by ICAI containing the synopsis of the Chapters and the Answers for Self Examination Questions and Past Exam Questions. This is prepared by Board of Studies of ICAI. This is a copyrighted material. Kindly use it for academic purposes only. The link below gives the PDF file (Jan 2011 edition) for each chapter.

Chapter 1: Information System Concepts

https://sites.google.com/site/gkr8164/infotech/21483sm_finalnew_isca_vol2_cp1.pdf?attredirects=0&d=1

Chapter 2 : System Development LIfe Cycle Methodology

https://sites.google.com/site/gkr8164/infotech/21484sm_finalnew_isca_vol2_cp2.pdf?attredirects=0&d=1

Chapter 3 : Control Objectives

https://sites.google.com/site/gkr8164/infotech/21485sm_finalnew_isca_vol2_cp3.pdf?attredirects=0&d=1

Chapter 4 : Testing - General and Automated Controls

https://sites.google.com/site/gkr8164/infotech/21486sm_finalnew_isca_vol2_cp4.pdf?attredirects=0&d=1

Chapter 5 : Risk Assessment Methodologies and Applications

https://sites.google.com/site/gkr8164/infotech/21487sm_finalnew_isca_vol2_cp5.pdf?attredirects=0&d=1

Chapter 6 : Business Continuity Planning and Disaster Recovery Planning

https://sites.google.com/site/gkr8164/infotech/21488sm_finalnew_isca_vol2_cp6.pdf?attredirects=0&d=1

Chapter 7 : An Overview of Enterprise Resource Planning

https://sites.google.com/site/gkr8164/infotech/21489sm_finalnew_isca_vol2_cp7.pdf?attredirects=0&d=1

Chapter 8 : Information Systems Auditing Standards, Guidelines and Best Practices

https://sites.google.com/site/gkr8164/infotech/21490sm_finalnew_isca_vol2_cp8.pdf?attredirects=0&d=1

Chapter 9 : Drafting of IS Security Policy, Audit Policy, IS Audit Reporting - A Practical Perspective

https://sites.google.com/site/gkr8164/infotech/21491sm_finalnew_isca_vol2_cp9.pdf?attredirects=0&d=1

Chapter 10 : Information Technology (Amendment) Act, 2008

https://sites.google.com/site/gkr8164/infotech/21492sm_finalnew_isca_vol2_cp10.pdf?attredirects=0&d=1

Any comments please give down below with open mind (critic views are first and most welcomed for future improvements) or email to gkr@icai.org

Happy Reading...

ISCA - Chapter 3 : Control Objectives: Scan of Past Exam Questions with reference to Study Material: CA Final - Group II - Paper 6

CHAPTER
3

CONTROL
OBJECTIVES

Scan
of Past Exam Questions:

Year	Marks	Questions	Answers in ICAI-ISCA Study Material Page No:
N 08	10	3(a) What do you understand by classification of information? Explain different classifications of information	3.68
	5	3(c) Briefly explain the formal change management policies, and procedures to have control over system and program changes	3.45 – 3.48
	5	7(b) Key elements in System Development and Acquisition Control	3.38
J 09	5	2(b) “While reviewing a client’s control system, an information system auditor will identify three components of internal control.” State and briefly explain these three components.	3.23
	10	3(a) A company is engaged in the stores taking data activities. Whenever, input data error occurs, the entire stock data is to be reprocessed at a cost of Rs. 50,000. The management has decided to introduce a data validation step that would reduce errors from 12% to 0.5% at a cost of Rs. 2,000 per stock taking period. The time taken for validation causes an additional cost of Rs. 200. (i) Evaluate the percentage of cost benefit effectiveness of the decision taken by the management and (ii) suggest preventive control measures to avoid errors for improvement.	3.17
	5	3(b) What are the issues that should be considered by a system auditor at post implementation review stage before preparing the audit report?	3.66, 3.67
	5	7(c) Firewall	3.76
N 09	5	3(c) Explain the term “Cryptosystems”.  Briefly discuss Data Encryption Standard.	3.73
	5	4(c) Discuss the three processes of Access Control Mechanism, when a user requests for resources?	3.106, 3.107
	5	5(c) Discuss anti-virus software and its types?	3.87
J 10	10	2(c) The management of ABC Limited wants to design a detective control mechanism for achieving security policy objective in a computerized environment. As an auditor explain, how audit trails can be used to support security objectives.	3.30
	5	3(c) Explain the role of IS auditor in evaluating logical access controls	3.100

ISCA - Chapter 5 : Scan of Past Questions with reference to Study Material - CA Final - Group II - Paper 6

CHAPTER
5

RISK
ASSESSMENT METHODOLOGIES APPLICATIONS

Scan
of Past Exam Questions:

Year	Marks	Questions	Answers in ICAI-ISCA Study Material Page No:
N 08	10	5(a) Explain the following terms with reference to Information Systems: (i) Risk, (ii) Threat, (iii) Vulnerability, (iv) Exposure, (v) Attack	5.1-5.3
	5	5(b) “There always exist some common threats to the computerized environment”. Explain these threats	5.3-5.4
	5	5(c) What do you understand by “Risk Assessment”? Discuss the various areas that are to be explored to determine the risk?	5.5-5.7
J 09	5	3(c) “Always, there exists some threats due to Cyber Crimes”. Explain these threats	5.4, 5.5
	5	4(b) State and explain four commonly used techniques to assess and evaluate risks	5.10, 5.11
N 09	5	2(b) Explain the threats due to Cyber Crimes.	5.4, 5.5
	5	3(b) Describe Risk Management Process	5.8
M 10	5	2(a) What are the common threats to the computerized environment other than natural disasters, fire and power failure?	5.3
	5	5(a) What are the two primary questions to consider when evaluating the risk inherent in a business function in the context of the risk assessment methodologies? Give the purposes of risk evaluation.	5.10

ISCA - Chapter 6 - Scan of Past Exam Questions with reference to study material - CA Final - Group II - Paper 6

CHAPTER
6

BUSINESS
CONTINUITY PLANNING

DISASTER
RECOVERY PLANNING

Scan
of Past Exam Questions:

Year	Marks	Questions	Answers in ICAI-ISCA Study Material Page No:
N 08	5	1(b) Discuss the objectives and goals of Business Continuity Planning	6.2
	10	6(a) What do you understand by the term Disaster? What procedural plan to you suggest for disaster recovery?	6.17
	5	6(b) Describe the methodology of developing a business continuity plan?	6.3
	5	6(c) Briefly explain the various types of system’s back-up for the system and data together	6.12
J 09	10	4(a) As a system auditor, what control measures will you check to minimize threats, risks and exposures in a computerized system?	6.9, 6.10
	5	4(c) What are the audit tools and techniques used by a system auditor to ensure that disaster recovery plan is in order? Briefly explain them	6.23, 6.24
N 09	3(a)	What analysis should be done for understanding the degree of potential loss (such as reputation damage, regulation effects) of an organisation? Enumerate the tasks to be undertaken in this analysis. In what ways the information can be obtained for this analysis?	6.5
M 10	5	3(b) A company has decided to outsource a third party site for its alternate back-up and recovery process. What are the issues to be considered by the security administrator while drafting the contract?	6.13
N 10	4	“Technology risk assessment needs to be a mandatory requirement for project to identify single point of failures” - Justify	6.11

SIRC-ICSI-MSOP 6th Batch participants response for GKR's presentation on "Cyber Laws" on 25th January 2011

Priya Menon @ Even though I have attended many classes on Information Technology this was the one class that made me realize how the system actually works and how the same worked for us.  It was an eye-opener in real sense.

Prashanth @ I thank you for the interesting and eye-opener session to to many areas in the field of IT. Covered lot of information within limited time. Wish we have more sessions on these areas. Keep teaching, giving lectures and enlightning students like us, Sir. Once again thank you, Sir.

Manjunath @ Classes was very useful. Good practical approach. Good keeping of session alive and intersting. PPT was good. friendly manner. Illustrative and clarified portions very well. interactiion level was excellent. overall class was good

Vidhya @ The session was very useful. I got more information about cyber laws. This is the first time I had an opportunity to listen some interesting & new concepts(cyber laws). Your speech gave me an inspiration to learn new concepts. Thank you very much, Sir.

Anne Franscisca Vinitha @ Gained indepth knowledge about Digital Signatures, back office transactions which was completely new to us. Professional advice from an experienced person like you would be useful in our future practice. Thank you, Sir.

Kiran @ To be frank, this is the BEST session I have attended on Cyber Law. And its our pleasure to listen to such a highly qualified person at a very young age with such a humble and nice manner.

Shanthi @ Sir, I thought this would be a dry topic. But your teaching have proved that there is no such thing like dry topic. Thank you, Sir.

Soundarya .K @ I am your student, Sir. You took foundation and intermmediate classes(ISQT & MIS) for me. Thank you, Sir. Only because of you, I scored first mark in my MIS paper(first mark in Southern Region and got an endowment award for the same). Thank you very much, Sir.

CS Hiral Patel @ Dear Sir, I am Hiral Patel, a participant of sixth MSOP (previously known as SMTP) batch of ICSI , where you had given us an insight on Cyber Laws. It was my first cyber law lecture and I truly enjoyed the way in which you were explaining various concepts specially the digital signature certificate. I also liked the way in which you were keeping the session alive by giving various examples, which truly showed your passion towards teaching. Thank you sir for enlightening us on Cyber Laws. Thanks and regards, CS Hiral Patel 08148066678

CA Final - ISCA - New Syllabus - COBIT 4.1 - Reference Material

Friends,

Herewith, I have attached COBIT version 4.1 containing 206 pages of Executive Summary and CobiT Framework with VIII appendices.

This is a copyrighted material. Please use it only for academic purposes.

https://sites.google.com/site/gkr8164/infotech/COBIT_41.pdf?attredirects=0&d=1

© 2007 IT Governance Institute. All rights reserved.

Your feedback on C

http://www.itgi.org/. OBIT 4.1 is welcomed. Please visit www.isaca.org/cobitfeedback to submit comments.

CA Final - Corporate and Allied Laws - New Syllabus - PMLA - Powerpoint Slides

Friends,

Herewith, I have given link for the PPT file containing material for CA Final Corporate and Allied Laws chapter on Prevention of Money Laundering Act, 2002.

https://sites.google.com/site/gkr8164/gkrfiles/AMLCFTcomplianceunderPMLA_GKR.ppt?attredirects=0&d=1

Hope the file will elucidate the first time readers to comprehend the subject much better.

Any queries kindly sms 98400 63269 or email: gkr@icai.org

Happy Reading.....

ISCA - CA Final - New Syllabus - ICAI - Suggested Answers - PDF Format

Friends,

Herewith, I have given the link for Suggested Answers isused by ICAI (copyrighted material). The new syllabus first examination was NOV 2008. Till NOV 2010 so far five examinations are over. The contents are to be used only for academic purposes.

The link below gives all the five SA of ISCA.

November 2010 ISCA CA Final SA

https://sites.google.com/site/gkr8164/infotech/SA_N10_ISCA.pdf?attredirects=0&d=1

May 2010 ISCA CA Final SA

https://sites.google.com/site/gkr8164/infotech/SA_M10_ISCA.pdf?attredirects=0&d=1

November 2009 ISCA CA Final SA

https://sites.google.com/site/gkr8164/infotech/SA_N09_ISCA.pdf?attredirects=0&d=1

June 2009 (May 2009) ISCA CA Final SA

https://sites.google.com/site/gkr8164/infotech/SA_M09_ISCA%28June2009%29.pdf?attredirects=0&d=1

November 2008 ISCA CA Final SA

https://sites.google.com/site/gkr8164/infotech/SA_N08_ISCA.pdf?attredirects=0&d=1

Any comments / suggestions / queries:
SMS 98400 63269
email: gkr@icai.org

What is new in ISCA (CA Final) revised Study Material - 2011 edition?

Dear Friends,

Good News: The revised study material of all the subjects are available in all the regional councils and branches of ICAI across length and breadth of the country. (In Chennai DCO, the revised versions have come in tons in multiple trucks). Please visit or request your friends to collect the same.
Great News: The revised study material of ISCA is enriched with many contents. Especially:

Chapter 4: Testing: 21 pages are added new

Chapter 8: Standards: COBIT version 4.1 is included instead of old version.

(I have reserved comments on including HIPAA in our syllabus...please put your comments also in this blog).

Herewith I have attached Chapter 4: Testing - General and Automated Controls - Revised Study Material of ICAI - ISCA in PDF format. (It is write protected for Integrity).

https://sites.google.com/site/gkr8164/infotech/18956sm_finalnew_isca_cp4.pdf?attredirects=0&d=1

Further, herewith I have attached Chapter 8: Information System Auditing Standards, Guidelines and Best Practices (It is write protected for Integrity)

https://sites.google.com/site/gkr8164/infotech/18960sm_finalnew_isca_cp8.pdf?attredirects=0&d=1

Happy Learning....

SysTrust and WebTrust (For CA Final - ISCA - Chapter 8)

Friends,

Herewith I have attached (PDF Document) Trust Services and Criteria incorporating SysTrust and WebTrust as issued by American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants. The attached document is a copyrighted material. Please use it only for academic purposes.

https://sites.google.com/site/gkr8164/Home/WT.TrustServices.pdf?attredirects=0&d=1

Permission is granted to make copies of this work provided that such copies are for personal, intraorganizational, or educational use only and are not sold or disseminated and provided further that each copy bears the following credit line: "Copyright © 2003 by American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants. Used with permission."

CA Final - Group II - Paper 6 - ISCA - Chapter 7: An Overview of ERP: Scan of Past Exam Questions with reference to study material

CHAPTER
7

AN
OVERVIEW OF

ENTERPRISE
RESOURCE PLANNING (ERP)

Scan
of Past Exam Questions:

Year	Marks	Questions	Answers in ICAI-ISCA Study Material Page No:
N 08	10	1(a) Briefly explain Enterprise Resource Planning (ERP) and describe five of its characteristics	7.2, 7.4
J 09		XYZ Company, engaged in the manufacturing of several types of electronic goods is having its branches all over the World. The company wishes to centralize and consolidate the information flowing from its branches in a uniform manner across various levels of the Organization. The factories are already working on legacy systems using an intranet and collating information. But each factory and branch is using different software and varied platforms, which do not communicate with each other. This not only results in huge inflow of data which could not be consolidated for analysis but also the duplication of data. Even one percent change in any data entry or analysis translates into millions of Rupees and can sometimes wipe out the profits of the organization. So the company needs a system that would help them to be responsive and act fast. Read the above carefully and answer the following with justifications:
	5	What are the problems that the company is facing now?
	5	Should the company go for ERP solution? If yes, will the company be able to share a common platform with its dealers to access servers and database to update the information of issues of mutual interest?
	5	For the selection of ERP package, state the issues to be considered
	5	Suggest how to go about the implementation of ERP package.
N 09	5	5(d) ABC limited has recently migrated to real-time Integrated ERP System. As an IS Auditor, advice the company as to what kinds of businesses risks it can face?	7.18
M 10	10	3(a) How will you get over the impediments for the successful implementation of ERP. Mention any five.	7.12
M 10	5	5(b) If you are the CEO of a company, what factors would be considered before undertaking implementation of risk evaluation.	7.12
N 10	5	7(b) Write short notes on: Business Engineering	7.8