ISA

ISA — An Emerging Professional Opportunity

Rightly gauging the future that, Information Technology will pervade all walks of life and business within no time, the Institute had launched upon the ISA (Information System Audit) course as a Post Qualification Course (PQC) for its members. Today, technology plays a major role in facilitating all business functions and it is not limited to just simple capture and process of transactions, as it was in the beginning. Now, technology has even entered the core areas such as Corporate Governance, Risk Management and Business Continuity.

Changing paradigms due to recent technology revolution have made knowledge and experience in technology as a basic requirement for growth of a professional. Not only the growth, but even mere survival requires technology knowledge these days. Information Technology (IT) has evolved from a humble role of business enabler to business driver.

With IT becoming an integral part of the strategic business scenario, the Institute rightly perceived an increase in the use of technology in Finance and Audit. We as professionals, with our background in accounting and audit, are better equipped to carry out information system audit, which is not a substitute to financial audit. The expertise required for conducting an Information system Audit (ISA) is much more and we should equip ourselves with adequate and relevant knowledge.

The information systems have moved beyond being just accounting packages and are now used to cover the entire range of business operations. They also provide information that can assist the organization in planning, controlling and decision-making. The challenge for the auditor is to ensure that the information is relevant, accurate and complete. Considering all these factors and keeping in view the latest technology developments, the Institute has taken proper actions of defining, redefining and constantly updating and modifying the syllabus for the ISA course.

The highlights of the course are "contemporary curriculum, industry networking and cutting-edge technology". The course focuses on comprehensive development of professional skills, through a well-devised curriculum and training methodology. ISA not only empowers Chartered Accountants to drive information development and system design, but also helps them to understand the finer nuances of system control and evaluation.

With the new challenges threatening the traditional domain, the Council of the Institute — by commissioning ISA course — is not just coping with the demands of IT dynamics, but it also seeks to leverage technology to enhance the professional skills of its members.

Keeping with the pace of the technology and the emergence of the new concepts on the horizon, Committee on Information Technology (CIT), ICAI has been duly revising and revamping the prospectus for this PQC on ISA, from time to time. CIT is constantly endeavoring to improve the level of training and facilities offered to candidates pursuing the course. Some of the recent initiatives have been the revision of syllabus, revised course materials, CAAT Resources CD, Technical Guide on IS Audit, and New ISA Prospectus. The ISA Portal at www.isa.icai.org is another value added service ( a one-stop-shop) to provide all pertinent details about the PQC on ISA and CPE Course on CAAT, Practical Workshops, Practical Training Batches, ISA ET Notifications, emerging professional opportunities and details of forthcoming activities, apart from provision of mail boxes for course communications to candidates pursuing the ISA Course. Through the revised course, students get E-Books and Presentations, highlighting the need for Systems and Process Assurance/ IS Audits.

The course enables ICAI members to become world-class Systems Auditors, Systems Control and Security Professionals, Technology Consultants and Tech-savvy Finance Executives. It helps them to take on multiple roles, responsibilities and leadership in a complex and rapidly evolving business environment. It provides guidance and support in Information Technology to Governments, Corporates, Service Organizations and Society at large, by:

Setting learning standards for its members
Conducting research in system security, control and audit
Developing Information Systems (IS) audit standards and competencies
Establishing good governance and security practices

The detailed information of the course contents is available on the websites http://www.icai.org and http://isa.icai.org/

Committee on Information Technology (CIT) has implemented the twin facilities for the ISA course viz:

Researched Online Study Materials (ROSM) and
Online Practice Tests (OLPT)

ROSM is a learning facility, an exercise for the user to choose right answer for the question. After answering, the user gets to view a page full of pertinent details about the question at hand, to enable him/ her to better understand the concept covered.

OLPT facility aims to provide an exposure to the type of questions that are asked, provide sample test papers and questions, a means to do self evaluation of learning — the user can know how well he/she has understood the subject/ module.

The CIT has also identified IT Enabled Services (ITES), particularly ERP, as a thrust area for the development of the profession considering increasing demand for these value added services within the country and abroad. After a detailed market study, CIT has identified leading ERP vendors to provide education and training in this area at concessional rates, to facilitate members to develop competencies in these areas. As a part of this ERP initiative, the CIT has finalized arrangements to provide following training programmes:

SAP ERP Module on "Managerial and Financial Accounting" (FICO)

Oracle ERP — Financials 11i Module Training Module

Microsoft Dynamics NAV — Finance Module

CPE course on CAAT

Certificate Course on Forensic Accounting & Fraud Detection using IT & CAATs

These courses are introduced to provide practical training content desired by members participating in the PQC on ISA. This course would enable ISA Members to get a practical insight into SAP/ Oracle/ Microsoft NAV Dynamics ERP implementation for finance/ control module.

According to the CIT, it is important to find out:

• how to use available technology

• where to use IT

• how to generate ROI (Return On Investment) from IT

• how IT can be integrated and standardized and

• what are the latest happenings in IT

Armed with the ISA qualification, members can build brilliant careers in the following areas:

Information System Development and Design

Provide functional expertise in the areas of development, implementation, testing and security of information systems and suggest controls to be incorporated therein.

Information System Evaluation

Undertake an objective assessment of information system controls, information privacy and integrity.

Assessment of Risks and Management thereof

Identify risks, assess their impact, provide assistance in devising mitigation strategies, devise and implement controls, provide ongoing measurement mechanisms for the risk environment.

Business Continuity Management

Provide help in development/implementation/assessment/ review of business continuity and disaster recovery plans.

Public Key Infrastructure (PKI) Audits

Public and private organizations are implementing PKI to ensure safe exchange of sensitive data and other critical transactions. Audit of such PK infrastructures is an emerging area.

Security Policy Development, Implementation, Review and Assessment

Assist the top management in development and implementation of enterprise wide security policy, plan and procedures.

Change management

Ensuring smooth transition of IT related business processes, effective disposal/archiving of older data, data pertinence & integrity in the event of systems upgradation, integration of technologies of two firms in a transaction of a merger or an acquisition etc.

Undertake review/assessment of the security policy, if it already exists in an organization

Training in IS Security

Privacy Impact Assessment

Due to globalization and business process outsourcing practices, there is a lot of cross border flow of data. Privacy of such data is required to be guarded as per various enactments in regard to the data privacy in different countries. Privacy Impact Assessment is another emerging area in the BPO regime.

Application Software Audit

Review of Database for Integrity, Confidentiality and Availability

Network Audit

Audit/Review of Network Security and Network Administration

Vulnerability Assessment

Carry out vulnerability assessment with the help of various tools by running scans on a system to proactively detect known vulnerabilities such as security flaws and bugs in software and hardware.

Penetration Analysis

Perform penetration analysis to test an organization’s information system security to identify vulnerabilities in the system and surrounding processes.

Computer Abuses and Crimes

Assess the level of risk with regard to the computer abuses/crimes and suggest steps for removing any laxity observed in the physical and logical controls.

Audit of Efficiency of IT Resources

Identify conditions such as Underutilized facilities, Non-productive work, Procedures that are not cost justified, Overstaffing or understaffing, etc.

Computer Forensics

Clinical investigation of computer crimes/frauds.

Every organization using IT will require one or more of the above services at some stage/s of its computerization process. With the increasing use of IT in business and other applications, the D.I.S.A. (ICA) qualified members will be presented with amazingly large professional opportunities as the time passes by.