CA Final -MICS Notes

Dear All,

It gives immense pleasure to present this MICS notes, the objective of this notes
is to clear the misconceptions from the minds of the students, who feel MICS as
very difficult to pass/score

Among the eight papers of CA- Final, MICS is the most easiest and scoring
subject as there are no numbers involved, except question numbers in question

paper J

I have put in my best efforts to make this notes easy and understandable ,

This is specially dedicated to my brother Sadiq Khan, writing in November

2009 & to my beloved friends.

All the Best !!!

- CA Siddiq Ahmed Khan

Bangalore ,
apsak_ca@yahoo.com

Siddiq Ahmed Khan i

 CA Final -MICS Notes

Success factors for passing MICS - Paper -6

J Refer only Study material issued by ICAI

J Good memory (use Acronyms)
J Complete familiarity of the Syllabus
J Clear understanding of question and doubly confirm the answers before
writing in exam.
J RTP of respective exam must be covered (At least 20 marks from RTP)
J Use your practical knowledge only to understand the concept, not to present
in exam, you should present only as per Study Material
J Questions asked in Immediate examination can be ignored
J Repeated reading will help you to score good marks
J “Knowing everything of something is better than knowing something of
everything “ so for this paper, ensure completeness of syllabus.

Methodology

ü First read the chapters from study material provided by ICAI

ü Revise the chapter immediately from this notes and you can add extra text for your
better understanding
ü With the help of this summarized notes, the entire syllabus can be revised within 4
hours. And will be of great help as last minute revision day before exam.

Siddiq Ahmed Khan ii

 CA Final -MICS Notes

Phase 1..................................................................................................................................... 2
Chapter - 6 - Enabling Technologies ............................................................................... 2
Chapter - 7 - System Development Process................................................................... 4
Chapter - 8 - Systems Design............................................................................................ 8
Chapter - 9 - System’s Acquisition, Software Development & Testing................. 10
Chapter – 10 - System Implementation & Maintenance ............................................ 12
Phase - 2................................................................................................................................. 14
Chapter – 11 - Design Of Computerised Commercial Applications .......................... 14
Chapter – 12 - Enterprise Resource Planning – Redesigning Business .................... 14
Chapter – 19 - CASE Tools and Digital Technology .................................................... 17
Phase - 3................................................................................................................................. 19
Chapter – 13 - General Controls in EDP Set –up.......................................................... 19
Chapter – 14 - Application Controls in EDP Set-up..................................................... 22
Phase - 4................................................................................................................................. 24
Chapter – 18 - Information Security ............................................................................ 24
Chapter – 15 - Detection of Computer Frauds ............................................................ 26
Chapter – 16 - Cyber Laws and Information Technology Act, 2000 ...................... 29
Chapter – 17 - Audit of Information Systems............................................................. 31
Phase - 5 .................................................................................................................................. 34
Chapter – 3 - Basic Concepts of MIS ............................................................................ 34
Chapter – 4 - Systems Approach & Decision Making ................................................. 37
Chapter – 5 - Decision Support & Executive Information System......................... 39
Chapter – 1 - Basic concepts of systems....................................................................... 41
Chapter – 2- Transaction Processing System .............................................................. 43

Siddiq Ahmed Khan 1

 CA Final -MICS Notes
Phase 1
Chapter - 6 - Enabling Technologies

Traditional Computing Model

Mainframe Personal File-Server

Architecture Computers Architecture

Ø Dumb Terminal Ø Independent PC Ø Dumb Server Smart

Ø Non GUI Ø No sharing of Terminal
Ø Higher Costs data & resources Ø Supports GUI
Ø Support every Ø Network Traffic
Hardware platform Ø Sends Entire File
Ø Max. 12 Users
Client Server (C/S) Model - (Cost Reduction Technology)

Ø It’s a form of distributed processing

Ø Divides processing work between server & work-station
Ø Server-Global Task; Client-Local Task
Ø Send only requested data
Advantages / Benefits of Client /Server
1. Cost Reduction 7. Easy to add new hardware
2. Improved flow of information 8. Takes less people to maintain
3. Direct access to data 9. User Friendly GUI
4. Increased data integrity & security 10. SQL capability
5. Better Connectivity 11. Data protection & security
6. Increased Productivity 12. Access to multiple servers
Example of C/S :- Online Banking, Call-Centre, E-Commerce.
Elements of Client /Server
1. Data Storage 4. Operating System
2. DBMS 5. User Interface
3. Application Software 6. Display Devices

Components of C/S

Client Server Middleware Fat-Client (2 Tier) Network

(User of services) -File Server (Distributed Software) Fat-Server (3 Tier) Network
-Non-GUI -Database 4 Layers Hardware
-GUI Server 1.Service Devices
-OOUI -Transaction 2.Back End Processing cable
Server 3.Network OS Network software
-Web Server 4. Transport Stacks

Siddiq Ahmed Khan 2

 CA Final -MICS Notes
Middleware – It is distributed software that allows client & server to connect
Service Layer – Carries coded data from software application.
Back End Processing – Encapsulate network instructions.
Network OS – Adds additional instructions.
Transport Stacks – Transfers data packets to the designated receiver.
Considerations for Client /Server Security / Control Techniques to ensure security by IS
Audit
1. Disabling Floppy Drives
2. Disk-less workstations
3. Automatic booting
4. Network Monitoring
5. Data Encryption
6. Authentication System (Log-in ID & Password)
7. Smart Card System
8. Access only to required task.
9. All access points should be known.

N don’t confuse with IS audit (Chapter – 17)

Client / Server Risks 1 T O P E [J you can think of topi]
Categories of risks involved in transition from mainframe to client Server

Technological Operational Economic Political

- Installation Phobia - Success Probability - Susceptible to - Mgmt. & end
- Obsolescence - Cope-up with hidden cost user satisfaction
Changing needs - Higher cost in
Short run
Server Centric Model
Ø Programs are deployed, managed, supported and executed 100% @ server
Ø C/S with dumb terminals
Ø Processing is done on server, client does the data entry & gets display of
information.

Characteristics of Client server

1. Distinguished from each user
2. Operates on separate computer platforms 1
This icon represent acronyms
3. Platforms can be independently upgraded - Key letters used to remember
4. Serve multiple clients concurrently - Given only for most repeated questions
5. Includes networking capability
6. Logics set at the client end
7. Runs of standard query language (SQL)
8. Provides data security
9. User-friendly GUI resided at client end

Siddiq Ahmed Khan 3

 CA Final -MICS Notes

Chapter - 7 - System Development Process

Ø Process of examining of business situation with the intent of improving it.

System Analysis System Design

System Development Life Cycle [ S D L C] (Traditional Approach)

Preliminary Investigation
Requirement Analysis
System Analysis (Present & Proposed)
Design of System
Acquisition & Development of software
System Testing
Implementation & Maintenance

Reasons for failure to achieve system development objectives

1. Lack of senior management support
2. Changing user needs
3. Difficult to design strategic system (Because they are unstructured)
4. Incompatibility of staff with new technology.
5. No proper standard & method of project management & system development
6. Over-worked or under-trained development staff
7. Resistance to change
8. Lack of user participation in development
9. Inadequate testing & training.
System Development Approaches
1. Traditional Approach
Ø Activities are performed in sequence
Ø Work performed in each stage are reviewed by managers & users
Ø It takes years to develop, analyse & implement.
Ø EG : Transaction Processing system
2. Prototyping Approach
Ø Used to develop smaller systems
Ø Useful when system requirement is not known or difficult to determine
Ø Developed in small parts (prototypes) & at lesser cost
Ø Developed prototypes are refined & either turned into final system or scrapped to
develop a new real system
Ø EG: DSS, MIS,ES
Four Steps 1 I DTO [ J you can think of Indirect Taxes ]
a) Identifying information system requirement
b) Develop the initial prototype
c) Test & Revise
d) Obtain user’s approval

Siddiq Ahmed Khan 4

 CA Final -MICS Notes
Advantages
Less time consuming, active user participation, more reliable less costly, errors
detected and eliminated early

Disadvantages
Process owners not willing to devote significant time, Experimented quite extensive
Lack of documentation and Behavior problem

3. End User Development Approach

Ø End user is responsible for system development
Ø Low-cost technology
Ø Decline in standards & controls
Ø Reduction in quality assurance
Ø Unrelated & incomplete systems
Ø No experienced staff
4. Top Down Approach
Ø High Degree of top managements involvement
Stages:
1) Analyse the objectives & goals of the entity
2) Identify the functions. e.g. – Production, Marketing, R & D
3) Ascertain the major activities, decisions & functions
4) Find out the information requirement
5) Prepare information processing program
5. Bottom Up Approach
Ø Starts from Supervisory management (Used to design various sub-systems)
Ø Identification of life stream systems that are essential for day to day activities
Ø Identify basic transactions, file-requirements & programs and develop system for
each such life stream
Ø Integration of data & such systems
Ø Addition of decision models & planning models
Ø Involvement of supervisory management.
6. Systematic Approach
Ø Used in small organizations in which no MIS personnel is involved.
Steps:
1) Identify requirements
2) Locate suitable software & hardware
3) Implement the system
Reasons for Project Failure
Ø Under estimation of time
Ø Under estimation of resources
Ø Under estimation of size & scope of project
Ø Inadequate control
Ø Inadequate planning
Ø Changing system specifications
Ø Lack of senior management participation

N Don’t confuse with Reasons for failure to achieve system development objectives

Siddiq Ahmed Khan 5

 CA Final -MICS Notes
System Development Methodology
Ø Standardized & documented set of activities used to manage system development
project. Division of project into small modules.
Ø Deliverables (Specific report & documentation) must be produced periodically
Ø Approval of development process by users, managers & auditors (Sign Offs)
Ø System Testing
Ø Proper Training
Ø Prevent unauthorized changes to complete program by formalizing system
modifications.
Ø Post implementation review.

Preliminary Investigation Investigation

1. Starts when a problem / opportunity is identified by
User or manager.
2. Clarify & understand he project request.
Review of Conducting
3. Determine the size of the project
Internal documents Interviews
4. Determine the feasibility of alternative approaches
5. Determine their costs & benefits
6. Final report to the management with recommendations.

Feasibility 1T O E S L [J you can think of toy cell ]

Technical Economic Operational Schedule Legal

Hardware & Evaluation of Support of Time required for Fulfills all the
Software incremental workers, development & Statutory and
(no. of users) costs & customers & implementation Financial
benefits Reporting
Suppliers

Requirement Analysis
Ø Determining user needs
Ø Study of application area in depth
Ø Assessing the strengths & weaknesses of present system
Ø Reporting to management

Ø Fact Finding Techniques

Ø 1. Documents 2. Interviews 3. Observations 4. Questionnaire

Input forms, Output

forms, Organization
• 1DIOQ [J you can think of

Manual / Chart honda dio in que]

Siddiq Ahmed Khan 6

 CA Final -MICS Notes
System Analysis

Present System Proposed System

1. Determine the objectives

Analyse Review 2. Study the specifications
Study the existing 3. Determine the required
Inputs Historical aspects physical & logical
Outputs Data files used system
output
Methods &
Overall analysis
Procedures
Internal controls

System Development Tools

1. System Flow Chart ( Process flow & information processing procedures) Presented
by variety of symbols & connecting arrows.

2. Data Flow Diagram (Flow of data within an organisation)

[Data sources & destinations, Data flows, Transformation process, Data Stores]

Symbols in DFD – Data Source & Destination

Data Flow
Transformation Process
= Data Storage
3. Lay out forms & screens (Pre printed forms)
Used to design source document, output, display.

4. System Components Matrix

Highlights basic activities of a system. e.g. – Input, Processing, Output & Storage

5. CASE Tools (Automation of anything that human do to develop systems)

6. Data Dictionery (Computer file containing descriptive information about the data
items)
• It contains information about each data item stored in the system, file in which it
is stored, program that modifies it, authorised users & unauthorised persons.
• It is updated with every change in data item.
• Gives an audit trail to the auditor & helping aid in investigation.

Category of Tools / System Development Tools

1. System Components & Flows (DFD and System component matrix)
2. User Interface (layout forms and screens)
3. Data attributes & relationships (data dictionary and entity relationship diagram)
4. Detailed system process (decision tree /table)

Siddiq Ahmed Khan 7

 CA Final -MICS Notes
Chapter - 8 - Systems Design

1. Review System’s Requirements

2. Developing a model
3. Reporting to Management
Displayed
Output Report, Document, Message)
Printed
Objectives
1. Convey Information (Past, Current & Future Projections)
2. Signal important events
3. Trigger an action
4. Confirmation of an action

Determinants of Designing/ Issues affecting output of design

1CFFTVM
1. Content (Piece of data included in output, it must be objective)
2. Form (Refers the way of presenting content – Text / Graphical / Audio)
3. Format (Manner in which data are arranged – Tabular / Graphic)
4. Timeliness (Daily / Weekly / Monthly or on real time basis)
5. Volume (Amount of data output required – High Speed Printer / Monitor)
6. Media (Paper / Display / Audio / Video)

Input (Efficient data capture, effective coding & appropriate data entry methods)
Guidelines for form designing
1. Easy to fill (Proper flow, logical division & captioning)
2. Purposeful
3. Accurate completion
4. Attractive
Characteristics of good coding scheme
[Code: - Brief no./title/symbol used instead of lengthy/ambiguous description]
1. Unique Code
2. Brief
3. Convenient
4. Expandability (compatible with future growth)
5. Suggestive
6. Permanence

Siddiq Ahmed Khan 8

 CA Final -MICS Notes
Coding Schemes

1. Classification codes (Used to classify record in a particular class)

2. Function codes (Used to describe a function e.g. – sold, delivered)
3. Significant digit subset codes (Permanent Account No.)
Entire code is divided into meaningful parts.
4. Mnemonic Code (Linking with description e.g. MBA, C.A., C.S.)
5. Hierarchical Classification / Progressive Code

Data Storage Individual File System & DBMS

Design of data communication (Simple & Cost effective)

System Manual: (Contains Description, Flow, Output, Input, Persons responsible)

Please refer page 8.9 for 10 marks. – Factors to be considered designing printed output.

Siddiq Ahmed Khan 9

 CA Final -MICS Notes
Chapter - 9 - System’s Acquisition, Software Development & Testing

Acquisition of Hardware
1. Latest possible technology.
2. Speeds & capabilities.
3. Software Considerations.
4. Compatibility to future expansion.
5. Vendor selection & machine selection
Acquisition of software (Pre-packaged Application Software)
(Sources may be computer manufacturer, software houses, retail stores, user groups and In
house development)
Advantages
1. Rapid Implementation 3. Low Risk
2. Quality 4. Lower Cost (No hidden costs)
Steps for selection of a computer system (Software & Hardware)
1. Prepare design specification. 2. Distribute request for proposal (RFP)
3. Analysis of proposals. 4. Contact present users of proposed system
5. Conduct Benchmark Test. 6. Select the equipment/system.
(Actual testing of the system)
Evaluation & Ranking of Proposals (Factors) / Validation of vendor’s proposal
1. Capability & Quality • System Maintenance
2. Cost-Benefit Analysis • System Development Support
3. Cost of maintenance • Training
4. Compatibility • Back-up
5. Services provided by the vendor • Complement Hardware / Software
Method of Evaluation/ Validating RFP • Business hours v/s Round the clock
service
1. Checklists (Subjective Method) –
2. Point-scoring analysis
3. Public evaluation reports
(consultancy agency, present users, financial statement analysis, credit rating agency)

Development of Software / Stages through which program has to pass

Stages [Program Development Life Cycle]
1. Program Analysis. [Analyse the output required, input available & processing]
2. Program Design. [Planning the basic layout of the program e.g. Flow Charts,]
3. Program Coding [Flow Charts converted into program statements. Eg:-
Interpreter or Compiler] Coded instructions are entered into a magnetic media
that constitutes source language. Then it is translated into machine language. It
should be simple, short & require less processing time.
4. Debug the program. [including walkthrough, tests & review of program codes]
5. Thorough testing of the program.
6. Documentation.
7. Program maintenance.
Manager’s involvement in Stage 1,2 & 7 (asked in past examination)

Siddiq Ahmed Khan 10

 CA Final -MICS Notes

Program Development Tools / Design tools in Software Development

1FPS40 [J you can’t think of anything, just remember as it is ]

1. Flow Charts. (Graphical Format)

Represents program logic
2. Pseudo Code. (English-Like statements)
3. Structure Chart. (Similar to organization chart; No program logic)
4. 4GL Tools. (Automation of manual task)
5. Object Oriented Programming & Designing Tools.
N - don’t confuse with System development tools

Benchmarking problems for vendor’s proposal

1. It represents, part of buyers primary computer workload
2. It is oriented towards testing whether a computer offered by the vendor meets the
requirements of buyers
3. Benchmarking problems can be applied only if job mix is clearly defined comprises of
long jobs, short jobs, tape jobs and disk jobs
4. Provides realistic and tangible basis for computing vendors proposal
5. It is popular because it can test functioning of vendors proposal
6. Disadvantages : considerable time and effort to select representative of job mix

Program debugging : A process of correcting programming language, syntax and

diagnostic errors to make ‘Compiler clear’, means successful conversion from source code to
machine language instructions
Four steps: 1. Source program to compiler 2. Finding errors by compiler
3. Correcting the error code, 4. Resubmit to compiler

Factors affecting make or buy decisions of application software

Ø Availability of skilled manpower
Ø Cost of programming
Ø Backlog of program
Ø Suitability of software
Ø Time frame available for implementation
Ø Availability of sophisticated software

System Testing
To be conducted prior implementation
1. Preparation of realistic test data.
2. Processing with new equipment
3. Thorough checking of the results.
4. Review of the results.

Best way parallel process

Siddiq Ahmed Khan 11

 CA Final -MICS Notes

Chapter – 10 - System Implementation & Maintenance

The process of ensuring that the information system is operational and then allowing user to
take over its operation for use and evaluation is called ‘System Implementation’

Equipment Installation
Ø Necessary hardware to be ordered
Ø Use of Installation Checklist.
Ø Site Preparation ( appropriate location, operating environment, planning
space layout , electricity supply and carpets to be avoided
Ø Equipment Installation (to be installed by the manufacturer and connected)
Ø Equipment Checkout (turned on to check/test under normal operating
conditions, devise and run extensive tests

Training Personnel
Ø System operator training (fundamental of turning on the system, knowledge of normal
operation, trouble shooting and contact names and numbers in case of emergency)
Ø User training (guidelines on equipment use and training on data handling activities )

Conversion Procedures / Changeover from manual to computer system/ from existing to

new system 1 DPGMD
1) Direct changeover
Straightforward dropping old system & using the new one. Thorough testing is
required before this conversion
2) Parallel conversion
Running old and new system parallelly, reliability of results are examined and move to
the new system, Adv : checking the data ensure security Dis adv: cost of running two
systems and virtually doubling the work
3) Gradual conversion.
Attempts to combine the best features of the earlier two plan Adv : allow user to get
involved ,Dis adv :takes long time to get system in place
4) Modular prototype conversion.
Building of modular operational prototypes in a gradual manner, thoroughly tested
before use Dis Adv : prototype is not feasible, special attention to be paid
AP/AM/AR/ GL modules
5) Distributed conversion.
Implementing a new system in particular location, stores, business unit, franchise or
bank, on successful completion others covered under new system
Activities Involved in conversion1 PFSSA
1) Procedure conversion
Operating procedure documented, information on input, process and output to be
provided and presented in clear and concise manner, brief meeting must be held ,
revisions to operating
2) File conversion
This phase to be started long before programming and testing are completed, to provide
compatible format, data to store on magnetic disk and file conversion program
thoroughly tested
3) System conversion.
Cut of point to be established, differences to be reconciled , old system to be dropped
when new system performance is okay
Siddiq Ahmed Khan 12
 CA Final -MICS Notes
4) Scheduling personnel & equipment
For the first time difficult task for managers, scheduling to be set in conjunction to
departmental managers operational units, schedule to be realistic and to follow
methods and procedures set in MIS

5) Alternative plans in case of equipment failure.

Priority to critical jobs – billing, payroll, and sales invoices and to clearly define who,
how, what and why to do things in case of equipment failure

Post-Implementation Evaluation / Evaluation of new system

How an evaluation system keep track to performed the new system in well manner
Provides feedback, assess the value of information and performance of personnel and
technology in the new system
It helps in answering the following questions like what adjustments are necessary and what
adjustment to be made in future

Development Evaluation Operational Evaluation Information Evaluation

Within budgets, within Transaction processing in Satisfaction of users can be
time lines time, accuracy, acceptable, used as measure to evaluate
timeliness and storage information

Ø Evaluate whether the new system is working properly & the users are satisfied.
Ø Current adjustment in new system.
Ø Proposed adjustments in case of future development.
1) Development evaluation. [on schedule & within budget]
2) Operation evaluation.
3) Information evaluation

System Maintenance
Ø Arises due to malfunction/failure to anticipate during design
Ø Involves adding new data elements modifying reports and changing calculations
Etc.
Scheduled maintenance – Anticipated and planned
Rescue maintenance – previously undetected malfunctions that were not anticipated
but require immediate solution.

Siddiq Ahmed Khan 13

 CA Final -MICS Notes
Phase - 2
Chapter – 11 - Design Of Computerised Commercial Applications
Please practice the flowcharts. And you can ignore the flowchart, which is asked in
immediate exam and read Share accounting.

Chapter – 12 - Enterprise Resource Planning – Redesigning Business

Integrated software solution to all the functions of an organization.

Definition
ERP is a fully integrated business management system covering all functional areas.
Eg :- Logistics, Production, Finance, and Accounting & Human Resource.
It organizes & integrates the above-stated operations to make optimum use of
resources & maximize return. It does the same thing but in a different manner.

Benefits
1) Assists employees & managers. 6) Reduction of paper document.
2) Production scheduling. 7) Timeliness.
3) Optimum capacity utilization. 8) Accuracy.
4) Reduce Inventory. 9) Quick response.
5) Better services to customers. 10) Competitive advantage.

Characteristics / Key Characteristics to Qualify for ERP

1. Flexibility – Runs across various databases.
2. Modular & open system architecture – Modules can be interfaced/detached whenever
required without affecting the other modules.
3. Comprehensive – suitable for wide range of business organization.
4. Beyond the company – Supports online to other business entities and organization
5. Best Business Practices – Imposes its own logic on a company’s strategy, culture and
Organization.
6. Use of EFT, EDI, Internet, Intranet, E-Commerce., etc.

Features of ERP
1. Provides multi platform, Multi facility, Multi currency and multimode manufacturing.
2. Supports strategic and business planning activities
3. Has end to end supply chain management
4. Coverage of all functional area
5. Perform core activities and increases customer services
6. Integration of systems across organization / Across globe
7. Solutions for better project management
8. Automatic introduction of latest technology like EFI, EDI & Internet.
9. Provides business tools like DSS & EIS.

Siddiq Ahmed Khan 14

 CA Final -MICS Notes
Benefits of ERP
1. Best use of resources
2. Reduce paper documents
3. Improves timeliness of information
4. Greater accuracy, detailed presentation
5. Improved cost control
6. Inbuilt internal controls
7. Efficient follow -ups and cash collection
8. Better monitoring and quicker resolution of queries
9. Improvement in processes
10. Improvement in generating of data from analytical reviews
Business Process Re-engineering [BPR]
BPR is the fundamental re-thinking & re-designing of processes [not enhancing or
improving] to achieve dramatic improvement.

Business Engineering = BPR + Information Technology

Re-thinking of business processes to improve speed, quality & output.

Business Modeling
Ø Consists of Core Business Processes/Activities & their inter-linking in a diagrammatic
form.
Ø Planning – Top down approach.
Execution – Bottom up approach.
Ø Readymade Business Modeling Templates are also available in the market.

Method Of Implementing ERP / Steps involved in Implementation of ERP

Before implementation ERP must be divided into modules & components. It must be
customized as per the requirement. Implementation must be formalized.

Ø Identifying the needs for implementing ERP.

Ø Evaluating the present situation “AS IS” ERP Vendors
Ø Deciding the proposed situation.
1) Baan (The Baan Company)
Ø Re-engineering of processes.
2) Oracle (Oracle)
Ø Evaluation of various alternative ERP packages.
3) R/3 (SAP)
Ø Finalizing the ERP package.
Ø Installation of required Hardware & Network. 4) System 21 (JBA)
Ø Hiring the ERP consultants.
Ø User training.
Ø Final implementation of ERP package.

Siddiq Ahmed Khan 15

 CA Final -MICS Notes

Determination of ERP package 1 FCIBBN

1. Flexibility. [Ability to change according to future requirements]
2. Comprehensive. [Applicable to all industries]
3. Integration.
4. Beyond the company. [Supports processes with customers, suppliers, banks, etc.]
5. Best Business Practices. [Best Business Practices stored in ERP knowledge base]
6. New technology.
7. Other factors - Global presence /price of the package/obsolesce of the package/ease of
implementation and duration /cost of implementation/post implementation
support availability.
General guidelines before starting Implementation
1. Analyze the corporate needs.
2. Business Process Re-engineering.
3. Establishment of good network.
4. Leadership & Motivation.
5. Appointment of Project Manager.
6. Hiring of consultants.
7. Selection of suitable package.
8. Training.
9. Final implementation.
10. List down the Critical Success Factors (CSF’s) at departmental level.
11. Numeric values assigned to CSF’s is called Key Performance Indicators (KPI’s).
Life after implementation
Expectations Fears
1. Increased productivity. 1. Job redundancy.
2. Automation of processes. 2. Importance of information is lost
3. Improvement in KPI’s. 3. Change in job profile
4. Elimination of manual work. 4. Loss of control & authorization.
5. Total integration. 5. Stress due to greater transparency
6. Real-time information. 6. Individual fear of loss of authority
7. Improved networking features. 7.

Ground realities after implementation

The implementation should be top down
Key performance indicator are not measured
Same process better done manually
ERP project to be treated as business project
The objective of ERP to be identified documented and communicated.

ERP Audit
Ø Necessary for ensuring the proper functioning of ERP package.
Ø May be specific or general.
Ø Evaluation of security, authorization & control.
Ø ERP audit trail.

Siddiq Ahmed Khan 16

 CA Final -MICS Notes
Chapter – 19 - CASE Tools and Digital Technology
CASE Tools – Computer Assisted Software Engineering
Case provides software engineers to automate manual activities.
Case encompasses computer-based procedures, techniques and tools that can be used to
develop, maintain and reengineer software
Categories of Case tools

Tools Work benches Environment

Supports individual process Supports Process Support for all or part of the
tasks such as checking the phases such as software processes includes
consistency, design, compiling specification design, several different workbenches
and comparing the result like consists of set of tools like integrated environment
Editors , compilers file like analysis and and process centered
compactors design, programming environment.
and testing

Integrated CASE Tools

Ø Specialized CASE Tools are combined together to form an integrated CASE Tool.
Ø 5 Levels :-
1. Platform Integration
Integration of all the tools/workbenches run on the same platform. Platforms may
be a computer / network / operating system.
1. Data Integration
Ø Process of exchange of data by CASE Tool.
Ø 3 Levels
i. Shared Files :- All the tools recognize a single file format.
ii. Shared Data Structures :- Make use of shared data structures including
program/design language information.
iii. Shared Repository :- Integrated around a object management system.
3. Presentation Integration
Tool use a common standard presentation for user interaction.
[Window System, Comparable Functions and Interaction Integration]
4. Control Integration
Mechanism to control the integration of other CASE Tools.
5. Process Integration
Integrates the knowledge about processes, their phases, their constraints, etc. to
support their activities.

Siddiq Ahmed Khan 17

 CA Final -MICS Notes
Typical Components of a CASE Workbench
1. Diagram Editor.
2. Analysis, Checking & Correction.
3. Query Language.
4. Data Dictionary.
5. Report Generator.
6. Import/Export facility.

CASE Workbenches

Programming 4GL Analysis & Testing Meta-CASE

Workbench Workbench Design Workbench Workbench
Workbench
Set of tools to Produce Supports the Helpful in Used to generate
support interactive analysis & testing of other CASE Tools.
program application design stage of systems before
development. which extracts software. implementation. 5 aspects :-
information
1. Data Model.
e.g. :- from DBMS & e.g. :- e.g. :-
2. Frame Model.
à Language present it to the à Diagram à Test Manager
3. Diagrammatic
Compiler. end user. editor. à Oracle
notation
à Structured à Data àFile compactor
4. Textual
Editor. Updates DBMS dictionary. à Report
presentation
à Linker. with changes à Forms generator
5. Report
à Loader. made by the definition à Simulators,
structures
à Cross- end user. tools. etc.
Referencer. à Import
à Interactive e.g. :- Export
debugger, à Query Facility.
etc. Language à Code
à Form design generators,
tools. etc.
à Spread-sheet
àReport
generator,
etc.

Siddiq Ahmed Khan 18

 CA Final -MICS Notes
Phase - 3
Chapter – 13 - General Controls in EDP Set –up

1. Operating System Control

Ø Main functions of operating system are language translation, allocation of Computer
resources, job scheduling, multi-tasking & lots more.
Ø Objectives of Operating System Control
Protection
Of From
Operating System Itself
Operating System Its environment
Operating System Users
Users Each other
Users Themselves

Operating System Control

OS Security Threats to OS Controlling against Controlling Audit

integrity Virus, etc. Trail
1. Log on 1. Accidental. 1. Virus. Objectives –
procedure. [User [Hardware [Penetrates OS] 1. Detecting
ID & Password] failure, Os 2. Worm. unauthorized
After Log-on, OS failure] [Occupies idle access. [Real
creates Access 2. Intentional. memory] time /
Token for each [Abused 3. Logic Bomb. subsequently]
session. authority & [triggered by 2. Analyzing the
2. Access Token. intruders] pre-determined reasons for such
[Contains user 3. Computer virus. event] event.
ID, password & 4. Back Door. 3. Personal
privileges [Unauthorized accountability.
granted] access]
3. Access Control 5. Trojan Horse.
List. [List of [Captures ID’s &
privileges to all passwords]
the users] Controlled by :-
4. Discretionary
access control. 1. Anti-Virus
[One valid user program
can assign to 2. Anti-Viral
other at his program/vaccin
discretion] e
[Run
continuously on
a computer
system to detect
virus]

Siddiq Ahmed Khan 19

 CA Final -MICS Notes

2. Data Management Control

Access Controls Back-up Controls /Recovery features in
DBMS
Ø Flat File System – Easy to control. Ø Back up may be in magnetic disc or in
Ø DBMS – 5 control features :- magnetic tape.
1. User View – Privileges to required users Ø Back up controls in DB environment
only.
2. Database Authorization Table – Contain 1. Back-up
actions a user can take. 2. Transaction Log – Provides an audit trail.
3. User Defined Procedures – Series of 3. Checkpoint – Several checkpoints in 1
personal questions. hour.
4. Data Encryption 4. Recovery Module
5. Biometric Devices – Finger Prints, Voice
Prints, etc.

3. Organisation Structure Control ( Segregation of duty)

i. Separating System Development from Computer Operations.
ii. Separating System Development from Maintenance.
iii. Separating Database Administration from other functions.
iv. Separating Data Library from Operations.
v. An Alternative Structure for System Development.
4.Computer Centre Security & Control / Different types of securities required for computer
System - V imp
Risks Controls
1. Fire Damage 1) Disaster Recovery Plan
2. Water Damage i. Emergency Plan
3. Energy Variations ii. Back-up Plan
4. Pollution Damage iii. Recovery Plan
5. Unauthorized Intrusion iv. Test Plan
2) Insurance of Hardware &
Data

5. System Development Controls 6. System Maintenance Control

i. System Authorization – Evaluation of the i. Maintenance Authorization, Testing &
system before the development. Documentation.
ii. Users Specifications – Active involvement ii. Source Program Library (SPL) Controls –
of user during the development phase. Documentation of retrieval, change,
iii. Technical Design – Documentation of user obsolescence, etc. of program in SPL.
specifications and development process. iii. Password Control in SPL
iv. Internal Audit Participation iv. Audit Trail & Management Report
v. Program Testing v. Program Version Number
vi. User acceptance vi. Message Sequence Numbering

7. Internet & Intranet Controls / Major Categories of Exposures in Communication

Subsystem
Ø 2 types of risks :-
i. Component Failure – Communication Line, Hardware & Software.
ii. Subversive Threats – Unauthorized Intrusion.

Siddiq Ahmed Khan 20

 CA Final -MICS Notes
a) Invasive Tap – Can read & modify data.
b) Inductive Tap – Can read only.
Ø Subversive Attacks – Insert / Delete / Modify / Alter the sequence / Discard /
Delay Messages.
Ø Control s :-
1) Firewall
Ø Controls the communication between two networks. Insulates the organization’s
network from external networks.
Ø 2 Types :-
i. Network-level Firework – Low cost & low security level.
ii. Application Level Firewall – Costly & higher security level.
2) Controlling Denial of Service Attacks

SYN
User Connecting Receiving
SYN/ACK
Server Server
ACD

Ø Receiving Server is blocked due to non- SYN ACK ACD

receiving of ACD packets and the legitimate
user is prohibited from communicating.
Computer
Hacker
3) Encryption [Clear text à Cipher text à Clear text]
Ø Conversion of data into secret codes for storage / transmission.
Ø 2 types :-
i. Private Key Encryption – Single key used by both sender and receiver.
ii. Public Key Encryption – Public key is used to encrypt the data and private
key is used to decrypt the data.
4) Message Translation Log
Record of all incoming & outgoing messages.
5) Call Back Devices
Calls back only the valid user to establish the connection.
8. Personal Computer Controls
Risks Controls
1. Incompatibility of Hardware / Software. 1. Centralizing PC purchase
2. Poor Data Security 2. Physical locking of hardware
3. Decentralization of processing 3. Regulating the use of floppy
4. Computer Virus 4. Proper training
5. No thorough testing. 5. Virus prevention
6. Weak access control 6. Proper Back-up arrangement – Floppy,
7. Inadequate Back-up procedures Dual Internal Hard Disks, External
Hard Disk, Tape Back-up.
7. Multi-level password control.

Siddiq Ahmed Khan 21

 CA Final -MICS Notes
Chapter – 14 - Application Controls in EDP Set-up

Input Controls
1. Source Document Control
Pre-numbered ; Used in Sequence ; Periodical Audit
2. Data Coding Control / what types of errors can corrupt a data code
checking the integrity of data codes used in processing
i. Transcription Error (addition / truncation / substitution)
ii. Transposition Error (e.g. 38276-83276)
⇒ Check Digit - method of detecting data coding errors a control digit is added to
code when originally assigned, establishes integrity.
3. Batch Control
i. Batch Transmittal Sheet – It is prepared by user department & submitted along with
batch of source document. It contains Batch no., Date, Transaction Code, Batch
Totals.
[Batch Totals = Record Count, Hash Total & Control Total]
ii. Batch Control Log – Contains the details of all the batches processed during a
period.
4. Input Validation control

Field Interrogation Record Interrogation File Interrogation

Ø Examines the characters i. Sequence Check Ø It ensures that the
in the field. ii. Completeness Check required file is being
i. Limit Check iii. Combination Check processed.
ii. Data Type Check iv. Redundant Data check i. Internal Label Check
(alphabetic / numeric) v. Password ii. Version Check
iii. Valid Code Check vi. Authorization iii. Expiration Date Check –
iv. Check Digit Prevents deletion before
v. Arithmetic Check expiry.
vi. Cross Check
5. Input Error Correction
i. Immedia te Correction – at the time of input
ii. Create an Error File – correction at a later time
iii. Reject the Entire Batch – processing is done when all the records are made correct.
Processing Controls
1. Run-to-Run Control
Ø Monitors the batch as it moves from one programmed procedure(run) to another.
Ø Ensures that the batch is processed correctly and completely at each run.
Ø Recalculates control totals; Transaction Codes; Sequence Checks.

Siddiq Ahmed Khan 22

 CA Final -MICS Notes

2. Operator Intervention control

Control of various tasks in which active involvement of operator is required.
3. Audit Trail Control
Ø Proper documentation of all the transactions.
(i) Transaction Logs (Log of all successful transactions)
(ii) Transaction Listings
(iii) Error Listings (List of unsuccessful transactions)
(iv) Log of Automatic Transactions
(v) Listing of Automatic Transactions
(vi) Unique Transactions Identifiers
Output Controls
Ø Ensures that output is not lost / corrupted and their privacy is maintained.
1) Tape & Disk Output Controls
⇒ Parity Bit Checking (Hardware Controls)
⇒ Check Digits (Software Controls)
⇒ ECHO Check
2) Printed Output Controls
i. Verification of output [Output directly / indirectly related to inputs and exception
reports]
ii. Distribution of output
iii. Procedure for acting on exception reports
⇒ Real time system output are exposed to disruption, destruction, corruption, etc.

Siddiq Ahmed Khan 23

 CA Final -MICS Notes
Phase - 4
Chapter – 18 - Information Security

Ø Information Security means protection of valuable information within the organization

by applying various standards, measures, practices & procedures.
Objective of Information Security
1. Protecting the interest of the users of the information.
2. Protecting the Information System.
3. Protecting the communication.
Ø The security objective is met when the following conditions are satisfied :-
(i) Availability – Information is available whenever required.
(ii) Confidentiality – Disclosed only to authorize persons.
(iii) Integrity – Protected against unauthorized modifications.
Sensitive information
Strategic Plans; Business Operations (List of client’s name & add.); Financial Information.

Principles of Information Security 1 AAMTRICS [J ‘AAM’ means

mango TRICS means Tricks ]
1. Accountability – It must be formalized & communicated. Use of proper audit trail.
2. Awareness
3. Multi-disciplinary – Technological and non-technological issues.
4. Timeliness – Monitoring & timely response.
5. Re-assessment – Periodical changes.
6. Integration – Security system must be co-coordinated.
7. Cost Effectiveness
8. Social factors – Respecting rights / interests of others.
3 types of Information Protection
1. Preventative Information Protection
(i) Physical (e.g. locks and guards, floppy access lock)
(ii) Logical / Technical (e.g. passwords & authentications, etc.)
(iii) Administrative (e.g. Security awareness)
2. Restorative Information Protection
⇒ Timely restoration of lost information after occurrence of the event.
3. Holistic Protection
⇒ Planning for unexpected and unknown events to happen.

Siddiq Ahmed Khan 24

 CA Final -MICS Notes
Approach to implement Information Security.
1) Designing Security Policy that defines acceptable behaviors and reactions in case of
violations.
2) Proper communication of Roles & Responsibilities to individuals –
Individuals Responsibilities
Executive Management Overall responsibilities
IS Security Professionals Design & Implementation of
security policy.
Data Owners Maintaining accuracy & integrity
Process Owners Ensuring appropriate security
embedded in there IS.
Technology Providers Assist in implementation of
Information Security System.
Users Follow the set procedures.
IS Auditors Independent assurance.

3) Designing of Information System Security Framework after the policy has been
approved by the governing body.
4) Timely Implementation of Information Security System after designing of framework.
5) Continuous Monitoring, disciplinary & corrective actions.
6) Adequate Training, Education & Awareness program to ensure proper functioning of
Information Security.
Role of Security Administrator
Ø Responsible for controlling and co-coordinating the activities related to security
aspects.
Ø Ensures adequate Information Security; Sets Policies; Investigates; Advices; Trains the
users; Monitors the activities related to Information Security.

Siddiq Ahmed Khan 25

 CA Final -MICS Notes
Chapter – 15 - Detection of Computer Frauds

⇒ Computer fraud means obtaining unfair advantage over another person, computer, or
organization using computer, computer network or computer resources.

Measure adopted to detect computer frauds

1. Conduct frequent audits – External/Internal/ Security Audit/BS7799
2. Use of computer security officer
3. Use computer consultants - to test and evaluate security procedures
4. Monitor system activities – log to maintained and log to record who, when
and what accessed
5. use fraud detection software
6. use computer forensic tools (disk imagining analysis)
7. Normal file structure – free space, lost chains, detected files and temporary
internet files

Why should business take computer fraud seriously

Business entitity depends on network and computers
Dependent on EFT and EDI
Business connected through Internet – exposed to more risks
Growth of electronic cash – risk of theft destruction and misuse

Computer Fraud includes

Ø Theft, unauthorized access, modification, copy or destruction of software, sensitive
& confidential information.
Ø Theft of money using computer.
Ø Theft, destruction of computer hardware.
Ø Financial / reputation damage to a business using computer.
Examples of Computer Frauds
Ø Investment fraud (offering high rate of return)
Ø Secret market fraud (pretends & influence that there is a confidential market for a
particular financial instrument offering a high rate of return)
Ø Pyramid Schemes (offer high return on contribution & invariably collapse)
Ø Hacking (unauthorized access / modification to data / software)
Ø Cracking (Hacking with malicious intention)
Ø Abuse of computer system by employees (for personal purpose)
Ø Software piracy (unlicensed copy of software)

Siddiq Ahmed Khan 26

 CA Final -MICS Notes

Primary Risks to business

Internal Threats External Threats

1. Input * [alter computer input] 1. Removal of information
ü Collusive fraud (Banking Fraud) 2. Destruction of integrity
ü Disbursement Fraud (payment 3. Interference with web pages
against false bills) 4. Virus by e-mail
ü Payroll fraud (fictitious employees) 5. Interception of e-mail
ü Cash receipt fraud 6. Interception of EFTs/Electronic
payments.
2. Processor [unauthorized use of computer
system / services / time]
3. Computer Instructions [tampering with the
software]
4. Data [altering / damaging / copying
company’s data]
5. Output [misuse of printed / displayed
output]
6. e-mail [altering the content]
* Exam question - Computer frauds committed through input.

Reasons for Internet Fraud / substantiate with reasons to the view that there is a steep rise
in the Internet computer fraud, and why many institutions unable to contain it.

Ø Unregulated (no license fee, no central authority)

Ø Global origin – no particular place to create
Ø Difficult to distinguish genuine from fraud
Ø Fraudulent sites
Ø No prescribed jurisdiction
Ø No verification system for genuineness of information
Ø Ambiguity on definition of fraud
Ø Many frauds go undetected /unreported
Ø Poor network security.

Preventing computer frauds /Measures that can reduce potential for fraud
1. Make fraud less likely to occur
2. Use proper hiring and firing process
3. Manage disgruntled employees
4. Train employee in security and fraud prevention measures
5. Fraud awareness
6. Telephone disclosures
7. Punishment for unethical behaviour
8. Signed confidentiality agreements

Siddiq Ahmed Khan 27

 CA Final -MICS Notes
Controls to prevent fraud/ increase the difficulty to commit fraud
1. Develop Strong internal controls
2. Segregation of duties
3. Require vocation and Rotate duties
4. Restrict access to computer equipment and data files
5. Encrypt data and programs
6. Protect telephone lines
7. Protect the system from viruses
8. Control sensitive data
9. Control laptop computers

Detection methods
Ø Conduct audit at regular interval
Ø Appointment of Computer security officer
Ø Hiring of computer consultants
Ø Maintenance of System activity log
Ø Fraud detection software
Ø Computer forensic tools – In this technique deleted files are recovered. Exact copy of
disk is taken through disk imaging technique & investigation is done without the
knowledge of the fraudster. [Disk Imaging & Analysis Technique]

Security methods
Ø Take proper insurance cover
Ø Keeping back-up at remote location
Ø Develop contingency plan
Ø Using special software to monitor the activities

Please refer study material for computer fraud and abuse techniques Page – 15.9
Disk imaging and analysis techniques – v important page –15.17

Siddiq Ahmed Khan 28

 CA Final -MICS Notes
Chapter – 16 - Cyber Laws and Information Technology Act, 2000
Objectives of the Act
Ø Grant legal recognition to electronic transactions (EDI and E- commerce)
Ø Legal recognition to digital signature authentication
Ø Facilitate electronic filing of documents with govt authorities
Ø Facilitate electronic storage of data
Ø Facilitate Electronic Fund Transfers
Ø Recognition for maintaining books of account by banker in electronic form
Scope of this Act
Extend to all over India and also to any offence committed thereunder outside India.
Enforced from 17 th October 2000.

Definitions
Asymmetric Crypto System
Key Pair consisting of a private key (for creating digital signature)
and a public key (to verify the digital signature).
Digital Signature
Authentication of electronic record by means of an electronic method.
Secure System {Hardware, Software & Procedure}
ü Is secure from unauthorized access
ü Provide a reasonable level of reliability
ü Suited in performing the intended functions.
ü Adhere to generally accepted security procedures.
Power of CG to make rules in respect of digital signature (Section – 10 )
1. Type of digital signature
2. Manner and format for affixing it.
3. Manner & procedure to identify the originator.
4. Control procedures to ensure security, Integrity & confidentiality.
5. Any other matter to give legal effect to digital signature.
License Issues digital certificates
Controller Certifying Authority

Damage to Computer, Computer system, Computer network, Computer hardware etc.

(Section 43)
Ø Accesses or secures access to
Ø Downloads or copies any data from such Computer
Ø Introduces or causes to introduce any virus into the Computer System
Ø Damages or causes to damage any Computer Network
Ø Denies or causes denial access to such Computer Resource etc.
Ø Provides assistance to access to (Compensation upto Rs. 1 Cr.)
Ø Tampering or manipulating

Siddiq Ahmed Khan 29

 CA Final -MICS Notes
Penalties
Ø Failure to furnish information upto Rs.1.5 lakh for each failure
Ø Failure to file return upto Rs.5000/- per day
Ø Failure to maintain books upto Rs.10000/- per day
Ø Hacking with computer system upto 2 lakhs/imprisonment upto 3yrs./both
Ø Misrepresentation upto 1 lakh/imprisonment upto 2yrs/both
Ø Breach of confidentiality upto 1 lakh/imprisonment upto 2yrs/both

Power of CG to make rules (Sec 87)

Ø By notification in the official gazette and in the electronic gazette
Ø Matters to be specified in the rules
ü Manner of authentication by means of digital signature
ü Electronic form of filing, issue, payment etc.
ü Type and manner of affixing digital signature.
ü Qualification, disqualification and terms & conditions of service of controller etc.
ü Standards to be observed by controller
ü Form and manner of application for license.
ü Form for application for issue of digital certificate. etc.
ü Qualification /experience of the adj udicating authority
Duties of certifying authorities
Ø Make use of hardware/software that are secure from intrusion
Ø Reasonable level of reliability to suit the performance of intended functions
Ø Procedure to ensure secrecy and privacy
Ø Observe standards specified by regulations
Ø Certified authority to ensure every person employed complies with Act
Ø Authority to display a license in a place or premises which carries on the business
Ø Certifying authority shall disclose its digital signature containing public key
Steps to create Digital Signature
Ø Electronic record is converted into “Message Digest” using mathematical function
known as “Hash Function” which freezes the electronic record.
Ø Private Key attaches itself to the message digest.
Liabilities of Companies
Ø Every person who was in-charge / responsible for day-to-day activity & the company
shall be deemed to be guilty of such offense & shall be liable to be punished &
proceeded against.
Ø Every Manager, Director, Officer with whose connivance such offense was committed
shall also be liable.
Ø No liability if he proves his innocence.

è Controller shall act as repository for all digital signatures issued under this act.

Grey Areas, which are not covered by the Act

• Protection from domain names
• Infringement of copyright laws
• Jurisdiction aspect of electronic contracts
• Taxation of goods and services trading through E- commerce
• Stamp duty aspect of electronic contracts

Siddiq Ahmed Khan 30

 CA Final -MICS Notes
Chapter – 17 - Audit of Information Systems

Auditing concerns / primary concerns

Ø Audit trails – backward and forward
Ø Integrity of the transactions
Ø Handling of exceptions
Ø Testing whether performing as stated
Ø Authorization of system
Ø System overrides authorization process
Ø Compliance with statutory
Ø Adequate controls between interconnected systems
Ø Adequate security procedures
Ø Recovery/ backup procedures
Ø Operation platforms are compatible and controlled
Ø Redundancy in eliminated

Computer auditing approach different from manual auditing due to

Ø Electronic evidence
Ø Computer terminology
Ø Automated processes – processing and logic of the concepts
Ø Exposed to new risks
Ø Reliance on controls not possible
Scope & Objectives of IS Audit
Ø Computerized system & applications
o Appropriate, efficient and adequately controlled, to ensure valid, reliable,
timely, secure input processing and output
Ø Information processing facilities
o Ensure timely accurate and efficient processing and applications
Ø System development
Ø Management of IS
Ø Client/server, telecommunications, and intranets
IS auditor’s role
Ø Establish control objectives
Ø Eliminate potential risk
Ø Review to determine areas of correction and improvement
Ø Control over assets of entity

The sole purpose of audit information systems, to review and evaluate an internal control
that protect the system and safeguards the assets

Siddiq Ahmed Khan 31

 CA Final -MICS Notes
IS Audit Objectives
Ø To secure/protect computer equipment, programs and communications from
unauthorized access
Ø Program development and acquisition performed as per management’s
authorization
Ø Accuracy and completeness of transactions processed
Ø Inaccurate and improperly authorized source data to be handled as per managerial
policies
Ø Computer data files are accurate, complete and confidential

Audit of Computer processing

(In online systems, conventional audit trail is difficult and almost impossible why ? Past
exam question)

Ø Understand & evaluate the processing controls.

Ø Ensure that they are practically followed
Ø Periodical review of all the controls
Ø Elimination of control deficiencies.
Ø Test data processing – Processes a series of correct & incorrect data and reverse the
effect of test data after auditing.
I - Concurrent Audit Techniques
(Continuous monitoring of system and input on a real time basis)
1. Integrated test facility
• Places set of fictitious records
• Records may represent a branch, division, unit or customer
• Fictitious records do not affect actual records
• Employee remains unaware
• Auditor compares processed data with expected results
• Suits in online processing systems
• Does not disrupt regular operations

2. Snapshot Technique
• Examines the way transactions are processed
• For selected transactions marked with special code that triggers snap shot process
• Snap shot data recorded in separate file and reviewed by auditor to ensure
correctness

4. System control audit review file (SCARF)

• Uses embedded audit modules to continuously monitor the transactions
• The transactions with special audit significance will be recorded in SCARF or
Audit log
• Criteria : specified rupee limits, inactive accounts
• Auditor reviews and follow up questionable transactions

5. Audit hooks
• Flags suspicious transactions & display a message at the auditor’s terminal its
also called ‘Real time notifications’

Siddiq Ahmed Khan 32

 CA Final -MICS Notes
6. Continuous and Intermittent Simulation (CIS)
Same as SCARF, but applied for databases, in case of serious discrepancies, CIS prevents
the database from executing the update process,

Relevance of concurrent audit techniques

Applied in case of online transactions, with huge amount/transactions

II - Analysis of Program logic

(Time consuming & require programming language proficiency)
Ø Detailed analysis of the program will be done
Ø Automated flowcharting programs ( Automatically generates flow chart from
Source code)
Ø Automated decision table programs

Source Data Controls

Ø Detection of inaccurate & unauthorized source data.
Ø Input control matrix (control applied to each field of input data)
Ø Periodical review of control procedures to maintain effectiveness
Data Files Controls
Ø Data storage risk (access, modification, destruction)
Ø Audit procedures checklist

Siddiq Ahmed Khan 33

 CA Final -MICS Notes
Phase - 5
Chapter – 3 - Basic Concepts of MIS

Management Information System

à Determining the objectives à Reprocessing of data & à Consisting of a no. of
à Developing plans putting them into a elements operating
à Securing & organizing meaningful & useful together for
various resources context accomplishment of an
à Exercising adequate objective.
controls
à Monitoring the results
⇒ MIS is a network of information that supports management decision-making.
⇒ It uses the information resource for effective & better achievement of organizational
objectives.
⇒ Canith defines “MIS as an approach that visualize the organization as a single entity
composed of various inter-related and inter-dependent sub-systems to provide
timely & accurate information for management decision making.

Characteristics of an effective MIS

1. Management oriented [Development of MIS starts from the need of the management]
2. Management directed [management actively directs the MIS development]
3. Integrated [all the information sub-system works as a single entity]
4. Common Data Flow [common input, processing & output procedures & media]
5. Heavy planning element [consumes substantial time to develop]
6. Sub-system concept [entire MIS is divided into smaller sub-systems]
7. Common Database
8. Computerized
Misconceptions about MIS [and their clarifications]
1. MIS is about the use of computers [it may or may not involve computers]
2. More data in reports means better information for managers [quality of data and not
the quantity of data is relevant]
3. Accuracy in reporting is of vital importance [Information may be approximate.
Accurate information involves higher cost]

Pre-requisites of MIS
i. Database and DBMS
User defined, Common data source, Access to authorized persons only, controlled
by separate authority
ii. Qualified system & staff
iii. Support of top management
Because subordinates are lethargic, large emphasis needs to be given, updating to
the management about the status
iv. Adequate control & maintenance of MIS
Ensuring system is operating as it is designed to operate

Siddiq Ahmed Khan 34

 CA Final -MICS Notes
v. Evaluation of MIS
To meet the requirements, flexibility exists – requirement in future, capabilities and
deficiencies of the system, maintain effectiveness of MIS

Constraints in operating MIS

i. Non availability of experts
ii. Difficulty in dividing MIS into sub-systems
iii. MIS is non standardized
iv. Non co-operation from staff
v. Difficult to quantify the benefits of MIS
vi. High turnover of experts

Effects / Advantages of using computer MIS

Effect of applying computer technology for MIS
i. Increase in speed in information processing & retrieval of data
ii. Expanded scope of use of information system
iii. Scope of analysis widened (sales incentives zone wise)
iv. Increased complexity of system design
v. Integrated different subsystem
vi. Increases effectiveness of information system
vii. Provides more comprehensive information

Limitations of MIS
i. The quality of output depends on quantity of input and process
ii. MIS is not substitute of effective management
iii. Its not flexible – difficult in fast changing complex environment
iv. Cannot provide tailor made information packages
v. Considers quantitative factors and ignores non quantitative factors like moral of the
employee
vi. Less helpful in making non programmed decisions
vii. MIS is not workable if data is not shared
viii. MIS effectiveness decreases due to frequent changes in top management

Information needs in Management / Three broad categories of planning information

requirement of executives
Environmental Information Competitive Information Internal Information
à Govt. policies à Industry demand à Sales forecast
à Factors of production à Firm demand à Financial budget
à Technological information à Competitive data à Supplier factors
à Economic trend à Internal policies

Siddiq Ahmed Khan 35

 CA Final -MICS Notes
Factors on which information requirement depends
1. Operational function
2. Type of decision making
a. Programmed decisions
b. Non programmed decisions
3. Level of management activity

Levels of management and their information requirements

Top level
Concerned with task of designing, directing and managing the organization, they are
accountable for effectiveness and efficiency of operations and they deal with long term
plans policies and strategies
Requirements
External Internal
Competition, regulatory, trends in economy Historical sales, profits, ratios, debts and
and technology project profitability’s

Middle level / Tactical level

Head of functional department, head of purchasing, finance manager, HR managers
Responsible elaboration, classification and operationalisaton of organizational goals
Requirements
External Internal
Current happenings, performance
Price changes, Shortages, demand and
indicators, budget tracking and historical
supply and targets
profits and sales

Supervisory level (Operational management)

Section officers, office managers and superintendents ‘Blue collar’ employees
Requirements
External Internal
Unit sales/expenses, current performances,
Sensitive changes affecting material supplies
shortages and bottlenecks, input and output
and sales
ratio’s, maintenance reports

Siddiq Ahmed Khan 36

 CA Final -MICS Notes
Chapter – 4 - Systems Approach & Decision Making

System Approach to Management

⇒ It’s a way of thinking about management problems.
⇒ Each problem should be examined in its entirety and effect of the proposed changes to
each part of the organization e.g. changing from batch production to continuous
production will affect finance, warehousing, purchase department, etc.
Decision-Making
⇒ It is a never-ending process of choosing a particular course of action out of several
alternative courses for achievement of desired goals.
⇒ Pre-decisional, decisional & post-decisional functions are performed by management.
Steps involved in decision making / system approach for Solving problems
1. Defining the problem
2. Analyzing the reasons Please refer
3. Identifying the alternative solutions Requirements of product planning
4. Evaluation of the same
and control system page – 4.22
5. Selection of the best alternative
6. Implementation of the solution Objectives of production scheduling
- page 4.23
Classification of decisions
1. Programmed & non-programmed decisions
2. Strategic & tactical decisions
3. Individual & group decisions
Functional Information Areas
Finance & Accounting Production Marketing (5 marks) Personnel (10 marks)
(10 marks)
Financial decision - Production Marketing bridges - Proper recruitment
making involves Planning the gap between the - Placement
decision regarding - Production Control firm & its customers. - Training
procurement & - Material requirement - Sales support & - Compensation
effective utilization planning (MRP) analysis. - Maintenance
of funds. - Market research & - Health & Safety
Estimation of Production Planning intelligence.
- Sources of information
funds & the timing. = What to produce - Advertising &
- Accounting
Capital structure. + When to produce promotion.
- information system
(Optimum Mix) + How to produce. - Product development
- Payroll processing
- Capital budgeting & planning.
(Investment) - Product pricing
- Profit planning - Customer service
- Tax management
3 types of information
- Working capital
- Internal
management
- Competitive
- Current Assets
- Environmental
management.

Siddiq Ahmed Khan 37

 CA Final -MICS Notes
Decision making through MIS / computer model
1. Makes accurate forecast of net income
2. Prepares short term profit plans and long range projections
3. preplanning information in budget preparations
4. calculates variances
5. triggers revised forecast
6. acts as early warning system for monitoring activities
7. indicates effect on income and cash flow
8. assists in planning the addition of new facilities
9. accomplish preceding items with great speed

Financial decision diagram - 10 marks

Sales Purchases Fixed Assets Inventory Payroll Miscellaneous

General Ledger TB P&L B/S

Fund Requirement Estimation

Capital structure decision
Profit planning
Financial Tax Management
Decisions Working capital management
Current asset management

Govt tax laws

Debenture Holders
Shareholders
Environment Customers
Employees
supplier worker

Siddiq Ahmed Khan 38

 CA Final -MICS Notes
Chapter – 5 - Decision Support & Executive Information System

Decision Support System

⇒ It is a system that provides tools to managers to assist them in solving semi-structured &
unstructured problems (it is not a means to replace the management).
⇒ Programmed Decision System replace human decision making (no management is
involved).
Properties of DSS / Significance
1. Support semi-structured & unstructured decisions
2. Ability to adapt the changing needs
3. Ease of learning & use
Components of DSS
1. Users (Managers)
2. Databases
3. Planning Languages (General purpose, special purpose)
4. Model Base (Brain of the DSS, custom developed)
Tools of DSS
1. Data based software
2. Model based software Integrated Tools combines all these software in one
3. Statistical software package.
4. Display based software
DSS in Accounting
1. Cost Accounting System (Generally used in Health Care industry)
2. Capital Budgeting System (Calculates NPV, IRR of various projects)
3. Budget Variance Analysis System (Forecasting budget & analyzing variances)
4. General Decision Support System, etc.
Executive Information System / Executive Support System
⇒ It is a DSS designed to meet the special needs of top-level management and having
additional capabilities such as e-mail.
⇒ It provides on-line access to information in a useful & navigable format (mouse &
touch screen driven, pictorial & graphical presentation).
⇒ Types of planning by top level management
(i) Strategic Planning (CEO level)
(ii) Tactical Planning (Planning to carry out Strategic Planning)
(iii) Fire Fighting (Major damage, new competitor, strike)
(iv) Control (General controls)
⇒ Characteristics of Information obtained in EIS
(i) Unstructured (iv) Informal Source
(ii) High degree of uncertainty (v) Lack of details
(iii) Future Orientation (Economic trend, govt. decision, consumer choice,
competitor, etc.)

Siddiq Ahmed Khan 39

 CA Final -MICS Notes
EIS Differ from traditional information system/MIS in the following ways
1. EIS is specifically tailor made
2. able to access data about specific issues
3. Provide extensive online analysis tools (Trends & Exceptions)
4. Broad range of internal and external data
5. Easy to use - touch screen driven
6. Directly used by executives without assistance
7. Presented by pictorial / graphical means
8. Presented in summary format
9. Works on ‘What if’ Parameters

Purpose of EIS
Ø Supports managerial learning about the organization
Ø Timely access to information – so that learning cycle continues unbroken
Ø Ability to direct management attention to specific areas

Set of principles to guide and design the EIS

• EIS measures must be easy to understand and collect
• EIS measures based on balances view of organization objectives
• Performance indicators must reflect everyone’s contribution
• EIS measures must encourage management and staff to share ownership of
organization objectives
• EIS info must be available to everyone in organization

Siddiq Ahmed Khan 40

 CA Final -MICS Notes
Phase - 6
Chapter – 1 - Basic concepts of systems
Ø System is a set of inter-related elements that operate collectively to accomplish some
common goal.
Ø Abstract System is an orderly arrangement of independent ideas or constructs.
Ø Physical System consists of physical elements rather than ideas.
Ø It is a collection of elements that surround the system and often interact with the
system.
Ø The features that define and delineate a system form its boundary.
Ø Sub-system is a part of larger system.
Ø Inter-connections & interactions between the sub-systems are called interfaces.
Ø Decomposition is the process of dividing a system into sub-systems and so on.
Ø Simplification is the process of organizing sub-system to simplify their inter-
connections (clusters of sub-systems are established).
Ø Supra-system is an entity formed by a system / sub-system and its related systems /
sub-system

INPUT PROCESSING OUTPUT

Types of Systems
⇒ Deterministic System (Computer Program)
ü Operates in a predictable manner
ü Interaction among the parts is known with certainty
⇒ Probabilistic system (Inventory System)
ü Describe in terms of probable behaviour
ü Certain degree of error is always attached
⇒ Closed system
ü No interaction across its boundary.
ü Relatively closed system (it is a closed but not completely closed system in the
physics sense).

⇒ Open System (Organisation)

ü Actively interacts with other systems
ü Tend to change to survive and grow due to change in external environment.
System Entropy
ØSystem Entropy means decay, disorder or dis-organisation of a system.
ØNegative entropy is the process of preventing entropy by input of matter, repair, replenish
& maintenance.

System Stress & System Change

ØA stress is a force transmitted by a system’s supra-system that causes a system to change.
ØIt arises due to 2 reasons :- Change in the goal & Change in the achievement level.
ØSystems accommodate stress through structural changes or process changes.

Siddiq Ahmed Khan 41

 CA Final -MICS Notes
Information
⇒ Information is data that have been put into a meaningful & useful context.
⇒ Characteristics
(i) Timeliness
(ii) Purposeful
(iii) Mode and Format (visual, verbal or written)
(iv) Redundancy
(v) Rate of transmission (bits per minute)
(vi) Frequency (daily, weekly, or monthly)
(vii) Completeness
(viii) Reliability
(ix) Cost-Benefit Analysis
Business Information System / Categories of Information System
ØTransaction Processing System
ØManagement Information System
ØDecision Support System
ØExecutive Information System
ØExpert System (Artificial Intelligence) – It replace the need for human expertise. It is useful
for a specific area e.g. taxation problem, refinery, etc.

Siddiq Ahmed Khan 42

 CA Final -MICS Notes
Chapter – 2- Transaction Processing System

⇒ Captures data and information reporting

⇒ Simplification of information processing by clustering business transactions
a) Revenue cycle
b) Expenditure cycle
c) Production cycle
d) Finance cycle
Components of transaction processing system
1. Input
2. Processing (on-line processing, batch processing)
3. Storage
4. Output
Types of codes used in transaction processing system
1. Mnemonic Codes
2. Sequence Codes
3. Block Codes
4. Group Codes

Siddiq Ahmed Khan 43