OFFICE OF
THE COMPTROLLER AND AUDITOR GENERAL OF INDIA 10 BAHADUR SHAH ZAFAR MARG, NEW
DELHI - 110124
Examination Wing
Circular No. 01 of 2021
(Only for IA & AD)
No. 37/14-Exam/Syllabus Revision/2018
Dated
9th February 2021
Heads of Department of IA&AD offices (As per
standard e-mail list)
Subject: Revised Syllabus of
C-6 paper of Continuous Professional Development Examination Stage-Ill
(CPD-111)
Madam/ Slr
In partial modification of
Examination Wing Circular No. 17 of 2019 dated 27 th August 2019
regarding revised syllabus of RA and CPD examinations, it is informed that with
the approval of the Competent Authority the syllabus for C-6, Information
Systems Audit paper of Continuous Professional Development Examination
Stage-Ill (CPD-111) has been revised. The revised syllabus is enclosed herewith
which will be applicable from the
Examination-I of 2021
2 The
syllabus of the other examinations/papers i.e., RAE, C-l, C-2, C-3
C-4 and C-5 as published vide Circular No. 17 of 2019
ibid will remain the same.
Yours faithfully,
(Mani h Kumar) Director
General (Exam)
Revised Syllabus of C-6 Paper, Information Systems
Audit of CPD-111
To be implemented w.e.f. Examination
I or 2021
1. Information
Systems Audit
1.1. Information
System Acquisition, Development and Implementation 1. 1 1. Project Management-
planning, execution, monitoring and closure
l. I .2. Governance structure,
roles and responsibilities
1 1.3. System Development Life
Cycle (SDLC) phases
1.1 4 Software Development methods
I . I .5. Hardware/ software
acquisition processes and steps, Model RFP (MEITY)
I l 6. IT services management
(ITSM)
I. 1.7. Business Continuity Planning (BCP)
1.2. Governance
and Management of Information Systems
1 2. 1
Overview of frameworks- CoBIT framework, ISO 27000 series (security), ISO 38500
series (IT governance)
I .2.2. IT Act 2000 (and
amendments) and rules issued thereunder
I .2.3. Aadhaar Act and
Regulations issued thereunder
1 2.4. National Information
Security Policy and guidelines
I .2.5. Digital India programme and e-Kranti mission
1.3. Information
System auditing process
I .3 1 . 2020 CAG's Standing
Order on Auditing in an IT Environment
I .3.2. Risk-Based IS Audit
Planning
I .3.3. Types of Controls
I .3.3. I . Control objectives and measures
I .3 3.2. General and IS-specific controls
I .3 4. IS audit processes activities 1 3.5. Data
Analytics- CAATs, Continuous auditing techniques
1.4. Protection
of Information assets
1 4. l . Identity and Access
Management
1 4 2. Network and End-Point
Security
1 4.3. Data Classification
I .4 4 Data
Encryption and Encryption-Related Techniques, Public Key Infrastructure (PRI)
1 4.5.
Information System Attack Methods and Techniques, OWASP Top 10 vulnerabilities
1 4.6. Security Testing Tools
and Techniques
1 4.7. Security Monitoring Tools and Techniques I
.4 8. Incident Response Management
2. Suggested
reading material/ references:
2 1 CoBIT framework by ISACA;
overview of ISO 27001 and ISO 38500
2.2.
CAG's Standing order on auditing in IT
environment
2.3.
WGITA-IDI handbook on IT audit for Supreme Audit
Institutions
2.4.
For 1 2, acts/ rules can be used for reading
material
){kind=link}
0 Comments