INTERMEDIATE COURSE

STUDY MATERIAL

PAPER : 7A
Enterprise Information
Systems

BOARD OF STUDIES
THE INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA

© The Institute of Chartered Accountants of India

 ii

This study material has been prepared by the faculty of the Board of Studies. The
objective of the study material is to provide teaching material to the students to
enable them to obtain knowledge in the subject. In case students need any
clarifications or have any suggestions to make for further improvement of the
material contained herein, they may write to the Director of Studies.
All care has been taken to provide interpretations and discussions in a manner useful
for the students. However, the study material has not been specifically discussed by
the Council of the Institute or any of its Committees and the views expressed herein
may not be taken to necessarily represent the views of the Council or any of its
Committees.
Permission of the Institute is essential for reproduction of any portion of this
material.

© The Institute of Chartered Accountants of India

All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted, in any form, or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without prior permission, in writing, from the
publisher.

Edition : September, 2021

Website : www.icai.org

E-mail : [email protected]

Committee/Department : Board of Studies

ISBN No. :

Price (All Modules): `

Published by : The Publication Department on behalf of The

Institute of Chartered Accountants of India, ICAI
Bhawan, Post Box No. 7100, Indraprastha Marg, New
Delhi 110 002, India.

Printed by :

© The Institute of Chartered Accountants of India

 iii

BEFORE WE BEGIN….

The traditional role of a chartered accountant restricted to accounting and

auditing, has now changed substantially and there has been a marked shift
towards strategic decision making and entrepreneurial roles that add value
beyond traditional financial reporting. The primary factors responsible for the
change are the increasing business complexities on account of plethora of laws,
borderless economies consequent to giant leap in e-commerce, emergence of
new financial instruments, emphasis on corporate social responsibility,
significant developments in information technology, to name a few. These
factors necessitate an increase in the competence of chartered accountants to
take up the role of not merely an accountant, auditor or more specifically an IS
Auditor, but a global solution provider. Towards this end, the scheme of
education and training is being continuously reviewed so that it is in sync with
the requisites of the dynamic global business environment; the competence
requirements are being continuously reviewed to enable aspiring chartered
accountants to acquire the requisite professional competence to take on new
roles.
Under the Revised Scheme of Education and Training, at the Intermediate Level,
you are expected to not only acquire professional knowledge but also the
ability to apply such knowledge in problem solving. Recognizing the
importance of Information Technology in today’s era, Chartered Accountancy
course has included the subject as a part of the course curriculum at
Intermediate Level. The process of learning should help you inculcate the
requisite IT skill-sets necessary for achieving the desired professional
competence. A paper on ‘Enterprise Information Systems’ forming the part of
curriculum at Intermediate level of the Chartered Accountancy course is to
provide the understanding of the fundamental concepts of Information
systems and business process flows, Financial and Accounting systems, Core
Banking Systems and e-commerce and m-commerce transactions.
The overall learning objective of this paper “To develop an understanding of
technology enabled Information Systems and their impact on enterprise-
wide processes, risks and controls” has been kept in mind while developing
the material. The content for each chapter in the study material has been
structured in the following manner:

© The Institute of Chartered Accountants of India

 iv

(i) Learning Outcomes: Learning outcomes which you need to demonstrate

after learning each topic have been detailed in the first page of each
chapter/unit. Demonstration of these learning outcomes would help you to
achieve the desired level of technical competence.
(ii) Chapter Overview: As the name suggests, this chart/table would give a
broad outline of the contents covered in the chapter.
(iii) Introduction: A brief introduction is given at the beginning of each chapter
which would help you get a feel of the topic.
(iv) Content: The concepts are explained in student-friendly manner and
illustrated with the aid of examples/illustrations/diagrams/tables. These
value additions would help you develop conceptual clarity and get a good
grasp of the topic.
(v) Let us recapitulate: A summary of the chapter is given at the end to help
you revise what you have learnt. It would especially help you to revise the
chapter quickly the day before the examination.
(vi) Test your Knowledge: This comprises of Theory Questions and Multiple
Choice Questions which test the breadth and depth of your understanding
of the entire syllabus.
Chapter-wise coverage of various topics in the study material are as follows:
♦ Chapter 1 - Automated Business Processes introduces the concept of
Business Processes and the impact of their automation with the help of
Technology. The chapter focusses on Enterprise Risk Management,
associated risks and their corresponding mitigating controls for some
specific business processes like P2P, O2C etc. Further, it provides an insight to
the mapping systems like Flowcharts and Data Flow Diagrams (DFDs).
♦ Chapter 2 - Financial and Accounting Systems familiarizes with the
concept of integrated and Non-integrated systems and the Financial and
Accounting systems as an Integrated system. It further discusses at length
various business process modules and data flow involved in the system and
their related risks and controls. The significance of XBRL and Reporting
systems are also emphasized with the applicable regulatory and
compliance requirements for the automated systems.
♦ Chapter 3 - Information Systems and Its Components disseminates the
basic concept of Information Systems and its components – People,

© The Institute of Chartered Accountants of India

 v

Computer System, Data Resources, and Networking and Communication

System. The chapter deals with controls, their need and classification of
Information Systems’ Controls on different perspectives. The objectives
while Auditing Information Systems and their controls with an in-depth
discussion on Organization structure and Responsibilities are well
emphasized upon.
♦ Chapter 4 - E-Commerce, M-Commerce and Emerging Technologies
provides the meaning, components, architecture and process flows involved
in E-commerce with a basic understanding on the paradigms of various
Computing Technologies like Cloud Computing, Grid Computing, Mobile
Computing, Green Computing, BYOD and Blockchain etc.
♦ Chapter 5 - Core Banking Systems brings into light the core concepts of
CBS that includes the components and architecture of CBS and impact of
related risks and controls. Furthermore, the chapter highlights various
regulatory and compliance requirements applicable to CBS such as Banking
Regulations Act, RBI regulations, Prevention of Money Laundering Act and
Information Technology Act, 2000.
This study material covers both concepts and practical aspects and hence, you are
advised to read the study material not only from examination point of view but
also from practical perspective of how this is relevant and can be applied in any
work environment.

HAPPY READING AND BEST WISHES!

© The Institute of Chartered Accountants of India

 vi

SYLLABUS

PAPER – 7A: ENTERPRISE INFORMATION SYSTEMS

(50 MARKS)
OBJECTIVE
“To develop an understanding of technology enabled Information Systems and
their impact on enterprise-wide processes, risks and controls.”
CONTENTS
1. AUTOMATED BUSINESS PROCESSES
(i) Introduction to Enterprise Business Processes, Benefits, Risks and
Controls.
(ii) Diagrammatic representation of business processes using Flowcharts.
(iii) Risks and controls for specific business processes: Procure to pay (P2P),
Order to Cash, Inventory Cycle, Hire to Retire, Supply Chain
Management, Fixed As- sets etc.
(iv) Applicable regulatory and compliance requirements including
computer related offences, privacy, cyber-crime, Sensitive Personal
Data Information of Information Technology Act, 2000.
2. FINANCIAL AND ACCOUNTING SYSTEMS
(i) Integrated (ERP) and non-integrated systems with related risks and
controls.
(ii) Business process modules and their integration with Financial and
Accounting systems.
(iii) Reporting Systems and MIS, Data Analytics and Business Intelligence.
(iv) Business Reporting and fundamentals of XBRL (eXtensible Business
Reporting Language).
(v) Applicable regulatory and compliance requirements.

© The Institute of Chartered Accountants of India

 vii

3. INFORMATION SYSTEMS AND ITS COMPONENTS

(i) Components of Automated Information Systems: Application Systems,
Data- base, Network and Operating System with related risks and
controls.
(ii) Mapping of Organization structure with segregation of duties in
Information Systems.
4. E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES
(i) Components and Architecture of E-Commerce and M-Commerce with
related risks and controls.
(ii) Business process flow with its related risks and controls.
(iii) Applicable regulatory and compliance requirements.
(iv) Emerging technologies with its related risks and controls.
5. CORE BANKING SYSTEMS
(i) Components and Architecture of CBS and related risks and controls.
(ii) Core modules of banking and Business process flow and its related
risks and controls.
(iii) Reporting Systems and MIS, Data Analytics and Business Intelligence.
(iv) Applicable regulatory and compliance requirements.

© The Institute of Chartered Accountants of India

 viii

SIGNIFICANT UPDATIONS OVER 2020

EDITION

Chapter Sections/Sub Sections wherein major Page

Name updations have been done Numbers
Chapter 1: 1.4.4 Risk Management Strategies 1.29 – 1.30
Automated
Business
Processes
Fig 3.2.1 Functions of Information Systems 3.4
Table 3.4.2 (A) Controls for Fire Exposure 3.23 – 3.24
Table 3.4.2 (C) Controls for Water Exposure 3.25
3.4.3 Classification based on Information
systems Functions
A. The Management Control Framework
II. Systems Development Management Controls 3.36 – 3.37
IV Data Resource Management Controls 3.39 – 3.40
Chapter 3: Fig. 3.4.2 The Management Control Framework 3.43
Information
Fig. 3.4.3 The Application Control Framework 3.44
Systems and
its B. The Application Control Framework
components I. Boundary Controls 3.46 – 3.47
III. Communication Controls 3.50 - 3.51
V. Database Controls 3.54 – 3.55
VI. Output Controls 3.56 – 3.57
3.6.4 Auditing The Management Control
Framework
IV. Auditing Data Resource Management 3.75
Controls
V. Auditing Security Management Controls 3.75

© The Institute of Chartered Accountants of India

 ix

3.6.5 Auditing The Application Control 3.76 - 3.79

Framework

4.1.6 E-marketing
Chapter 4: E- iii. e-Mall 4.13
Commerce, M-
4.7.1 New Methods of Digital payments
Commerce
and Emerging ix. e-Rupi 4.55 - 4.56
Technologies 4.8.10 Blockchain 4.101 -
4.104
5.1.2 Overview of Banking Services
IX. Other Banking Services
Chapter 5: o Non-life Insurance 5.10
Core Banking
Systems 5.2.2 Technology Component of CBS
I. Network Security and Secure Configuration 5.19
II. Application Security 5.20 - 5.21
Note: Certain other changes have been carried out in terms of shifting of
some content either between chapters or within a chapter to maintain
the logical flow of concepts and are not highlighted in bold and italics.

© The Institute of Chartered Accountants of India

 x

CONTENTS

SECTION A: ENTERPRISE INFORMATION SYSTEMS

CHAPTER 1: AUTOMATED BUSINESS PROCESSES

Chapter Overview .................................................................................................................... 1.2

1.1 Introduction ................................................................................................................. 1.3
1.2 Enterprise Business Processes ............................................................................... .1.4
1.3 Automated Business Processes .............................................................................. 1.7
1.4 Risk and its Management ...................................................................................... 1.20
1.5 Enterprise Risk Management (ERM) .................................................................... 1.31
1.6 Controls....................................................................................................................... 1.35
1.7 Risks and Controls for specific Business Processes. ....................................... 1.44
1.8 Diagrammatic representation of Business Processes ..................................... 1.63

1.9 Regulatory and Compliance Requirements ...................................................... 1.83

Summary ............................................................................................................................... 1.104
Test Your Knowledge ......................................................................................................... 1.106

CHAPTER 2: FINANCIAL AND ACCOUNTING SYSTEMS

Chapter Overview .................................................................................................................... 2.2

2.1 Introduction ................................................................................................................. 2.2

2.2 ERP and Non-Integrated Systems ......................................................................... 2.4

2.3 Risks and Controls in an ERP Environment. ...................................................... 2.25

2.4 Audit of ERP Systems .............................................................................................. 2.34

2.5 ERP Case Study of a Chartered Accountant Firm ............................................ 2.36

© The Institute of Chartered Accountants of India

 xi

2.6 Business Process Modules and their integration with Financial and
Accounting Systems ............................................................................................... 2.38

2.7 Reporting System and Management Information Systems (MIS) ............ 2.58

2.8 Data Analytics and Business Intelligence ........................................................ 2.62

2.9 Business Reporting and Fundamentals of XBRL .............................................. 2.69

2.10 Applicable Regulatory and Compliance Requirements ................................. 2.75

Summary .................................................................................................................................. 2.80

Test Your Knowledge ............................................................................................................ 2.82

CHAPTER 3: INFORMATION SYSTEMS AND ITS COMPONENTS

Chapter Overview .................................................................................................................... 3.2

3.1 Introduction ................................................................................................................. 3.3

3.2 Information Systems ................................................................................................. 3.3

3.3 Components of Information Systems ................................................................... 3.4

3.4 Information Systems’ Controls ............................................................................. 3.19

3.5 Information Systems’ Auditing ............................................................................. 3.58

3.6 Auditing of Information Systems Control ......................................................... 3.64

3.7 Data Related Concepts......………………………………………………………………………3.79

3.8 Organization Structure and Responsibilities .................................................... 3.90

3.9 Segregation of Duties ............................................................................................. 3.97

Summary ............................................................................................................................... 3.103

Test Your Knowledge ......................................................................................................... 3.103

CHAPTER 4: E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES

Chapter Overview .................................................................................................................... 4.2

© The Institute of Chartered Accountants of India

 xii

4.1 Introduction to E-Commerce .................................................................................. 4.2

4.2 Components of E-Commerce................................................................................ 4.18
4.3 Architecture of Networked Systems ................................................................... 4.25
4.4 Workflow Diagram for E-Commerce ................................................................... 4.30
4.5 Risks and Controls related to E-Commerce. ..................................................... 4.32
4.6 Guidelines and Laws governing E-Commerce .................................................. 4.40
4.7 Digital Payments....................................................................................................... 4.50
4.8 Computing Technologies ....................................................................................... 4.57
4.9 Case Studies............................................................................................................ 4.105
Summary ............................................................................................................................... 4.106
Test Your Knowledge ......................................................................................................... 4.106
CHAPTER 5: CORE BANKING SYSTEMS

Chapter Overview. ................................................................................................................... 5.2

5.1 Overview of Banking Services ................................................................................. 5.3

5.2 Components and Architecture of CBS ................................................................ 5.16

5.3 CBS Risks, Security Policy and Controls ............................................................ 5.27

5.4 CBS Core Business Processes - Relevant Risks and Control.……….………….5.37

5.5 Reporting Systems and MIS, Data Analytics and Business Intelligence.…5.56

5.6 Applicable Regulatory and Compliance Requirements ................................. 5.56

Summary .................................................................................................................................. 5.73

Test Your Knowledge. ........................................................................................................... 5.74

References .......................................................................................................................... (i)-(iii)

Glossary ............................................................................................................................ (iv)-(xi)

© The Institute of Chartered Accountants of India