DISA course is formerly named as ISA 3.0 course. In the digital era, the computer skills are helping the professionals to gain more opportunities. The blog highlights the syllabus and preparation tips for the DISA course. DISA is a technical course that offers knowledge about information system audit 3.0. The course enhances the opportunities to work in bank audits and IT audits. The former name of the DISA course is the ISA 3.0 course. Knowledge of technology has become a vital element in the digital era. The regulatory bodies of India SEBI, RBI and IRDAI have made the system audit mandatory. Banks, insurance companies and broking houses operate under the regulatory bodies. Banks, insurance companies and broking houses must do system audits. The blog intrigues the readers with the details of DISA exam preparation, and system audits in banks, insurance companies and broking houses.
DISA exam preparation:
ISACA is a US organisation with a global presence. The certification makes a professional expert in information security governance, incident management, program development, and risk management. The professionals in the IT industry do the certification to add the credentials to the bio-data. The cost of the course is US$145 as an admission fee. Every year, the students pay an amount of $135 per year. The professional receives an average salary of US$141,000. The eligibility to join the course is five years of experience in security audit, internal control and information system auditing.
ICAI is providing the DISA course with the license of ISACA. CISA is for IT professionals. DISA is a course for the members of ICAI. DISA is the course that prepares the professionals for the system audit of manufacturing companies, banks, insurance and stock broking companies. DISA examination is a technology-based one. So, reading and practical application are equally important. It is good to use the DISA question bank for a targeted approach. The resources from ICAI provide a deep understanding of the key concepts. The DISA course syllabus consists of six modules. The six modules are as follows: information systems audit process, governance and management of enterprise information technology, risk management, compliance and BCM section, system development, acquisition, implementation, maintenance application system audit, information systems operations and management, protection of information assets, emerging technologies, and lab manuals and case studies. The members joining the DISA course must register at the time before the batch commencement. The students can complete the e-learning modules and take up the e-learning assessment test. The physical classes are location-based. The students should bear the cancellation charge of ten per cent in case of cancellation. The DISA online class go for 18 days. The physical classes go for 12 days.
System audit in banks:
It is the pillar of business operations in banks. Oracle, SAP, Finastra, Finacle, Backbase, temenos, SDK and Mambu are the banking software ruling the banking industry. Information technology is making banking services flexible. Internet banking and ATM functions provide 24/7 services to customers. The technology also brings in risks and liabilities. The hacking issues, security concerns, fraud, and virus attacks are disturbing banking services. Software, implementation, operations, and PKI audits are the different types of audits in the banking industry.
The standards of Information system audit:
Audit charter:
The scope, authority and accountability of system audit is documented in the audit charter. The audit charter explains the audit functions and responsibilities.
Independence:
The auditor should keep control over the interest, attitude and assignments. The auditor should think about the objective of the audit. The audit should be an independent one. The disturbance to the audit comes from the previous assignments and joint audits. Independence adds quality to the audit process. The system auditor maintains the confidential part of the audit and does not use the information for personal gain.
Professional ethics:
The system auditor should adhere to the code of professional ethics. The professional standards and care exhibit the ethics of an auditor.
Competence:
The technical knowledge is not a theoretical one, it is a practical one. The system auditor uses the latest technology and updates the systems. The system auditor implements the latest technology and manages the enterprise information system, security, audit, and control and risk management.
Planning:
The system audit does the planning with an eye on the auditing standards and objective of the audit.
Reporting:
The audit report should disclose the facts, objectives, period, and scope of the audit.
Follow-up activities:
The systems audit ends with follow-up activities. The systems auditor informs the department to take appropriate actions at the right time.
Risk assessment:
The risk-based audits focus on the information assets of the organisation. The risk-based audit goes beyond the compliance requirement. The risk-based audits check the business process and technology to implement the right control system. Risk management is the proactive approach of the management team.
System audit in insurance companies:
List of the public sector insurance companies in India are LIC, the New India Assurance Company Limited, United India Insurance Company Limited, National Insurance Company Limited, and oriental insurance company limited. The specialised government insurance companies are the Export Credit Guarantee Corporation of India, the General Insurance Corporation of India, and the Agriculture Insurance Company of India Limited. The comptroller and auditor general appoint the auditor of the insurance company. An auditor of the insurance company cannot audit more than three insurers. The audit committee, risk management committee, investment committee, policyholder’s protection committee, corporate social responsibility committee, nomination and remuneration committee, and profits committee are the committees in an insurance company. The system audit of insurance companies helps to understand the risks and mistakes associated with technology.
System audit in broking houses:
The notification from BSE on September 30, 2022, says that the trading members must submit the system audit report. November 30, 2022, is the due date to submit the preliminary audit report. February 28, 2023, is the date to submit the corrective action report. The due date for the following on the report of the stock broker is May 31, 2023. Stock brokers inform SEBI about the place of maintenance of the records, books of accounts and documents. System audit helps for the efficient maintenance of the systems.
Conclusion:
The system auditor gains vast knowledge in finance and technology. The future of the banking and finance industry is moving towards digital products. Learning the DISA course helps me grow in the auditing field for a chartered accountant. In 2024, the DISA-qualified professional receive a salary of INR 8.8 lakhs.