1. IS Audit of Banking Application
2. Migrating to cloud based ERP solution
3. Security control review of railway reservation system
4. Review of cyber security policies and procedure
5. Security and control risk assessment of toll bridge operations
6. System audit of a hospital automation system
7. Review of vendor proposal for SaaS services
8. Information Systems audit of a mutual fund systems
9. Audit of outsourced software development
10. Network security audit of remote operations including WFH
11. Infrastructure audit of a Bank data Centre
12. Conducting vulnerability assessment and penetration testing
13. Auditing Business continuity plan for Manufacturing system
1. IS Audit of Banking Application
15. Auditing robotic process automation system
16. Implementation of adequate governance in hotel management system
17. Outsourced migration audit of merger of Banks
18. Audit of an E-Commerce web site
19. Audit of Online booking system for a hotel chain
20. Audit of Business Continuity Planning of a financial institution
21. Audit of online brokerage firm
22. Audit of Security Operation Centre of a Bank
23. Audit of Cyber Security Framework of a PSB
24. EVALUATION OF OUTSOURCING IT OPERATIONS
25. Auditing SWIFT operations in a Bank
26. Project Report Template and Guidelines on Project Report Submission
27. Information Systems Audit of ERP Software
28. Implementing Grc As Per Clause 49 Listing Requirements
29. Review of IT Security Policies and Procedures in audit
Dear DISA participant,
Congratulations! on the successful joining of the DISA 3.0 training. We would like to reiterate the objective of the updated DISA course 3.0 is:
“To provide relevant practical knowledge and skills for planning and performing various types of assurance or consulting assignments in the areas of Governance, Risk management, Security, Controls, and Compliance in the domain of Information Systems and in an Information Technology environment by using relevant standards, frameworks, guidelines, and best practices.”
The updated DISA 3.0 course is a blend of e-learning, classroom/virtual training, hands-on training, case studies, lab manuals, and project work. We are sure you will actively participate in the training and have also gone through the e-learning modules of the course. For being eligible to write the DISA exam, you have to pass the eligibility test and this includes submission of a project report (20 marks). The objective of the project report is to test the understanding and application of knowledge of the DISA 3.0 Course as relevant. The project you need to work on is based on practical scenarios relating to one/more modules of the DISA course. Please use DISA course learning material, ICAI, and international best practices in preparing the project report.
1. The project report will be done in groups.
2. The specific project topic will be assigned by DAAB and the project report for this has to be completed and submitted at the PQC portal by the group head within 10 days from the date of commencement of classes.
3. Participants have to work on the specific case study/project allotted to them and each of the members is expected to actively work for the solution of the project.
4. Participants will maintain the confidentiality of the project. They will not share the project or take assistance from any others in preparing the project report.
5. The total marks for the project report are 20 marks (Project report – 10 + Viva – 10).
6. The project report is to be uploaded by the group head through his/her login at PQC portal on the basis of which viva will be conducted by the faculty with individual group members, and marks will be assigned.
7. Participants are encouraged to refer to the learning material of the DISA course which includes background material, reference material, and e-Learning. The solution for the project can be prepared based on these materials and there is no additional research required. However, participants are encouraged to do additional research and use ICAI and international standards, guidelines, and best practices as required for the project. Please provide specific details of references used including websites or publications.
8. The allotted case study/project can be updated to include additional data. However, if specific information of any client data or information is used, this data may be sanitized so as not to include reference to any specific client/company.
9. The project report which is the solution to the project/case study should be the original work of the member. If the project report is found to be copied or similar to other participants, the participants will be asked to re-submit the project. If the project is found to be copied in the second submission, then zero marks will be awarded for the project.
10. Please note that there is no standard answer for the case study and the project report will be evaluated based on the practical application of the knowledge and skills provided through the DISA course to the specific case study/project allotted.
11. The solution for the project should consider all details provided in the case study/project. However, further details as required can be added to the project report considering the overall scope and objectives of the project. These assumptions and additional details can be provided as annexures in form of references and supporting documents.
12. The project is expected to be completed when submitted and no additional details will be accepted. However, during the course of an evaluation, if additional details or clarifications are sought by DAAB, these are to be provided within one week of the query.
13. There is no minimum or maximum limit of no. of pages or the project report as the details of the project report/solution varies. Typically, a project report is expected to be between 15 to 30 pages.
14. DAAB will NOT provide any further details or clarifications on the allotted case study/ project. However, if required, participants can make suitable assumptions and these are to be clearly indicated in the project report.
1. Understanding of the problem as outlined in the project.
2. Usage and application of course material in terms of knowledge and skills to the problem.
3. Usage of best practices and IS Audit skills as required for the problem.
4. Presentation of the solution in a structured manner.
5. Presentation of solution in the form of deliverables as appropriate for the problem.
Please consider the above guidelines in preparing your project report. We are attaching the Project template in which the project report is to be provided. We wish you all the best in the successful completion of the project and hope you will have a great learning experience.
This is to certify that we have successfully completed the DISA 3.0 course training conducted at: __________________________________________ from______________to_____________ and we have the required attendance. We are submitting the Project titled: ____________________________________________________________________________________________.
We hereby confirm that we have adhered to the guidelines issued by DAAB, ICAI for the project. We also certify that this project report is the original work of our group and each one of us have actively participated and contributed in preparing this project. We have not shared the project details or taken help in preparing project report from anyone except members of our group.
1. Name………….. Membership No……………..Signed…………………….…………
2. Name……….… Membership No ……………..Signed…………………….…………
3. Name……….… Membership No ……………..Signed…………………….…………
Place: ____________
Date: _____________
Project Report (solution)
1. Introduction
2. Auditee Environment
3. Background
4. Situation
5. Terms and Scope of assignment
6. Logistic arrangements required
7. Methodology and Strategy adapted for execution of assignment
8. Documents reviewed
9. References
10. Deliverables
11. Format of Report/Findings and Recommendations
12. Summary/Conclusion
A. Please provide your understanding in one or two para information about the auditee covering nature of business, organisation structure, technology infrastructure, policies and procedures, etc.)
B. Please provide one or two para information about audit firm (fictitious name) including your experience, team composition, skill-sets and team leader. Please do not include actual names of group members as members of assignment team in the project report so as to maintain confidentiality of the project.
Please provide complete details of nature of business, organisation structure, technology deployed. The Technology deployed must include information of system software, database and application software). Provide specific details of regulatory requirements and overview of specific internal policies and procedures such as information security policy. This has to be as detailed as possible. Please make suitable assumptions and add more details as required.
Please provide details highlighting the client need for the assignment. Provide reasons why the enterprise wants the assignment to be done in 2-3 paras.
Please provide details of existing scenario which has given rise to the need for the assignment. Provide all the details of the current situation. Include here the identified problem areas and control weaknesses.
Please provide details of terms and scope of assignment clearly identifying areas being reviewed or area in which consulting is required.
Please provide details of logistics required for execution of assignment including hardware, system software, application software, data, documentation, etc. Please include details of any CAAT tools used.
Please provide details of structured methodology which is adapted from ICAI standards/guidelines, International standards/guidelines and best practices as relevant for the assignment. This may include how the standards, guidelines and best practices are used for preparing specific audit plan, audit program or detailed audit procedures.
Please provide list of sample documents reviewed during the assignment, such as information security policy, organisation structure, vendor contracts or SLA, access matrix, audit findings, etc. These documents will be the basis for review and coupled with the all the prior information can be used for identifying control weaknesses and providing recommendations.
Please provide list of specific standards, guidelines and best practices or other references to be used in performing the assignment. Please include reference of specific section of background material, ICAI and international standards/guidelines/best practices and websites or publications as used in the assignment.
Please provide details of specific deliverables of the assignment. These would include the draft IS Audit Report, Final IS Audit report, executive summary, detailed findings and recommendations, etc.
Please provide report in standard/specific format as required. Each of the findings is also to be provided in the standard/specific format. You may adapt this from best practices or customize these as required.
Please provide overall summary/conclusion of the assignment. This could be in two to three paras.