PART II: Information Systems Architecture, Processes, and Controls

In this section

• Chapter 5: IT Infrastructure Fundamentals
  • Hardware Components: Servers, End‑User Devices, and Networks
    Explore critical hardware components—servers, end-user devices, and networks—and learn how to mitigate vulnerabilities with robust controls in modern business environments.
  • Operating Systems and Virtualization Concepts
    Explore how operating systems manage hardware and software resources, and discover the core principles of virtualization, including how virtual machines and containers operate in modern IT environments.
  • Cloud Computing Models (IaaS, PaaS, SaaS) and Deployment Architectures
    Explore the fundamentals of cloud service models (IaaS, PaaS, SaaS), understand deployment architectures, examine shared responsibilities and learn about key risks and best-practice controls critical for CPA oversight of modern IT infrastructure.
• Chapter 6: Enterprise Resource Planning (ERP) and Accounting Information Systems
  • The Modern ERP Ecosystem: Modules and Data Flows
    Explore the key modules of Enterprise Resource Planning (ERP) systems—financials, logistics, HR, and more—and discover how data seamlessly flows from sales orders to general ledgers for unified, real-time business insights.
  • Accounting Information Systems within ERPs
    Explore how Accounting Information Systems (AIS) interface with Enterprise Resource Planning (ERP) solutions to enable real-time financial data, subledgers, and the general ledger for seamless and accurate accounting processes.
  • Robotic Process Automation (RPA) and Emerging Technologies
    Discover how Robotic Process Automation (RPA) and emerging technologies transform finance and accounting by automating repetitive tasks, streamlining invoice matching, and mitigating associated risks.
  • Blockchain Integration and Considerations for Financial Reporting
    Discover how blockchain's immutable ledger concept transforms financial procedures, influences internal controls, and enhances audit reliability.
• Chapter 7: Business Processes in Information Systems
  • Core Transaction Cycles and Supporting Modules
    Explore the fundamental sales, purchasing, and payroll cycles, understand related AIS modules, and discover key control points essential for financial accuracy, security, and regulatory compliance.
  • Flowcharting and Business Process Diagrams
    Learn how to effectively use flowcharting and business process diagrams in accounting to visualize transaction flows, identify control points, and enhance process integrity—from initiation to recording.
  • Evaluating Processing Integrity Controls in Major Cycles
    Explore core methods and best practices for ensuring completeness, accuracy, and validity across major business transaction cycles.
  • Common Control Deficiencies and Mitigation Techniques
    Explore frequent control shortcomings in business processes, real-world examples of misconfigurations, and strategies to establish robust mitigation and compensating controls.
  • Third‑Party and Vendor Risk Management
    Learn how to vet, contract with, and continuously monitor vendors to mitigate risks in modern business processes and IT environments.
• Chapter 8: IT General Controls (ITGC) – Standard Domains
  • Access to Programs and Data
    Explore essential principles of physical and logical access controls, verifying proper access rights, and aligning practices with industry frameworks for secure and efficient IT operations.
  • Program Changes
    Explore best practices for formal change management procedures, approvals, version control, and documentation requirements, ensuring controlled and auditable program modifications.
  • Program Development Key Phases and Sign-Off Gates
    A detailed exploration of the software development lifecycle, with a focus on milestones, sign-off gates, and acceptance tests that align with IT General Controls and CPA considerations.
  • Computer Operations
    Explore the essentials of effective computer operations, including job scheduling, backups, and daily monitoring, along with real-world failure scenarios and robust control measures.
  • Aligning ITGCs with COSO and COBIT
    Discover how IT General Controls align with COSO Internal Control components and COBIT principles to ensure effective governance and robust security frameworks
  • Identifying Control Deficiencies and Mitigation
    Explore how to pinpoint IT general control (ITGC) weaknesses and implement effective mitigation strategies to strengthen organizational information systems.
• Chapter 9: System Availability and Business Continuity
  • Disaster Recovery Planning and Business Resiliency
    A comprehensive guide to building, testing, and maintaining a robust disaster recovery plan that ensures organizational resilience and continuous availability of critical business functions.
  • Redundancy and Replication Strategies (Mirroring, Backup Procedures)
    Learn how redundancy and replication strategies like mirroring and full, incremental, and differential backups enhance system availability and ensure business continuity.
  • Business Impact Analysis (BIA): Identifying Critical Functions
    Explore how to perform a Business Impact Analysis (BIA) by identifying and prioritizing critical functions, classifying business processes, and establishing key recovery objectives to ensure organizational resilience.
  • Metrics and Agreements (Uptime, SLAs, Recovery Time Objectives)
    Explore key metrics such as uptime, Service Level Agreements, and Recovery Time Objectives, including how to calculate system availability and define the scope of recovery for business continuity.
• Chapter 10: IT Change Management
  • Change Control Concepts: Policies and Procedures
    A comprehensive guide on establishing formal change control policies and procedures, emphasizing mandatory steps, risk mitigation, and alignment with regulatory standards.
  • Environments and Testing (Development, QA/Staging, Production)
    Explore how environment segregation and structured testing methodologies reduce risk and enhance reliability in software change management processes.
  • Patch Management: Risks and Controls
    Explore critical patch management strategies, testing procedures, and rollback plans to mitigate IT risks. Learn about timely deployment best practices, real-world breaches, and CPA considerations.
  • Continuous Integration and Continuous Deployment in Modern DevOps
    Explore how CI/CD pipelines streamline code integration, testing, and automated deployment in modern DevOps, emphasizing security scanning and efficiency for financial and accounting systems.
  • Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
    Compare Waterfall’s linear approach with Agile/DevOps’ iterative cycles, examining their impact on risk oversight, compliance, and efficient project delivery.