Information Systems Architecture, Process Flow, and Control Design

This part covers the operating structure of information systems. The chapters explain how infrastructure, applications, process flow, and control design fit together so you can evaluate whether a system is reliable enough for financial and assurance purposes.

In This Part

• Chapter 5: IT Infrastructure Fundamentals explains the components that support enterprise systems.
• Chapter 6: Enterprise Resource Planning (ERP) and Accounting Information Systems connects system architecture to accounting processes.
• Chapter 7: Business Processes in Information Systems follows transaction flow inside system-supported operations.
• Chapter 8: IT General Controls (ITGC) - Standard Domains covers the control domains that support reliance on system output.
• Chapter 9: System Availability and Business Continuity addresses uptime, recovery, and operational resilience.
• Chapter 10: IT Change Management explains how authorized, tested, and documented change reduces control risk.

How to Use This Part

• Read the chapters in order if you need a systems-to-controls workflow rather than isolated terms.
• Pay attention to how process design affects control risk and evidence reliability.
• Revisit the relevant chapter after any missed question involving ITGCs, ERP flow, or availability planning.

In this section

• IT Infrastructure Components, Virtualization, and Cloud Models
  Infrastructure components, virtualization, and cloud models in ISC.
  • Hardware Components, End-User Devices, Networks, and Related Risks
    Hardware, end-user devices, networks, and related control risks.
  • Operating Systems, Hypervisors, Virtual Machines, and Containers
    Operating systems, hypervisors, virtual machines, and containers.
  • Cloud Service Models, Deployment Options, and Shared Responsibility
    Cloud service models, deployment options, and shared-responsibility concepts.
• ERP Architecture, Accounting Systems, Automation, and Blockchain
  ERP architecture, AIS design, automation, and blockchain topics.
  • ERP Modules, Integrated Data Flows, and the Modern ERP Ecosystem
    ERP modules and integrated data flows across business functions.
  • Accounting Information Systems Within Enterprise Resource Planning
    AIS components, ledgers, and reporting inside ERP environments.
  • Robotic Process Automation and Emerging Technology Considerations
    RPA and emerging technologies that change control and evidence.
  • Blockchain Architecture and Financial Reporting Considerations
    Blockchain architecture and its financial-reporting implications.
• Business Process Flow, Integrity, and Vendor Dependencies
  Transaction cycles, process flow, processing integrity, and vendor risk.
  • Core Transaction Cycles, Supporting Modules, and Control Points
    Core transaction cycles, supporting modules, and control points.
  • Flowcharting, Process Mapping, and Business Process Diagrams
    Flowcharting and process-mapping techniques for business systems.
  • Processing Integrity Controls Across Major Transaction Cycles
    Processing integrity controls across major transaction cycles.
  • Common Control Deficiencies, Root Causes, and Mitigation
    Common control deficiencies, root causes, and mitigation options.
  • Third-Party Vendors, Outsourcing, and Ongoing Risk Management
    Vendor, outsourcing, and third-party risk management.
• IT General Control Domains and Related Deficiency Analysis
  IT general control domains, framework alignment, and deficiency analysis.
  • Access Controls Over Programs, Data, and Privileged Capabilities
    Access controls over programs, data, and privileged capabilities.
  • Program Change Controls, Approvals, Testing, and Audit Trails
    Program change controls, approvals, testing, and audit trails.
  • Program Development Phases, Sign-Off Gates, and Acceptance Testing
    Program development phases, sign-off gates, and acceptance testing.
  • Computer Operations, Scheduling, Backups, and Daily Monitoring
    Computer operations, scheduling, backups, and daily monitoring.
  • Mapping IT General Controls to COSO and COBIT
    How IT general controls map to COSO and COBIT.
  • Identifying IT General Control Deficiencies and Mitigation Responses
    IT general control deficiencies and mitigation responses.
• Availability Planning, Recovery Design, and Business Continuity
  System availability, recovery planning, and business continuity.
  • Disaster Recovery Planning and Business Resiliency Design
    Disaster recovery planning and broader business resiliency design.
  • Redundancy, Replication, Mirroring, and Backup Strategy
    Redundancy, replication, mirroring, and backup strategy.
  • Business Impact Analysis and the Identification of Critical Functions
    Business impact analysis and identification of critical functions.
  • Uptime Metrics, SLAs, Recovery Time, and Recovery Point Targets
    Uptime metrics, SLAs, recovery time, and recovery point targets.
• Change Control, Deployment Discipline, and SDLC Governance
  Change control, deployment discipline, and SDLC governance.
  • Change Control Policies, Procedures, and Authorization Standards
    Change control policies, procedures, and authorization standards.
  • Environment Segregation, Testing Stages, and Production Protection
    Environment segregation, testing stages, and production protection.
  • Patch Management, Testing, Rollback, and Control Monitoring
    Patch management, testing, rollback, and control monitoring.
  • Continuous Integration, Delivery Pipelines, and DevOps Control Points
    CI/CD pipelines and DevOps control points.
  • SDLC Models: Waterfall, Agile, DevOps, and Control Tradeoffs
    Waterfall, Agile, and DevOps SDLC control tradeoffs.