 Hello and welcome to this session in which we will discuss the information systems and controls, the new specialization ISC, which is part of the CPA exam changes that's taken place as a result of the CPA exam evolution 2024. Now it's very important to go real quick and do a review about what's happening to each section and how did we end up with the ISC, which is information systems and controls specialization. In the prior session, we looked at FAR, financial accounting and reporting, and we noticed that FAR now becoming two parts. The FAR core and we have an advanced FAR or it's called business analysis and reporting, which is BAR. So simply put FAR, part of it is core, part of it is going to becoming part of BAR. Regulation. Well, it's going to we're going to have a rec core, and we're going to have a new specialization called tax compliance and planning. So we're going to have three specialization. One is bar, two is tax compliance and planning, changes to audit, mostly audit will be a core audit. And the fourth part, which is the BEC, the BEC part of it will become part of BAR. So part of BEC will be part of BAR. And the remaining part will be part of information systems and controls. And this is what we're going to be discussing today. So BEC will be gone, but not really the only thing that gone from BEC is the written communication. The other parts of BEC will be spread mainly in BAR and in the information system and controls. Some of it will be in audit, a small part of it will be in audit as well, which is the data analytics. But overall, this is the big picture. Let's go ahead and see what is involved. What are the different component of this specialization information systems and control? Because if you are preparing for the CPA exam, if you want to plan ahead, you want to know what is being tested on this subject. Therefore, you will determine whether you want to take the first specialization, second specialization or the third specialization, which one do you want to choose? Because all you have to do is take one specialization. Now also, you could avoid the specialization altogether. If you complete the exam specifically, the BEC section of the exam of the old exam before 2024. So if you finish BEC before 2024, you don't have to take any specialization, you just have to take the three core, which is the FAR core, REC core, and the audit core. However, talking about what strategies you should take, I'll have this for a separate recording. But if you need any information about the other component, which is FAR, REC, and audit, please see the recording in this playlist. So let's go ahead and jump to the blueprint and take a look specifically at what topics are covered under this new specialization information systems and controls. Before we proceed any further, I have a public announcement about my company, farhatlectures.com. Farhat Accounting Lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses. My CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Miles. My accounting courses are aligned with your accounting courses broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions, as well as exercises. Go ahead, start your free trial today, no obligation, no credit card required. Looking at the blueprint, the information system and controls will have three areas. Area one, which is information systems and data management, which represent 35 to 45 percent, security, confidentiality, and privacy, 35 to 45, and consideration for system and organization controls, which is SOC's engagement. That's going to represent 15 to 25 percent. The good news about this, I just want to show you the good news about this, is 55 to 65. This is the good news. Is remembering and understanding what does that mean? It means I'm going to show you that there's going to be some new topics, but most of the new topics, or what I think are really new topics, are basically they're asking you for understanding and remembering. I would assume down the road, maybe a year or two from now, as we have more information, we're going to have less remembering and understanding, more application and analysis. So the point is, yes, it's a new specialization. Some of the information is new. The good news, it's they're testing you on the most basic level, which is remembering and understanding. That's the good news. Let's go ahead and get started. So let's take a look at area one, which is information systems and data management. And data management is a big deal throughout the exam for 2024. The first area under area one is information systems. And under information system, we have IT infrastructure. Did we learn about IT infrastructure in the past? And the answer is yes, we learn about operating system, network infrastructure, so on and so forth. Are they going to have more little bit more of a little bit more information? Yes, notice, but mostly in IT infrastructure, it's remembering and understanding, which is good, which is remembering and understanding. Enterprise and accounting information system, did we learn about ERP and accounting information system in the old exam? Sure, we did. But now we're going to have a little bit more of new information such as robotic process automation. For example, we did not really cover that. But everything else is basically the same. And here they're throwing SOC2. But again, we're going to learn about SOC1, SOC2 and SOC3. They're going to have their own area. So SOCs will be an important topic in the new CPA exam. Let's take a look at area three, availability. Did we have availability in the prior exam? Yes, we did. But availability was a part of a subsection. It was called security, availability and confidentiality. Now availability by itself has its own component. So this availability of information system, this is what we mean here. Because it's important, it has its own section, again, mostly remembering and understanding. Change management, we used to have change management was very small section, change management is expanding. But again, most of the expansion is remembering and understanding. Let's take a look at area one data management, again, data management, some of the data management believe it or not is removed from here. For example, the visualization part, it used to be data management and relationship. And part of it was data visualization. They removed the data visualization, some of it went to bar, and some of it went to the audit as part of data analytics. So but again, data management is important. For example, we're going to have start to learn about SQL queries, which we did not have in the past. So some new information under data management. What else? Let's go to area two, area two is security, confidentiality, and privacy. Well, we have some new topics here. For example, regulation, standard and framework, learning about HIPAA, PSI, DSS, all these are going to be new term and IST. Don't worry, you're going to have to learn about them later on. This is the bad news. The good news is they're all remembering and understanding. What does that mean? It means, you know, you need to know basically the definition and basic concept when we say remembering, understanding. So it's new, but it's easy. I would assume the year or two from now, some of these will be application and analysis. But at the beginning, that's what they have to do. Security, its own, its own section now, again, it used to be security, availability, and confidentiality. They believe security, which is IT security is an important topic, which indeed, if we know anything about today's world, it's extremely important. Under security, we're going to have threats and attacks, and we're going to learn about the different threats and attack that the information system could be subject to. And we're going to have obviously mitigation. So if we're going to learn about the threats and the attacks, we want to know about the mitigation as well. The good news is again, mostly notice at the first level, remembering and understanding, remembering and understanding, you know, some, you know, determine the specific cybersecurity threat, you know, application, determine the specific cybersecurity threat on the premises and on premise and cloud, cloud based application networks, again, application, but no analysis. Again, mitigation, how to deal with those threats, again, all basic, basic remembering and understanding. Some advanced topic in mitigation. Again, we learn about mitigation in the past, but they're going to expand on it. Third component will be testing. Some of it is no, some of it is all, but it's going to be tested at a, the testing section at the application and analysis level, which is perform a walkthrough of an organization procedure, basically learn about the IT system and compare the observed procedure with documented policy requirement. This is going to be on the analysis level. So some kind of challenging topics here, I would have to say confidentiality and privacy, most of it is remembering and understanding. Again, confidentiality used to be part of security, availability and confidentiality. Now, confidentiality is its own separate part, and they're adding more about privacy. Privacy is becoming an important topic in the real world. Therefore, they want you to know this incident report, again, part of the security and mitigation, but again, mostly remembering and understanding area three, area three is just basically from the name of it system and organization control, which is SAC and it's going to represent one up to one fourth of the exam. Right now we do cover SAC one and SAC two under the new exam, we're going to have a whole section. So you need to know a lot about SAC one, SAC two and little bit of SAC three actually, which is, I don't think it's a big deal, but we have to learn about those. So area three is all about SACs, but mostly for example, this area here is remembering and understanding, remembering and understanding, some application, yes, but mostly, if you notice, mostly remembering and understanding. So although it's a lot, but mostly remembering and understanding. So should you take this specialization? And my answer is this, if you work in IT, I would say if you work in IT, this specialization will be an easy specialization for you. If you like IT, if you are familiar with IT, if you're comfortable with IT, definitely this is a good specialization for you. If you don't like IT, if you don't work in IT, if you hate anything that to do with computers, don't take this specialization. What should you do? Well, one of two things, either take BEC before 2024, or if your strong area is taxation, take the tax compliance and planning. If your strong area is business analysis and reporting, which is basically financial accounting on an advanced level, you will take this specialization. You want to avoid all these specializations, take BEC before 2023. What should you do now? Well, if you're not a CPA candidate, take a look at my website, farhatlectures.com. Also see the prior session to have a good idea what's happening, what changes are undergoing in the CPA exam evolution 2024, and the CPA exam changes so you could make the appropriate decision. What should you do, which section you should take? Now, I'm giving you this recording in January 16, 2023, so you have almost the whole year, which is 11 and a half month, to decide what strategy you should do. What should I do? Anyway, I'm going to have a separate recording about this, giving you different, not different advices, just telling you what you should do, and you said that you should decide based on your need. Good luck, everyone. Don't be afraid of the CPA exam evolution 2024. Just make simple changes. It's not going to be easier. It's not going to be harder. You'll be prepared. I'll be here to help you. Good luck. Study hard and stay safe.