CA Final Exam Papers
Information Systems Control and Audit – November 2010
Total No. of Questions — 7] [Total No. of Printed Pages — 4
Time Allowed : 3 Hours Maximum Marks : 100
Answers to questions are to be given only in English except in the cases of candidates who have opted for Hindi medium. If a candidate who has not opted for Hindi medium, his answers in Hindi will not be valued.
Q.No. 1 is compulsory.
Attempt any five questions from the remaining six questions.
1. ABC Industries Ltd., a company engaged in a business of manufacture and supply of automobile components to various automobile companies in India, had been developing and adopting office automation systems, at random and in isolated pockets of its departments. The company has recently obtained three major supply contracts from International Automobile companies and the top management has felt that the time is appropriate for them to convert its existing information system into a new one and to integrate all its office activities. One of the main objectives of taking this exercise is to maintain continuity of business plans even while continuing the progress towards e–governance.
(a) When the existing information system is to be converted into a new system, what are the activities involved in the conversion process ?
(b) What are the types of operations into which the different office activities can be broadly grouped under office automation systems ?
(c) What is meant by Business Continuity Planning ? Explain the areas covered by Business Continuity.
(d) What is the procedure to apply for a licence to issue electronic signature certificates, under Section 22, Information Technology (Amended) Act, 2008 ? 20 (0)
2. (a) You are entrusted with the duty of implementing an ERP in your office. You have taken care of all the preparations during the implementation. However, during post implementation, there will be a need for course correction many times. What can be the reasons for them? 4 (0)
(b) Why does an organization implement an ERP package and evaluate the various available ERP packages for assessing suitability ? Mention the various evaluation criteria that are required to assess suitability of an ERP package on implementation. 4 (0)
(c) “The information system insurance policy should be a multiperil policy, designed to provide various types of coverage.” Discuss the comprehensive list of items considered for coverage. 8 (0)
3. (a) As an IS auditor, suggest a method to test the correctness of a particular module of source code and justify your answer. 4 (0)
(b) What are the aspects to be included when a documented audit program is developed ? 4 (0)
(c) “Once the information is classified on various levels, the organization has to decide about the implementation of different data integrity controls.” Do you agree ? If yes, explain about data integrity and its policies. 8 (0)
4. (a) “Technology risk assessment needs to be a mandatory requirement for any project to identify single point failures.” – Justify. 4 (0)
(b) What do you understand from Type I and Type II reports from a Service auditor? 4 (0)
(c) To get a good documentation of the working papers of an auditor, what are the points to be considered while gathering and organizing information and also mention the principles to be followed for writing the documentation ? 8 (0)
5. (a) What does Information Technology (Amended) Act, 2008 say about
(i) Attributes of Electronic Records in Section 11 and
(ii) Secure Electronic Signature (Substituted vide ITAA 2008) in Section 15 ? 4 (0)
(b) What do you understand from the term ‘database’ ? How is it implemented in three different levels ? 4 (0)
(c) System maintenance is an important phase during the implementation of the system. If so, what are the three categories in which maintenance can be undertaken ? As an IS auditor of the organization, how will you evaluate the effectiveness and efficiency of the system maintenance process ? 8 (0)
6. (a) As a person in-charge of System Development Life Cycle, you are assigned a job of developing a model for a new system which combines the features of a prototyping model and the waterfall model. Which will be the model of your choice and what are its strengths and weaknesses ? 8 (0)
(b) From the perspective of IS audit, what are the advantages of System Development Life Cycle ? 4 (0)
(c) How will you define a software process ? What do you mean by its capability, performance and maturity ? 4 (0)
7. Write short notes on any four of the following: 4×4=16
(a) Regression Testing (0)
(b) Business Engineering (0)
(c) Benefits of Expert Systems (0)
(d) Section 41, IT AA 2008 – Acceptance of Digital Signature Certificate. (0)
(e) SysTrust and Web Trust Services. (0)