CA Final Question papers Group II Information Systems Control and Audit November 2008

CA Final Group II : Information Systems Control and Audit

November 2008

This Paper has 26 answerable questions with 0 answered.
Total No. of Questions — 7] [Total No. of Printed Pages — 2
Time Allowed : 3 Hours Maximum Marks : 100
Question No. 1 is compulsory.


Answer any four questions from the remaining six questions.
1. (a) Briefly explain Enterprise Resource Planning(ERP) and describe five of its characteristics. 10 (0)
(b) Discuss the objectives and goals of Business Continuity planning. 5 (0)
(c) State the liabilities of companies under section 85 of Information Technology Act, 2000. 5 (0)
2. (a) State and briefly explain the six stages of System Development Life Cycle (SDLC). 10 (0)
(b) What is Decision Support System?. Briefly explain three characteristics of Decision Support System. 5 (0)
(c) Explain Executive Information System(EIS). What purpose does it serve? 5 (0)
3. (a) What do you understand by classification of information? Explain different classifications of information. 10 (0)
(b) Explain software testing and state its objectives. 5 (0)
(c) Briefly explain the formal change management policies, and procedures to have control over system and program changes. 5 (0)
4. (a) What do you understand by Software Process Maturity? Discuss five levels of Software Process Maturity of Capability Maturity Model(CMM). 10 (0)
(b) Discuss various types of Information Security polices and their hierarchy. 5 (0)
(c) State and briefly explain the contents of a Standard Information System Audit Report. 5 (0)
5. (a) Explain the following terms with reference to Information Systems: 10
(i) Risk (0)
(ii) Threat (0)
(iii) Vulnerability (0)
(iv) Exposure (0)
(v) Attack (0)
(b) “There always exist some Common threats to the computerized environment.” Explain these threats. 5 (0)
(c) What do you understand by “Risk Assessment”? Discuss the various areas that are to be explored to determine the risk. 5 (0)
6. (a) What do you understand by the term Disaster? What procedural plan do you suggest for disaster recovery? 10 (0)
(b) Describe the methodology of developing a Business Continuity Plan. 5 (0)
(c) Briefly explain the various types of system’s back–up for the system and data together. 5 (0)
7. Write short notes on the following: 4×5=20
(a) Advantages of Application Packages (0)
(b) Key elements in System Development and Acquisition Control. (0)
(c) Powers of Cyber Appellate Tribunal. (0)
(d) Information System Maintenance. (0)

Leave a Comment