CA Final – Group II : Information Systems Control and Audit –
This Paper has 19 answerable questions with 0 answered.
Total No. of Questions — 5] [Total No. of Printed Pages — 2
Time Allowed : 3 Hours Maximum Marks : 100
Answer all questions. Each question carries 20 marks.
1. Worldwide, a global telecom company is serving to more than 10 million customers in the area of communications through fixed land lines, mobiles, internet services, digital TV and satellite system etc.
The financial analysts of the company are located in different functional groups in six geographical regions. These analysts are missing the access to the same data, as well as timely access to the information. Dated budget and actual numbers for each business unit reside in seven different systems, separating critical components of the Profit and Loss account and inhibiting analyst’s ability to assess results. The problem gets further complicated as the field analysts are not able to go to one universal place to retrieve the data themselves and they have to rely upon the home office for the same.
The objective of the company is to set some critical financial goals so that the company could remain competitive and increase market share.
Read the above carefully and answer the following with justifications:
(a) To overcome the problems which the financial analysts are facing, what kind of software the company should select? 
(b) The company is advised that the adoption of BS7799 International Standard will help in overcoming the problems and achieving its goals. Discuss. 
(c) How should the human resources be enriched for effective utilization of the proposed new systems and standards? 
2. (a) Identify and justify the type of each one of the following systems based on how they perform within an environment and/or certainty/ uncertainty: 5
(i) Marketing system (0)
(ii) Communication system (0)
(iii) Manufacturing system (0)
(iv) Pricing system (0)
(v) Hardware–Software system. (0)
(b) Explain the threats due to Cyber crimes. 5 (0)
(c) Discuss ‘Physical and Environmental Security with Control and Objectives’ with respect to information Security Policy? 5 (0)
(d) How does the Information Technology Act, 2000 enable the authentication of records using digital signatures? 5 (0)
3. (a) What analysis should be done for understanding the degree of potential loss (such as reputation damagee, regulation effects) of an organization? Enumerate the tasks to be undertaken in this analysis. In what ways the information can be obtained for this analysis? 10 (0)
(b) Describe Risk Management Process. 5 (0)
(c) Explain the term “Cryptosystems”. Briefly discuss Data Encryption Standard. 5 (0)
4. (a) You have been asked to conduct an I.S. Audit for a bank. (i) How will you develop a documented audit program? (ii) What kind of working papers and documentation you will prepare? 10 (0)
(b) Explain the basic types of Information Protection that an Organization can use. 5 (0)
(c) Discuss the three processes of Access Control Mechanism, when an user requests for resources. 5 (0)
5. (a) How does the Information Technology Act, 2000 enable the objective of the Government in spreading e–governance? 5 (0)
(b) Briefly discuss Black Box Testing. 5 (0)
(c) Discuss anti–virus software and its types. 5 (0)
(d) ABC Limited has recently migrated to real–time Integrated ERP System. As an IS Auditor, advice the company as to what kinds of businesses risks it can face? 5 (0)