CA Final Question papers
Information Systems Control and Audit – May 2010
This Paper has 15 answerable questions with 0 answered.
Total No. of Questions — 5] [Total No. of Printed Pages — 2
Time Allowed : 3 Hours Maximum Marks : 100
Answer all questions.
1. ASK International proposes to launch a new subsidiary to provide e-consultancy services for organizations throughout the world, to assist them in system development, strategic planning and e-governance areas. The fundamental guidelines, programmes modules and draft agreements are all preserved and administered in the e-form only.
ASK International proposes to launch a new subsidiary to provide e-consultancy services for organizations throughout the world, to assist them in system development, strategic planning and e-governance areas. The fundamental guidelines, programmes modules and draft agreements are all preserved and administered in the e-form only.
(a) What are the two primary methods through which the analyst would have collected the data ?
(b) To achieve their objectives, what are the points BS 7799 has to ensure ?
(c) Suppose an audit policy is required, how will you lay down the responsibility of audit?
(d) To retain their e-documents for specified period, what are the conditions laid down by Section 7, Chapter III of Information Technology Act, 2000?
2. (a) What are common threats to the computerized environment other than natural disasters, fire and power failure? 5 (0)
(b) How would you use Data Dictionary as a tool for file security and audit trails? 5 (0)
(c) The management of ABC Ltd. wants to design a detective control mechanism for achieving security policy objective in a computerized environment. As an auditor explain, how audit trails can be used to support security objectives. 10 (0)
3. (a) How will you get over the impediments for the successful implementation of ERP? Mention any five. 10 (0)
(b) A company has decided to outsource a third party site for its alternate back-up and recovery process. What are the issues to be considered by the security administrator while drafting the contract? 5 (0)
(c) Explain the role of IS auditor in evaluating logical access controls. 5 (0)
4. (a) Describe some of the advantages of continuous audit techniques. 5 (0)
(b) Define the following terms related to Information Technology Act, 2000:
(i) Computer contaminant
(ii) Cyber cafe
(iii) Electronic form
(iv) Traffic data
(v) Asymmetric crypto system.
(c) Give some important advantages of Information System in business 5 (0)
(d) What is COBIT? Give three vantage points from which the issue of control can be addressed by this framework. 5 (0)
5. (a) What are the two primary questions to consider when evaluating the risk inherent in a business function in the context of the risk assessment methodologies? Give the purposes of risk evaluation. 5 (0)
(b) If you are the CEO of a company, what factors would be considered before undertaking implementation of an ERP system? 5 (0)
(c) Briefly describe any three of the characteristics of the types of information used in Executive Decision making. 5 (0)
(d) Discuss the benefits and limitations of unit testing. 5 (0) –