CA Final Question Papers Group II
Information Systems Control and Audit
This Paper has 21 answerable questions with 0 answered.
Total No. of Questions — 7] [Total No. of Printed Pages — 3
Time Allowed : 3 Hours Maximum Marks : 100
Answers to questions are to be given only in English except in the case of candidates who
have opted for Hindi Medium. If a candidate has not opted for Hindi medium, his/her answers
in Hindi will not be valued.
Question No. 1 is compulsory.
Answer any five Questions from the remaining six questions.
1. ABC Udyog, a leading automobile company is having several manufacturing units, located in different parts of the world and manufacturing several types of automobiles. The units are working on legacy systems, using an internet and collating information, but using different software and varied platforms (Operating Systems) which do not allow communication with each other. This results in huge inflow of duplicate data.
The company wishes to centralize and consolidate the information .flowing from its manufacturing units in a uniform manner across various levels of the organization, so that the necessary data required for preparing MIS reports, budget, profit / loss accounts etc. could be available timely.
The company decided to engage XYZ consultancy Services for the development of new system. Being a Senior Project Leader of the Consultancy Services, you are entrusted with the responsibilities of handling this project.
Read the above carefully and answer the following with justifications :
(a) What areas are required to be studied in order to know about the present system? Write the problems that the ABC Udyog is presently facing.
(b) Will you suggest ERP solution to overcome the problems? If yes, explain why.
(c) What kind of training you will recommend to enrich the human resources for effective utilization of the proposed new system and standards?
(d) What are various backup techniques? Which backup technique, you will recommend and why?
2. (a) Define the term “Information”; Discuss various important attributes that are required for useful and effective information. 8 (0)
(b) At the end of analysis phase, the System Analyst prepares a document called “Systems Requirement Specifications (SRS)”. Write the contents of SRS. 4 (0)
(c) What is the significance of Post Implementation Review? How it is performed? 4 (0)
3. (a) How will you define a risk assessment? Briefly explain various review areas to be focused upon. 8 (0)
(b) Following are involved in the System Development Life Cycle (SDLC). Discuss their roles:
(i) Project Manager.
(ii) System Analyst.
(iii) Database Administrator (DBA).
(iv) IS Auditor.
(c) Draw the flowchart to find the sum of first 50 even numbers, starting from 2. 4 (0)
4. (a) Explain the various general components of Disaster Recovery Plan. 6 (0)
(b) What is Data Privacy? Explain the major techniques that are used to address Privacy Protection for IT Systems. 6 (0)
(c) In what ways, an audit trail is used to support security objectives? Describe each one of them. 4 (0)
5. (a) As a system auditor, what control measures will you check to minimize threats, risks and exposures to a computerized system? 8 (0)
(b) Describe the advantages and disadvantages of Continuous Auditing Techniques in brief. 4 (0)
(c) What are commonly used techniques to assess and evaluate risks? Explain each one of them. 4 (0)
6. (a) What is the significance of a Business Impact Analysis? Enumerate the tasks to be undertaken in this analysis. In what ways the information can be obtained for this analysis? 8 (0)
(b) Give the hierarchy of Information Security Policies and discuss each one of them. 4 (0)
(c) Describe the composition and powers of Cyber Regulatory Appellate Tribunal. 4 (0)
7. Write Short notes on any four of the following:
(a) Objectives of an Operating System 4 (0)
(b) Information System Maintenance 4 (0)
(c) Client/Server Technology 4 (0)
(d) Locks on Doors with respect to Physical Access Control 4 (0)
(e) HIPPA 4 (0