INFORMATION SYSTEMS CONTROLS AND AUDIT
Important Questions For November 2011 Exams
CHAPTER 1 Information System Concepts
|
S.No. |
Question |
|
1. |
Define information. What are the important attributes/ characteristics of useful and effective information? |
|
2. |
What are the various factors on which requirement of information depend? |
|
3. |
What are the characteristics of an effective Management Information System? What are the common misconceptions about MIS?
|
|
4. |
What is a Decision Support System? What are the components of DSS?
|
|
5. |
What are the characteristics and advantages of ERP systems? |
|
6. |
Write short notes on: a) Open system and closed system b) Deterministic and probabilistic system
c) Supra system
d) Characteristics of the types of information used in Executive decision making.. |
CHAPTER 2 SYSTEM DEVELOPMENT LIFE CYCLE METHODOLOGY
|
S. NO. |
QUESTION |
|
1. |
What are the reasons due to which organizations fail to achieve their objective of system development? |
|
2. |
What are the steps involved in building a prototype? In which fields prototyping is more successful? What are the advantages and limitations of prototyping approach of system development? |
|
3. |
What are the objectives of conducting feasibility study? What are the major areas of conducting feasibility study? |
|
4. |
What are the various tests that are performed while conducting system testing? |
|
5. |
What are the activities involved in post implementation evaluation? Why post implementation evaluation is important?2 |
|
6. |
Write short notes on:
a) System Requirement Specification
b) Data dictionary c) Different types of system maintenance
d) Different types of unit tests |
CHAPTER-3 AN OVERVIEW OF ENTERPRISE RESOURCE PLANNING
|
S. NO. |
QUESTIONS |
|
1. |
Write a detailed note on the expectations, fears and the ground realities that a corporate management faces during the post - implementation phase of ERP.
|
|
2. |
What guidelines should be followed before starting the implementation of ERP package? |
|
3. |
Describe briefly the following SAP R/3 applications :
a) Financial Accounting
b) Treasury
c) Enterprise Controlling
d) Production Planning and Control
|
|
4. |
Why do ERP projects fail so often? |
|
5. |
How does ERP fit with E-Commerce? |
|
6. |
Write short notes on: 1) Business Process Engineering
|
CHAPTER-4 INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008
|
S. NO |
QUESTIONS |
|
1. |
What are the conditions subject to which any electronic signature or electronic authentication scheme shall be considered reliable? |
|
2. |
What are the objectives of IT Act, 2000?
|
|
3. |
Define The Following Terms in the light of ITAA 2008: · Digital signature · Electronic Form · Electronic record · Information · Computer Resources · computer |
|
4. |
What does ITAA 2008 say about:
i. Time and dispatch and receipt of electronic record.
ii. Acknowledgement of receipt. |
|
5. |
Discuss the provisions of Sec. 6 Of ITAA 2008 related to use of electronic records and electronic signatures in Government and its agencies. |
|
6. |
What are the functions which a Controller may perform in respect of activities of Certifying Authorities? |
|
7. |
What certification is made by the Certifying Authority while issuing a Digital Signature Certificate under Sec. 36 of ITAA 2008? |
CHAPTER 5 CONTROL OBJECTIVES
|
S.NO. |
QUESTIONS |
|
1. |
What are main reasons for establishing information system controls? |
|
2. |
What is the effect of computer on audit? |
|
3. |
What are the different categories of IS audit? |
|
4. |
What are the different types of costs involved in implementing controls?
|
|
5. |
What are the techniques involved in financial controls? |
|
6. |
What is the auditor’s role in user final acceptance testing? |
|
7. |
What is the significance of a security policy? What are the contents of security policy? |
CHAPTER-6: TESTING-GENERAL AND AUTOMATED CONTROLS
|
S.NO |
QUESTIONS |
|
1. |
What are the different tests through which the auditor can test controls? What are the different phases involved in information system control audit? |
|
2. |
What information should be reviewed by the auditor in the process of preliminary understanding of entity’s IS controls?
|
|
3. |
Describe the sequence in which the auditor should test the different controls? |
|
4. |
What different procedures can be used by the auditor to obtain sufficient and appropriate evidence to support their conclusions for assessing the operating effectiveness of IS controls? |
|
5. |
What are the contents of an audit report related to controls testing? |
|
6. |
Write short notes on: a) IS controls audit process b) Multiyear testing plans
c) Snapshot and integrated Test Facility techniques of concurrent audit |
CHAPTER-7-RISK ASSESSMENT METHODOLOGIES AND APPLICATIONS
|
S.NO. |
QUESTIONS |
|
1. |
Define risk, threat, vulnerability, attack, residual risk and exposure?
|
|
2. |
What is risk assessment? How is it performed?
|
|
3. |
Describe the process of risk management?
|
|
4. |
What are the common risk mitigation techniques? |
|
6. |
Write short notes on:
a) systematic risk and unsystematic risk
|
CHAPTER-8-BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING
|
S.NO. |
QUESTIONS |
|
1. |
What is business continuity planning? What are the components of a business Continuity Plan? What are the steps involved in business continuity life cycle?
|
|
2. |
What are the objectives of business continuity planning?
|
|
3. |
What is business impact analysis? What are the various activities which are performed in the business impact analysis phase of business continuity plan development?
|
|
4. |
What are the objectives of business continuity plan testing?
|
|
5. |
What areas should be evaluated by an auditor while auditing the disaster recovery plan? |
|
6. |
Discuss the various important threats, risks and exposures in a computerized system?
|
|
7. |
What are the factors which influence the selection of backup media? What are the purposes for which backups can be used?
|
CHAPTER-9-INFORMATION SYSTEMS AUDITING STANDARDS, GUIDELINES, BEST PRACTICES
|
S.NO. |
QUESTIONS |
|
1. |
What is the process of graduating from a Level 1 maturity to a Level 5 maturity under CMM Framework? |
|
2. |
“Security policy involves a thorough understanding of the organization business goals and its dependence on information security.” What are the areas which should be covered under this policy? Also mention its controls and objectives. |
|
3. |
In the scope of the Information Technology Infrastructure Library (ITIL) framework, explain the guidelines stated in the IT Service Management books. |
|
4. |
What are the common features in all security standards? |
|
5. |
Explain the various domains of COBIT, identified for high level control objectives to manage IT resources.
|
|
6. |
Write short notes on: a) Asset Classification and Control under ISMS b) Communications and operations management
c) Configuration management under ITIL framework |
CHAPTER-10- DRAFTING OF IS SECURITY POLICY, AUDIT POLICY, IS AUDIT REPORTING-A PRACTICAL PERSPECTIVE
|
S NO. |
QUESTIONS |
|
1. |
What are the reasons which lead to gap between the need to protect systems and the degree of protection applied? |
|
2. |
What factors should be considered while protecting information? What are the basic ground rules that must be addressed sequentially to protect the information systems?
|
|
3. |
What major points related to Access Control should be set out in the information security policy? |
|
4. |
What is the scope of IS audit? |
|
5. |
What audit policy should do? |
|
6. |
Write short notes on: a) Attributes of security objective b) What information is sensitive? |
![Ritesh Indian Son[CMA*CS*CA]](/img/avatars/my_avatars/289269.jpg)
CAclubindia
