Get premium membership and access revision papers, questions with answers as well as video lessons.
Got a question or eager to learn? Discover limitless learning on WhatsApp now -
Start Now!
Information Systems Audit Question Paper
Information Systems Audit
Course:Bachelor Of Science In Information Technology
Institution: Kca University question papers
Exam Year:2010
UNIVERSITY EXAMINATIONS: 2009/2010
THIRD YEAR EXAMINATION FOR THE DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3201: INFORMATION SYSTEMS AUDIT
DATE: APRIL 2010 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
QUESTION ONE
a) What do you understand by ‘Information systems auditing? [2 Marks]
b) The framework for the ISACA IS Auditing Standards provides for multiple levels, as follows:
(i) Standards
(ii) Guidelines
(iii) Procedures
Describe each and give at least one example. [6 Marks]
c) (i)What do you understand by the term ‘Internal controls? [2 Marks]
(ii) Discuss any two components of internal control systems that are employed in an organization to reduce risks [4 Marks]
(iii) Discuss how identity theft is used to cause fraud in information systems [2 Marks]
d) One of the Codes of professional ethics states that “Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards and best practices”.
Discuss what is meant by:
i. Objectivity
ii. Due diligence
iii. Professional care
[6 Marks]
e) Overview of the Audit process consists of several steps. Describe them in their correct order and elaborate each step. [5 Marks]
f) Describe the following terms in system auditing environment
(i) Confidentiality [1 Mark]
(ii) Integrity [1 Mark]
(iii) Availability [1 Mark]
QUESTION TWO
(a) Controls are generally categorized into three major classifications. List these three and give an example of each in relation to information systems environment. [6 Marks]
(b) Audit planning consists of both short- and long-term planning.
(i) Describe each type mentioned above [2 Marks]
(ii) There are four major factors that affect planning. Describe them. [8 Marks]
(c) What is ‘Evidence’ in relationship to System Auditing? [2 Marks]
(d) An Information system auditor encounters several computer forensic scenarios in the course of his
work. Discuss two common scenarios in the field [2 Marks]
QUESTION THREE
(a) Describe and give an example of each of the following:
i. Contingency planning, [2 Marks]
ii. Incident response, [2 Marks]
iii. Disaster Recovery [2 Marks]
iv. Business Continuity [2 Marks]
(b) With a well labeled diagram, show the relationship of the four elements given above. [4 Marks]
(c) Differentiate between the following set of terms:
i. Control and control objectives [4 Marks]
ii. Risk assessment and Risk management [4 Marks]
QUESTION FOUR
a) Briefly state two characteristics of an Information systems Auditor. [2 Marks]
b) There are numerous factors that a System Auditor ought to put into consideration when
undertaking their duties. Discuss any three. [3 Marks]
c) Discuss three possible active threats to information systems. [3 Marks]
d) Describe three guidelines that assist system auditors detect and deter fraud occurrences in an organization [6 Marks]
e) Discuss when and how an information system firm should retain a Data Forensic Expert.
[4 Marks]
f) What is IT governance? Discuss how it helps in any organization [2 Marks]
QUESTION FIVE
a) Discuss the following type of audit as they apply to Information systems auditing:
i. Technological position audit [3 Marks]
ii. Application and systems audit [3 Marks]
iii. Systems development audit [3 Marks]
b) During contingency recovery planning, we can opt to deal with hot or cold site. Discuss hot site giving relevant examples. [1 Mark]
c) Under COBIT, the following are IT resources:
i. Data
ii. Application systems
iii. Technology
iv. Facilities
v. People
Discuss each and explain their roles in system auditing [2 Marks each]
More Question Papers
Popular Exams
Return to Question Papers