INFORMATION SYSTEMS CONTROL AND AUDIT

Important Questions for MAY2010 Prepared by B.V.N.RAJESWAR

Chap 1

1) a) What is Information ? Explain the characteristics of information?

b) Explain process of decomposition with proper examples?

2)a) Various types of information is required at different levels explain them

ASTI b) Explain the effect of applying comp.tech on MIS? List down the misconceptions or myth about MIS?

3)a)What is DSS ?Give components and examples of DSS in accounting ?

b) Discuss the contents and purpose of EIS ? In what way EIS differ from traditional systems ?

Chap 2

4)a) What is SDLC ? Explain the characteristics in system development methodology?

b) What type of approach is suited for RAD model and Prototype

c) Explain the fact finding technique ? What are the areas covered under existing system study?

5)a) Why organizations fail to achieve system development objectives?

b) What is DFD ? Explain with an example ?

c) What tools are used by analyst to depict the logical flow for the proposed system?

6 )a) What are the factors to be considered while designing Input/output ? What are the guidelines for presenting information? bvnr

b) Explain some of the desired characteristics of a good coding scheme with examples?

7) a)What are the points to be considered while selecting computer system? What is Benchmarking ?

b) Explain the stages in PDLC ? What are various Program Design Tools?

8) a)What type of training is to be provided for operators and users ?

b) Explain different conversion strategies with advantages and limitations of each?

Chap 3

9) a) “The existence of audit trial is a key financial audit requirement , without that auditor maynot be able to validate the figures in client’s account” , what change’s have occurred in audit trial and audit evidence explain ?

b) What control is required to establish over Data integrity, privacy and security ?

c) Evaluate the technical & Asynchronous attacks? Audit controls for environmental controls

d) Explain physical access controls ?

e) Write short notes on the following ? Date privacy, unautorised intrusion, Hacking, firewall?

Chap 4

10) a)Explain various types test plans? What are the types of software testing?

b) Explain concurrent audit techniques ? list out the advantages and disadvantages of continuous auditing

c) Every organization in today’s environment depends on public networks for their communication , explain the auditor plan to review the review the procedure todo so?

Chap 5

11)a) Explain the risk management? Classify Systematic and unsystematic risks?

b) How is risk ranked , consider in analyzing risk? construct a table for data security?

c) What are the threats to computer environment ?

chap 6

12) a) Explain the methodology of developing a BCP? Discuss BIA, Single point of failure analysis?

b) Discuss the backup and redundancy ? Give the types of back-up media?

c) Explain the disaster Recovery / BRP methodology?

Chap 7

13) a) Define ERP? Explain the ERP implementation methodology?

b) What are post implementation blues? Benefits of ERP?

c) What is BPR ? What is a Business modeling & engineering ?

d) What are key planning implementation decisions of ERP?

chap 8

14)a) Explain the focus areas of ISMS ? discuss Systrust and Webtrust ?

b) Write briefly about HIPAA? Levels of CMM?

Chap 9

15? What is security objective ? what are the basic types of protection?

b) how does the information security policy help in achieving those objectives ?(what audit policy should do )

c) Ddiscuss Change control ,end user computing policies?

d) Explain the components of the security policy ?

chap 10

16) IT act imp topics :differences between 2000 and 2008 it act

Objectives and scope of the act, Digital signature ? Section 2/Chap iii , vi, ix,xi,xiii ?

17) Short notes ASTI

* Supra system / Database/ SYSTEM TESTING/Data Dictionary / Data storage/ methods of presenting information/ Business management /Firewall / Encryption/ Access list/ Biometric devices /types of physical locks//Laptop security / BS 77 -99 / Electronic Signature certificate /

Note

1	Questions may be either direct or with case type , try to extract the concept and write down
2	Write it in bulleted form , where ever required give illustrations
3	Topics 4,5,6,7,9,10 put together 60-80 marks are regularly asked
4	Topic 2 is reflected once again in chap 3 ,4,8 & 9