Q.2(c) - SAS 70 - refer page 8.28 of New ISCA Module

Q3(a)- Standard Audit Report -

9.8 IS AUDIT REPORTS
Structure: Audit reports broadly include the following sections: title page, table of contents,
summary (including the recommendations), introduction, findings and appendices. These
components of an audit report are discussed below:
(i) Cover and Title Page : Audit reports should use a standard cover, with a window
showing the title: "Information System Audit" or "Data Audit", the department's name and the
report's date of issue (month and year). These items are repeated at the bottom of each page.
The title page may also indicate the names of the audit team members.
9.22 Information Systems Control and Audit
(ii) Table of Contents : The table lists the sections and sub-sections with page numbers
including summary and recommendations, introduction, findings (by audit field) and
appendices (as required).
(iii) Summary / Executive Summary : The summary gives a quick overview of the salient
features at the time of the audit in light of the main issues covered by the report. It should not
normally exceed three pages, including the recommendations.
(iv) Introduction : Since readers will read the summary, the introduction should not repeat
details. It should include the following elements:
♦ Context : This sub-section briefly describes conditions in the audit entity during the
period under review, for instance, the entity's role, size and organization especially
with regard to information system management, significant pressures on information
system management during the period under review, events that need to be noted,
organizational changes, IT disruptions, changes in roles and programs, results of
internal audits or follow-up to our previous audits, if applicable.
♦ Purpose : This sub-section is a short descripttion of what functions and special
programs were audited and the clients' authorities.
♦ Scope: The scope lists the period under review, the issues covered in each function
and program, the locations visited and the on-site dates.
♦ Methodology: This section briefly describes sampling, data collection techniques
and the basis for auditors' opinions. It also identifies any weaknesses in the
methodology to allow the client and auditee to make informed decisions as a result
of the report.
(v) Findings : Findings constitute the main part of an audit report. They result from the
examination of each audit issue in the context of established objectives and clients'
expectations. If the auditor is using any standard grading standard like InfoSecGrade or
others, the arrived value should also be stated.
(vi) Opinion : If the audit assignment requires the auditor to express an audit opinion, the
auditor shall do so in consonance to the requirement.
(vii) Appendices : Appendices can be used when they are essential for understanding the
report. They usually include comprehensive statistics, quotes from publications, documents,
and references.
Level of Detail : The depth of coverage for issues should normally reflect the significance of
the findings. Situations representing a high degree of risk or indicating shortcomings that are
serious enough to justify a recommendation should be treated extensively.
Specific initiatives that the auditors wish to mention as examples should be described in detail,
while issues where the department meets the expectations and there is nothing specific to
mention should be dealt with briefly.
Drafting of IS Security Policy, Audit Policy, IS Audit Reporting
- A Practical Perspective
9.23
Commentary : Where a recommendation and a compliment are made under the same issue,
they should be in separate paragraphs, otherwise, they may confuse the reader and reduce
the impact of one or the other.
Statistics need to be used consistently throughout the report. Sample size and error rate mean
more when they are given in context. The size of the population, the number of transactions
and the period of time provide that context.
Percentages should not be used when referring to small samples (less than one hundred).
Graphics should be used when they add to the understanding of the text.

Q.3(b)- Characteristics of EIS -

Characteristics of EIS : Some of the characteristics of EIS are as follows :

(i) EIS is a Computer-based-information system that serves the information need of top

executives.

(ii) EIS enables users to extract summary data and model complex, problems without the

need to learn query languages statistical formulas or high computing skills.

(iii) EIS provides rapid access to timely information and direct access to management

reports.

(iv) EIS is capable of accessing both internal and external data.

(v) EIS provides extensive online analysis tool like trend analysis, market conditions etc.

(vi) EIS can easily be given a DSS support for decision making.

Q.3(c)- various backup options - arranging alternate processing facility - given above

I attempted 76 marks but used techinical language. Is there any possibility to secure 55+

Originally posted by : Tejas
	ISCA is a subject where the examiners only compare language of answer you have written and the model answer so if no technical language dont expect to score. It seems there are not many technically qualified people in this field so examiners are not interested in interpreting the answers of students and they are merely compared to the model answers word by word.

 agreed

Originally posted by : Kanak
	I attempted 76 marks but used techinical language. Is there any possibility to secure 55+

We cannot say any thing......

wat was the answere for post implementation for ERP ???

Originally posted by : FOJAN
	wat was the answere for post implementation for ERP ???

critical  success factor and all  

gOOD pAPER .............................

the Paper was gud one.. as compared to Nov.10 paper a linient Paper

Gud for Getting marks over 50-55.

Ya better than mics. I tought it would be a bouncer. but all direct questions.

questions r direct....but even after solving 100 marks paper it is very difficult to score 50 marks

isca is  very easy subject, it lyk free subject its bcz of isca we should consider 7 papers in final instead of 8. Thank to the institute for putting isca in syllabus.

good and easy paper...