EIS Mentor N23

Easy Interesting Scoring
Enterprise Information
Systems
MENTOR
QUESTION BANK
Om S Trivedi Edited by
Prof. (CS) Amit Rajpurohit Prof. (CS) Amit Rajpurohit
IIM-C Alumnus,
Visiting FacultyGuest Faculty of
of WIRC, Eesha Narang
Visiting Faculty of WIRC,
LVC and External Subject Expert at Assistant Professor, DAV College,
NIRC and CIRC of ICAI
the BOS of ICAI, Visiting Faculty
NIRC and CIRC of ICAI
Abohar, MA (English), M.Phil., Delhi
Member of NIRC and WIRC of ICAI University
www.eissmpendrive.in
Carvinowledge
P R E S S
Enterprise Information Systems (EIS) MENTOR

Question Bank - New Edition
© Om Trivedi, 2023
All rights reserved. No part of this publication may be reproduced or transmitted, in any form or by any means, without permission. Any per-
son who commits any unauthorised act in relation to this publication may be liable to criminal prosecution and civil claims for damages.
Published by Prathama Trivedi for Carvinowledge Press
Carvinowledge Press
B-8/GM-4, DLF Colony, Dilshad Extn.-II
Bhopura, Ghaziabad-201005
Mobile: +91-9953922272
E-mail: carvinowledge@gmail.com
www.carvinowledge.in
Composition Services:
Babra Design
Vijay Babra
House No. 43, Rajeev Garden,
Loni, Ghaziabad - 201102
Mobile: +91-9015729698
E-mail: babradesign@gmail.com
This book is meant for educational and learning purposes. The author(s) of the book has/have taken all reasonable care to ensure that the contents of the book do not
violate any existing copyright or other intellectual property rights of any person in any manner whatsoever. In the event the author(s) has/have been unable to track any
source and if any copyright has been inadvertently infringed, please notify the publisher in writing for corrective action.
Pre face
Welcome to this new edition of ‘Enterprise Information Systems (EIS) Mentor: Question Bank!
As an author, I am sensitive to your learning as well as examination needs. I believe that citation of the right
content with right answers to questions and their presentation in the examination is an effective tool that
determines the success of a student. For this very reason, I have taken your point of view into consideration. In
writing each chapter, I have taken every care to make the content informative as well as easy and interesting
to read, write and present in examination.
The aim of ‘Enterprise Information Systems (EIS): Question Bank, is to help CA Intermediate
(New Course) students by clearly explaining, analyzing, and evaluating important Enterprise Information
Systems (EIS) concepts. My approach in writing this book was essentially twofold: to write an accessible
textbook that students feel comfortable with but without compromising on the academic rigour.
The case-studies, scenarios and MCQs herein, have been taken from contemporary world, ICAI literatures
and leading brands around us. These help to bridge the gap between theory to practice; aiming not only at
a comprehensive learning experience but also offering an interesting reading. To supplement this, I have
tried to adopt a user-friendly writing style that gives clear and concise explanations to help students engage
readily with the content and grasp complex strategic concepts easily.
The book has been divided into 6 Parts.

Part 1: Descriptive and Practical Questions (PYQs, RTPs, MTPs, etc. covered)
Part 2: Multiple Choice Questions (MCQs) – Topic-wise
Appendix 1: Self-evaluation Tests (SETs)
Appendix 2: Case Studies and Scenario Based MCQs
Appendix 3: Glossary of Terms
Appendix 4: Additional Case Studies and Scenario Based MCQs
I would be happy to get your feedback, comments and queries. You can get in touch with me at
omtrivedi@ymail.com or call me at 9958300572 (between 8 pm – 10 pm).
Good luck for a challenging and successful learning experience!

Prof. Om Trivedi
iv 9958300572
Scan to Connect and Learn with Om Sir
Telegram
EIS - SM with Om Trivedi - EIS SM
EIS - SM App. EIS - SM App. OM
OMTRIVEDISIR
9958300572 9953922272
www.eissmpendrive.in
www.eissmpendrive.in v
E I S Mentor Pl anne r
A Gateway to Success
Repeat 1
Repeat 2
Repeat 3
Repeat 4
Chapter
Practice
Learn
Read
Table of Contents Page. No.
Pass in First Excel Excel Excel Excel

Attempt with 60+ with 70+ with 80+ with 90+
1 AUTOMATED BUSINESS PROCESSES 1-70
Enterprise Business Processes
Business Process Automation
Flowcharts and DFD
Risk and its Management
Enterprise Risk Management (ERM)
Risks and Controls for specific Business
Processes
FINANCIAL AND ACCOUNTING SYS-
2 71-98
TEMS
Computerized Accounting Syatems
ERP and Non-Integrated Systems
Risks and Controls in an ERP Environment
Audit of ERP Systems
Business Process Modules and their
integration
Management Information Systems
(MIS)
Data Analytics and Business Intelli-
gence
Extensible Business Reporting Language
(XBRL)
INFORMATION SYSTEMS AND ITS
3 99-143
COMPONENTS
Components of Information Systems
Data Related Concepts
Information Systems’ Controls
Information Systems’ Auditing
Managerial Controls
Application Controls
Auditing of Information Systems Control
Organization Structure and Responsi-
bilities
Segregation of Duties
E I S Mentor Pl anne r
A Gateway to Success
Repeat 1
Repeat 2
Repeat 3
Repeat 4
Chapter
Practice
Learn
Read
Table of Contents Page. No.
Pass in First Excel Excel Excel Excel

Attempt with 60+ with 70+ with 80+ with 90+
E-COMMERCE, M-COMMERCE AND
4 144-174
EMERGING TECHNOLOGIES
Components of E-Commerce
Architecture of Networked Systems
Workflow Diagram for E-Commerce
Risks and Controls related to E-Commerce
Guidelines and Laws governing E-Commerce
Digital Payments
Computing Technologies
Virtualization
Cloud Computing
Grid Computing
Mobile Computing
Green Computing
BYOD, AI, IOT, Web 3.0, 4.0 and Ma-
chine Learning
5 CORE BANKING SYSTEMS 175-195
Overview of Banking Services
Components and Architecture of CBS
CBS Risks, Security Policy and Controls
CBS Core Business Processes - Relevant
Risks and Control
Reporting Systems and MIS, Data Analytics
and Business Intelligence
6 Regulatory Compliance 196-202
Appendix - I: Self-Evaluation Test
7 (SET) - 1 to 21 203-234
8 Appendix - II: Case Studies and Scenarios 235-271
9 Appendix - III: Glossary 272-274
Appendix - IV: Additional Case Studies
275-298
9 and Scenario Based MCQs
Visual Wal k -through
EIS Mentor Planner

Planner is a Strategic Tool to help
students track their coverage (Chapter-
wise/Concept-wise), Completion and
Multiple Revisions of Syllabus in time
bound, Target base, efficient and effective
manner.
c h a p t e r
C h a p t e r
1
Amendments at a Glance
Automated Business
Processes
(Applicable for May 2022 Onwards)

© Carvinowledge Press (CNP), 2022
Risk Management Strategies

◘ Risk Analysis is defined as the process of identifying security risks and determining their magnitude and impact on
an organization.
◘ Effective risk management begins with a clear understanding of an enterprise’s risk appetite and identifying high-level
risk exposures.
◘ The unacceptable high levels of risks can be controlled by designing and implementing adequate proactive controls.
◘ But it is not always appropriate to counter risks by implementing controls because controls involve cost.
◘ Based on the type of risk, project and its significance to the business; Board and Senior Management may choose to
take up any of the following risk management strategy in isolation or combination as required:
Transfer/Share the risk
◘ Risk mitigation approaches can be shared with trading partners and suppliers.
Example: Outsourcing infrastructure management where the supplier mitigates the risks associated with managing the IT
infrastructure by being more capable and having access to more highly skilled staff than the primary organization.
◘ Risk also may be mitigated by transferring the cost of realized risk to an insurance provider.
Tolerate/Accept the risk
◘ Some risks may be considered minor because their impact and probability of occurrence is low.
Latest Amendments
◘ In this case, consciously accepting the risk as a cost of doing business is appropriate.
◘ The risks should be reviewed periodically to ensure that their impact remains low.
Example: Planning for potential production delays (within a reasonable time range) since it’s often difficult to predict a
The text incorporates the latest amendments
precise delivery schedule in advance.
Treat/Mitigate the risk
◘ Where other options have been eliminated, suitable controls must be devised and implemented to prevent the risk
of CA Intermediate (New Course) syllabus, as
from manifesting itself or to minimize its effects.
Example: Planning for the eventuality in case an enterprise won’t have sufficient capacity or supplies to deal with a very
high demand. In that case, enterprise shall have a mitigation strategy in place that allows them to rapidly scale their
capacity, or to subcontract some of the work to other parties to meet the high demand.
issued by the ICAI for May/November 2022.
Terminate/Eliminate the risk
◘ Risks that have high probability and impact values, it may be best to modify any project strategy to avoid them
altogether.
Example: It is possible for a risk to be associated with the use of a technology, supplier, or vendor. The risk can be
eliminated by replacing the technology with more robust products and by seeking more capable suppliers and vendors.
18 E N T E R P R I S E I N F O R M AT I O N S Y S T E M S ( E I S ) – M E N TO R ( h’e çfrKk )
Multiple Choice Questions (MCQs)

Multiple Choice Question (MCQs) Unit I - Business Processes Automation
EIS Mentor covers Chapter-wise and Topic-wise BUSINESS VS ENTERPRISE

1. ________________ is measured by a product’s
(a) Profit function oriented
(b) Starts business from an existing idea
(c) Conservative and cautious
performance and by its features for which
quality MCQs for Practice . It also includes SETs customers are willing to pay.
(a) Value
(b) Price
(d) Process Driven
8. Which of the following is a feature of an
entrepreneur?
(Self Evaluation Tests)

(a) People oriented
(c) Competitive advantage
(b) Process oriented
(d) Goodwill
(c) Starts business from his own unique business
2. Value creation is an activity or performance by
Appendix - I
idea
the firms to create __________ that increases the
(d) All of the above
worth of goods, services or even a business.
(a) Strategy (b) Price
entrepreneur?
(c) Value (d) Demand
(a) Profit and function oriented
BUSINESS or ENTERPRISE SYSTEM (b) Starts business from an existing idea
3. Important aspect of business process (d) Starts business from his own unique business
management from a business management point
Self-Evaluation Test (SET) - 1

idea
of view is __________________. 10. Business system is a set of rules that executes the
(a) Increasing customer satisfaction tasks assigned by the ___________________.
(b) Reducing the cost of doing business (cost (a) Business Model
reduction) (b) Business Functions
1. OTC(c) Enterprises
Establishingisnew products and
implementing BPA services at low
in purchase despite(c)ofBusiness
havingProcesses
a good CRM team in place.
order cost (value creation)
generation process for its manufacturing Auditors
(d) have
Bothalso reported
‘b’ and ‘c’ serious concerns over
(d) Allin
facility of the above Gujrat. To keep cost at
Jamnagar, the11.mismatch
Business system
of data is run
of with the help
different of
departments,
4.minimum,
A businessit for hasour purposes
calculated EOQ canforbewhich
any activity
orders
violations of regulatory (b)
(a) Man Machine and have
compliances
contributing
are ___________. of Raw Material. Which
placed for procurement (c) Technology (d) All of the above
raised doubts over the internal control measures
of(a)
the Sale
following steps of BPA implementation will be 12. Business system is ______________.
(b) Manufacture
followed and processing, and/or
for above process? taken by the firm’s top management. It is a matter
(a) Dynamic
Case Based Scenario 5 (c) Document
(a) Marketingthe of products
process forand/or
whichservices
BPA is required of serious concern for an organization like CNP
(b) Static
(d) Define
(b) All of thethe
above objectives/goals during BPA Enterprises and basis
(c) Dynamic andthis, the
static, CEO of the company,
both
CA TNT Logistics is a part of TPG Enterprises, the Dutch Post and Package Group. TNT Manages BMW’s 5. Theimplementation
term business refers to all _________________ Mr. D (d)N Albela,
None of theforms
abovea committee headed by
North India’s supply chain from the moment a part is dispatched by a supplier until its installation in
Case Based Scenarios and MCQs activities
(c) pursued
Understand mainly
the rules to satisfy
which need tothe material
be complied Ms. Krishna Sobati to look into this matter to find
SE
one of the sports cars or sports utility vehicles made in needswithof the society, with the purpose of earning DATA
out theVSreasons
INFORMATION
for above-mentioned issues and
Sonipat. The arrangement is not unique to BMW; nearly 80 profits.
S TU D Y
(d) Define why we plan to go for a BPA? submit the report within a week. of facts.
per cent of big Asian and North Indian companies outsource 13. ______________ is a collection
(a) Enterprises
2. ENT Economic is implementing
(b) Non-economic
BPA in employee
This Section covers all ICAI Case Studies,

parts of their logistics operation to outside contractors, up (c) Social process for (d) Domesticin Mumbai. It
The committee
(a) Data submits its (b)report within a week
Knowledge
attendance its refinery
from 71 per cent three years ago, according to research by 6.wants
A business is recording
created to of__________________ and the(c)findings are as follows:
Experience There is system of
(d) Information
correct attendance and timely 14. ______________
the Indian Institute of Management-Kolkata. (a) Provideofproducts
compilation monthlyorattendance
services to customers.
so that salary
maintaining data in aisdecentralized
the lowest levelway
of abstraction
from which System).
_______and ________ are derived.
Scenarios based MCQs and Original

While executing the above operations, TNT Logistics is (b)beConduct
can calculatedits operations effectively.
and distributed on a timely basis. (Non-integrated
facing numerous difficulties which are as following: (c) Earn
Which a reasonable
of the return
following steps for itsimplementation
of BPA owners on their Each (a) Information; data; knowledge
department within the organization
(b) Knowledge; Data; information
investment in the firm. maintains its own data separately and not in an
i. Inaccurate accounting of truck mileage and contracts for above work. will be followed for above process? (c) Data; information; Experience
Cases Developed by Om Trivedi Sir for the

(d) Document
(a) All of the above
the process for which BPA is required integrated way. information; knowledge
ii. Inability of immobility of trucks and higher turnaround time. 7. (b)
WhichDefineof thethe following is not a during
objectives/goals feature BPA
of a
(d) Data;
This gives rise to the issues like:
iii. Manual intervention in processing of data. businessman?
implementation (i) Access of data and availability of right information
iv. Trend tracking and pattern recognition.
understanding of industry practices and their
(c) Understand the rules which need to be complied at the right time has been slower many a times when
with it was needed the most to reply to the customers or
v. Inaccurate billing of services. (d) Define why we plan to go for a BPA? the stakeholders.
vi. Huge costs due to lapses in isolating contracts that are breached. 3. Which of the following Enterprise Process or (ii) Several instances of access and privilege violations
application in the exams. Activities of the Value Chain , in case of a hotel,

would include reception, room service etc.?
(a) Inbound logistics (b) Outbound logistics
have been found in financial and accounting
systems.
(iii) Decision making is slow and weaker at times where
(c) Marketing and sales (d) Operations fast and dynamic ones were needed.
4. RSC Ltd. is implementing ERP to run its business 5. As an advisor, which of the following Enterprise
effectively and efficiently. They believe that there Information Systems will you suggest for CNP
could be a possibility of an information gap between Enterprises that can handle all the issues raised by
day-to-day program management activities and the committee headed by Ms. Krishna Sobati?
ERP-enabled functions like MM , PP, QM, PM, SCM (a) Non-Integrated EIS (b) Integrated EIS
and CRM. Which type of ERP Implementation (c) ERP (d) Both B and C
Ab out the Author
Prof. Om Trivedi
IIM-C Alumnus, An Entrepreneur, Guest Faculty of LVC and External
Subject Expert at the BOS of #ICAI, Visiting Faculty Member of #NIRC
and #WIRC of ICAI, Author, Publisher, Educationist, Management
Consultant, and Corporate Speaker.
Synopsis
§ Over 11 years of teaching experience in various CA, CS, CMA and
MBA courses.
§ Guided more than 45,000 CA, CS, and CMA students through Face
to Face Classes and more than 10,000 students through LIVE Vir-
tual & Online Classes.
§ His students scored AIR 20, 23, 36 and 37 with 100s of exemptions.
§ Taken batches at NIRC and WIRC of ICAI, LVC of the BOS of ICAI,
ETEN CA, Unacademy, IGP Institute, Prime Academy, Rajesh
Makkar Classes & Om Trivedi Classes Delhi.
§ His student scored “Highest - 87 Marks” in this subject and more

than 890 students scored exemptions and more than 1200 students
scored 50+ marks.
§ Done researches and projects in areas like competition studies, value creation, and competitive advan-
tages, MIS, and Process Improvement Techniques.
§ Author of books on Enterprise Information Systems, Strategic Management, Information Technology,

Strategic Cost Management & Performance Evaluation, Risk Management, Mercantile Law, Generic
Skills & Ethics, and Communication. Case Study Developer and Content writer on Management sub-
jects for different Distance Learning Programmer (DLPs) of eminent universities of India.
§ Over 17 years of industry experience in Publishing, Content Development and Editing, Instructional
Design, Instructor’s Resource Development, Acquisitions of Businesses, Authors and Imprints, Sales and
Marketing, Publishing solution, and operations. Partner with LexisNexis India (A Reed Elsevier Com-
pany).
§ Worked with Thomson Learning as Regional Head (East India, Nepal, Bangladesh, and Bhutan), with
Tata McGraw-Hills as Acquisition Editor (North, East, and West India), with Macmillan as Commis-
sioning Editor and with Firewall Media as Business Development Manager.
§ Worked as a Consultant business head- HEP of Trinity Press (Formerly Macmillan India’s Higher Edu-
cation Programme) in 2013-14 and played an instrumental role in the acquisition of Macmillan India’s
Higher Education Programme by LPPL under the brand name Trinity Press.
§ Worked as a consultant and business advisor on book publishing, content development, instructional
design, case study development, instructor’s resources, and copyright matters to several companies like
Macmillan, LexisNexis India, Vikas Publishing, Excel Books, Firewall Media, Biztantra and Taxmann.
E I S Hotne s s G ri d
(Based on Examination Pap ers Trend A nalysis)
EIS Hotness Grid

(Based on Examination Papers Trend Analysis)
16
14
14 13 13
12 11
10 9
0
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5
16
14 14 13
14 13 13 12
12 12 12
12 10 10
10 10 10 9 9
10
8 8
7 8 7
8
6 6
4 4
2 2
0
0 0
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
Overall
Chapter 1: Automated Business Processes Chapter 2: Financial and Accounting Systems

14 13
16
14 14 14 12 12
14 13 12 11 11
12 12 10 10
12 10
10 10 8 8
10 9 8
8 6
6 4
4 2
2
0
0
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
Chapter 4: E-Commerce, M-Commerce and

Chapter 3: Information Systems and Its Components Emerging Technologies
14 13
12 12
12 11 11
10 10
10
8 8
8
0
Jan-21
Weightage
Nov-18
Nov-19
Nov-20
Nov-21
May-18
May-19
May-21
Overall
Chapter 5: Core Banking Systems

c h a p t e r
C h a p t e r
1
Amendments at a Glance
Automated Business
Processes

Risk Management Strategies
◘◘ Risk Analysis is defined as the process of identifying security risks and determining their magnitude and impact on
an organization.
◘◘ Effective risk management begins with a clear understanding of an enterprise’s risk appetite and identifying high-level
risk exposures.
◘◘ The unacceptable high levels of risks can be controlled by designing and implementing adequate proactive controls.
◘◘ But it is not always appropriate to counter risks by implementing controls because controls involve cost.
◘◘ Based on the type of risk, project and its significance to the business; Board and Senior Management may choose to
take up any of the following risk management strategy in isolation or combination as required:
Transfer/Share the risk
◘◘ Risk mitigation approaches can be shared with trading partners and suppliers.
Example: Outsourcing infrastructure management where the supplier mitigates the risks associated with managing the IT
infrastructure by being more capable and having access to more highly skilled staff than the primary organization.
◘◘ Risk also may be mitigated by transferring the cost of realized risk to an insurance provider.
Tolerate/Accept the risk
◘◘ Some risks may be considered minor because their impact and probability of occurrence is low.
◘◘ In this case, consciously accepting the risk as a cost of doing business is appropriate.
◘◘ The risks should be reviewed periodically to ensure that their impact remains low.
Example: Planning for potential production delays (within a reasonable time range) since it’s often difficult to predict a
precise delivery schedule in advance.
Treat/Mitigate the risk
◘◘ Where other options have been eliminated, suitable controls must be devised and implemented to prevent the risk
from manifesting itself or to minimize its effects.
Example: Planning for the eventuality in case an enterprise won’t have sufficient capacity or supplies to deal with a very
high demand. In that case, enterprise shall have a mitigation strategy in place that allows them to rapidly scale their
capacity, or to subcontract some of the work to other parties to meet the high demand.
Terminate/Eliminate the risk
◘◘ Risks that have high probability and impact values, it may be best to modify any project strategy to avoid them
altogether.
Example: It is possible for a risk to be associated with the use of a technology, supplier, or vendor. The risk can be
eliminated by replacing the technology with more robust products and by seeking more capable suppliers and vendors.
2 E N T E R P R I S E I N F O R M AT I O N S Y S T E M S ( E I S ) – M E N TO R ( h’ e çfrK k )
Case Studies and Scenarios

Case Based Scenario 1 (Study Material 2021)
CA Case Study I: Automation of employee attendance

SE
Step 1: Define why we plan to go for a BPA?

S TU D Y
The system of recording of attendance being followed is not generating confidence in employees
about the accuracy. There have been complaints that salary payouts are not as per actual attendance.
It has also created friction and differences between employees, as some feels that other employees
have been paid more or their salary has not been deducted for being absent.
Step 2: Understand the rules/regulation which need to complied with?
A number of regulations are applicable to employee attendance including Factories Act 1948,
Payment of Wages Act 1936, State laws, etc. This is a compliance requirement and hence, any BPA
needs to cater to these requirements.
Step 3: Document the process we wish to automate.
The present system includes an attendance register and a register at the security gate.
Employees are expected to put their signatures in attendance registers. The register at the gate
is maintained by security staff, to mark when an employee has entered. There is always a dispute
regarding the time when an employee has entered and what has been marked in the security register.
The company policy specifies that an employee coming late by 30 minutes for two days in a month
shall have a ½ day salary deduction. There is over-writing in attendance register, leading to heated
arguments between human resource department staff and employees. As the time taken to arrive at
the correct attendance is large, there is a delay in preparation of salary statement. The same has
already led to penal action against the company by labour department of the state.
Step 4: Define the objectives/goals to be achieved by implementing BPA
The objective for implementing BPA, being:
a. Correct recording of attendance.
b. Timely compilation of monthly attendance so that salary can be calculated and distributed on a
timely basis.
Step 5: Engage a business process consultant
XYZ Limited a consultant of repute has been engaged for the same. The consultant has prior experience
and also knowledge about entity’s business.
Step 6: Calculate the ROI for project
The BPA may provide Tangible benefits in the form of reduced penalties and intangible benefits which
may include:
a. Better employee motivation and morale, b. Reduced difference between employees,
c. More focus on work rather than salary, and d. Improved productivity.
Step 7: Developing the BPA
Implementing BPA includes would result in the following:
a. All employees would be given electronic identity cards.
b. The cards would contain details about employees.
c. The attendance system would work in the following manner:
i. Software with card reading machine would be installed at the entry gate.
ii. Whenever an employee enters or leaves the company, he/she needs to put the
card in front of machine.
iii. The card reading machine would be linked to the software which would record the
attendance of the employee.
iv. At the end of month the software would print attendance reports, employee-wise.
These reports would also point out how many days an employee has reported late
in the month.
d. Based on this report monthly attendance is put in the system to generate the monthly salary.
Chap ter 1: I nt ro duc t io n to B usiness Pro cess Auto m at i o n 3

CA Case Study II:
Automation of purchase order generation process, in a
manufacturing concern
SE
Step 1: Define why we plan to go for a BPA?

S TU D Y
The entity has been facing the problem of non-availability of critical raw material items which is
leading to production stoppages and delay in delivery. Delay in delivery has already cost company
in terms of losing customer and sales.
Step 2: Understand the rules/regulations which need to be complied with?
The item is not covered by regulation, regarding quantity to be ordered or stored. To keep cost at
minimum entity has calculated economic order quantity for which orders are placed.
Step 3: Document the process, we wish to automate.
The present process is manual where the orders are received by purchase department from stores
department. Stores department generates the order based on manual stock register, based on item’s
re-order levels. The levels were decided five years back and stores records are not updated timely.
Step 4: Define the objectives/goals to be achieved by implementing BPA.
The objective behind the present exercise is to ensure that there are no production losses due to non-
availability of critical items of inventory. This shall automatically ensure timely delivery of goods to
customers.
Step 5: Engage the business process consultant.
ABC Limited, a consultant of repute, has been engaged for the same. The consultant has prior
experience and knowledge about entity’s business.
Step 6: Calculate the ROI for project
The opportunity loss for the project comes to around `100/ lakhs per year. The cost of implementing
the whole BPA shall be around `50/ lakhs. It is expected that the opportunity loss after BPA shall
reduce to `50 lakhs in year one, `25/ lakhs in later years for the next five years.
Step 7: Developing the BPA
Once the top management says yes, the consultant develops the necessary BPA. The BPA is to generate
purchase orders as soon as an item of inventory reaches its re-order level. To ensure accuracy, all data
in the new system need to be checked and validated before being put into same system:
◘◘ Item’s inventory was physically counted before uploading to new system.
◘◘ Item’s re-order levels were recalculated.
◘◘ All items issued for consumption were updated timely in system.
◘◘ All Purchase orders automatically generated are made available to Purchase manager at the
end of the day for authorizations.
Step 8: Testing the BPA

Before making the process live, it should be thoroughly tested.

CA ABC Ltd. is engaged in the business of producing consumer durable products. It is facing the problem
of poor customer service due to its broken, inefficient, and manual processes. The customers of the
SE
company are becoming more demanding with respect to higher quality of products and delivery time.
S TU D Y
To remain competitive in the market and to overcome the issues faced by its customers, the company
decided to optimize and streamline its essential business processes using the latest technology to
automate the functions involved in carrying out these essential processes. The management of the
company is very optimistic that with automation of business processes, it will be able to extract
maximum benefit by using the available resources to their best advantage. Moreover, with automation
the company will be able to integrate various processes and serve its customers better and faster.
The management is aware that the automation of business processes will lead to new types of risks in
the company’s business. The failure or malfunction of any critical business process will cause significant
operational disruptions and materially impact its ability to provide timely services to its customers. The
management of ABC Ltd. adopted different Enterprise Risk Management (ERM) strategies to operate
more effectively in environment filled with risks. To reduce the impact of these risks, the company also
decided to implement necessary internal controls.
Read the above illustration carefully and answer the following questions:
i. The processes automated by ABC Ltd. are susceptible to many direct and indirect challenges.
Which of the following factor cannot be considered valid in case the company fails to achieve
the desired results?
a. The business processes are not well thought or executed to align with business objectives.
b. The staff may perceive automated processes as threat to their jobs.
c. The documentation of all the automated business processes is not done properly.
d. The implementation of automated processes in the company may be an expensive
proposition.
ii. The processes automated by ABC Ltd. are technology driven. The dependence on technology
in key business processes exposed the company to various internal as well as external threats.
According to you, external threats leading to cyber-crime in BPA is because:
a. Organizations may have a highly-defined organization structure with clearly defined
roles, authority and responsibility.
b. There may not be one but multiple vendors providing different services.
c. The system environment provides access to customers anytime, anywhere using internet.
d. The dependence on technology is insignificant.
iii. The management of ABC Ltd. adopted a holistic and comprehensive approach of Enterprise Risk
Management (ERM) framework by implementing controls across the company. Identify the false
statement w.r.t components of ERM framework.
a. As a part of event identification, potential events that might have an impact on the
entity should be identified.
b. As a part of risk assessment component, identified risks are analyzed to form a basis
for determining how they should be managed.
c. As a part of monitoring, the entire ERM process should be monitored with no further
modifications in the system.
d. As a part of control activities, policies and procedures are established and executed
to help ensure that the risk responses that management selected are effectively carried
out.
iv. The management of ABC Ltd. implemented different Information Technology General Controls
(ITGCs) across different layers of IT environment with an objective to minimize the impact of
risks associated with automated processes. Which of the following is not an example of ITGC?
a. Information Security Policy
b. Processing Controls
c. Backup, Recovery and Business Continuity
d. Separation of key IT functions
Solution
Question No. Answer
1. (c) The Documentation of all the automated business processes is not done properly.
2. (c) The system environment provides access to customers anytime, anywhere using internet.

3. (c) As a part of monitoring, the entire ERM process should be monitored with no further modifications in
the system.
4. (b) Processing Controls

CA DXN Ltd. is engaged in manufacturing consumer products for women. The company released a new
product recently which met with unexpected success. The company was established as a market leader
SE
in that product. The growing volume of sales transactions started to put a strain on company’s internal
processes. The company employed 300 more employees to ensure that the customers are served better
S TU D Y
and faster. But with the increase in number of monthly transactions to 1.5 million, the manual processes
which were being followed by the company at present, were holding it back. The company was not
able to meet consumer demands even after employing addition 300 employees. The management
consultant Mr. X of DXN Ltd. advised to automate the key business processes of the company to handle
large volume of transactions to meet the expectations of its customers and maintain its competitive
edge in the market.
Mr. X gathered extensive information about the different activities involved in the current processes
followed by DXN Ltd. like - what the processes do, the flow of various processes, the persons who
are in charge of different processes etc. The information so collected helped him in understanding
the existing processes such as flaws, bottlenecks, and other less obvious features within the existing
processes. Based on the information gathered about the current processes, Mr. X prepared various
flowcharts depicting how various processes should be performed after automation and submitted his
report to the management covering the following points:
◘◘ The major benefits of Business Process Automation;
◘◘ The processes that are best suited to automation;
◘◘ Challenges that DXN Ltd. may face while implementing automated processes;
◘◘ Risks involved in Business Process Automation and how the management should manage these
risks
Read the above illustration carefully and answer the following Questions:
1. As the DXN Ltd. was implementing the automated processes for the first time, the consultant
suggested not to automate all the processes at a time and automate only critical processes
which would help the company to handle large volume of transactions. Which of the following
business processes are not best suited to automation:
a. Processes involving repetitive tasks
b. Processes requiring employees to use personal judgment
c. Time sensitive processes
d. Processes having significant impact on other processes and systems
2. While understanding the criticality of various business processes of DXN Ltd., the consultant
Mr. X documented the current processes and identified the processes that needed automation.
However, documentation of existing processes does not help in _______.
a. providing clarity on the process
b. determining the sources of inefficiency, bottlenecks, and problems
c. controlling resistance of employees to the acceptance of automated processes
d. designing the process to focus on the desired result with workflow automation
3. When DXN Ltd. decided to adopt automation to support its critical business processes, it
exposed itself to number of risks. One risk that the automated process could lead to breakdown
in internal processes, people and systems is a type of _____.
a. Operational Risk b. Financial Risk
c. Strategic Risk d. Compliance Risk
4. Mr. X of DXN Ltd. prepared various flowcharts depicting how various processes should be
performed after automation and submitted his report to the management. The flowcharting
symbol that he used to depict processing step is______.
a. Rectangular Box b. Diamond
c. Oval d. Line
Solution
Question No. Answer
1. (b) Processes requiring employees to use personal judgment
2. (c) Controlling resistance of employees to the acceptance of automated processes
3. (a) Operational Risk
4. (a) Rectangular Box
Case Based Scenario 5

CA TNT Logistics is a part of TPG Enterprises, the Dutch Post and Package Group. TNT Manages BMW’s
North India’s supply chain from the moment a part is dispatched by a supplier until its installation in
SE
one of the sports cars or sports utility vehicles made in

Sonipat. The arrangement is not unique to BMW; nearly 80
S TU D Y
per cent of big Asian and North Indian companies outsource

parts of their logistics operation to outside contractors, up
from 71 per cent three years ago, according to research by
the Indian Institute of Management-Kolkata.
While executing the above operations, TNT Logistics is
facing numerous difficulties which are as following:
i. Inaccurate accounting of truck mileage and contracts for above work.
ii. Inability of immobility of trucks and higher turnaround time.
iii. Manual intervention in processing of data.
v. Inaccurate billing of services.
vi. Huge costs due to lapses in isolating contracts that are breached.
TNT Logistics needed to improve their ability to accurately account for truck mileage and contracts
for the above work. Their process relied heavily on manual data entry and was often prone to human
error. It also lacked an ability to track trends that would allow them to troubleshoot problems and
increase future productivity.
TNT Logistics partnered with Automation Anywhere to reduce errors in the tracking system and
enable automated trend tracking.
Automation Anywhere and TNT experts evaluated the process and separated it into 2 parts:
i. Robotic part that could be automated, and
ii. A part where human intervention was beneficial or required.
Then, they designed an automated process, utilizing the legacy system to track trucks, extract mileage,
perform calculations and apply rules to reduce inefficiencies and billing inaccuracies.
They also created a pattern recognition tool to spot trends in usage patterns. These two processes
increased productivity and transaction speeds, as well as tracked trends to spot usage patterns and
contract violations.
Benefits to TNT Logistics:
◘◘ The above automation resulted in 30% improvement in productivity, 25% speed in transaction
processing speed, 7 weeks implementation time and Zero accuracy.
◘◘ These solutions provided synergistic answers to TNT and TNT’s customers by improving
workflow, increasing efficiency, productivity, transaction speeds, accuracies and profit, all
while reducing capital expenditures.
Solutions designed by Automation Anywhere and TNT integrated automation across several
processes.
Automation through Anywhere’s automation expertise and deployment experience identified 3
areas with the most impact:
A. CONVERT CURRENT MANUAL BILLING TO AN AUTOMATED PROCESS

The trucking company used mileage data to create billing invoices and track when trucks were
used Vs. when they were sitting idle. This process was manual and prone to human errors.
Automation Anywhere created an automated solution to extract information on truck mileage
from the client’s legacy systems and also compute when trucks were in use or sitting idle. Using

this data, the invoices were generated on time, automatically reducing errors to zero.
B. AUTOMATED MONITORING AND TRACKING PROCESS INCREASES REPORTING FREQUENCY
AND REVENUE
Before automation, the existing system would only report mileage over a long period of time,
for example month-to-month. With the old processes, if a truck was meant to move a certain
number of miles every day, but was idle certain days, it would not appear in reports, resulting in
inefficiencies. With the new solution, the software reported mileage data in smaller increments
of time, as well as tracked trends to determine if the data collected was on an upward trend,
or when trucks were mobile versus immobile on a daily basis. This was necessary to spot usage
patterns that may violate contracts. If contracts were violated, drivers could now be notified
immediately to resolve problems.
C. AN AUTOMATED TRENDING TOOL TO HELP PREDICT FUTURE TRENDS IN THE BUSINESS
AND IDENTIFY EXCEPTIONS
An additional automated trending tool solution was created to look at trends in the mileage
data. This solution is capable of correcting for any contingencies in mileage data reporting, such
as repair days. For example, if a truck reported low mileage or idle time, it would automatically
know if the truck was idle due to repairs, or because of inefficiencies in processes. This provided
valuable information to see usage trends and provided actionable intelligence.
Conclusion
The above automation provides the following advantages to TNT Logistics:
i. By applying the system to existing legacy systems, no additional resources were required for
custom programming.
ii. Automation increased accuracy in mileage data capture.
iii. Significantly reduced costs due to lapses in isolating contracts that were being breached.
v. Faster turnaround in recognizing inefficiencies when trucks were immobile.
vi. Faster transaction speed and decreased costs across the board.
vii. Fewer human errors, especially in the verification process.
Scenario Based Questions
Question 1: Define why TNT Logistics plan to implement BPA?
Question 2: What types of rules, regulations TNT Logistics is trying to comply through implementation
of “Automation Anywhere’s” automation system in its enterprise?
Question 3: TNT Logistics in collaboration with Automation Anywhere created an automated solution
to extract information on truck mileage from the client’s legacy systems and also compute when trucks
were in use or sitting idle. This needs to be documented by TNT Logistics for smooth implementation of
BPA in the enterprise. What are the benefits of the above process for users and TNT?
Question 4: TNT logistics has planned to implement BPA to achieve the objective of Confidentiality,
Integrity, Availability and Timeliness. Explain these objects in the light of above scenario.
Question 5: The Top Management of TNT logistics will show his commitment only when they get the
ROI Calculation for project. According to you, what are some of the methods for justification of a BPA
proposal that may be include in ROI Calculation of the project?
Question 6: “The trucking company used mileage data to create billing invoices and track when
trucks were used Vs. when they were sitting idle. This process was manual and prone to human errors.
Automation Anywhere created an automated solution to extract information on truck mileage from
the client’s legacy systems and also compute when trucks were in use or sitting idle. Using this data,
the invoices were generated on time, automatically reducing errors to zero.” Which of the following
benefits of BPA has been expressed in the above scenario?
a. Consistency
b. Governance and reliability
c. Visibility
d. Reduced turnaround time.
Question 7: “Solutions designed by Automation Anywhere and TNT integrated automation across
several processes.” For proper recording of data and information, which type of EIS/ CIS/ Computing
Technology is most suitable for TNT enterprises?
a. FAS with Decentralized database
b. FAS with Centralized database
c. FAS with Parallel Computing
d. FAS with Distributed Computing
Hint 1:
While executing the above operations, TNT Logistics is facing numerous difficulties which are as
following:
i. Inaccurate accounting of truck mileage and contracts for above work.
ii. Inability of immobility of trucks and higher turnaround time.
iii. Manual intervention in processing of data.
v. Inaccurate billing of services.
vi. Huge costs due to lapses in isolating contracts that are breached.
Hint 2:
TNT Logistics is supposed to bear huge costs due to lapses in isolating contracts that are breached.
Hint 3:
The benefit of the above process for user and TNT are:
a. It provides clarity on the process.
b. It helps to determine the sources of inefficiency, bottlenecks, and problems.
c. It allows to re-design the process to focus on the desired result with workflow automation.
Hint 4:
Confidentiality:
ww Authorized Access of the Automated system to the users.
ww Robotic part to reduce human intervention.
Integrity:
ww Ability to accurately account for truck mileage and contracts and ability to track trends that
would allow them to troubleshoot problems. Robotic part to reduce human intervention.
ww Designed an automated process, utilizing the legacy system to track trucks, extract mileage,

perform calculations and apply rules to reduce inefficiencies and billing inaccuracies.
Availability:
ww Created a pattern recognition tool to spot trends in usage patterns, increased productivity
and transaction speeds, as well as tracked trends to spot usage patterns and contract
violations.
ww Provided valuable information to see usage trends and provided actionable intelligence.
Timeliness:
ww Faster transaction speed.
ww Automation Anywhere created an automated solution to extract information on truck
mileage from the client’s legacy systems and also compute when trucks were in use or
sitting idle.
ww Using this data, the invoices were generated on time, automatically reducing errors to zero.
Hint 5:
ww Application of the system to existing legacy systems.
ww No additional resources required for custom programming.
ww Automation increased accuracy in mileage data capture.
ww Significantly reduced costs due to lapses in isolating contracts that were being breached.
ww Trend tracking and pattern recognition.
ww Faster turnaround in recognizing inefficiencies when trucks were immobile.
ww Faster transaction speed and decreased costs across the board.
ww Fewer human errors, especially in the verification process.
Descriptive Questions for Practice

Questions 1: ERM framework identifies risks and opportunities to protect the business and create the value for
stakeholders, including owners, customer, regulators and society overall. Briefly explain all the components of ERM
framework. (RTP Nov 2020)
Answers:
ERM framework consists of eight interrelated components that are derived from the way management runs a business
and are integrated with the management process. These components are as follows:
(i) Internal Environment: The internal environment encompasses the tone of an organization and sets the
basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy
and risk appetite, integrity and ethical values, and the environment in which they operate. Management
sets a philosophy regarding risk and establishes a risk appetite. The internal environment sets the foundation for
how risk and control are viewed and addressed by an entity’s people. The core of any business is its people – their
individual attributes, including integrity, ethical values and competence – and the environment in which they
operate. They are the engine that drives the entity and the foundation on which everything rests.
(ii) Objective Setting: Objectives should be set before management can identify events potentially affecting
their achievement. ERM ensures that management has a process in place to set objectives and that the chosen
objectives support and align with the entity’s mission/vision and are consistent with the entity’s risk appetite.
(iii) Event Identification: Potential events that might have an impact on the entity should be identified: Event
identification includes identifying factors – internal and external – that influence how potential events may affect
strategy implementation and achievement of objectives. It includes distinguishing between potential events that
represent risks, those representing opportunities and those that may be both. Opportunities are channelled back
to management’s strategy or objective-setting processes. Management identifies inter-relationships between
potential events and may categorize events to create and reinforce a common risk language across the entity and
form a basis for considering events from a portfolio perspective.
(iv) Risk Assessment: Identified risks are analyzed to form a basis for determining how they should be managed.
Risks are associated with related objectives that may be affected. Risks are assessed on both an inherent and a
residual basis, and the assessment considers both risk likelihood and impact. A range of possible results may be
associated with a potential event, and management needs to consider them together.
(v) Risk Response: Management selects an approach or set of actions to align assessed risks with the entity’s
risk tolerance and risk appetite, in the context of the strategy and objectives. Personnel identify and evaluate
possible responses to risks, including avoiding, accepting, reducing and sharing risk.
(vi) Control Activities: Policies and procedures are established and executed to help ensure that the risk
responses that management selected, are effectively carried out.
(vii) Information and Communication: Relevant information is identified, captured and communicated in
a form and time frame that enable people to carry out their responsibilities. Information is needed at all
levels of an entity for identifying, assessing and responding to risk. Effective communication also should occur
in a broader sense, flowing down, across and up the entity. Personnel need to receive clear communications
regarding their role and responsibilities.
(viii) Monitoring: The entire ERM process should be monitored, and modifications made as necessary. In this
way, the system can react dynamically, changing as conditions warrant. Monitoring is accomplished through
ongoing management activities, separate evaluations of the ERM processes or a combination of the both.
Question 2: In the present age of Information Technology, Business Process Automation (BPA) is the key technology-
enabled automation of activities or services. As an Information Technology consultant, you are requested to suggest any
three examples of business processes that are best suited to automation and also discuss any three challenges involved
in Business Process Automation. (July 2021, 6 Marks, RTP May-2021)
Answer:
Few examples of processes that are best suited to automation are as follows:
1. Processes involving high-volume of tasks or repetitive tasks: Many business processes such as making
purchase orders involve high-volume of repetitive tasks. Automating these processes results in cost and work-
effort reductions.
2. Processes requiring multiple people to execute tasks: A business process which requires multiple people to
execute tasks often results in waiting time that can lead to increase in costs. For example - Help desk services.
Automating these processes results in reduction of waiting time and in costs.
3. Time-sensitive processes: Business process automation results in streamlined processes and faster turnaround
times. The streamlined processes eliminate wasteful activities and focus on enhancing tasks that add value.

Time-sensitive processes are best suited to automation. For example - Online banking system, Railway/aircraft
operating and control systems etc.
4. Processes involving need for compliance and audit trail: With business process automation, every detail
of a particular process is recorded. These details can be used to demonstrate compliance during audits. For
example- Invoice issue to vendors.
5. Processes having significant impact on other processes and systems: Some processes are cross-functional
and have significant impact on other processes and systems. In cross functional processes, different departments
within the same company work hand in hand to achieve a common goal, e.g., the marketing department
may work with sales department. Automating these processes results in sharing information resources and
improving the efficiency and effectiveness of business processes.
Automated business processes are susceptible to many challenges, some of them are given below:
1. Automating Redundant Processes: Sometimes organizations start off an automation project by automating
the processes they find suitable for automation without considering whether such processes are necessary and
create value or not. In other cases, some business processes and tasks require high amount of tacit knowledge
that cannot be documented and transferred from one person to another and therefore seek employees to use
their personal judgment. These processes are generally not good candidates for automation as these processes
are hard to encode and automate.
2. Defining Complex Processes: Business Process Automation (BPA) requires reengineering of some business
processes that requires significant amount of time to be allocated and spent at this stage. This requires a
detailed understanding of the underlying business processes to develop an automated process.
3. Staff Resistance: In most cases, human factor issues are the main obstacle to the acceptance of automated
processes. Staff may see process automation as a way of reducing their decision-making power. This is due to
the reason that with automated processes, the management has a greater visibility of the process and can make
decisions that used to be made by the staff earlier. Moreover, the staff may perceive automated processes as
threat to their jobs.
4. Implementation Cost: The implementation of automated processes may be an expensive proposition in terms
of acquisition/development cost of automated systems and special skills required to operate and maintain
these systems.
Questions 3: Every business faces all kinds of risks that may cause serious loss or even bankruptcy. In purview of this
statement, state various types of business risks related to business. (RTP - May-2021)
Answers:
Various types of business risks related to business are as follows:
1. Strategic Risks: These are the risks that would prevent an organization from accomplishing its objectives
(meeting its goals). Examples include risks related to strategy, political, economic relationship issues with
suppliers and global market conditions; also, could include reputation risk, leadership risk, brand risk, and
changing customer needs.
2. Financial Risks: Financial risks are those risks that could result in a negative financial impact to the
organization (waste or loss of assets). Examples include risks from volatility in foreign currencies, interest rates,
and commodities; credit risk, liquidity risk, and market risk.
3. Regulatory (Compliance) Risks: This includes risks that could expose the organization to fines and penalties
from a regulatory agency due to non-compliance with laws and regulations. Examples include Violation of
laws or regulations governing areas such as environmental, employee health and safety, lack of due diligence,
protection of personal data in accordance with global data protection requirements and local tax or statutory
laws. New and emerging regulations can have a wide-ranging impact on management’s strategic direction,
business model and compliance system. It is, therefore, important to consider regulatory requirements while
evaluating business risks.
4. Operational Risks: Operational risks include those risks that could prevent the organization from operating in
the most effective and efficient manner or be disruptive to other operations due to inefficiencies or breakdown
in internal processes, people and systems. Examples include risk of loss resulting from inadequate or failed
internal processes, fraud or any criminal activity by an employee, business continuity, channel effectiveness,
customer satisfaction and product/service failure, efficiency, capacity, and change integration.
5. Hazard Risks: Hazard risks include risks that are insurable, such as natural disasters; various insurable
liabilities; impairment of physical assets; terrorism etc.
6. Residual Risks: This includes any risk remaining even after the counter measures are analyzed and
implemented. An organization’s management of risk should consider these two areas: Acceptance of residual
risk and Selection of safeguards. Even when safeguards are applied, there is probably going to be some residual
risk. The risk can be minimized, but it can seldom be eliminated. Residual risk must be kept at a minimal,
acceptable level. As long as it is kept at an acceptable level, (i.e. the likelihood of the event occurring or the
severity of the consequence is sufficiently reduced) the risk can be managed.
Question 4: Organizations should identify controls as per policy, procedures and its structure and configure them within
IT software as used in the organization. Discuss widely the Information Technology controls that can be implemented as
per risk management strategy. (RTP - December 2021)
Answers: Information Technology controls can be classified as General Controls and Application Controls.
General Controls: These are macro in nature and are applicable to all applications and data resources. The Information
Technology General Controls are as follows:
ww Information Security Policy
ww Administration, Access, and Authentication
ww Separation of key IT functions
ww Management of Systems Acquisition and Implementation
ww Change Management
ww Backup, Recovery and Business Continuity
ww Proper Development and Implementation of Application Software
ww Confidentiality, Integrity and Availability of Software and data files
ww Incident response and management
ww Monitoring of Applications and supporting servers
ww Value Added areas of Service Level Agreements (SLA)
ww User training and qualification of Operations personnel
Application Controls: Application Controls are controls which are specific to the application software to prevent or
detect and correct errors such as payroll, accounts payable, and billing, etc. These controls are in-built in the application
software to ensure accurate and reliable processing. These are designed to ensure completeness, accuracy, authorization
and validity of data capture and transaction processing. Some examples of Application controls are as follows-
ww Data edits (editing of data is allowed only for permissible fields);
ww Separation of business functions (e.g., transaction initiation versus authorization);
ww Balancing of processing totals (debit and credit of all transactions are tallied);
ww Transaction logging (all transactions are identified with unique id and logged);
ww Error reporting (errors in processing are reported); and
ww Exception Reporting (all exceptions are reported).
Question 5: An auditor Mr. Sohan has been given a prime responsibility to assess the suitable implementation and
execution of various controls in his organization XYZ Ltd. To do so, he needs to check the controls at various levels of the
computer systems. Discuss the levels at which Mr. Sohan should check the implementation of controls.
(RTP - December 2021)
Answers: In computer systems, the levels at which the controls shall be checked are as follows:
1. Configuration: Configuration refers to the way a software system is set up. It is the methodical process of defining
options that are provided during system setup. When any software is installed, values for various parameters
should be set up (configured) as per policies and business process work-flow and business process rules of the
enterprise. The various modules of the enterprise such as Purchase, Sales, Inventory, Finance, User Access etc.
must be configured. Configuration will define how software will function and what menu options are displayed.
Some examples of configuration are given below:
ww Mapping of accounts to front end transactions like purchase and sales
ww Control on parameters: Creation of Customer Type, Vendor Type, year -end process
ww User activation and deactivation

ww User Access & privileges - Configuration & its management
ww Password Management
2. Masters: It refer to the way various parameters are set up for all modules of software like Purchase, Sales,
Inventory, and Finance etc. These drive how the software will process relevant transactions. The masters are set

up first time during installation and these are changed whenever the business process rules or parameters are
changed. The way masters are set up will drive the way software will process transactions of that type.
Some examples of masters are given here:
ww Vendor Master: Credit period, vendor bank account details, etc.
ww Customer Master: Credit limit, Bill to address, Ship to address, etc.
ww Material Master: Material type, Material description, Unit of measure, etc.
ww Employee Master: Employee name, designation, salary details, etc.
3. Transactions: It refers to the actual transactions entered through menus and functions in the application
software, through which all transactions for specific modules are initiated, authorized, or approved. For example:
Sales transactions,
Purchase transactions, Stock transfer transactions, Journal entries and Payment transactions.
Question 6: Internal control provides an entity with only reasonable assurance and not absolute assurance about
achieving the entity’s operational, financial reporting and compliance objectives. Explain any four inherent limitations
of Internal Control System. (July 2021, 4 Marks)
Answer:
Some inherent limitations of Internal Control System are as follows:
ww Management’s consideration that the cost of an internal control does not exceed the expected benefits to be
derived.
ww The fact that most internal controls do not tend to be directed at transactions of unusual nature, the reasonable
potential for human error such as - due to carelessness, distraction, mistakes of judgment and misunderstanding
of instructions.
ww The possibility of circumvention of internal controls through collusion with employees or with parties outside
the entity.
ww The possibility that a person responsible for exercising an internal control could abuse that responsibility, for
example - a member of management overriding an internal control.
ww Manipulations by management with respect to transactions or estimates and judgments required in the
preparation of financial statements.
Question 7: In an enterprise, explain the difference between various business processes - Operational Processes,
Supporting Processes and Management Processes through an example. (Study Material)
Question 8: What are the benefits of Automating Business Processes? (Study Material, May 2015)
Question 9: BPA is the tactic a business uses to automate processes to operate efficiently and effectively. Explain the
parameters that should be met to conclude that success of any business process automation has been achieved.
(Study Material)
Question 10: Every business process is not a good fit for automation. Explain four examples of business processes that
are not best suited for automation. (Study Material)
Question 11: Automated processes are susceptible to challenges. Explain the major challenges involved in business
process automation. (Study Material)
Question 12: As a part of his project work submission, Mr. X, a student of ABC university needs to prepare and present
a PowerPoint presentation on the topic “Advantages and limitations of Flowcharts” during his practical examination.
What shall be the relevant content? (Study Material)
Question 13: As an entrepreneur, your business may face all kinds of risks related from serious loss of profits to even
bankruptcy. What could be the possible Business Risks? (Study Material)
Question 14: ERM provides a framework for risk management, which typically involves identifying events or
circumstances relevant to the organization’s objectives. Discuss the main components of Enterprise Risk Management
Framework. (Study Material, Nov 2020)
Question 15: Explain the five components of Internal Control, as per SA315. (Study Material)
Question 16: Give two examples each of the Risks and Control Objectives for the following business processes:
(a) Procure to Pay
(b) Order to Cash
(c) Inventory Cycle (Study Material)
Question 17: Explain the salient features of Section 134 & Section 143 of the Companies Act 2013.
(Study Material)
Question 18: Give five examples of computer related offences that can be prosecuted under the IT Act 2000 (amended
via 2008). (Study Material)
Question 19: “The radical redesign of the business as a collection of activities that take one or more kinds of input and
create an output that is of value to the customer.” In the light of the above statement explain the term ‘business processes.’
Question 20: During a job interview, an interviewer panelist asked Mr. A to elaborate all the sub-processes included in
an Order-To-Cash (O2C) business process. Prepare an appropriate draft reply.
Question 21: Eesha limited wants to know more about and draft a P2C cycle, for this it seeks your help. Prepare an
appropriate draft reply.
Question 22: Define “Supporting Processes” and state their example.
Question 23: The sales of NTR Enterprises have been constantly decreasing. It has appointed you as a consultant.
Explain the need of Business Process Automation (BPA).
Question 24: VTAS group of hotels wishes to implement an automated Grievance Management System at its workplace
to manage and handle the problems with an aim of solving them. Determine the major benefits that will be drawn out of
automating this Grievance related business process.
Question 25: Raj Trivedi, the CEO of RTC Enterprises wants to implement Business process automation in his enterprise.
Determine the steps that he will have to undertake for the automation of the Business processes of the organization.
Question 26: What is Enterprise Risk Management (ERM)? Explain.
Question 27: Risk management is a central part of the strategic management of any organization. What are the benefits
of ERM?
Question 28: Controls are very important for an enterprise. Explain the different types of controls based on
implementation.
Question 29: Controls are designed to provide reasonable assurance that business objectives are achieved. Explain the
different types of controls based on objectives of control or scenario.
Question 30: In Computerized Information Systems (CIS), controls should be checked at three levels. Explain.
Question 31: What are the components of an effective internal control?
Question 32: How the inherent risks involved in BPA can be classified? Discuss any four. (Nov – 2019, 2 Marks)
Hint:
(a) Input and Access
(b) File and Data Transmission
(c) Processing and Output
(d) Database
(e) Infrastructure
Question 33: Explain ‘Data Flow Diagram’. (Nov – 2018, 2 Marks)
Hint: Data flow diagram (DFD) is a graphic representation of the flow of data through an information system.
Question 34: “Enterprise Risk Management (ERM) does not create a risk-free environment; rather it enables management
to operate more effectively in environments filled with risks”. In view of this statement, explain the various benefits, which Board of
Directors and Management of an entity seek to achieve by implementing the ERM process within the entity. (Nov – 2018, 6 Marks)
Hint:
1. Link Risk and Strategy

2. Rationalize capital
3. Link Risk to Growth and Return
4. Identify and manage cross-enterprise risks
5. Seize Opportunity
6. Minimize operational surprises and losses
7. Provide integrated responses to risks
8. Enhance risk response decisions
Question 35: State the required characteristics of goals to be achieved by implementing Business Process Automation
(BPA). (Nov – 2018, 2 Marks)
Hint: SMART
Question 36: Give two examples of the Risks and Control objectives for Human Resource Process at configuration
level. (Nov – 2018, 2 Marks)
Question 37: Corporate governance is the framework of rules and practices, by which a board of directors ensures
accountability, fairness and transparency in a company’s relationship with all its stakeholders. List out the rules and procedures
that constitute corporate governance framework. (May – 2019, 3 Marks)
Hint:
a. Corporate Governance is the framework of rules and practices by which a board of directors ensures
accountability, fairness, and transparency in a company’s relationship with its all stakeholders.
b. The corporate governance framework consists of:
c. Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities,
rights, and rewards.
d. Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with their duties,
privileges, and roles, and
e. Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
Question 38: A Business organization is planning to increase the accuracy of information transferred and certifies the
repeatability of the value-added task performed by the automation of business. Being a management consultant, identify any
four major benefits that the organization can achieve through the automation of a business process. (May – 2019, 3 Marks)
Hint:
ww Quality and Consistency
ww Time Saving
ww Visibility
ww Improved Operational Efficiency
ww Governance and Reliability
ww Reduced Turnaround Times
ww Reduced Costs
Question 39: A travel agency ABC wishes to implement an automated Grievance Management System at its workplace
to manage and handle the problems with an aim of solving them. Determine the major benefits that will be drawn out of
automating this Grievance related business process. (RTP May-2018)
Hint: Same as above question.
Question 40: Describe the term “Internal Control System”? State its limitations as well. (RTP May-18)
Hint: Internal Control System: Internal Control System means all the policies and procedures adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention
and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation
of reliable financial information.
An Internal Control System:

ww facilitates the effectiveness and efficiency of operations.
ww helps ensure the reliability of internal and external financial reporting.
ww assists compliance with applicable laws and regulations.
ww helps safeguarding the assets of the entity.
Limitations of Internal Control System are as follows:

ww The fact that most internal controls do not tend to be directed at transactions of unusual nature. The potential
for human error, such as, due to carelessness, distraction, mistakes of judgement and misunderstanding of
instructions.
ww The possibility of circumvention of internal controls through collusion with employees or with parties outside
the entity.
ww The possibility that a person responsible for exercising an internal control could abuse that responsibility, for
example, a member of management overriding an internal control.
ww Manipulations by management with respect to transactions or estimates and judgements required in the
preparation of financial statements.
Question 41: Internal Control Systems can provide an entity with reasonable assurance about achieving the entity’s
operational, financial reporting and compliance objectives. State the inherent limitations of Internal Control Systems.
Hint: Same as above Question.
Question 42: A bicycle shop in Delhi provides hired bicycles for day(s) at different rates as shown in table:
Season Charges per day
Spring (March – May) ` 8.00
Summer June - August) ` 9.50
Autumn (Sept - Nov.) ` 5.00
Winter (Dec. - Feb.) ` 6.00
To attract his customers, the proprietor also gives a discount on the number of days a bicycle is hired for. If the hire
period is more than 10 days, a reduction of 15% is made. For every bicycle hired, a deposit of ` 20 must be paid.
Develop a flowchart to print out the details for each customer such as name of customer, number of days a bicycle
is hired for, hire-charges and total charges including the deposit. It is also assumed that there are 25 customers and
complete details for each customer such as name of customer, season and number of days the bicycle is required for is
inputted through console. (RTP May-18)
Question 43: During a job interview, an interviewer asked Mr. A to list out all the risks and their controls associated with
Order-To-Cash (O2C) business process. Prepare an appropriate draft reply. (RTP Nov-18)
Question 44: The GST of 50 items is to be calculated as per the following details. With Code No. and Value of Supply as
input, draw a flowchart to calculate the Tax and print the Tax, Code No. of the Item and the Type of Item. (Note: The rates
have been taken hypothetically). (RTP-May-2019)
Code No.(C_No) Types of Items Tax Rate
001 Perishable 15%
002 Textiles 10%
003 Luxury Items 20%
004 Machinery 12%
Question 45: A book publisher offered discount to customers based on their mode of purchase and the number of
copies ordered as shown below:
Mode of Purchase Number of copies ordered Discount %
Online More than 5 20
Less than or equal to 5 15
Offline More than 10 10
If Customer name, Customer type, Date of order placed, Number of copies ordered, and unit price are input; draw a
flowchart to calculate the net amount of the bill and date of purchase for each customer and print it. The above is to be
carried out for 50 customers. (RTP Nov-2019)
Question 46: Discuss all the stages of Human Resource (HR) Life Cycle. (RTP Nov-2019)
Hint: The Human Resources (HR) Life Cycle refers to human resources management and covers all the stages of an

employee’s time within a specific enterprise and the role the human resources department plays at each stage.
Typical stage of HR cycle includes the following:
(a) Recruiting and On-boarding
(b) Orientation and Career Planning
(c) Career Development
(d) Termination or Transition
Question 47: Though Human Resource (HR) Department plays an important role in development of any enterprise, yet it
has certain risks associated at every stage of its life cycle. Describe all the risks related to Human Resource Department.
(RTP May-2020)
Hint: The risks associated with Human Resource Department are as given below:
(a) Employees who have left the company continue to have system access.
(b) Employees have system access in excess of their job requirements.
(c) Additions to the payroll master files do not represent valid employees.
(d) New employees are not added to the payroll master files.
(e) Terminated employees are not removed from the payroll master files.
(f) Employees are terminated without following statutory requirements.
(g) Deletions from the payroll master files do not represent valid terminations.
(h) Invalid changes are made to the payroll master files.
(i) Changes to the payroll master files are not accurate.
(j) Changes to the payroll master files are not processed in a timely manner.
(k) Payroll master file data is not up to date.
(l) Payroll is disbursed to inappropriate employees.
(m) System access to process employee master changes has not been restricted to the authorized users.
Question 48: In an organization, effective risk management involves identification of high-level risk exposures and their
analysis. Discuss all the risk management strategies out of which Senior Management of an organization may choose to
adopt any of the risk management strategy based on the analysis of risks. (RTP May-2020)
Hint: When risks are identified and analyzed, it is not always appropriate to implement controls to counter them. Some
risks may be minor, and it may not be cost effective to implement expensive control processes for them. Risk management
strategy is explained below:
ww Tolerate/Accept the risk
ww Terminate/Eliminate the risk
ww Transfer/Share the risk
ww Treat/mitigate the risk
ww Turn back
Question 49: Effective risk management begins with a clear understanding of an enterprise’s risk appetite and identifying
high-level risk exposures. Explain the different risk management strategies which the Board or senior management may
take up. (Study Material, Nov.-2020)
Question 50: As a cyber-expert, you have been invited in a seminar to share your thoughts on data protection and privacy
in today’s electronic era. In your PowerPoint presentation on the same, you wish to incorporate the main principles on
data protection and privacy enumerated under the IT Act, 2000. Identify them.
Question 51: General Controls are pervasive controls and apply to all the components of system, processes and data
for a given enterprise or systems environment. As an IT consultant, discuss some of the controls covered under general
controls which you would like to ensure for a given enterprise.

Unit I - Business Processes Automation
BUSINESS VS ENTERPRISE (a) Profit function oriented

(b) Starts business from an existing idea
1. ________________ is measured by a product’s
performance and by its features for which
(d) Process Driven
customers are willing to pay.
(a) Value
entrepreneur?
(b) Price
(a) People oriented
(c) Competitive advantage
(b) Process oriented
(d) Goodwill
(c) Starts business from his own unique business
2. Value creation is an activity or performance by
idea
the firms to create __________ that increases the
worth of goods, services or even a business.
(a) Strategy (b) Price
entrepreneur?
(c) Value (d) Demand
(a) Profit and function oriented
BUSINESS or ENTERPRISE SYSTEM (b) Starts business from an existing idea
3. Important aspect of business process (d) Starts business from his own unique business
management from a business management point idea
of view is __________________. 10. Business system is a set of rules that executes the
(a) Increasing customer satisfaction tasks assigned by the ___________________.
(b) Reducing the cost of doing business (cost (a) Business Model
reduction) (b) Business Functions
(c) Establishing new products and services at low (c) Business Processes
cost (value creation) (d) Both ‘b’ and ‘c’
(d) All of the above 11. Business system is run with the help of
4. A business for our purposes can be any activity (a) Man (b) Machine
contributing ___________. (c) Technology (d) All of the above
(a) Sale 12. Business system is ______________.
(b) Manufacture and processing, and/or (a) Dynamic
(c) Marketing of products and/or services (b) Static
(d) All of the above (c) Dynamic and static, both
5. The term business refers to all _________________ (d) None of the above
activities pursued mainly to satisfy the material
needs of the society, with the purpose of earning DATA VS INFORMATION
profits.
13. ______________ is a collection of facts.
(a) Economic (b) Non-economic
(a) Data (b) Knowledge
(c) Social (d) Domestic
(c) Experience (d) Information
6. A business is created to __________________
14. ______________ is the lowest level of abstraction
(a) Provide products or services to customers.
from which _______and ________ are derived.
(b) Conduct its operations effectively.
(a) Information; data; knowledge
(c) Earn a reasonable return for its owners on their
(b) Knowledge; Data; information
investment in the firm.
(c) Data; information; Experience
(d) Data; information; knowledge
7. Which of the following is not a feature of a
businessman?
15. _______________ is data that have been processed 23. Which of the following is not an objective of
so that they are meaningful. Enterprise Information Systems?
(a) Knowledge (b) Experience (a) Reduce service cycles
(c) Information (d) Wisdom (b) Identify manual processes
16. Information systems change data into (c) Reduce costs

_____________, which is useful and capable of (d) Increase operational efficiency
giving a certain meaning to its users. 24. Enterprise Information System (EIS)is defined as
(a) Knowledge (b) Information any kind of information system which improves
(c) Experience (d) Wisdom the functions of an enterprise’s business
17. While ______________ is raw facts and figures, processes by –
_____________ is facts or figures ready for (a) Segregation (b) Diversification
communication or use. (c) Integration (d) Differentiation
(a) Information; wisdom
(b) wisdom; information BUSINESS PROCESS
(c) Data; wisdom 25. A process ______________________________.
(d) Data; information (a) Is a sequence of events that uses inputs to
18. __________________ is data that has been selected produce output.
and organized into meaningful patterns, and (b) Can include sequences as mechanical as
recorded by the human intellect. Reading a file and transforming the file to a
(a) Information (b) Wisdom desired output format.
(c) Knowledge (d) Experience (c) Can include sequences as mechanical as taking
19. Process explains the activities carried out by a customer order, filling that order, and issuing
______________________. the customer invoice.
(a) Users (b) Managers (d) All of the above
(c) Staff (d) All of the above 26. A business process comprises a combination of
20. Which of the following is not a component of such independent or interdependent processes
Information Systems? as _______________.
(a) People (a) Developing new product.
(b) Data (b) Customer order processing.
(c) Network (c) Bill payment system.
(d) Transaction Processing System (d) All of the above.
21. Information Systems (IS) can perform which of 27. The radical redesign of the business as a collection
the following purpose for a business enterprise? of activities that take one or more kinds of input
(a) Support of business processes and operations. and create an output that is of value to the
(b) Support of decision making by employees and customer is called _________.
managers. (a) Business
(c) Support of strategies for competitive advantage. (b) Business process
(d) All of the above (c) Business process reengineering
(d) Fundamental rethinking
ENTERPRISE INFORMATION SYSTEMS 28. Waiting in a queue in a post office or bank or
22. Which of the following states a purpose for buying a ticket for train or bus is a simple-
which an Enterprise Information System (EIS) is (a) Business
implemented within an organisation? (b) Business System
(a) It provides a technology platform that enables (c) Business process
organizations to integrate and coordinate their (d) None of the above
business processes on a robust foundation.
(b) It provides a single system that is central to TYPES OF BUSINESS PROCESSES
the organization and ensures that information 29. Business strategy is broken down to
can be shared across all functional levels and ________________.
management hierarchies. (a) Operational business process
(c) It can be used to increase business productivity (b) Implemented business process
and reduce service cycles, product (c) Operational goals
development cycles and marketing life cycles. (d) Organizational business process
30. _____________ are the high- level processes that 39. Human Resource Management Cycle does not
are typically specified in textual form. include:
(a) Organizational processes (a) Recruitment and Staffing
(b) Operational processes (b) Goal Setting
(c) Implementation processes (c) Training and Development
(d) All of the above (d) Performance Appraisal

31. Cost leadership is an example of 40. Management processes ______________ activities
___________________. related to business procedures and systems.
(a) Organizational business process (a) Measure (b) Monitor
(b) Organizational strategy (c) Control (d) All of the above
(c) Operational business process 41. _______________ covers the business processes
(d) Implemented business process involved in recording and processing accounting
32. Reducing the cost of supplied materials is an events of a company.
example of ___________________. (a) O2C cycle (b) Accounting cycle
(a) Organizational business process (c) P2P cycle (d) Inventory cycle
(b) Operational business process 42. __________________ begins when a transaction
(c) Operational goals occurs and ends with its inclusion in the financial
(d) Implemented business process statements.
33. Which one of the following represents Operational (a) O2C cycle (b) P2P cycle
Processes? (c) Accounting cycle (d) Inventory cycle
(a) Deals with legal compliance 43. ___________________ covers all the business
(b) Deal with the core business and value chain processes relating to fulfilling customer requests
(c) Deal with core processes and functions within for goods or services.
an organization (a) P2P cycle (b) Sales cycle
(d) Deals with measuring, monitoring and control (c) Accounting cycle (d) Inventory cycle
activities 44. _________________ involves transactional flow
34. A business process flow is a ____________________. of data from the initial point of documenting a
(a) Prescribed sequence of work steps. customer order to the final point of collecting the
(b) Performed in order to produce a desired result cash.
for the organization. (a) Sales cycle (b) P2P cycle
(c) Initiated by a particular kind of event. (c) Accounting cycle (d) Inventory cycle
(d) All of the above 45. _________________ is also known a P2P cycle.
35. _________________________ are also known as (a) Sales cycle
primary processes. (b) Accounting cycle
(a) Organizational business processes (c) Purchase to pay cycle
(b) Operational business processes (d) Inventory cycle
(c) Implemented business processes 46. _________________ is also known a P2P cycle.
(d) Organizational goals (a) Procure to pay cycle
36. __________________ deal with the core business (b) Sales cycle
and value chain. (c) Accounting cycle
(a) Implemented business processes (d) Inventory cycle
(b) Organizational goals 47. _________________ covers all the business
(c) Organizational business processes processes relating to obtaining raw materials
(d) Operational business processes required for production of a product or for
37. O2C cycle is also known as ____________. providing a service.
(a) Purchase cycle (b) Accounting cycle (a) Sales cycle
(c) Sale cycle (d) HR cycle (b) Accounting cycle
(c) Procure to pay cycle
CATEGORIES OF BUSINESS PROCESSES (d) Inventory cycle
38. OTC is also called as _________. 48. ________________ involves the transactional flow
(a) Sales cycle (b) P2P cycle of data from the point of placing an order with a
(c) Accounting cycle (d) Inventory cycle vendor to the point of payment to the vendor.
(a) Sales cycle
(b) Accounting cycle (b) Staying ahead in competition

(c) Inventory cycle (c) Fast service to customers
(d) Procure to pay cycle (d) All of the above
55. Prathama limited wants to implement BPA in its
BUSINESS PROCESSES AUTOMATION business. Which of the following is a benefit to

49. BPA is a set of: Prathama limited reaped through automation of
(a) Strategies (b) Skills its business processes?
(c) Plans (d) Tricks (a) Time Saving (b) Visibility
50. Which of the following is incorrect statement (c) Reduced Cost (d) All of the above
about BPA? 56. Which one of the following is not the key benefits
(a) BPA is a set of activities or strategies to automate of business process automation?
business processes so as to bring benefit to (a) Business process improvement
enterprise in terms of cost, time and effort. (b) Improved procedures
(b) BPA consists of integrating applications, (c) Weak Process Control
restructuring labour resources and using (d) Improved efficiency
software applications throughout the 57. Due to reduction in number of steps in the
organization. processes, time involved in the process flow of
(c) Business processes can be determined for many information throughout the production, services,
functional units of an organization, including billing and collection is reduced. This results in
sales, management, operations, supply chain, ____________________.
human resources and information technology. (a) Enhanced reliability
(d) BPA decreases productivity by automating (b) Reduced cost
key business processes through computing (c) Cycle-time reduction
technology. (d) Consistency
51. Which of the following cases are examples of 58. BPA frees up the time taken to complete a task by
automation? _________________ in the process.
(a) The newspaper delivery boy has used Google (a) Adding unnecessary number of steps
maps to chart his/her path to our house. (b) Reducing the number of steps
(b) At petrol pumps, automated machines which (c) Not performing the number of steps
fill car’s tank and generate computerized bills. (d) Ignoring the number of steps
(c) Mother Dairy uses high degree of technology 59. Automation ____________ by optimizing the
to ensure that we get the freshest milk. utilization of resources.
(d) All of the above (a) Reduces the cost
52. Which one is the benefits of BPA? (b) Enhancing the cost
(a) Business Process Automation (BPA) is a set of (c) Increases the cost
activities or strategies to automate business (d) Neither increases nor reduces the cost
processes so as to bring benefit to enterprise in 60. BPA adds value to the __________________.
terms of cost, time and effort.” (a) Customer by satisfying their needs
(b) It consists of integrating applications, (b) Company by profit maximization
restructuring labour resources and using (c) Neither a or b
software applications throughout the (d) Both a and b
organization. 61. RT Ltd was facing data leakage and lack of privacy
(c) BPA increases productivity by automating in its manual execution. So, it implemented BPA
key business processes through computing in its enterprise. He wanted to ensure that data
technology. is only available to persons who have right to see
(d) All of the above the same. Which of the following objective of BPA
53. Which of the following is not a benefit of BPA? is demonstrated in the above case?
(a) Quality (b) Consistency (a) Integrity (b) Confidentiality
(c) Governance (d) None of the above (c) Availability (d) Timeliness
62. In a CIS audit of its control system, the auditor
54. Which of the following is a benefit of BPA? of PKT Enterprises noticed that un-authorized
(a) Saving on costs amendments can be made in the data while
manually performing the tasks. So, he suggested
the enterprise to implement BPA in its enterprise. 70. Goals must be achieved within a given time
Which of the following objective does the auditor frame. It means they shall be __________________
seek from the implementation of BPA? (a) Specific (b) Measurable
(a) Integrity (b) Confidentiality (c) Attainable (d) Timely
(c) Availability (d) Timeliness 71. Mr. Vishal Sarangi, the Manager (sales) of OTC ltd.,
63. VKT enterprises is a market leader in has set a goal of achieving the sales of 1 lakh units
manufacturing silk sarees and has a huge in the quarter of July- September. Its previous
demand because of its high quality of goods and records state that in the current production
after sales services. It receives domestic as well capacity and capital availability the sale cannot
as international orders from across the world. be more than 40,000 units at full utilization of the
As a result, it opened many branches in different company’s resources. So, thereby the above goal
states of the country to meet the growing demand. cannot be achieved with the current production
It was, however, executing its tasks manually capacity and available resources. Which of the
because of this the data was not available when following feature of an optimum goal is lacking in
asked for. The manager of VKT ltd implemented the above case?
BPA in its operations to overcome this limitation. (a) Specific (b) Measurable
Which of the following objective is he trying to (c) Attainable (d) Timely
achieve? 72. The managers of Prathama ltd., desired to
(a) Integrity (b) Confidentiality produce 5 lakh units of ice cream cups and
(c) Availability (d) Timeliness cones and sell it in the month of July. Its current
64. Why is the process of implementing BPA production capacity is of 7 lakh units with
documented? available resources and capital. On 15th July, the
(a) It provides clarity on the process. workers of Prathama ltd. went on strike for five
(b) It helps to determine the sources of inefficiency, days because of this the above budgeted sale level
bottlenecks, and problems. was achieved in the first week of August. Which of
(c) It allows to re-design the process to focus on the following feature lacked in the attainment of
the desired result with workflow automation. the above set goal?
(d) All of the above (a) Specific (b) Measurable
(c) Attainable (d) Timeliness
BPA IMPLEMENTATION 73. The production manager of ENT enterprises
65. VTAS ltd wants to implement BPA in its business. instructed its workers to produce paper cups to
Which of the following benefits justify the the best of their abilities. Which of the following
implementations? feature is lacking in the above objective?
(a) Reducing the cost of audits and lawsuits. (a) Specific (b) Measurable
(b) Taking advantage of early payment discounts (c) Attainable (d) Timeliness
and eliminating duplicate payments. 74. Which of the following consideration is treated as
(c) New revenue generation opportunities. a return on investment (ROI) on BPA?
(d) All of the above (a) Cost Savings, being clearly computed and
66. Goals must be clearly defined. It means they shall demonstrated.
be __________________ (b) Savings in employee salary by not having to
(a) Measurable (b) Attainable replace those due to attrition.
(c) Relevant (d) Specific (c) The cost of space regained from paper, file
67. Goals must be easily quantifiable in monetary cabinets, reduced.
terms. It means they shall be __________________. (d) All of the above
(a) Measurable (b) Specific 75. Which of the following consideration is treated as
(c) Attainable (d) Relevant a return on investment (ROI) on BPA?
68. Goals must be Achievable through best efforts. It (a) Eliminating fines to be paid by the entity with
means they shall be __________________ timely carrying out of process. (Due to delays
(a) Specific (b) Measurable being avoided.)
(c) Attainable (d) Relevant (b) Reducing the cost of audits and lawsuits.
69. Goals shall be set as per the needs of the entity. It (c) Taking advantage of early payment discounts
means they shall be __________________. and eliminating duplicate payments.
(a) Specific (b) Relevant (d) All of the above
(c) Measurable (d) Attainable
76. Which of the following consideration is treated as and reaped numerous benefits. These include
a return on investment (ROI) on BPA? __________________________.
(a) Ensuring complete documentation for all new (a) Inventory management
accounts. (b) Employee Management System
(b) New revenue generation opportunities. (c) Asset tracking systems.

(c) Collecting accounts receivable faster and (d) All of the above
improving cash flow.
(d) All of the above Miscellaneous
77. Which of the following consideration is treated as 82. A Business is a collection of connected process.
a return on investment (ROI) on BPA? These processes must be frequently re-aligned or
(a) Building business by providing superior levels re-connected so as to__________________.
of customer service. (a) Handle changing business environments
(b) Charging for instant access to records. (b) Orient with re – defined business objectives
(Example: Public information, student (c) Both a and b
transcripts, medical records) (d) None of the above
(c) Cost Savings, being clearly computed and 83. Generally, a process is said to be complete when
demonstrated. (a) The process leads to a feedback from the
(d) All of the above receiver
78. VTAS ltd wants to implement BPA in its business. (b) The business entity is wound up
Which of the following benefits justify the (c) The process delivers a clear product or service
implementations? to an external stakeholder or another internal
(a) Reducing the cost of audits and lawsuits. process
(b) Taking advantage of early payment discounts (d) None of the above
and eliminating duplicate payments. 84. Considering Entities / Organisations as networks
(c) New revenue generation opportunities. or systems of processes is referred to as
(d) All of the above (a) Functional Organization
79. Following is the list of steps in the implementation (b) Process organization
of BPA: (c) Systematic Organization
i. Define why we plan to implement BPA (d) Growing Organization
ii. Document the process, we wish to automate 85. In a Process Organization, the work done is
iii. Development of BPA measured in terms of
iv. Testing the BPA (a) Specified functions handled
v. Defined the goals or objectives to be achieved (b) Creation of value for internal and external
by implementing BPA customers
vi. Understand the regulation /rules which it (c) Both of the above
needs to comply with (d) None of the above
vii. Calculate the ROI of project 86. ___________helps an organization to face change,
viii. Engage a business process consultant 5 which is ever – present in a customer oriented
Arrange the above in the correct order: economy.
(a) i, ii, iii, iv, v, vi, vii and viii (a) Functional Orientation
(b) i, ii, vi, vii iii, iv, v, and viii (b) Continuous Process Improvement
(c) i, vi, ii, v, viii, vii, iii and iv (c) Business Improvement
(d) i, v, ii, iii, iv, vi, vii and viii (d) None of the above
80. There are thousands of processes across the 87. Internal Communications, Governance, Strategy
world for which entities have gone for BPA planning , Budgeting, etc. are all example as
and reaped numerous benefits. These include (a) Primary or Operational Processes
__________________________. (b) Supporting Processes
(a) Tracking movement of goods (a) Management Processes
(b) Sales order processing (a) Functional Processes
(c) Customer services departments 88. Based on Scope of process, business processes are
(d) All of the above classified into operational processes, supporting
81. There are thousands of processes across the processes and management processes. Identify
world for which entities have gone for BPA
the primary or operational process from the (a) Data is only available to person who have the
following. right to see it.
(a) Workplace safety (b) No unauthorized amendments can be made in
(b) Governance the data
(c) Order to Cash (c) Data is available when asked for
(d) Strategy Planning (d) Data is made available at the right time.
89. Which of these is not an example of Automation 91. Business Process Automation (BPA) leads to
in everyday life? higher productivity of lower resources, thus
(a) Exam Result declared online leading to better management of
(b) Searching a person’s address using Google (a) Resources (b) Costs
Maps Facility (c) Both ‘a’ and ‘b’ (d) None of the above
(c) Payment of direct & indirect Taxes online
(d) Purchase of Railway platform Tickets at the
Station Counter
90. The success of any business process Automation
(BPA) shall only be achieved when BPA ensure
confidentiality, integrity, availability and
timelines. In this regards, integrity means –
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a c d d a d d d d c d c a d c b d a d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d b c d d b c c a b c b d b d c a b d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
b c b a c a c d a d d d d d d c c b a d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b a c d d d a c b d c d a d d d d d c d
81 82 83 84 85 86 87 88 89 90 91
d c c b b b a c d b c
Unit II
DFDs and Flowcharts

DATA FLOW DIAGRAMS (a) It is used as the part of system documentation file.
(b) It simply takes a long time to create, so long that
1. The _____________ in a data flow diagram are used the analyst may not receive support from the
to depict the flow of data from the origination of management to complete it.
transactions and other events, through various (c) DFD can be easy understood by technical and
stages of processing and refinement, to the nontechnical audiences.
distribution of processed or captured data. (d) It supports the logic behind data flow within the
(a) Rectangle (b) Symbols system.
(c) Lines (d) Circles
10. Which is the following is an advantage of using Data
2. Square in a DFD signifies _______________. Flow Diagram?
(a) External entity (b) Process (a) It make the programmers little confused regarding
(c) Data store (d) Data flow the system.
3. Circle in a DFD signifies ________________. (b) The biggest drawback of the DFD is that it simply
(a) External entity (b) Process takes a long time to create, so long that the analyst
(c) Data store (d) Data flow may not receive support from the management to
complete it.
CONTEXT DIAGRAM (c) DFD can be easy understood by technical and
even by nontechnical audiences.
4. Context diagram is the ____________ DFD. (d) Physical considerations are left out. Imagination
(a) Lowest level (b) Medium level
(c) Highest level (d) Real FLOW CHARTS
5. _________________ depicts a data processing system
11. A ______________ is a graphic representation of an
and includes external entities that are the sources
algorithm.
and destinations of system’s inputs and outputs.
(a) Flowchart (b) ER diagram
(a) Flowchart (b) Context diagram
(c) Logical DFD (d) Context DFD
(c) ER Diagram (d) None of the above
12. Flowcharts ________________.
6. A ________________ shows how the system will
(a) Play a vital role in the programming of a problem
be implemented. The physical model depicts the
(b) Are quite helpful in understanding the logic of
system.
complicated and lengthy problems.
(a) Physical DFD (b) Context DFD
(c) Are helpful in explaining a program to others.
(c) Logical DFD (d) None of the above
7. A physical DFD _________________.
13. Once the flowchart is drawn, it becomes
(a) Focuses on the business and how the business
______________ to write the program in any high
operates.
level language.
(b) Depicts the system
(a) Difficult (b) Onerous
(c) It describes the business events that take place and
(c) Easy (d) Inexpedient
the data required and produced by each event.
(d) Reflects the business. 14. Which of the following is a limitation of using
flowcharts?
8. Which of the following is the Advantages of using
(a) Innovative, dynamic, risk taker and revolutionary
Data Flow Diagram:
(b) Profit and function oriented
(a) It aids in describing the boundaries of the system.
(c) A market leader who has lot of time for family
(b) It is beneficial for communicating existing system
(d) People and process oriented
knowledge to the users.
15. Which of the following is a limitation of Flowcharts?
(c) A straightforward graphical technique which is
(a) They are a better way of communicating the logic
easy to recognize.
of a system to anyone.
(b) The program logic is quite complicated. In that
9. What is the limitation of using Data Flow Diagram? case, a flowchart becomes complex and clumsy.
(c) Efficient Program Maintenance: The maintenance 20. _________ are designed to present an overview of
of an operating program becomes easy with the data flow through all parts of a computer.
help of a flowchart. (a) System Flow Charts
(d) Quicker grasp of relationships: Before any (b) System Outline Charts
application can be solved, it must be understood, (c) Program flow charts
the relationship between various elements of the (d) None of the above
application must be identified. The programmer 21. ________________ represents flow of documents, the
can chart a lengthy procedure more operations or activities performed, the persons or
16. Which of the following is an advantage of using workstations.
flowchart? (a) System Outline Charts
(a) If alterations are to be done, the flowchart may (b) Program flow charts
require complete re-drawing. (c) System Flow Charts
(b) A flowchart acts as a guide or blueprint during (d) None of the above
the systems analysis and program development 22. A _____________________ represents the operations
phase.
(c) As the flowchart symbols cannot be typed, of a system with the help of a logically drawn
reproduction of a flowchart becomes a problem. diagram, data, and illustrates the correct flow of
(d) It becomes difficult to establish the linkage documents.
between various conditions, and the actions to be (a) System Outline Charts
taken thereupon, for a particular condition. (b) System Flow Charts
17. System Outline Charts _____________. (c) Program flow charts
(a) Merely list the inputs, file processed and the (d) None of the above
outputs without considering their sequence. 23. ______________________ provide a complete and
(b) Are designed to present an overview of data flow detailed sequence of logical operations to be
through all parts of a computer. performed in a central processing unit of the
(c) Represent flow of documents, the operations or computer for executing the program.
activities performed, the persons or workstations. (a) System Outline Charts
(d) Represent the operations of a system with the (b) System Flow Charts
help of a logically drawn diagram, data, and (c) Program flow charts
illustrates the correct flow of documents. (d) None of the above
18. In a Computer system, the System Flowchart mainly 24. _____________________ are used to depict the
consists of __________________. scientific, arithmetic and logical operations or steps
(a) Sources from which input data is prepared and which must be accomplished to solve the computer
the medium or devices used application problem. They display specific
(b) The processing steps or sequence of operations operations and decisions and their sequence within
involved, and the program.
(c) The intermediary and final outputs prepared and (a) System Outline Charts
the medium and devices used for their storage. (b) Program flow charts
(d) All of the above (c) System Flow Charts
19. ________________ are diagrammatic representation (d) None of the above
of the data processing steps to be performed within 25. ________________________ are used to translate the
a computer program. elementary steps of a procedure into a program of
(a) System Flow Charts coded instructions.
(b) System Outline Charts (a) System Outline Charts
(c) Program flow charts (b) Program flow charts
(d) None of the above (c) System Flow Charts
(d) None of the above
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a b c b a b d b c a d c b b b a d c a
21 22 23 24 25
c b c b b
Unit III
Enterprise Risk Management and Risks and

Controls for Specific Business Processes
RISK AND TYPES OF BUSINESS RISKS firm’s business is in big trouble. What kind of risk is
this?
1. Risk is the effect of ____________________ on (a) Operational risk (b) Regulatory risk
objectives? (c) Financial risk (d) Credit risk
(a) Uncertainty (b) Certainty
8. Risk that could expose the organization to fines
(c) Loss (d) Profit
and penalties from a regulatory agency due to non-
2. Which of the following statements about risk is not compliance with laws and regulations.
true? (a) Operational risk (b) Regulatory risk
(a) It can be a driver of strategic decisions. (c) Financial risk (d) Credit risk
(b) It may be a cause of uncertainty in the
9. Prathama Ltd has a strategy to launch a new line of
organization.
ice cream. Initial plans are to use ingredients that
(c) It prevents an organization from meeting its goals
are controversial and therefore may face future
and objectives.
regulations due to studies that suggest they are
unhealthy. Such regulations might essentially ban
3. _________________________ might arise from making the product, resulting in a costly disruption in sales.
poor business decisions, from the substandard The company decides to avoid the risk by choosing
execution of decisions, from inadequate resource ingredients that are recognized as healthy. Which of
allocation, or from a failure to respond well to the following risk is avoided?
changes in the business environment. (a) Compliance risk (b) Strategic risk
(a) Operational risk (b) Strategic risk (c) Reputation risk (d) Financial risk
(c) Regulatory risk (d) Credit risk
10. Tiwari Enterprises was involved in a major
4. Strategic risk might arise from ___________. controversy, ban and lawsuit in 2014. With an
(a) Making poor business decisions embarrassing product recall, negative publicity
(b) From the substandard execution of decisions about Tiwari Enterprises or high-profile criticism of
(c) From inadequate resource allocation its products or services, it had to face a situation of
(d) All of the above _________________.
5. _________________________________ is a risk that (a) Operational risk (b) Credit risk
prevents an organization from meeting its goals and (c) Financial risk (d) Regulatory risk
objectives. 11. _______________ is a risk that could prevent the
(a) Operational risk (b) Strategic risk organization from operating in the most effective
(c) Regulatory risk (d) Credit risk and efficient manner or be disruptive to other
6. ________________________ is a risk that could result operations.
in a negative financial impact to the organization in (a) Financial risk (b) Credit risk
terms of waste or loss of assets. (c) Operational risk (d) Regulatory risk
(a) Operational risk (b) Regulatory risk 12. _______________ is a risk that could expose the
(c) Credit risk (d) Financial risk organization to negative publicity.
7. A large proportion of Carvinowledge Ltd.’s revenue (a) Credit risk (b) Financial risk
comes from a single large client, and it extends 60 (c) Operational risk (d) Regulatory risk
days credit to that client. If that customer is unable 13. Reputation risk is also known as ___________.
to pay, or delays payment for whatever reason, then (a) Financial risk (b) Operational risk
(c) Credit risk (d) Regulatory risk
ENTERPRISE RISK MANAGEMENT (b) Committee of Sponsoring Operations

(c) Committee of Sponsoring Organization
14. Risk management is a _______________________ of (d) Community of Specialising Operations
the strategic management of any organisation.
22. ________________________ sets the basis for how
(a) Central part
risk is viewed and addressed by an entity’s people,
(b) Departmental part

including risk management philosophy and risk
(c) Separate part
appetite, integrity and ethical values, and the
(d) Not a part
environment in which they operate.
15. ______________________ is the process whereby (a) External environment
organizations methodically address the risks (b) Internal environment
attached to their activities. (c) Microenvironment
(a) Business process management (d) Macro environment
(b) Business process automation
23. The entirety of enterprise risk management
(c) Enterprise risk management
is monitored and modifications are made as
(d) Virtualisation
necessary. The monitoring is accomplished through
16. ERM is an on-going process, involving _______. ___________________.
(a) Board of Directors (a) Ongoing management activities
(b) Management (b) Separate evaluations
(c) Key managerial personnel (other than a and b (c) Neither ‘a’ Nor ‘b’
above) (d) Both a and b
24. _________________is the degree of risk, on a broad-
17. ________________________________ is a systematic based level that an enterprise is willing to accept in
approach to setting the best course of action to pursuit of its goals.
manage uncertainty by identifying, analysing, (a) Risk appetite (b) Risk analysis
assessing, responding to, monitoring and (c) Risk response (d) Risk assessment
communicating risk issues/events that may have an
25. Which of the following is a type of risk response?
impact on an organization successfully achieving
(a) Avoiding risk (b) Accepting risk
their business objectives.
(c) Sharing risk (d) All of the above
(a) Business process management
(b) Enterprise risk management 26. Management considers the entity’s risk appetite
(c) Business process automation first in _________________.
(d) Virtualisation (a) Evaluating strategic alternatives
(b) Setting objectives aligned with the selected
18. ERM is a _________ process.
strategy
(a) comprehensive (b) systematic
(c) Developing mechanisms to manage the related
(c) proactive (d) All of the above
risks.
19. ERM is a fundamental responsibility and (d) All of the above
accountability of _________________.
(a) Top Management CONTROLS
(b) Middle Management
(c) Low Management 27. Controls ________________________.
(d) All of the above (a) Policies, procedures, practices and organization
structure
ENTERPRISE RISK MANAGEMENT (b) Designed to provide reasonable assurance that
business objectives are achieved and
20. ERM is ___________________. (c) Undesired events are prevented or detected and
(a) On-going process corrected.
(b) One time process (d) All of the above
(c) Extra ordinary process
(d) Non-ordinary CONTROLS BASED ON IMPLEMENTATION
21. COSO stands for __________________. 28. Which of the following is a control based on
(a) Community of Specialising Organization implementation?
(a) Detective control (b) Perfective controls

(b) Preventive control (c) Corrective controls
(c) Compensatory control (d) Detective controls
(d) Manual control 36. Corrected control is related to the correction of
29. Which of the following is not a control based on _______________________.

objectives of scenario? (a) Data-entry errors.
(a) Detective control (b) To identifying and removing unauthorized users
(b) Corrective control or software from systems or networks.
(c) Manual control (c) To recovery from incidents, disruptions, or
(d) Preventive control disasters.
30. _______________________ run completely by the
human efforts or manual intervention. 37. ____________________________ is also called an
(a) Manual control alternative control.
(b) Automated control (a) Preventive controls
(c) Semi-automated control (b) Perfective controls
(c) Corrective controls
(d) Detective controls
31. __________________________ run by the machine or
some other computing technology (A hardware or a 38. ________________ is also called compensatory
software). control.
(a) Manual control (a) Preventive controls
(b) Automated control (b) Corrective controls
(c) Perfective controls
(c) Semi-automated control (d) Detective controls
39. __________________ are those inputs which are
32. ____________________________ run by the designed to prevent an error, omission or malicious
combination of human and machine or some act.
computing technology (A hardware or a software). (a) Detective control
(b) Corrective control
(a) Manual control
(c) Perfective control
(b) Automated control
(d) Preventive control
(c) Semi-automated control
(d) All of the above LEVELS OF CONTROL IN CIS ENVIRONMENT
CONTROLS BASED ON OBJECTIVE OF CONTROLS 40. ________________ refer to the way various parameters
OR SCENARIO are set up for all modules of software, like Purchase,
Sales, Inventory, and Finance, etc.
33. __________________ are those inputs which are
(a) Configurations (b) Masters
designed to prevent an error, omission or malicious
(c) Transactions (d) All of the above
act.
(a) Preventive control 41. _______________ defines how software will function
(b) Corrective control and what menu options are displayed.
(c) Perfective control (a) Configurations (b) Masters
(d) Detective control (c) Transactions (d) All of the above
34. _____________________________ are designed to 42. __________________ refers to the way a software
detect errors, omissions or malicious acts that occur system is set up.
and report the occurrence. (a) Masters (b) Transactions
(a) Preventive controls (c) Configurations (d) All of the above
(b) Perfective controls 43. ______________ refer to the actual transactions
(c) Corrective controls entered through menus and functions in the
(d) Detective controls application software.
35. _____________________________ is to correct errors, (a) Configurations (b) Transactions
omissions, or incidents once they have been (c) Masters (d) All of the above
detected.
(a) Preventive controls
INTERNAL CONTROL (a) Reliability of financial reporting,

(b) Effectiveness and efficiency of operations
44. Which one of the following does not represent an (c) Safeguarding of assets
objective of the system of Internal Control? (d) All of the above
(a) Meeting sales targets
52. Internal control is said to be effective when assets
(b) Safeguarding assets

are safeguarded from _________________.
(c) Prevention and detection of fraud and error
(a) Use (b) Access
(d) Completeness of accounting records
(c) Disposal (d) All of the above
45. Internal control is said to be effective when
53. Internal control is said to be effective when
transactions are recorded _________________.
_________________.
(a) Correct amount
(a) Assets are safeguarded from unauthorised use
(b) Appropriate account
(c) Proper period (b) Transactions are recorded in correct amount,
(d) All of the above account and period
(c) Transaction is executed with appropriate
46. To execute a transaction _______________
authority
authorisation is needed.
(a) Specific (b) General
54. Which of the following is not a Flowcharting symbol?
(c) Either a and b (d) Both a and b
(a) Process (b) Decision
47. Processes are altered so that more than one person
(c) Document (d) Risk
is involved in each one; this is done so that people
55. Manual elements in IC are suitable when
can cross-check each other reducing fraud incidents
_________________.
and the likelihood of errors. Which of the following
(a) Circumstances of error are difficult to detect
form of internal control is stated in above phrases?
(a) Authorized Access (b) Monitoring efficiency and efficiency of automated
(b) Segregation of duties (SOD) controls is done
(c) Safeguarding the Assets (c) There are transactions of unusual or non-
(d) All of the above recurring nature
48. Access to computer records is restricted, so that
56. Which of the following is not a component of
information is only made available to those people
Enterprise Risk Management?
who need it to conduct specific tasks. Which of the
following form of internal control is stated in above (a) Internal environment
phrases? (b) Organization chart
(a) Authorized Access (c) Objective setting
(b) Segregation of duties (SOD) (d) Event identification
(c) Safeguarding the Assets 57. Which one of the following is not an objective of
(d) All of the above Internal Control?
49. Assets are locked up when not in use, making it (a) Compliance with applicable laws and regulations
more difficult to steal them.Which of the following (b) Meeting sales targets
form of internal control is stated in above phrases? (c) Reliability of reporting
(a) Segregation of duties (SOD) (d) Effectiveness and efficiency of operations
(b) Authorized Access 58. The control environment comprises of
(c) Safeguarding the Assets ________________.
(d) All of the above (a) Integrity and ethical values of the organization.
50. Internal control measures are implemented by (b) Parameters enabling the Board of Directors
which of the following? (BOD) to carry out its governance responsibilities.
(a) Those charged with governance (TCWG) (c) Organizational structure and assignment of
(b) Management authority and responsibility.
(c) Authorised personnel (d) All of the above
(d) All of the above 59. The control environment consists of
51. Internal control provides reasonable assurance _______________________.
about the achievement of an entity’s objectives with (a) Parameters enabling the Board of Directors
regard to _________________________. (BOD) to carry out its governance responsibilities.
(b) Organizational structure and assignment of company as scrap. The Internal Control System
authority and responsibility. (ICS) is unable to detect or prevent this. This
(c) Process for attracting, developing, and retaining weakness of the IC S is an instance of _____________.
competent individuals. (a) Collusion (b) Abuse of authority
(d) All of the above (c) Human error (d) Cost considerations

60. Risk Assessment Procedure is conducted to 67. Mr. Pankaj Kumar, the accountant of
____________________. AdityaEnterprises recorded the credit sales made
(a) Obtain an understanding of the entity’s to Mr. Munish Thakur in the account of Mr. Manish
environment. Thakur. The Internal Control System (ICS) is unable
(b) Obtain an understanding of the entity’s internal to detect or prevent this. This weakness of the IC S is
control an instance of _____________.
(c) Identify and assess the risks of material (a) Collusion (b) Abuse of authority
misstatement, whether due to fraud or error, at (c) Human error (d) Cost considerations
the financial statement and assertion levels 68. Tiwari Enterprise needs to install 30 CCTV cameras
(d) All of the above in its premises to monitor its employees. However,
61. Risk assessment procedures include _________. it is able to install only 15 CCTVs because of lack of
(a) Inquiries of management funds. The above case demonstrates which of the
(b) Analytical procedures following weakness of the ICS?
(c) Observation and inspection (a) Collusion (b) Abuse of authority
(d) All of the above (c) Human error (d) Cost considerations
62. Segregation of duties is the process of assigning
RISKS AND CONTROL FOR SPECIFIC BUSINESS
different people the responsibilities of ___________.
PROCESSES
(a) Authorizing transactions
(b) Recording transactions 69. _____________Cycle covers all the business processes
(c) Maintaining custody of assets relating to obtaining raw materials required for
(d) All of the above production of a product or for providing a service.
63. General Controls include controls over (a) O2C (b) Inventory
__________________. (c) P2P (d) HR
(a) IT management 70. _____________________ covers all the business
(b) IT infrastructure. processes relating to obtaining raw materials
(c) Security Management required for production of a product or for providing
(d) All of the above a service
64. Application Controls are designed to ensure (a) P2P cycle (b) O2C cycle
__________________________. (c) General ledger (d) HR cycle
(a) Completeness (b) Accuracy 71. ____________________covers all the business
(c) Authorization (d) All of the above processes relating to fulfilling customer requests for
65. Mr. Raj Trivedi, the Production Officer of Trivedi goods or services.
enterprises uses few of the products for his own (a) P2P cycle (b) O2C cycle
personal use and shows it as free sample, given for (c) General ledger (d) HR cycle
advertisement of the product, in the accounts. The 72. ____________________ involves transactional flow
Internal Control System (ICS) is unable to detect or of data from the initial point of documenting a
prevent this. This weakness of the IC S is an instance customer order to the final point of collecting the
of _____________. cash.
(a) Collusion (a) P2P cycle (b) General ledger
(b) Abuse of authority (c) HR cycle (d) O2C cycle
(c) Human error
73. The _____________ refers to human resources
(d) Cost considerations
management.
66. The production manager, Sales manager and (a) P2P cycle (b) General ledger
Accounts manager sold the good assets of the (c) HR cycle (d) O2C cycle
74. ________________ covers all the stages of an 81. Arrange the following stages in fixed assets process
employee’s time within a specific enterprise and in the correct order.
the role the human resources department played at i. Reviewing Transactions
each stage. ii. Generating Financial Reports
(a) HR cycle (b) P2P cycle iii. Approving Transactions 3
(c) General ledger (d) O2C cycle iv. Entering financial transactions into the system 1
75. ______________ is the process of hiring a new v. Posting of Transactions
employee. (a) iv, i, iii, v, ii (b) iv, v, ii, i, iii
(a) Orientation (b) Career development (c) iv, ii,i, iii, v (d) iv, iii, v, ii, i
(c) Transition (d) Recruiting
Miscellaneous
76. ____________________ is the process by which the
employee becomes a member of the company’s 82. _________________ is the degree of risk that an Entity
work force through learning their new job duties, is willing to accept in pursuit of its goals.
establishing relationships with co-workers and (a) Enterprise Risk Management
supervisors and developing a niche. (b) Risk Management Strategy
(a) Recruiting (b) Career development (c) Risk Mitigation Methodology
(c) Orientation (d) Career planning (d) Risk Appetite
77. _________________ is the stage at which the 83. Which of the following is a Risk Assessment Activity?
employees and their supervisors work out their (a) Risk Identification (b) Risk Prioritization
long-term career goals with the company. (c) Risk Analysis (d) All of the above
(a) Career planning
84. “Insurance Cover” is an example of _____________
(b) Recruiting
strategy.
(c) Career development
(d) Orientation
(a) Risk Transfer (b) Risk Avoidance
(c) Risk Elimination (d) Risk Acceptance
78. _______________ is all about keeping an employee
85. _______________ means not doing an activity that
engaged with the company over time.
involves risk.
(a) Career planning
(b) Recruiting (a) Risk Avoidance (b) Risk Transfer
(c) Career development (c) Risk Elimination (d) Risk Mitigation
(d) Orientation 86. In implementing automated verifications, controls
79. ____________________ refers to the process of should be checked at three levels. These are
recording the transactions in the system to finally (a) ROM, PROM, EPROM
generating the reports from financial transactions (b) Overall, Strategic and Operational
entered in the system. (c) Configuration, Masters and Transaction
(a) General Ledger (b) O2C cycle (d) manual, Automated, Semi Automated
(c) P2P cycle (d) HR cycle 87. _________ is also called standing data.
(a) Configuration (b) Masters
RISKS AND CONTROLS FOR SPECIFIC BUSINESS (c) Parameters (d) Flow Diagrams
CONTROLS
88. A company is setting Masters, i.e., parameters for
80. Arrange the following stages in fixed assets process various types of Modules, i.e., Purchases Sales,
in the correct order. Inventory, Finance, HR, etc. identify which of the
i. Procuring an Asset. following is not a relevant master data for employee
ii. Transferring the Assets. master?
iii. Registering or Adding an Asset. (a) Designation
iv. Adjusting the Assets. (b) Permanent Address
v. Disposing the Assets. (c) Bank Account Details
vi. Depreciating the Assets. (d) GSTIN Details
(a) i, iii, iv, ii, vi, v (b) i, iii, iv, ii, vi, v
89. A company is setting masters, i.e., parameters for
(c) i, iii, iv, ii, vi, v (d) i, iii, iv, ii, vi, v
various types of modules, i.e., Purchases, Sales,
Inventory, Finance, HR etc. Identify which of the
following is not a relevant Master Data for materials (d) Employees are terminated without following
Master? statutory requirements.
(a) Technical Description 91. In an automated General Ledger Process, the
(b) Credit Period possibility that “Non-standard Journal Entries are
(c) Unit of Measurement not tracked and are inappropriate” is a risk at the

(d) Re-Order Level _________ level.
90. Which of the following constitute Risks at the (a) Configuration (b) Masters
“Configuration” Level for an automated Human (c) Transactions (d) Sources Documents
Resources Process? 92. In an automated inventory Process, the possibility
(a) Employees who have left the Company that “Amount posted to Cost of sales does not
continue to have system Access represent those associated with shipped Inventory”
(b) Change to the Payroll master files are not accurate is a risk at the _______________ level.
(c) Payroll Disbursement made to inappropriate (a) Configuration (b) Masters
employee (c) Transactions (d) Posting
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a d b d b d c b a b c a c a c d b d a a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c b d a d d d d c a b c a b c d b c d b
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b a d c b a c d d d d d d b b d d d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
d d d d b a c d b a b d c a d c a c a a
81 82 83 84 85 86 87 88 89 90 91 92
a d d a a c b d b a a c
C h a p t e r
1 Flowcharts and DFDs

(Diagrammatic Representation of Business Process)
Chapter at a Glance....?
Vi Topic:
HH Quick Bites SCAN
QR Code
su
lizat
io
n
36 E N T E R P R I S E I N F O R M AT I O N S Y S T E M S ( E I S ) – M E N TO R
Problem 1: Draw a Flowchart for a program to compute and print the sum, average and product of three
numbers
Solution:
START
Start Input = Numbers X, Y, Z
S = Sum = X + Y + Z
A = Average = Sum / 3
Read X, Y, Z P = Product= X × Y × Z
S=X+Y+Z
A = S/3
P=X*Y*Z
Write S, A, P
End
Probelem 2: Flowchart to calculate the number of Problem 3: Flowchart to compute Celcius to

years for the given number of days. Fahrenhite temperature.
Solution: Solution:
START
Start START
Start
F=0
Read Days C=0
Year
Year==Days / 365
days/365 Read C
Write Year F=1.8

F = 9/5**C
C++ 32
32
Write F
END
End
END
End
I nt ro duc t i o n to B usiness Pro cess Auto m at i o n 37
Problem 4: Draw a flowchart for computing and printing the simple interest for 10, 11, 12, 13, and 14 years
at the rate of 3% per annum on an investment of ` 25,000.
Solution:
START
P = 25,000
R = 3%
T = 10
I=P×R×T
Print I
Is Yes
T = 14
?
No
T = T+1
END
Problem 5: Assume that you opened a savings account with a local bank on 01.01.2016 the annual interest
rate is 5%. Interest is compounded at the end of each month. Assuming that your initial deposit is X rupees,
draw a flowchart to print out the balance in your account at the end of each month for three years.
Solution:
START
Start
Input
Read
XX
R = 5%
C=1
I = (X*R) / 12
X=X+I
Print
Print
X X
Is Yes
C = 36
C =?36
?
No
No
C=C+1
END
End
Problem 6: A Company provides a commission to its sales people on the following basis:
(a) If Sales ≤ ` 50,000 = Commission will be 0%
(b) If Sales > ` 50,000 and
≤ ` 1,00,000 = Commission will be 10% of Sales above ` 50,000
(c) If Sales >` 1,00,000 = Commission will be 7% of Sales amount
Solution:
Sales S
Commission Com.
Input Sales
Output Commission
A
START
Input
Sales
Is Yes
Sales ≤ 50,000 Com.
Com==00
?
No
Is Yes
Sales ≤ 1,00,00 Com.
Com==Sales-
(Sales50,000) × 0.1× 0.1
- 50,000)
?
No
Is Com. = Sales
Com × 0.07
= Sales × 0.07
more
records
?
Print
PRINTCom
Output
Com.
END
Problem 7: Draw flowchart to compute commission of a sales representative based on the following
conditions:
Sales (`) Commission
≤ 5,000 Nil
> 5,000 and ≤ 5,0000 10% of sales
> 50,000 ` 5000 + 12% of sale above ` 50,000
Draw a flowchart to print the sales and commission.
Solution:
Commission Com.
Input Sales
Output Commission Sales
Sale S
START
INPUT
S
Is Yes
S ≤ 5,000 Com. = 0
?
No
Is Yes
S ≤ 50000 Com. = S × 0.10
?
No
Com. = 5,000 + (S – 50,000) × 0.12
PRINT
S, Com.
END
Problem 8: For computing custom duty, the imported items are classified into 4 categories.
The rate of duty to be levied on each category of items is given below:
Category % custom duty on the value of
Class of goods
(K) goods (V)
1 Food and beverages 10
2 Textile and leather goods 15
3 Heavy machinery 20
4 Luxury items 40
Draw a flowchart to compute the custom duty. [May 2011]

Solution:
Category K
Value of Goods V
Custom Duty CD
Input K, V
Output CD
START
INPUT
V, K
Is Yes
K=1 CD = V × 0.1
?
No
Is Yes
K=2 CD = V × 0.15
?
No
Is Yes
K=3 CD = V × 0.20
?
No
CD = V × 0.4
PRINT
CD
END
Problem 9: XYZ Ltd. follows the following procedures for dealing with the Delivery charges (DC) of goods
sold. For the purpose of determining delivery charges customers are divided into 2 categories (K)
(1) Those whose Sale Region Code (SRC) ≥ 30
(2) Those whose SRC < 30
Conditions Invoice Amount (IA) Delivery Charges

IA < 15,000 DC = ` 300
SRC < 30
IA ≥ 15,000 DC = ` 150
IA < 15,000 DC = ` 400
SRC ≥ 30
IA ≥ 15,000 DC = ` 200
Prepare a flowchart and Print delivery charges.

Solution:
START
Delivery Charges DC
A
Sale Region Code SRC
DC = 0
Invoice Amount IA
Input
INPUT
Categories K
K,K,IA,
IASRC
No Is Yes Is Yes
SRC < 30 IA < 15,000 DC = 300
? ?
No
Is Yes
IA < 15,000 DC = 400 DC = 150
?
No
DC = 200
Print
DC
Yes Is
A more K
?
No
END
Problem 10: Draw a flowchart to compute and print Income-tax, Surcharge and Education cess on the
income of a person, where income is to be read from terminal and tax is to be calculated as per the following
rates:
S. No. Slab (`) Rate
i. 1 to 1,00,000 No tax.
ii. 1,00,001 to 1,50,000 @ 10% of amount above 1,00,000.
iii. 1,50,001 to 2,50,000 ` 5,000 + 20% of amount above 1,50,000.
iv. 2,50,001 onwards ` 25,000 + 30% of amount above 2,50,000.
Surcharge @ 10% on the amount of tax, if the income of a person exceeds ` 10,00,000.
Education cess 2% on the total tax. [May 2006]
Solution:
Income INC
START Surcharge SCHG
A Education Cess Edu. Cess
Tax = 0
SCHG = 0
Input INC
Edu. cess = 0
Output Tax, SCHG,
Input Edu. Cess Education Cess
INC
Is Is Is Is
INC < No INC < No INC < No Tax = 25000 + No
INC >
1,00,000 1,50,000 2,50,000 0.3 * (INC – 2,50,000)
10 lac
? ? ? ?
Yes Yes Yes Yes
Tax = 0 Tax = 0.1 * Tax = 5000 + SCHG = 0.1* Tax
(INC – 1,00,000) 0.2 * (INC – 1,50,000)
Edu. Cess = Tax * 0.02
Is
PRINT more Yes
Tax, SCHG, A
records
Edu. Cess ?
No
END
Problem 11: The Income-tax for the employees of an organization is calculated on the basis of their Gross Income and
the Investments made by them, under Section 80CCC. The taxable income is calculated according to the following
rules:
Taxable Income = Gross Income – Investments provided investments are less than ` 1 Lac.
Otherwise,
Taxable Income = Gross Income – 1,00,000
Following rules are applied to calculate the Income-tax, on the Taxable Income:
S. No. Taxable Income (`) Income Tax

i. 0 - 1,60,000 Nil
ii. 1,60,001 – 3,00,000 10%, on the excess of 1,60,000
iii. 3,00,001 – 5,00,000 14,000 + 20% on the excess of 3,00,000
iv. 5,00,001 – and above 54,000 + 30% on the excess of 5,00,000
Also an educational cess of 3% of Income-tax is levied on all the employees, irrespective of the income.
Employee number, Name, Gross Income, Investment amount is given as input. Draw a flow chart to calculate the
Income-tax payable by each employee. [May 2010]
Solution:
START
GI Gross Income
A EN Employee Number
Input INV Investment made
Inv, EN, N
N Name
NoNo
Is
Yes TI Total Income
TI = GI - 1L Inv < 1Lac TI = GI - Inv
? IT Income Tax
EC Education Cess
IT Pay Income Tax Payable
Is Yes
TI ≤ 1.6L IT = 0
?
No
Is Yes
TI ≤ 3L IT = (TI - 1.6L) × 0.1
?
No
No
Is Yes
TI ≤ 5L IT = 14,000 + (TI - 3L) × 0.2
?
No
No Yes
IT = 54,000 + (TI - 5L) × 0.3
EC = IT × 0.03
IT PAY = IT + EC
PRINT
IT Pay
Is there
Yes
Yes more
A Employees
?
No
No
END
Problem 12: An electric supply company charges the following rates from its domestic consumers:
No. of unit consumed Charges/unit (`)
For the first 200 units 1.60
For the next 300 units 2.10
Over 500 units 3.90
Surcharge @ 20% of the bill is to be added to the charges.
Draw a flowchart for the above, which will read the consumer number and the number of units consumed
and print out the total charges with the consumer number and the units consumed.
SCHG = Surcharge TC = Total Charges
UC = Units Consumed CN = Consumer number [November 2006]
Solution:
START
A
INPUT
CN, UC
Is
units Yes
Chg = UNITS × 1.60
< 200
?
No
Is
units Yes Chg = (200 × 1.60) +
< 500 (UNITS – 200) × 2.10
?
No
Chg = (200 × 1.60 + 300 × 2.10)

+ (UNITS – 500) * 3.90
SUR = SCHG × 0.20
TC = SCHG + SUR
Print
TC, CN, UC
Is
Yes more
A records
?
No
END
Problem 13: An electric supply company charges the following rates from its consumers:
No. of units consumed Charges/unit (`)
For the first 200 units 2.50
For the next 300 units 3.50
Over 500 units 5.00
Computer database of a company has the following information:
• Consumer name • Address • Unit consumed • Bill date • Payment date
If the consumer pays his bill within 15 days from the bill date, 10% discount is given. If he makes the payment after
15 days from the bill date, 5% surcharge is levied. Draw a flowchart to calculate the net amount of the bill for each
consumer and print it. [November 2007]
Solution:
START
Abbriviations
A
INPUT Name, Add, Consumer Name Name
UC, DOB, DOP
Address Add
Units Consumed UC
Is
Units Yes
AMT = UC × 2.50
Bill Date DOB
< 200
? Payment Date DOP
No Amount AMT
Is Net Amount NAMT
Units ‘U’ Yes AMT = 200 × 2.50 +
< 500 (UC – 200) × 3.50 Surcharge Sur
?
Discount Disc
No
AMT = (200 × 2.50) + (300 × 3.50)
+ (UC – 500) × 5.00
PDAYS = DOP – DOB
Is
Sur = 0.0 Yes PDAYS No Sur = 0.05
Disc = 0.10 <15 Disc = 0.00
?
NAMT = AMT (1 – Disc + Sur)
Is
Print more Yes
A
Name, records
Add, UC, NAMT ?
No
END
Problem 14: CNP India Ltd. offers different items to sell to different types of customers as per following
procedures:
Discount
Item
Dealers Retailer
Washing Machines 12% 12%
Cooking Range 12% 9%
Decorative product 20% if value of order is 10000 or above else 0% 10%
Draw a flowchart to print Discount. [May 2004]

Solution:
START I Items
K Categories
D=0
V Value
INPUT
D Discount
I, K, V
I=
No Yes
“Washing D = V × 0.12
machine”
?
I=
“Cooking Yes
Range”
?
Is Yes
No K = “Dealer” D = V × 0.12
?
Is Yes No
K = “Dealer” D = V × 0.09
?
Is Yes
V ≥ 10,000 D = V × 0.20
?
No No
D = V × 0.0
D = V × 0.10
Print D
END
Problem 15: A bicycle shop in Delhi hires bicycles by the day at different rates as shown in table:-
S.No. Season Charges per day (`) S.No. Season Charges per day (`)
i. Spring (March - May) 8.00 iii. Autumn (Sept - Nov.) 5.00
ii. Summer (June - August) 9.50 iv. Winter (Dec. - Feb.) 6.00
To attract his customers, the proprietor also gives a discount on the number of days a bicycle is hired for. If the hire
period is more than 10 days, a reduction of 15% is made. For everybicycle hired, a deposit of `20 must be paid.
Develop a flowchart to print out the details for each customer such as name of customer, number of days a bicycle
is hired for, hire-charges and total charges including the deposit. It is also assumed that there are 25 customers and
complete details for each customer such as name of customer, season and number of days the bicycle is required for is
inputted through console.
Solution:
START Input
Customer Name CN
C=0
Season S
A
No. of Days ND
C=C+1
Output
CN, ND
INPUT
CN, S, ND Hire - Charges HC
Total Charges THC
Is Yes Desposits DP
S = SP CD = 8.00
? Other Terms Used
No Spring SP
Is
Yes Summer SU
S = SU CD = 9.50
? Autumn AU
No Winter WI
Is
S = AU
Yes
CD = 5.00
Charges/Day CD
? Customer C
No
CD = 6.00
No Is Yes
HC = (ND × CD) - 0 ND > 10 HC = (ND × CD) - (ND × CD × 0.15)
?
THC = HC + 20
Is Yes PRINT
No CN, ND, HC,
A C = 25
? THC, DP
END
Problem 16: The following information has been provided for a programme execution of 100 employees (E).
Take Name (EN), Basic Salary (BS), DA, Type of Employee (K) as input.
Draw a flowchart to compute and print the following for (each employee).
Employees are of 2 types:
(1) Permanent (P)
(2) Temporary (T)
Output → Employe’s Name (EN), Gross Salary (GS), and Net Salary (NS)
•• Gross Salary = Basic Salary + DA + HRA
•• HRA = 30% of Basic Salary
•• Net Salary = Gross Salary – Deduction
•• Deduction are PF and TDS
•• PF = 12% of basic Salary for Permanent (P) employee.
Conditions TDS
If Gross Salary ≤ ` 10,000 = NIL
If Gross Salary ≤ ` 15,000 = 5% of G.S.
If Gross Salary ≤ ` 25,000 = 10% of G.S.
If Gross Salary > ` 25,000 = 20% of G.S.
Vis
Knowledge Through Visualization.... ?
Topic: QR Code
u
Flowchart - Part 2
aliza
ti
on
Solution:
START
E=0
A
E=E+1
Input
NE, BS, DA, K
HRA = BASIC × 0.3
GS = BS + DA + HRA
No If Yes
PF = 0 K = ‘P’ PF = BS × 0.12
?
If Yes
GS ≤ 10K TDS = 0
?
No
No
If Yes
GS ≤ 15K TDS = GS * 0.05
?
No
No
If Yes
GS ≤ 25K TDS = GS * 0.1
?
No
No
TDS = GS * 0.2
NS = GS - PF - TDS
PRINT
NE, GS, NS
No Is
A E = 100
?
Yes
END
Problem 17: A Housing Society in a newly developed Smart City has provided several advanced security
systems to each house in that city. Based on the value of these advanced security systems installed in each
house, the Society has divided all the houses in four categories and fixed the criteria for annual maintenance
charges as under:
House Category Maintenance charges as % of value of advanced security systems installed at house
A 8%
B 6%
C 4%
D 3%
In addition to above there is a service tax @ 12.36% on the amount of maintenance charges. Considering
house number and value of advanced security system installed, as input, draw a flow chart to have printed
output as house number, maintenance charges, service tax and the total amount to be paid by each house
owner. [May 2014]
Solution:
START
A
INPUT
HNO, VAL_ASS
Is Yes
HC= A MC = 0.08 × VAL_ ASS
?
NO
Is
HC= B MC = 0.06 × VAL_ ASS
? Yes
NO
If Yes
HC= C MC = 0.04 × VAL_ ASS
?
NO
MC = 0.03 × VAL_ ASS
ST = 0.1236 × MC
TM=MC+ST
Is
PRINT More HNO Yes
HNO, MC, ST, TA A
?
No
END
STOP
Problem 18: ABC Limited is a software development company, which appointed 50 software engineers
in August’ 2014 at a monthly salary of `30,000. All these engineers shall be entitled for an increment in
their monthly salary after six months. The increment on present monthly salary shall be based on their
performance to be evaluated on a 100 marks scale as per details given below:
◘◘ Performance Marks < 70, then increment shall be 10% of present salary.
◘◘ 70 ≤ Performance marks < 80, then increment shall be 20% of present salary.
◘◘ Performance marks ≥ 80, then increment shall be 30% of present salary.
Draw a Flow-Chart to enable to print the details like name of the engineer, performance marks, monthly increment
amount and revised monthly salary for each of these 50 engineers. [May 2015]
Solution:
START Abbreviation
N Number of Engineers
CAWL PM Performance Marks
INCAMT Increment Amount
RESAL Revised Salary
N = 0 INCREMENT = 0
INPUT NAME, PM
N=N+1
Is
Yes
PM < 70 INCREMENT = 0.10
?
No
Is Yes
PM < 80 INCREMENT = 0.20
?
No
INCREMENT = 0.30
INCAMT = (30,000 × INCREMENT )
RESAL = (30,000 + INCRAMT )
PRINT
NAME, PM,
INCAMT, RESAL
Is
Yes N < 50
A
?
No
END
Problem 19: A University has 3,000 students. These students are divided in four categories:
ww B. Tech
ww M. Tech
ww M.S.
ww Ph.D.
Draw a flow chart for finding the percentage of the students in each category. [May 2007]
Solution:
START Abbreviation
I=1
ST Student Type
A I Number of Student
I = I+1
INPUT
ST
Yes
Is
ST = “B.Tech” S1 = S1 +1
?
No
Is Yes
ST = “M.Tech” S2 = S2 +1
?
No
Is Yes
ST = “M.S” S3 = S3 +1
?
No
S4 = S4 +1
Yes Is
A I < 30000
?
No
PS1 = S1/3000
PS2 = S2/3000
PS3 = S3/3000
PS4 = S4/3000
PRINT
PS1, PS2, Ps3, PS4
END
Problem 20: A company has 2,500 employees. Their salaries are stored as J(s), 1, 2, ---- 2500. The salaries are
divided in four categories as under:
(i) Less than `1,000 (iii) `2,001 to `5,000
(ii) `1,000 to `2,000 (iv) Above `5,000.
Draw a flow chart for finding the percentage of the employees in each category.
Solution:
START
I=0
A
I = I+1
INPUT J(1)
J(2) ... J(2500)
Is Yes
J(I) < 1000 P1 = P1 + 1
?
No
Is Yes Is No
J(I) < 2000 P2 = P2 + 1 L = 2,500 A
? ?
No Yes
Is Yes R1 = P1/2500
J(I) < 5000 P3 = P3 + 1
?
No R2 = P2/2500
P4 = P4 + 1
R3 = P3/2500
R4 = P4/2500
PRINT
R1, R2, R3, R4
END
Problem 21: A labourer in a manufacturing company gets his wages as per following calculations:
Basic pay = 10 × N if N ≤10
Basic pay = 12 × N if N ≤15
Basic pay = 15 × N if N >15
He is also awarded a quality related bonus as per following norms:
If QI ≤ 0.5; Bonus = 0.0
If QI ≤ 0.75; Bonus = 10% of basic pay
If QI ≤ 0.9; Bonus = 20% of basic pay
If QI > 0.9; Bonus = 30% of basic pay
Where, N = Number of items manufactured QI = Quality index
For the above conditions, draw a flow chart to calculate and print basic pay, bonus and total pay received by the labourer.
Solution:
START
Abbreviations
CAWL CAWL Clear all working locations
N Number of items manufactured
Read N, QI
QI Quality index
Is Yes
N ≤ 10 Rate = 10
BR Bonus rate
?
BP Basic pay
No
Is Yes TPay Total pay
N ≤15 Rate = 12
?
No
Rate = 15
Is Yes
QI ≤ 0.5 BR = 0.0
?
No
Is Yes
QI ≤ 0.75 BR = 0.1
?
No
Is Yes
QI ≤ 0.9 BR = 0.2
?
No
BR = 0.3
BP = N × Rate
Bonus = BR × BP
TPay = BP + Bonus
PRINT
BP, Bonus, TPay
No
No Is
last record
?
Yes
END
Problem 22: A water distribution company has two categories of consumers (Domestic and Commercial). The charges
of water per unit consumed by these consumers are ` 5.00 and ` 8.00 respectively. The computer database of the
company has the following information:
ww Consumer’s name ww Billing date
ww Category ww Date of payment.
ww Units consumed
The company processes bills according to the following criterion: If the consumer is domestic and pays his
bill within 10 days of the bill date, 7% discount is given. If he pays the bill within 15 days, no discount is given.
If he makes the payment after 15 days of the bill date, 10% surcharge is levied. For commercial consumers,
corresponding percentage be 15%, 0% and 15% respectively. Draw a Flow chart to calculate the bill amount,
discount, surcharge and net amount of the bill for each type of consumer and print it. [November 2005]
Solution:
START Abbreviations
A CN Consumer’s name
Read CN, K, UC, DOB, DOP
K Category
UC Units consumed
Yes Is No
K = 'D’ BD Billing date
?
DOP Date of payment
Rate = 5.00 Rate = 8.00
BA Bill Amount
DISC Discount
SCHG Surcharge
AMT = Units × Rate NBA Net Amount
D Domestic
PDAYS = DOP - DOB
C Commercial
Yes Is No
K = 'D'
?
Yes Is Yes Is
PDAYS < 10 PDAYS < 10
? ?
No No
Is Yes Is Yes
PDAYS > 15 PDAYS > 15
? ?
No No
DISC = 0.07 DISC = 0.00 DISC = 0.07 DISC = 0.15 DISC = 0.00 DISC = 0.00
SUR = 0.00 SUR = 0.00 SUR = 0.10 SUR = 0.00 SUR = 0.00 SUR = 0.15
NAMT = AMT (1- DISC + SUR)
PRINT
CN, BA, DISC, SCHG, NBA
Yes
No Is
A last record
?
No
Yes
END
Problem 23: An insurance company follows the following rules:

i. If a person’s health is good and age is between 20 and 40 years and lives in a city and sex is male, then
the premium is ` 20 per thousand and he will be insured for maximum amount of ` 10.0 lakhs.
ii. If a person satisfies all the above conditions, except that sex is female, then the premium is ` 15 per
thousand and maximum insured sum will be ` 15.0 lakhs.
iii. If a person’s health is poor and age is between 20 and 40 years, but lives in a village. For a male sex,
premium is `50 per thousand and maximum insured sum is ` 1.0 lakh only.
iv. In all other cases, the person is not to be insured.
Draw a flow chart to find the eligibility of a person to be insured, premium rate and maximum amount of Insurance.
Solution:
START
B
INPUT, Age, Health, A
Lives, Sex
Is No
Age 20-40
?
Yes
Poor Is Good
Health
?
City City If Village

If
A Lives in Lives in
? ?
Village
Is Male Is Female
Female
A Sex Sex
? ?
Male
Premium Premium Premium

` 50 per thousand ` 20 per thousand `15 per thousand
Refuse
insurance
Policy value Policy value Policy value
upto 1 lakh upto 10 lakh upto 15 lakh
No Is
B last record
?
Yes
Yes
END
Problem 24: A Book publisher offers discount to customers on the basis of customer type and number of
copies ordered as shown below:
Customer type Number of Copies Ordered Percentage of Discount
Book Seller More than 10 25
Library More than 5 20
Customer number, name, type, book number, number of copies ordered and unit price are given as input.
Draw a flow chart to calculate the net amount of the bill for each customer and print it. The above is to be
carried out for 50 customers. [November 2008]
Solution:
START Abbreviations
NOC = 0 NOC Number of Customer
CNO Customer Number
NOC = NOC+1
CNAME Customer Name
INPUT CTYPE Customer Type
CNO, CNAME,CTYPE, BNO,NC,UP
BNO Book Number
Is Yes
NC Number of Copies
CTYPE= ‘BS’
? UP Unit Price
No Is Yes BS Book Seller

NC > 10
Yes
? DISC Discount
Is
NC > 5
?
No
No Yes
DISC = 0.1 DISC = 0.2 DISC = 0.15 DISC = 0.15
AMT = NC × UP
NAMT = AMT – (AMT × DISC)
PRINT
CNO, CNAME, NAMT
No Is
NOC = 50
?
Yes
END
Problem 25: A book publisher of Information Technology offers discount to its customers on the basis of
customer type as detailed below:
Customer Type Discount
Book Seller 30%
Library 20%
Student 10%
Further, if number of copies purchased is more than 20, then additional discount of 5% is allowed irrespective
of customer type. Number of books, unit price of each book and customer type are given as input. Draw a
flow chart to calculate the net amount after all discount and print customer type, number of copies and net
amount. [November 2013]
Solution:
Abbreviations
START
CT Customer Type
INPUT NC Number of Copies

CT, NC, UC UC Unit Cost
Is No Is No Is No
CT= Book CT = Library CT = Student
Seller ? ?
?
Yes Yes Yes
Is Yes
Yes Is Yes Is Yes
NC > 20 NC > 20 NC > 20
? ? ?
No No No
DISC = 0.3 DISC = 0.35 DISC = 0.25 DISC = 0.15
DISC = 0.2 DISC = 0.1
AMT = NC × [UC - (DISC × UC)] PRINT

“Invalid Customer Type”
PRINT
CT,CT,
Print NC, AMT
NC, AMT
END
Problem 26: A bicycle shop in a city hires bicycles by the day at different rates for different models as given
below:
Model No. Hire rate per day (`)
Model No. 1 14.00
Model No. 2 12.00
Model No. 3 10.00
In order to attract customers, the shopkeeper gives a discount on the number of days a bicycle is
hired for. The policy of discount is as given below:
No. of days Discount rate (%)
1-5 0.00
6-10 8
11 and over 15
For every bicycle hired, a deposit of ` 30.00 must be paid.
Develop a flow chart to print out the details for each customer such as name of the customer, bicycle model
number, number of days a bicycle is hired for, hire charges, discount and total charges including deposits.
[May- 2008]
Solution:
START Abbreviations
A D Days
INPUT Name, Model, D R Rate
Disc. Discount
Is Yes ND Number of Days

Model = 1 R = 14.00 HCHG Hire charges
?
TDISC Total Discount
No
TCHG Total Charges
Is Yes
Model = 2 R = 12.00
?
No
R = 10.00
Is Yes
ND = 1 to 5 Disc = 00.00
?
No
Is Yes
ND = 6 to 10 Disc = 0.08
?
No
DISC = 0.15
HCHG = D × R
TDISC = HCHG × Disc.
TCHG = (HCHG - TDISC) + 30.00
PRINT
Name, Model, D, HCHG, TDISC, TCHG
Yes Is
More
A Customer
?
No
END
Problem 27: A bicycle shop in a city hires bicycles by the day at different rates for different models as given below:
Customer Type Discount Customer Type Discount
Model No. 1 ` 10 Model No. 3 `8
Model No. 2 `9 Model No. 4 `7
In order to attract customers, the shopkeeper gives a discount of 15 percent to all those customers, who
hire a bicycle for more than one-week period. Further to attract women customer, he gives additional
discount of 10 percent irrespective of hire period. For every bicycle hired a security deposit of ` 25 must
be paid. Draw a flow chart to print out the details of each customer such as name of customer, bicycle model
number, number of days a bicycle is hired for, hire charges, discount and total charges including deposits.
[November 2004]
Solution:
START
A
INPUT
Name, Model , Days, Sex
If Yes
Model = 1 Rate = 10.00
?
No
If Yes
?
No
If Yes
?
No
Rate = 7.00
If Yes No
SEX = “Female” If Days > 7 DISC = 0.10
?
No Yes
Yes If
DISC = 0.15 Days > 7 DISC = 0.25
?
No
DISC = 0
HCHG = DAYS × RATE
TDISC = HCHG × DISC
TCHG = (HCHG - TDISC) + 25.00
PRINT
NAME, MODEL, DAYS, HCHG, TDISC
Is
Yes
A More Customers
?
No
END
Problem 28: Frame the problem for which the given flowchart has been drawn. See the abbreviations defined
beside:
START
Abbreviations
Cust Customer
INPUT
Cust, Amt, Prod Prod Product
Amt Amount
Yes
Is Disc Discount
Prod = TV Disc = Amt × 0.15
? TV Television
No FR Fridge
Is Yes Is Yes MS Music System

Prod = FR Cust = ST Disc = Amt × 0.12
? ? ST Student
No
No
No Is
Disc = 0 Prod = MS Disc = Amt × 0.15
?
Yes
Is Yes
Cust = ST Disc = Amt × 0.10
?
No
No Is Yes
Disc = 0 Amt > 1lac Disc = Amt × 0.18
?
PRINT
Prod, Disc
END
Solution:
The flowchart drawn is for the following problem:
A company engaged in selling electronic items to different class of clients has adapted the following discount
policy:
i. A discount of 15% is offered on TV irrespective of category of client and the value of order.
ii. On purchase of fridge, a discount of 15% is allowed to others and 12% to students, irrespective of the
value of the order.
iii. On Music system, others are offered a discount of 18% only if the value of order is more than ` 1 Lac.
Students are offered a discount of 10% irrespective of the value of order.
Prepare a flowchart to print the product type and discount allowed to a customer.
Note: It is a sample formation of the problem. Students can frame the problem in their own language based
on the above three conditions.
Problem 29:
a. Write the output sequence (at least first five numbers) for the given flowchart, if N = 0 is selected as the
value of N as input.
b. If the statement “N. = N * N” in the computation box of the flowchart is modified as “N = N * (N – 1)”.
Write the output sequence (at least first five numbers) for the flowchart with N = 0 as the input value for N.
START
INPUT
N
Is Yes
N > 1000
?
No
PRINT
N
N=N+1
N=N*N
END
Solution:
(a) 0, 1, 4, 25, 676
(b) 0, 0, 0, 0, 0
Problem 30: An E-commerce site has the following cash back offers.
i. If the purchase mode is via website, an initial discount of 10% is given on the bill amount.
ii. If the purchase mode is via phone app. An initial discount of 20% is given on the bill amount.
iii. If done via any other purchase mode, the customer is not eligible for any discount.
Every purchase eligible to discount is given 10 reward points.
i. If the reward points are between 100 and 200 points, the customer is eligible for a further 30% discount
on the bill amount after initial discount.
ii. If the reward points exceed 200 points, the customer is eligible for a further 40% discount on the bill
amount after initial discount.
Taking purchase mode, bill amount and number of purchases as input draw a flowchart to calculate
and display the total reward points and total bill amount payable by the customer after all the
discount calculation.
[November 2015]
Solution:
A
START
Abbreviations
PM Purchase Mode
TRP = 0, TBA = 0, BA = 0 BA Bill Amount
TBA Total Bill Amount
INPUT NOP Number of Purchases
PM, BA, NOP
TRP Total Reward Points
Yes
If IN_DISC Initial Discount
PM = Website IN_DISC = 0.10
? Extra Discount on
NoNo
ET_DISC purchases eligible to
No If Yes
IN_DISC = 0 PM = Phone App IN_DISC = 0.20 Initial Discount
?
Counter (to track the
N
number of purchases)
TRP = NOP × 10
BA = BA - (BA × IN_DISC)
NO
If Yes
100 ≤ TRP ≤ 200 ET_DISC = 0.30
?
No
If Yes
TRP > 200 ET_DISC = 0.40
?
No
TBA = BA
PRINT
TBA = BA - (BA × ET_DISC)
TRP, TBA
END
A
Problem 31: A bank has 500 employees. The salary paid to each employee is sum of his basic pay, Dearness
Allowance and House rent allowance. For the purpose of computing house rent allowance bank has classified his
employees into three classes A, B and C. The house rent allowance for each class is computed at the rate of 30%,
20% and 10% of the basic pay respectively. The dearness allowance is computed at a flat rate of 60% of the basic
pay. Draw a flow chart to determine the percentage of employee falling in the each of the following salary slabs:
(i) Above ` 30,000 (ii) ` 15,001 to ` 30,000
(iii) ` 8,001 to ` 15,000 (iv) Less than or equal to ` 8,000. [May 2005]
Abbreviations
P1 Percentage of employees falling in salary slab (salary ≤ 8,000)
P2 Percentage of employees falling in salary slab (8,001≤ salary≤15,000)
P3 Percentage of employees falling in salary slab (15,001≤ salary ≤ 30,000)
P4 Percentage of employees falling in salary slab (salary ≥ 30,000)
I Count of number of employees
Solution:
START
I=1
INPUT
Basic, Class
If Yes
Class = A HRA = 0.3 × BASIC
?
No
No
If Yes
Class = B HRA = 0.2 × BASIC
?
No
HRA = 0.1 × Basic
DA= 0.6 × Basic
SALARY = BASIC + DA +HRA
If Yes
SALARY ≤ 8,000 C1 = C1 + 1
?
I=I+1 No
If Yes
SALARY ≤ 15,000 C2 = C2 + 1
?
No
If Yes
SALARY ≤ 30,000 C3 = C3 + 1
?
No
C4 = C4 + 1
No If
I ≤ 500
?
Yes
P1 = C1 × 100/500
P2 = C2 × 100/500
P3 = C3 × 100/500
P4 = C4 × 100/500 PRINT
P1, P2, P3, P4
END
Problem 32: Draw a Flowchart for the following process:

Leebay is a new e-commerce web site that is setting up business in India. Leebay and their partner bank
Paxis have come up with a joint promotion plan for which the following offers are proposed
Customers can either log in through a mobile app or directly from the website:
1. If the payment mode chosen is ‘Paxis Credit’, then a 20% discount is given to the user.
2. If the payment mode chosen is ‘Paxis Debit’, then a 10% discount is given to the user.
3. If other payment modes are used, then no discount is given.
Also, to promote the downloads of its new smartphone app, the company has decided to give the
following offer:
1. If the purchase mode is ‘Mobile App’, then no surcharge is levied on the user.
2. If any other purchase mode is used, then additional 5 surcharge is levied on the user.
This surcharge is applied on the bill after all necessary discounts have been applied.
With bill amount, payment mode and purchase mode as inputs, draw a flowchart for the billing
procedure for Leebay. May 2018
Solution:
Abbreviations
START PM Purchase Mode
TOT BILL AMT = 0, BA Bill Amount

FIN BILL AMT = 0 TBA Total Bill Amount
INPUT NOP Number of Purchases
BILL AMT, PMT MODE, PU MODE TRP Total Reward Points
If Yes
IN_DISC Initial Discount
PU MODE = Mobile App SCHC = 0.00
? Extra Discount on
No ET_DISC purchases eligible to
SCHC = 0.05 Initial Discount
Counter (to track the
N
number of purchases)
If Yes
PMT MODE = 'Paxis Credit' DISC = 0.20
?
No
If Yes
PMT MODE = 'Paxis Debit' DISC = 0.10
?
No
DISC = 0.0
TOT BILL AMT = BILL AMT (DISC × BILL AMT)
FIN BILL AMT = TOT BILL AMT + (SCHG × TOT BILL AMT)
PRINT
DISC, SCHG, FIN BILL AMT
END
Problem 33: A company is selling three types of products, namely, A, B and C to two different types of customers
viz, dealers and retailers. To promote the sales, the company is offering the following discounts:
i. 10% discount is allowed on Product A, irrespective of the category of customers and the value of order.
ii. On product B, 8% discount is allowed to retailers and 12% discount to dealers, irrespective of the value
of order.
iii. On product C, 15% discount is allowed to retailers irrespective of the value of order and 20% discount to
dealers if the value of order is minimum of ` 10,000.
Draw a flowchart to calculate the discount for the above policy.
Solution:
Abbreviations
PROD TYPE Product Type
CUST TYPE Customer Type
VAL ORDER Value of Order
DISC Discount
START
DISC = 0
Read PROD TYPE, CUST TYPE, VAL ORDER
If Yes
PROD TYPE ='A' DISC = 0.10 × VAL ORDER
?
No
If
If Yes
CUST TYPE Yes
PROD TYPE ='B’ DISC = 0.12 × VAL ORDER
? = 'DEALER'
?
No
No
DISC = 0.15 × VAL ORDER
If CUST TYPE Yes
= 'RETAILER
?
No DISC = 0.15 × VAL ORDER
If Yes
VAL ORDER >=10,000 DISC = 0.20 × VAL ORDER
?
PRINT
No DISC
DISC = 0.0
END
Problem 34: A bank has 500 employees. The salary paid to each employee is sum of his Basic Pay (BP), Dearness
Allowance (DA) and House Rent Allowance (HRA). For computing HRA, bank has classified his employees
into three classes A, B and C. The HRA for each class is computed at the rate of 30%, 20% and 10% of the BP
Pay respectively. The DA is computed at a flat rate of 60% of the Basic Pay.
Draw a flow chart to determine percentage of employee falling in the each of following salary slabs:
(i) Above ` 30,000
(ii) ` 15,001 to` 30,000
(iii)` 8,001 to` 15,000
Less than or equal to` 8,000
Solution:
Working Notes
Abbreviations used in the above flowchart are as follows:
(i) P1, P2, P3 and P4: Percentage of employees falling in salary slab (salary <= 8,000); salary slab (8,001 <=
salary <= 15,000); salary slab (15,001 <= salary <= 30,000) and salary slab (salary >= 30,000) respectively;
(ii) C1, C2, C3 and C4: are the number of employees falling in salary slab (salary<=8,000); salary slab
(8,001 <= salary <=15,000); salary slab (15,001 <= salary <= 30,000) and salary slab (salary >= 30,000)
respectively;
(iii) I: Count of number of employees
Start
Clear all working locations
I=1
Read Basic, Class
No No
Is Class = A ? Is Class = B ? HRA = 0.1* Basic
Yes Yes Yes

HRA = 0.3* Basic HRA = 0.2* Basic
DA = 0.6* Basic
Salary = Basic + DA + HRA
If Salary ≤ 8,000 C1=C1+1

Yes
No
If Salary ≤ 15,000 C2=C2+1

Yes
No
I=I+1 If Salary ≥ 30,000 C3=C3+1

Yes
No
C4=C4+1
If I ≤ 500 P1=C1*100/500 P2=C2*100/500

Yes No No
P3=C3*100/500
P4=C4*100/500
Print +P1,P2 ,P3 ,P4
Stop
Problem 35: Consider the following flowchart:
Start
X = 10, Y = 20, Z = 30, S = 0, I = 0
Step A
S=Z
Z=Y
Y=X
X=S
I=I+1
No
Step B If I + 1
Yes
Print X. Y, Z
Stop
(a) What is the output of the flowchart?

(b) In Step B, put I = 3 in place of I = 1; what will be the output then?
(c) In Step B, put I = 6 in place of I = 1; what will be the output then?
(d) In the given flowchart; replace I = 0 by I = 1 at Step A, what will be the output?
Solution:
Working of the Flowchart
Initial Sequence of Output 1 Output 2 Output 3 Output 4 Output 5 Output 6
Values Steps
I=0
S=0 S=Z S = 30 S = 20 S = 10 S = 30 S = 20 S = 10
Z = 30 Z=Y Z = 20 Z = 10 Z = 30 Z = 20 Z = 10 Z = 30
Y=X
Y = 20 Y = 10 Y = 30 Y = 20 Y = 10 Y = 30 Y = 20
X=S
X = 10 I=I+1 X = 30 X = 20 X = 10 X = 30 X = 20 X = 10
I=0 I=1 I=2 I=3 I=4 I=5 I=6
Answer Answer Answer
(a) (b) (c)
(a) X = 30, Y = 10, Z = 20
(b) For I = 3; X = 10, Y = 20, Z = 30
(c) For I = 6; X = 10, Y = 20, Z = 30
(d) For I = 1 at Step A; the flowchart will enter an Infinite Loop as the condition I = 1 will never be
true.
c h a p t e r
C h a p t e r
2 D
Case Studies and Scenarios I
Financial and Accounting
Systems
V E
I
CA XYZ a leading publication house of Delhi was facing many issues like delay in completing the order of
its customers, manual processing of data, increased lead time, inefficient business processes etc. Hence,
SE
R
the top management of XYZ decided to get SAP - an ERP system implemented in the publication house.
Using the proper method of vendor selection, Digisolution Pvt. Ltd. was selected to implement SAP
S TU D Y
software in XYZ publication house. To implement the software, the IT team of Digisolution Pvt. Ltd.
T
visited XYZ’s office number of times and met its various officials to gather and understand their
requirements. With due diligence, the SAP software was customized and well implemented in the
publishing house.
After the SAP implementation, the overall system became integrated and well connected with other
departments. This raised a concern in the mind of few employees of XYZ worrying about their jobs’
M
security leading to quitting of jobs. The top management of XYZ showed its concern on this issue and
wanted to retain few of its employees.
O
Answer the following questions:
1. Imagine you are core team member of Digisolution Pvt. Ltd. While customizing the Sales and
.
Distribution Module of SAP software, you need to know the correct sequence of all the activities
involved in the module. Identify the correct option that reflects the correct sequence of the
F
activities.
(i) Material Delivery (ii) Billing
O
(iii) Pre-Sales Activities (iv) Sales Order
(v) Payments (vi) Inventory Sourcing
R
Choose the correct sequence from the following
(a) (i) - (iii) – (ii) – (iv) – (v)- (vi)
P
(b) (ii) – (iv)- (vi) – (iii) – (i) – (v)
(c) (iii)- (iv) – (vi)- (i) –(ii) – (v)
(d) (iv)- (i) – (iii), (v), (ii), (vi)
2. In purview of above situation, which of the following control can be helpful to management of
XYZ ubliching house to retain its employees and stopping them to leave the company?
(a) Training can be imparted to employees by skilled consultant.
(b) Allocation of employees to task matching their skill set, fixing of compensation package.
(c) Management should stop the implementation of ERP.
(d) Backup arrangement is required.
3. The SAP software was successfully implemented by XYZ publication house after overcoming
many challenges. The risk associated with “Patches and upgrades not installed and the tools
being under-utilized” belongs to __________ risk.
(a) Technological (b) Implementation
(c) People (d) Process
Solution
Question No. Answer
1. (c) (iii)- (iv) – (vi)- (i) –(ii) – (v)
2. (b) Cloud Base Application
3. (a) Technological

CA Unique Services, a well-established firm of Chartered Accountants with nine branches at different
locations in Delhi, deals in accounting, auditing and taxation assignments like – return filing, corporate
SE
taxation and planning, company formation and registration of foreign companies etc.
The firm has its own ERP software. The firm decided to come up with Real Estate Regulatory Authority
S TU D Y
(RERA) registration which requires upgradation in its software. Hence, the principal partner of the firm
asked its associate partner to prepare a list of various clients dealing in construction and development
of flats, commercial properties etc.
The firm’s management took care to select the vendor to upgrade their ERP software which will act as
an online assistant to its clients providing them the complete details about registration and filling of
various forms and resolving their frequently asked questions. The firm also wanted a safe and secure
working environment for their employees to filing various forms under RERA Act on behalf of clients
using digital signature. The management also instructed its employees to mandatorily use Digital
Signature of clients for fair practices and any dishonesty found in this regard may lead to penal
provisions under various act including IT Act, 2000.
Answer the following questions:
1. In purview of case scenario, Unique Services requires to make changes in its software for its
users for RERA related matters. Identify the part of the overall software which actually interacts
with the users using the software?
(a) Back end
(b) Front end
(c) Middle layer
(d) Reports
2. The firm decided to have an online assistant for its clients to provide complete details regarding
taxation, registration and filling of various forms and solve their queries. This is an example of
_______ application.
(a) Installed application
(b) Web Application
(c) Cloud Based Application
(d) Direct Application
3. While filling the tax for its client ABC, the firm Unique Services enters the detail of its TDS and
GST in the requisite forms. Identify from the following which type of master data it belongs to.
(a) Accounting Master data
(b) Inventory Master Data
(c) Statutory Master data
(d) Payroll master Data
Solution
Question No. Answer
1. (b) Front end
2. (c) Allocation of employees to task matching their skill set, fixing of compensation package.
3. (c) Statutory Master data
Chap ter 2: Financ i al and Acco unt i ng System s 73

CA The management of an IT firm, STUDY SMART TECHNOLOGIES considers that the objectives of
Business Process Automation (BPA) are achieved when the proposed Information systems (ERP) are
SE
implemented properly. To achieve this objective different phases of System Development Life Cycle
(SDLC) are to be implemented properly by STUDY SMART TECHNOLOGIES. However, STUDY SMART
S TU D Y
TECHNOLOGIES will have to deal with several ERP Implementation related risk and control issues.
Required:
i. Mention all the categories of ERP implementation related issues.
ii. Explain various Risks and corresponding Controls related to Technological issues.
iii. Explain various Risks and corresponding Controls related to Implementation issues.

CA MD Enterprises is a manufacturer of furniture and fixture for house and offices. It has been facing
serious customer dissatisfaction issues and loosing customers on daily basis despite of having a good
SE
CRM team in place. Auditors have also reported serious concerns over the mismatch of data of different
departments, violations of regulatory compliances and have raised doubts over the internal control
S TU D Y
measures taken by the firm’s top management. It is a matter of serious concern for an organization
like MD Enterprises and basis this, the CEO of the company, Mr. Ashish Koyande, forms a committee
headed by Mr. Om Trivedi to look into this matter, find out the reasons for above-mentioned issues and
submit the report within a week.
The committee submits its report within a week and the findings are as follows:
◘◘ There is system of maintaining data in a decentralized way (Non-integrated System).
◘◘ Each department within the organization maintains its own data separately and not in an
integrated way.
◘◘ This gives rise to the issues like:
◘◘ Communication gaps among departments and with the customers, suppliers and other
stakeholders.
◘◘ Mismatched data in the databases of different departments.
◘◘ Access of data and availability of right information at the right time has been slower many a
times when it was needed the most to reply to the customers or the stakeholders.
◘◘ Several instances of access and privilege violations have been found in financial and accounting
systems.
◘◘ Decision making is slow and weaker at times where fast and dynamic ones were needed.
Required:
i. You are supposed to suggest, with reason, an appropriate Enterprise Information System for MD
Enterprises that can handle the above issues raised by the committee headed by Mr. Om Trivedi.
ii. Also suggest the features of an ideal Enterprise Information System that it needs to implement
within the organization.

Question 1: ERP systems are expected to produce accurate, complete, and authorized information, and therefore
require major security aspects that involve physical safety, input validations and access control mechanism. In light of
this statement, explain the importance of Role Based Access Control in an ERP system. (RTP December 2021)
Answers:
Role Based Access Control (RBAC) is an approach to restricting system access to authorized users. RBAC sometimes
referred to as Role-Based Security is a policy neutral access control mechanism defined around roles and privileges that
lets employees having access rights only to the information they need to do their jobs and prevent them from accessing
information that doesn’t pertain to them. It is used by most enterprises and can implement Mandatory Access Control (MAC)
or Discretionary Access Control (DAC).
ww MAC criteria are defined by the system administrator strictly enforced by the Operating System and are unable
to be altered by end users. Only users or devices with the required information security clearance can access
protected resources. Organizations with varying levels of data classification, like government and military
institutions, typically use MAC to classify all end users.
ww DAC involves physical or digital measures and is less restrictive than other access control systems as it offers
individuals complete control over the resources they own. The owner of a protected system or resource sets
policies defining who can access it.
The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform
user assignments. RBAC can be used to facilitate administration of security in large organizations with hundreds of
users and thousands of permissions. Roles for staff are defined in organization and permission to access a specific
system or perform certain operation is defined as per the role assigned. For example – a junior accountant in accounting
department is assigned a role of recording basic accounting transactions, an executive in human resource department is
assigned a Role of gathering data for salary calculations on monthly basis, etc.
Question 2: DEF consultant is a consultancy company that provides its services to various clients on GST, Company
Law, and Income Tax. At present, the company is using separate software each for accounting and tax compliance. Mr.
Rajesh, IT head in the DEF consultant, suggested the management that they should rather adopt single software for
accounting and tax compliance both. He prepared a supportive document highlighting the pros and cons of Accounting
and Tax compliance software over only the tax compliance software. Elaborate the content of Mr. Rajesh’s document.
(RTP December 2021)
Answers: The pros and cons of using single software for accounting and tax over the software with tax compliance only
on various aspects are as follows:
S. Particu- Accounting & Tax Compliance Software Only Tax Compliance Software
No. lars
1 Ease of Less – as this is integrated system of accounting and More – as this is used only for one single purpose, i.e.
software tax compliance, everything connected with other and tax compliance, it is less complicated and bound to be
operation making changes at one place may affect other aspects easy.
also.
2 Features Less – as this system is not an exclusive system for More – as this is an exclusive and specifically
and facili- tax compliance, it may have limited features for tax designed system for tax compliance, naturally more
ties compliance features and facilities shall exist in this system.
3 Time and Less – as this is an integrated system, time required to More – as this is a separate software, data from ac-
efforts transfer data to compliance software is zero. More counting software need to put in this for reparation of
required returns. This may take extra time and efforts.
4 Accuracy More – as this is an integrated system and hence ac- Less – as there are two separate systems, reconcilia-
counting data and tax compliance data shall always be tion with accounting data is needed, and possibility of
same. No need to transfer data to compliance software mismatch of data is always there.
and reconcile the data.
5 Cost More – if tax compliance feature is not available in Less – as this is specific purpose software, there shall
accounting system, getting it customized may require be less complications and the cost also shall be less.
some amount of cost which may be higher than buy-
ing separate software.
Questions 3: Business Intelligence is a technology-driven process for analysing data and presenting actionable
information to help corporate executives, business managers and other end users make more informed business
decisions. List out the benefits of using Business Intelligence in an organization. (July 2021, 3 Marks)
Answer:
The list of various benefits of Business Intelligence (BI) is provided below:

1. Business Intelligence improves the overall performance of the company using it. The potential benefits of BI
programs include:
ww accelerating and improving decision making;
ww optimizing internal business processes;
ww enhancing communication among departments while coordinating activities;
ww increasing operational efficiency;
ww driving new revenues; and
ww gaining competitive advantages over business rivals.
ww BI systems can also help companies identify market trends and spot business problems that need to be
addressed.
2. BI systems help in enhancing customer experience, allowing for the timely and appropriate response to customer
problems and priorities.
3. BI data can include historical information as well as new data gathered from source systems as it is generated, thus
enabling BI analysis to support both strategic and tactical decision-making processes.
4. The ultimate objective of BI is to improve the timeliness and quality of information. Business intelligence provides
the information regarding:
ww the position of the firm in comparison to its competitors.
ww the changes in customer behaviour and spending patterns.
ww the capabilities of the firm.
ww the market conditions, future trends, demographic, and economic information.
ww the social, regulatory, and political environment.
ww what the other firms in the market are doing.
Questions 4: ERP implementation is a huge task and requires lot of time, money and patience. The organizations
implementing ERP Systems should keep abreast of the latest technological developments and implementation, which is
required to survive and thrive. Discuss the various risks and corresponding controls related to technological risks in an
ERP environment. (July 2021, 4 Marks)
Answer:
Risks and corresponding Controls related to Technological Risks
Aspect Risk Associated Control Required
Software ERP systems offer a myriad of features and func- Care should be taken to incorporate the features
Functionality tions, however, not all organizations require those that are required by the organization and sup-
many features. porting additional features and functionality that
Implementing all the functionality and features might be required at a future date.
just for the sake of it can be disastrous for an
organization.
Enhancement and ERP Systems are not upgraded and kept up- Care must be taken while selecting the vendor
Upgrades todate. Patches and upgrades are not installed and and upgrade/support contracts should be signed
the tools are underutilised. to minimize the risks.
Application These processes focus on the selection of new By bringing to the light the sheer number of applica-
Portfolio business applications and the projects required tions in the current portfolio, IT organizations can
Management delivering them. begin to reduce duplication and complexity.
Technological With the advent of more efficient technologies This requires critical choice of technology, archi-
Obsolescence every day, the ERP system also becomes obsolete tecture of the product, ease of enhancements, ease
as time goes on. of upgrading, quality of vendor support.
Questions 5: Cloud based applications are now taking over Installed applications. What are the major differences
between Cloud based Applications and Installed Applications? Explain any four.
(Jan 2021, 6 Marks)

Answer:
Installed and Cloud Based Applications
Particulars Installed Application Cloud Based Application
Installation and As software is installed on hard disc of the com- Installation on user computer is not required. Up-
Maintenance puter used by user, it needs to be installed on every date and maintenance are defined responsibility
computer one by one. This may take lot of time. of service provider.
Also, maintenance and updating of software may
take lot time and efforts.
Accessibility As software is installed on the hard disc of the user’s As software is available through online access, to
computer, user needs to go the computer only, i.e. use the software a browser and an internet connec-
the computer where software is installed, to use the tion is needed. It can be used from any computer
software. It cannot be used from any computer. in the world. Access to the software becomes very
easy. Also, it can be used 24 x 7.
Mobile Using the software through mobile application is Mobile application becomes very easy as data is
Application difficult in this case. available 24x7. As technology evolves mobile tech-
nology is becoming an industry norm. That makes
cloud based application future oriented.
Data Storage Data is physically stored in the premises of the user, Data is not stored in the user’s server computer. It is
i.e. on the hard disc of the user’s server computer. stored on a web server. Ownership of data is de-
Hence, user will have full control over the data. fined in Service Level Agreement (SLA). SLA defines
the rights, responsibilities and authority of both ser-
vice provider and service user.
Data Security As the data is in physical control of the user, user Data security is a challenge in case of cloud based
shall have the full physical control over the data and application as the data is not in control of the user
he/she can ensure that it is not accessed without or owner of data. As time evolves; SLAs provides for
proper access. details of back-up, disaster recovery alternatives be-
ing used by service provider.
Performance A well written installed application shall always be Access is dependent on speed of internet. Slow
faster than web application, reason being data is internet slows access to information and may slow
picked from local server without internet. operations.
Flexibility It shall have more flexibility and controls as com- The success of cloud based applications is that they
pared to web application. It is very easy to write allow flexibility against both capital expenditure
desktop applications that take advantage of the (CAPEX) and Operating Expense (OPEX) to the
user’s hardware (such as: scanners, cameras, Wi-Fi, user. User can scale up operations as per need.
serial ports, network ports, etc.). Installed applica-
tions have this disadvantage of higher capital ex-
penditure (CAPEX) in comparison to cloud based
application.
Questions 6: Identify the functional module of ERP that controls the business flow in an organization and facilitates
coordinating, monitoring and optimizing all processes in an organization and elaborate the key features of this
module. (RTP Nov-2020)
Answers: In ERP, the Controlling Module controls the business flow in an organization and facilitates coordinating,
monitoring, and optimizing all the processes in an organization. This module helps in analysing the actual figures with
the planned data and in planning business strategies.
Key features of Controlling module are as under.

1. Cost Element Accounting: This component provides overview of the costs and revenues that occur in an
organization. The cost elements are the basis for cost accounting and enable the user the ability to display costs for
each of the accounts that have been assigned to the cost element. Examples of accounts that can be assigned are
Cost Centres, Internal Orders, WBS (work breakdown structures).
2. Cost Centre Accounting: This provides information on the costs incurred by the business. Cost Centres can be
created for such functional areas as Marketing, Purchasing, Human Resources, Finance, Facilities, Information
Systems, Administrative Support, Legal, Shipping/Receiving, or even Quality. Some of the benefits of Cost Centre
Accounting are that the Managers can set Budget/Cost Centre targets; Planning; Availability of Cost allocation
methods; and Assessments/Distribution of costs to other cost objects.

3. Activity-Based-Accounting: This analyze cross-departmental business processes and allows for a process-oriented
and cross-functional view of the cost centres.
4. Internal Orders: Internal Orders provide a means of tracking costs of a specific job, service, or task. These are used
as a method to collect those costs and business transactions related to the task. This level of monitoring can be very
detailed but allows management the ability to review Internal Order activity for better decision-making purposes.
5. Product Cost Controlling: This calculates the costs that occur during the manufacture of a product or provision
of a service and allows the management the ability to analyse their product costs and to make decisions on the
optimal price(s) to market their products.
6. Profitability Analysis: This allows the management to review information with respect to the company’s profit or
contribution margin by individual market segment; and
7. Profit Centre Accounting: This evaluates the profit or loss of individual, independent areas within an organization.
Questions 7: ABC Ltd. is planning to implement some modules of Enterprise Resource Planning (ERP) system to
manage different aspects related to its various business processes. Determine in specific various Sales and Distribution
activities that enterprise may get support from ERP framework. (RTP May-2021)
Answers:
Various sales and distribution activities that may get support from ERP framework are as follows:
1. Pre-Sales Activities: Include prospecting of customers, identifying prospective customers, gathering data,
contacting them and fixing appointments, showing demo, discussion, submission of quotations, etc.
2. Sales Order: Sales order is recorded in our books after getting a confirmed purchased order from our customer.
Sales order shall contain details just like purchase order. E.g. Stock Item Details, Quantity, Rate, Due Date of
Delivery, Place of Delivery, etc.
3. Inventory Sourcing: It includes making arrangements before delivery of goods; ensuring goods are ready and
available for delivery.
4. Material Delivery: Material is delivered to the customer as per sales order. All inventory details are copied from
Sales Order to Material Delivery for saving user’s time and efforts. This transaction shall have a linking with Sales
Order. Stock balance shall be reduced on recording of this transaction.
5. Billing: This is a transaction of raising an invoice against the delivery of material to customer. This transaction shall
have a linking with Material Delivery and all the details shall be copied from it. Stock balance shall not affect again.
6. Receipt from Customer / Payment: This is a transaction of receiving amount from customer against sales invoice
and shall have a linking with sales invoice.
Questions 8: Mr. Rajesh, a manager of a medium-sized company’s customer service department, uses MIS reporting
tool to obtain the reports that help him evaluating company’s businesses’ daily activities or problems that arise, making
decisions and tracking progress. Elaborate the criterions that the information generated through MIS tool meet so that it
is useful to Mr. Rajesh in discharging his role. (RTP May-2021)
Answers:
To make the information most useful, Mr. Rajesh needs to ensure that it meets the following criteria:
1. Relevant: MIS reports need to be specific to the business area they address. This is important because a report that
includes unnecessary information might be ignored.
2. Timely:Managers need to know what’s happening now or in the recent past to make decisions about the future. Be
careful not to include information that is old. An example of timely information for your report might be customer
phone calls and emails going back 12 months from the current date.
3. Accurate: It’s critical that numbers add up and that dates and times are correct. Managers and others who rely on
MIS reports can’t make sound decisions with information that is wrong. Financial information is often required to
be accurate to the dollar. In other cases, it may be OK to round off numbers.
4. Structured: Information in an MIS report can be complicated. Making that information easy to follow helps
management understand what the report is saying. Try to break long passages of information into more readable
blocks or chunks and give these chunks meaningful headings.
Question 9: A manufacturing company is implementing an ideal ERP software, where a single database is being
utilized and it contains all the data for various software modules. Identify the modules of an ideal ERP software along
with their functions. (May-2018, 6 Marks)
Hint:
◘◘ Manufacturing ◘◘ Projects
◘◘ Financials ◘◘ Customer Relationship Management (CRM)
◘◘ Human Resources ◘◘ Data Warehouse
◘◘ Supply Chain Management
Question 10: Explain the significance of Front End and Back End in a software. (May-2018, 2 Marks)
Hint:
◘◘ Front End of a Software: It is part of the overall software which interacts with the user who is using the software.
For example - If a user wants to have some information from the Balance Sheet; user will interact with Front End
part of the software and request front end to generate the report.
◘◘ Back End of a Software: It is a part of the overall software which does not directly interact with the user, but
interact with Front End only. Front End will receive the instruction from user and pass it on to the back end. Back End
will process the data, generate the report and send it to the front end. Front end will then display the information to user.
Question 11: Define ‘Data Analytics’. (Nov-2018, 2 Marks)

Hint: It is the process of examining data sets to draw conclusions about the information they contain, increasingly
with the aid of specialized systems and software. Data Analytics predominantly refers to an assortment of applications,
from basic Business Intelligence (BI), Reporting and Online Analytical Processing (OLAP) to various forms of advanced
analytics. Data Analytics technologies and techniques are widely used in commercial industries to enable organizations
to make more-informed business decisions and by scientists and researchers to verify or disprove scientific models,
theories and hypotheses.
Question 12: A business organization is planning to switch on to an integrated software for accounting as well as
tax compliance instead of separate software for accounting and tax compliance. Being a consultant to the management
of this organization, you are required to advise them on various Pros and Cons of having single software for both the
accounting and tax compliance. (Nov-2018, 4 Marks)
Question 13: ‘Web Applications’ are one of the two ways of using a software including financial and Accounting
Software and now-a-days, the use of web applications is increasing rapidly. You, being an IT consultant, have to list out
some of the advantages and disadvantages of using web applications. (Nov-2018, 6 Marks)
Hint:
◘◘ Definition ◘◘ Data Storage
◘◘ Installation ◘◘ Flexibility
◘◘ Mobile Application ◘◘ Data Security
◘◘ Accessibility ◘◘ Example
◘◘ Performance
Question 14: Customer Relationship Management (CRM) is a system which aims at improving relationship with customers.
Briefly explain any four key benefits of CRM module of ERP. (May-2019, 4 Marks)
Hint:
1. Improved Customer Relations 4. Better Internal Communication
2. Increase Customer Revenues 5. Optimize Marketing
3. Maximize Cross-Selling and Up-Selling
Question 15: A business organization is shifting from traditional accounting system to computerized accounting
system. The organization needs to store the data that is relatively permanent and not expected to change frequently in
accounting system. As a financial expert, suggest any two types of such data in accounting system. (May-2019, 2 Marks)
Hint: Master data is relatively permanent data that is not expected to change again and again. It may change, but not
again and again. In accounting systems, there may be following type of master data.
◘◘ Accounting Master Data
◘◘ Inventory Master Data

◘◘ Payroll Master Data
◘◘ Statutory Master Data
Question 16: Major feature of an ERP system is central database. Which are the options possible to different users
while assigning access to it? (May-2019, 2 Marks)
Hint: While assigning access to different users in an ERP System, following options are possible.
◘◘ Create – Allows to create data.
◘◘ Alter – Allows to alter data.
◘◘ View – Allows only to view data.
◘◘ Print – Allows to print data.
Question 17: Central database is the main feature of an ERP system. As the Complete Data is stored at one place,
ensuring safety of data and minimizing risk of loss of data is a big challenge. As an IT expert discuss the risks associated
with various aspects of ERP. (Nov-2019, 6 Marks)
Hint:
Categories of ERP Implemantation Related Risks and Controls
Technology Implementation Post Implementation

People Issues Process Issues
Issues Issues Issues
Question 18: Explain Briefly the concept of Role-Based-Access-Control (RBAC) in ERP System.
(Nov-2019, 2 Marks)
Hint:
◘◘ RBAC largely eliminates discretion when providing access to objects.
◘◘ Administrators or automated systems place subjects into roles.
◘◘ Subjects receive only the rights and permissions assigned to those roles.
◘◘ When an employee changes jobs, all previous access is removed, and the rights and permissions of the new role
are assigned.
Question 19: Explain the concept of “Customer Relationship Management (CRM)” and identify its key benefits
also. (RTP May-2018)
Hint: Customer Relationship Management (CRM): CRM is a system which aims at improving the relationship with
existing customers, finding new prospective customers, and winning back former customers. This system can be
brought into effect with software which helps in collecting, organizing, and managing the customer information. CRM
manages the enterprise’s relationship with its customers. This includes determining who the high-value customers are
and documenting what interactions the customers have had with the enterprise.
Key benefits of a CRM module are as under:

◘◘ Improved customer relations
◘◘ Increase customer revenues
◘◘ Maximize up-selling and cross-selling
◘◘ Better internal communication
◘◘ Optimize marketing
Question 20: Being an IT consultant to a Government agency PQR, identify the most common open international
standard, that should be used by the agency for their standardized digital business reporting. Support the recommendation
by preparing a list of its important features also. Study Material, RTP May-2018)
Hint: eXtensible Business Reporting Language (XBRL) is an open international standard for digital business reporting
that provides a language in which reporting terms can be authoritatively defined. Those terms can be used to uniquely
represent the contents of financial statements or other kinds of compliance, performance and business reports. XBRL
lets reporting information move between organizations rapidly, accurately and digitally. XBRL is a standard-based way
to communicate and exchange business information between business systems. These communications are defined by
metadata set out in taxonomies, which capture the definition of individual reporting concepts as well as the relationships
between concepts and other semantic meaning. Information being communicated or exchanged is provided within an
XBRL instance.
Important features of XBRL are as follows:
◘◘ Clear Definitions
◘◘ Testable Business Rules
◘◘ Multi-lingual Support
◘◘ Strong Software Support
Question 21: Explain the term “Master Data” and its types. (Study Material, RTP Nov-2018)
Hint:
◘◘ Master Data: Master data is relatively permanent data that is not expected to change again and again. It may
change, but not again and again. In accounting systems, there may be following type of master data.
Master Data
Accounting Inventory Master Payroll Master Statutory Master

Master Data Data Data Data
Question 22: On joining a Manufacturing company XYZ, you are briefed about the functioning of different modules
like Financial Accounting Module, Sales and Distribution Module, Human Resource Module, Material Management
Module, Production Planning Module etc. Prepare a brief description on the Material Management Module (MM) based
on your understanding. (RTP Nov-2018)
Hint: Material Management (MM) Module manages materials required, processed and produced in enterprises.
Different types of procurement processes are managed with the system. Some of the popular sub-components in MM
module are vendor master data, consumption-based planning, purchasing, inventory management, invoice verification
and so on. Material management also deals with movement of materials via other modules like logistics, Supply Chain
Management, sales and delivery, warehouse management, production and planning. The overall purchase process
includes the following sub-processes:
◘◘ Purchase Requisition from Production Department
◘◘ Evaluation of Requisition
◘◘ Asking for Quotation
◘◘ Evaluation of quotations
◘◘ Purchase Order
ww Description of stock items to be purchased.
ww Quantity of these stock items.
ww Rate for purchases.
ww Due Date by which material is to be received.
ww Godown where material is to be received.
◘◘ Material Receipt
◘◘ Issue of material
◘◘ Purchase Invoice

◘◘ Payment to Vendor
Question 23: You have been appointed as an Information Systems (IS) Auditor in a company JKL Ltd. and asked
to perform an ERP audit. Prepare a checklist of the common concerns that should be asked during development and
implementation of the system as well as ERP Audit. (RTP May-2019)
Hint: Some of the questions auditors should ask during an ERP audit are pretty much the same as those that should be
asked during development and implementation of the system:
◘◘ Does the system process according to GAAP (Generally Accepted Accounting Principles) and GAAS (Generally
Accepted Auditing Standards)?
◘◘ Does it meet the needs for reporting, whether regulatory or organizational?
◘◘ Were adequate user requirements developed through meaningful interaction?
◘◘ Does the system protect confidentiality and integrity of information assets?
◘◘ Does it have controls to process only authentic, valid, accurate transactions?
◘◘ Are effective system operations and support functions provided?
◘◘ Are all system resources protected from unauthorized access and use?
◘◘ Are user privileges based on what is called “role-based access?”
◘◘ Is there an ERP system administrator with clearly defined responsibilities?
◘◘ Is the functionality acceptable? Are user requirements met? Are users happy?
◘◘ Have worka rounds or manual steps been required to meet business needs?
◘◘ Are there adequate audit trails and monitoring of user activities?
◘◘ Can the system provide management with suitable performance data?
◘◘ Are users trained? Do they have complete and current documentation?
◘◘ Is there a problem-escalation process?
Question 24: Sales and Distribution Process that is used by organizations to support sales and distribution activities
of products and services, starting from enquiry to order and then ending with delivery is one of the most important
modules in ERP. Determine the various activities that are involved in Sales and Distribution Process. (RTP Nov-2019)
Hint: The various activities that are involved in a Sales and Distribution Process are as follows:
◘◘ Pre-Sales Activities ◘◘ Inventory Sourcing ◘◘ Billing
◘◘ Sales Order ◘◘ Material Delivery ◘◘ Receipt from Customer
Question 25: Describe the term “Business Reporting” and why do you think there is a need of it in today’s world?
(RTP May-2019 and Nov-2019)
Hint: Business Reporting is defined as the public reporting of operating and financial data by a business enterprise,
or the regular provision of information to decision-makers within an organization to support them in their work. This
reporting process involves querying data sources with different logical models to produce a human readable report - for
example, a computer user must query the Human Resources databases and the Capital Improvements databases to
show how efficiently space is being used across an entire corporation.
Through reporting, organizations communicate with their stakeholders about:
◘◘ mission, vision, objectives, and strategy.

◘◘ governance arrangements and risk management.
◘◘ trade-offs between the shorter- and longer-term strategies; and
◘◘ financial, social, and environmental performance (how they have fared against their objectives in practice).
The need of Business Reporting is for following reasons:
◘◘ Effective and transparent business reporting allows organizations to present a cohesive explanation of their business
and helps them engage with internal and external stakeholders, including customers, employees, shareholders,
creditors, and regulators.
◘◘ High-quality business reporting is at the heart of strong and sustainable organizations, financial markets, and
economies, as this information is crucial for stakeholders to assess organizational performance and make informed
decisions with respect to an organization’s capacity to create and preserve value.

◘◘ Many organizations are increasingly complex, and have larger economic, environmental, and social footprints.
Thus, various stakeholder groups require ESG (Environmental, Social and Governance) information, as well as
greater insight into how these factors affect financial performance and valuations.
◘◘ High-quality reports also promote better internal decision-making. High-quality information is integral to the
successful management of the business and is one of the major drivers of sustainable organizational success.
Question 26: Discuss the different ways in which Database Administrator (DBA) can store the data of ABC enterprise
implementing Accounting Information System (AIS). (RTP May-2020)
Hint:
A. Master Data
ww Accounting Master Data ww Payroll Master Data
ww Inventory Master Data ww Statutory Master Data
B. Non-Master Data
Question 27: ERP implementation is the difficult task as the organization which is in the process of implementing
ERP should keep abreast of latest technological development. Describe the different risks associated with technology
while implementing ERP. (RTP May-2020)
Hint: Various risks associated with technology while implementing ERP are as following:
◘◘ Software Functionality
◘◘ Technological Obsolescence
◘◘ Application Portfolio Management
Question 28: An article joined an Audit firm where he was briefed upon the details of an Accounting Process Flow.
Determine the steps involved in the process. (Study Material)
Question 29: Discuss the process involved under Materials Management Module of ERP.
(Study Material)
Question 30: List the benefits of Customer Relationship Management (CRM). (Study Material)
Question 31: As a manager, you are provided a MIS Report about your department’s customer service calls. Determine
the various criterions that the information in the report should meet so that the information becomes useful for you.
(Study Material)
Question 32: Recognize the application areas of Data Analytics in today’s world.
(Study Material, Nov. 2020)
Question 33: Explain the ways in which the Regulators can use eXtensible Business Reporting Language (XBRL).
(Study Material)
Question 34: Discuss the key features of Controlling Module in an Enterprise Resource Planning (ERP).
(Study Material)
Question 35: Explain the types of data in a computerized accounting system.

Question 36: A voucher is very important for recording a transaction. What is a voucher? Explain?
Question 37: Voucher is a documentary evidence of a transaction. What are the different types of voucher?
Question 38: Discuss the peculiarities that must be considered while allotting a voucher number to a voucher.
Hint: A Voucher Number or a Document Number is a unique identity of any voucher/ document. A voucher may be
identified or searched using its unique voucher number. The peculiarities that must be considered while allotting a
voucher number to a voucher are as follows:
◘◘ Voucher number must be unique.
◘◘ Every voucher type shall have a separate numbering series

◘◘ A voucher number may have prefix or suffix or both, e.g. ICPL/2034/17-18. In this case, “ICPL” is the prefix, “17-18”
is the suffix and “2034” is the actual number of the voucher.
◘◘ All vouchers must be numbered serially, i.e. 1, 2, 3, 4, 5, 6 and so on.
◘◘ All vouchers are recorded in chronological order and hence voucher recorded earlier must have an earlier number,
i.e. if voucher number for a payment voucher having date as 15th April 2017 is 112, voucher number for all the
vouchers recorded after this date shall be more than 112 only.
Question 39: In a financial accounting system why is there a separate front end and backend system? Why not only
one? Explain.
Question 40: Identify and explain any four differences between Installed Applications and Web Applications.
Question 41: What is a cloud app? Explain and give examples of some cloud apps. Also, explain the features of cloud
apps.
Question 42: “ERP is the technological backbone of e-business, an enterprise wide transaction framework with links
into sales order processing, inventory management and control, production and distribution planning, and finance.”
What are the Features of an ideal ERP system? (Study Material)
Question 43: “ERP is the technological backbone of e-business, an enterprise wide transaction framework with links
into sales order processing, inventory management and control, production and distribution planning, and finance.”
What are the Benefits of an ideal ERP system? (Nov. 2020)
Question 44: ERP has a lot of risk involved related to ERP Implementation. Explain the risk associated with ERP
related to ERP Implementation and controls required in an ERP Environment.
Question 45: What is the importance of access in ERP Control?

Question 46: What are the two approaches to access control in ERP System? Explain.
Question 47: Describe Role Based Access Control (RBAC) in Enterprise Resource Planning (ERP) System.
Question 48: To access the data, classify the types of access that can be assigned to different users.
Question 49: A Report simply means presentation of information in proper and meaningful way. What do you mean
by Management Information System (MIS) Report? What are the different types of MIS Reports?
Question 50: What are the criteria to make information in a MIS Report most useful?
Question 51: Data is everywhere. The amount of digital data that exists is growing at a rapid rate. What are data
analytics? Explain.
Question 52: Who is a data scientist? What do they do?

Question 53: Data analytics is the process of examining data sets in order to draw conclusions about the information
they contain, increasingly with the aid of specialized systems and software. What are the different types of data analytics?
Question 54: Data Analytics initiatives can help businesses increase revenues, improve operational efficiency, and
gain a competitive edge over rivals. How does the data analytics process get the data ready for analysis?
Question 55: Analyze the statement “The potential benefits of Business Intelligence (BI) programs include
accelerating and improving decision making; optimizing internal business processes; increasing operational efficiency;
driving new revenues; and gaining competitive advantages over business rivals.” Determine its justification.
Hint: Business Intelligence (BI) is a technology-driven process for analyzing data and presenting actionable information
to help corporate executives, business managers and other end users make more informed business decisions.
◘◘ BI encompasses a wide variety of tools, that enable organizations to collect data from internal systems and external
sources, prepare it for analysis, develop and run queries against the data, and create reports, dashboards and data
visualizations to make the analytical results available to corporate decision makers as well as operational workers.
◘◘ BI systems can also help companies identify market trends and spot business problems that need to be addressed.
◘◘ Business Intelligence uses data from different sources and helps to finds answers to various questions.
◘◘ BI data can include historical information, as well as new data gathered from source systems as it is generated,
enabling BI analysis to support both strategic and tactical decision-making processes.
◘◘ Initially, BI tools were primarily used by data analysts and other IT professionals who ran analyses and produced
reports with query results for business users. Increasingly, however, business executives and workers are using BI
software themselves, thanks partly to the development of self-service BI and data discovery tools.
◘◘ Business Intelligence combines a broad set of data analysis applications, including ad hoc analysis and querying,
enterprise reporting, Online Analytical Processing (OLAP), mobile BI, real-time BI, operational BI, cloud and
software as a service BI, open source BI, collaborative BI and location intelligence.
◘◘ BI technology also includes data visualization software for designing charts and other infographics, as well as tools
for building BI dashboards and performance scorecards that display visualized data on business metrics and key
performance indicators in an easy-to-grasp way.
◘◘ BI applications can be bought separately from different vendors or as part of a unified BI platform from a single
vendor.
◘◘ BI programs can also incorporate forms of advanced analytics, such as data mining, predictive analytics, text
mining, statistical analysis and big data analytics. In many cases, though, advanced analytics projects are conducted
and managed by separate teams of data scientists, statisticians, predictive modelers and other skilled analytics
professionals, while BI teams oversee more straightforward querying and analysis of business data.
◘◘ Business Intelligence data in terms of unstructured data, log files, sensor data and other types of big data are stored
in a data warehouse or smaller data marts that hold subsets of a company’s information. Before it’s used in BI
applications, raw data from different source systems must be integrated, consolidated and cleansed using data
integration and data quality tools to ensure that users are analyzing accurate and consistent information.
Question 56: Business Intelligence (BI) is the delivery of accurate, useful information to the appropriate decision
makers within the necessary time frame to support effective decision making for business processes. Discuss the various
types of BI tools.
Question 57: Describe the concept of extensible Business Reporting Language (XBRL) Tagging.
Question 58: Accountants use XBRL in support of clients reporting requirements. What does XBRL do?
Question 59: XBRL has made reporting more accurate and efficient. What are the features of XBRL?
Question 60: Are Data warehouse and data warehousing are different? If yes, then how? Explain.
Question 61: Are Data warehouse and data warehousing are different? If yes, then how? Explain.

Unit I - Financial and Accounting Systems
INTRODUCTION (d) None of the above

1. In _______________________view Balance Sheet COMPUTERIZED ACCOUNTING SYSTEM
and Profit & Loss Account must be prepared easily
without putting much time/efforts. 6. What is not a part of Inventory Master Data?
(a) Auditor’s (a) Stock Item (b) Stock Group
(b) Accountant’s (c) Salary Structure (d) Godowns
(c) Business’s manager’s 7. _________________ is relatively permanent data not
(d) Owners’ expected to change frequently.
2. In _______________________ view Balance Sheet and (a) Master data
Profit & Loss Account must be correct at any point of (b) Non-master data
time. (c) Relative data
(a) Auditor’s (d) Non-Relative data
(b) Accountant’s 8. Master data is ___________________ data not expected
(c) Business’s managers to change the frequently.
(d) Owners’ (a) Absolute permanent
3. In _______________________ view right information (b) Relatively permanent
shall be available at right point of time for right (c) Absolute temporary
decision making. (d) Relatively temporary
(a) Auditor’s view 9. Non-Master data is ___________________ data
(b) Accountant’s expected to change the frequently.
(c) Business’s managers (a) Absolute permanent
(d) All of the above (b) Relatively permanent
4. Which of the following statement defines a system (c) Absolute temporary
correctly? (d) Relatively temporary
(a) A set of principles or procedures per which 10. _________________ is non-permanent data and
something is done; an organized scheme or expected to change frequently.
method.” (a) Master data (b) Non-master data
(b) A set of things working together as parts of a (c) Relative data (d) Non-Relative data
mechanism or an interconnecting network; a
11. _________________ is a documentary evidence of a
complex whole.
transaction.
(c) A set of detailed methods, procedures and
(a) Audit (b) Non- master data
routines created to carry out a specific activity,
perform a duty, or solve a problem (c) Voucher (d) All of the above
(d) All of the above 12. Structure and content of accounting vouchers which
will be used to enter transactions is an example of
5. Which of the following is not a component of a
_______.
system?
(a) Master data (b) Non-master data
(a) Inputs, outputs and feedback mechanisms.
(c) Relative data (d) Non-Relative data
(b) Maintain an internal steady-state despite a
changing external environment. 13. Data stored in Masters is ________________.
(c) Have boundaries that are usually defined by the (a) Dependent (b) Independent
system observer. (c) Relative (d) isolated
14. Which of the following function can be performed in (a) Accounting voucher
a master data? (b) Payroll voucher
(a) Create (b) Alter (c) Inventory voucher
(c) Display (d) All of the above (d) All of the above
15. Stock items forms part of which of the following 23. To enter information like sales and purchase which
master data? of the following vouchers are used?
(a) Payroll master data (a) Accounting voucher
(b) Inventory master data (b) Payroll voucher
(c) Accounting master data (c) Inventory voucher
(d) Statutory master data (d) All of the above
16. ___________________ are predefined structure and 24. To enter information like attendance and payroll
content of your accounting information. which of the following vouchers are used?
(a) Master (b) Relative (a) Accounting voucher
(c) Non-master (d) Non- relative (b) Payroll voucher
17. ______________________ is data which is expected (c) Inventory voucher
to change frequently, again and again and not a (d) All of the above
permanent data. 25. As far as Financial and Accounting Systems are
(a) Non-master (b) Master concerned, ledgers may be classified in which of the
(c) Relative (d) Non- relative following types?
(a) Nominal and personal
VOUCHER (b) Ledger having debit and credit balance
18. A ________________ is a unique identity of any (c) Real and personal
voucher/ document. (d) Real and nominal
(a) Voucher Number 26. For which of the following transactions contra
(b) Document Number voucher types are issued?
(c) Both a and b (a) Fund transfer from our one bank account to our
(d) Either a and b own another bank account.
19. Voucher is _____________________. (b) For recording of all types of payments. Whenever
the money is going out of business by any mode
(a) An internal document
(c) For recording of all types of receipts. Whenever
(b) Used in a company’s accounts payable
money is being received into business from
department
outside by any mode
(c) Used to collect and organize the necessary
(d) For recording of all non-cash/bank transactions
documentation and approvals before paying a
vendor invoice. 27. For which of the following transactions contra
(d) All of the above voucher types are issued?
(a) For recording all types of trading sales by any
20. For entering information such as sales and purchase
mode
which of the following voucher is used?
(b) For recording all types of trading purchase by any
(a) Accounting Voucher Types
mode
(b) Inventory Voucher Type
(c) Cash deposit in bank
(c) Payroll Voucher Type
(d) For making changes/corrections in already
recorded sales/purchase transactions.
21. Voucher is _______________ document used in a
28. For which of the following transactions are contra
company’s accounts payable department in order to
voucher types issued?
collect and organize the necessary documentation
(a) Cash transfer from one location to another.
and approvals before paying a vendor invoice.
(b) For recording of physical movement of stock from
(a) Internal (b) External
one location to another.
(c) Micro (d) Macro
(c) For making corrections in stock after physical
22. To enter information like stock journal, which of the counting.
following voucher types are used?
(d) For recording of physical delivery of goods sold to 34. For which of the following transactions are credit
a customer. note voucher types issued?
29. For which of the following transactions are payment (a) For recording all types of trading sales by any
voucher types issued? mode
(a) Fund transfer from our one bank account to our (b) For recording all types of trading purchase by any
own another bank account. mode
(b) For recording of all types of payments. Whenever (c) Cash deposit in bank
the money is going out of business by any mode (d) For making changes/corrections in already
(c) For recording of all types of receipts. Whenever recorded sales/purchase transactions.
money is being received into business from 35. For which of the following transactions are debit

outside by any mode note issued?
(d) For recording of all non-cash/bank transactions (a) For making changes/corrections in already
30. For which of the following transactions are receipt recorded sales/ purchase transactions.
voucher types issued? (b) Cash withdrawal from bank
(a) Fund transfer from our one bank account to our (c) For recording of a purchase order raised on a
own another bank account. vendor.
(b) For recording of all types of payments. Whenever (d) For recording of a sales order received from a
the money is going out of business by any mode customer.
(c) For recording of all types of receipts. Whenever 36. For which of the following transactions are purchase
money is being received into business from order voucher types issued?
outside by any mode (a) For making changes/corrections in already
(d) For recording of all non-cash/bank transactions recorded sales/ purchase transactions.
31. For which of the following transactions are journal (b) Cash withdrawal from bank
voucher types issued? (c) For recording of a purchase order raised on a
(a) Fund transfer from our one bank account to our vendor.
own another bank account. (d) For recording of a sales order received from a
(b) For recording of all types of payments. Whenever customer.
the money is going out of business by any mode 37. For which of the following transactions are sale
(c) For recording of all types of receipts. Whenever order voucher types issued?
money is being received into business from (a) For making changes/corrections in already
outside by any mode recorded sales/ purchase transactions.
(d) For recording of all non-cash/bank transactions (b) Cash withdrawal from bank
32. For which of the following transactions are sales (c) For recording of a purchase order raised on a
voucher types issued? vendor.
(a) For recording all types of trading sales by any (d) For recording of a sales order received from a
mode customer.
(b) For recording all types of trading purchase by any 38. For which of the following transactions are stock
mode journal voucher types issued?
(c) Cash deposit in bank (a) Cash transfer from one location to another.
(d) For making changes/corrections in already (b) For recording of physical movement of stock from
recorded sales/purchase transactions. one location to another.
33. For which of the following transactions are (c) For making corrections in stock after physical
purchasing voucher types issued? counting.
(a) For recording all types of trading sales by any (d) For recording of physical delivery of goods sold to
mode a customer.
(b) For recording all types of trading purchase by any 39. For which of the following transactions are physical
mode stock voucher types issued?
(c) Cash deposit in bank (a) Cash transfer from one location to another.
(d) For making changes/corrections in already (b) For recording of physical movement of stock from
recorded sales/purchase transactions. one location to another.
(c) For making corrections in stock after physical 45. In accounting, there are _______ kinds of accounts.
counting. (a) one (b) two
(d) For recording of physical delivery of goods sold to (c) three (d) four
a customer.
46. An aspiring CA in his interview was asked to provide
40. For which of the following transactions are delivery correct sequence of the following sub- processes
note voucher types issued? that represent accounting process flow. The sub-
(a) Cash transfer from one location to another. processes are-
(b) For recording of physical movement of stock from i. Source document
one location to another. ii. Financial statement
(c) For making corrections in stock after physical iii. Adjustment
counting. iv. Ledger

(d) For recording of physical delivery of goods sold to v. Adjusted trial balance
a customer. vi. Closing entries
41. For which of the following transactions are receipt vii. Journal
note voucher types issued? viii. Trial balance
(a) For recording of physical receipt of goods (a) i, ii, iv, iii, iv, viii, vii, vi
purchased from a vendor. (b) i, vii, iv, viii, iii, v, vi, viii
(b) For recording of physical movement of stock from (c) i, iii, iv, ii, iv, viii, vii, vi
one location to another. (d) i, viii, ii, iv, iii, iv, vii, vi
(c) For making corrections in stock after physical
47. In accounting there are which of the following kinds
counting.
of accounts?
(d) For recording of physical delivery of goods sold to
(a) Personal (b) Real
a customer.
(c) Nominal (d) All of the above
42. For which of the following transactions are
48. As far as Financial and Accounting Systems are
memorandum voucher types issued?
concerned, ledgers may be classified in ____________
(a) For recording of physical movement of stock from
types only.
one location to another.
(a) One (b) Two
(b) For making corrections in stock after physical
(c) Three (d) Four
counting.
(c) For recording of transaction which will be in the 49. There are ______________ basic groups of ledgers in
system but will not affect the trial balance. accounting.
(d) For recording of physical delivery of goods sold to (a) Two (b) Three
a customer. (c) Four (d) Five
43. For which of the following transactions are 50. In the context of Financial and Accounting Systems
attendance voucher types issued? are concerned, ledgers may be classified in which of
(a) For recording of physical movement of stock from the following type only?
one location to another. (a) Ledger having Debit Balance
(b) For recording of attendance of employees. (b) Ledger having Credit Balance
(c) For recording of transaction which will be in the (c) Ledgers having neutral balances
system but will not affect the trial balance. (d) Both a and b
(d) For recording of physical delivery of goods sold to
a customer. WORKING OF ANY SOFTWARE
44. For which of the following transactions are 51. __________________ is part of the overall software
memorandum voucher types issued? which actually interacts with the user who is using
(a) For recording of physical movement of stock from the software.
one location to another. (a) Front End (b) Back end
(b) For salary calculations. (c) Database layer (d) Presentation layer
(c) For recording of transaction which will be in the
52. ________________ is a part of the overall software
system but will not affect the trial balance.
which does not directly interact with the user, but
(d) For recording of physical delivery of goods sold to interact with Front End only.
a customer.
(a) Front End (b) Database layer
(c) Back end (d) Presentation layer 61. _________________ are programs installed on the
53. _________________________________ software is hard disc of the user’s computer.
meant for handling requests from users. (a) Web applications
(a) Database layer (b) Front End (b) Front end
(c) Back end (d) Presentation layer (c) Installed application
(d) Back end
54. ________________________ software is meant storing
and handling the data. 62. _________________ are installed on a web server
(a) Front End and it is accessed using a browser and internet
(b) Database layer connection.
(c) Presentation layer (a) Front end

(d) Back end (b) Web applications
(c) Installed application
55. _____________________ software interacting with a
(d) Back end
user is meant for presenting information in proper
format, different colours, bold, italic letters, tables, 63. Which of the following is an example of Web
charts, etc. applications?
(a) Front End (b) Back end (a) Google chrome (b) Safari
(c) Database layer (d) Presentation layer (c) Google Docs (d) Windows
56. __________ software handles processed data and not 64. Which of the following is an example of Installed
raw data application?
(a) Front End (b) Back end (a) Google Docs (b) Gmail
(c) Database layer (d) Presentation layer (c) Google chrome (d) Wikis
57. Back End speaks in _______________. 65. Which of the following is not an example of web
(a) Language understood by a layman application?
(b) Technical language not understood by a layman (a) Google chrome
(c) Technical language understood by a layman (b) Internet explorer
(d) Human language not understood by a ayman (c) Instant messaging services
(d) Both a and b
APPLICATION SOFTWARE 66. Which of the following is an example of installed
application?
58. Which of these programs are installed on the hard
disc of the user’s computer? (a) Google chrome
(a) Installed application (b) Internet explorer
(b) Web application (c) Instant messaging services
(c) Both a and b (d) Both a and b
(d) None of the above 67. Which of the following is not an example of installed
application?
59. Which sentence is true about installed software
application? (a) Google chrome
(a) It is installed on the hard disc of the computer of (b) Internet explorer
the user (c) Instant messaging services
(b) It is installed on the web server (d) Both a and b
(c) It is installed on cloud
CLOUD APPLICATION
(d) It is installed on a website
60. Which of the following is an example of web 68. A ___________________ is a software program where
application? cloud-based and local components work together.
(a) Google chrome (a) Middleware
(b) Internet explorer (b) Cloud application
(c) Instant messaging services (c) Artificial intelligence
(d) Both a and b (d) Enterprise Resource Planning
69. Cloud-based application tasks may encompass (d) Cloud application

__________________. 75. _________________________ is essentially a software
(a) Inventory management which integrates all the departments and their
(b) Customer relationship management (CRM) functions within a company through a single IT
(c) Data collection system.
(d) All of the above (a) Middleware
70. Which of the following feature is present in a cloud (b) Enterprise Resource Planning
application? (c) Cloud application
(a) Support for different user requirements, e.g., data (d) Artificial intelligence
backup cloud app with different features such as 76. ERP stands for ____________________.
data compression, security, backup schedule. (a) Enterprise Reprogramming Planning System
(b) Can be used from web browser and/or custom (b) Enterprise Resource Production System
built apps installed on Internet connected devices
(c) Enterprise Resource Planning Skill
such as desktops, mobile phones.
(d) Enterprise Resource Planning System
(c) Can be used to access a wider range of services
such as on-demand computing cycle, storage, 77. ERP stands for _____________.
application development platforms. (a) Enterprise Resource Policy
(d) All of the above (b) Enterprise Rating Points
(c) Enterprise Report Presentation
NON- INTEGRATED SYSTEMS (d) Enterprise Resource Planning
71. ___________________ is a system of maintaining data 78. Most of the organization lack consistency to
in a decentralized way. maintain their business operations and cross-
functional co-ordination. To overcome the above-
(a) Non- integrated system
mentioned inconsistencies, companies adopt
(b) Integrated system
______________.
(c) Enterprise Resource Planning
(a) Enterprise Resource Planning
(d) Non- relative system
(b) Middleware
72. In ______________________ each department shall (c) Non- integrated systems
maintain its own data separately and not in an (d) Artificial intelligence
integrated way.
79. ERP is the ______________ backbone of e-business,
(a) Integrated system
an enterprise wide transaction framework with links
(b) Relative system
into sales order processing, inventory management
(c) Enterprise Resource Planning
and control, production and distribution planning,
(d) Non- integrated system and finance.
(a) Financial (b) Social
INTEGRATED SYSTEMS (ERP)
(c) Technological (d) Ecological
73. ________________ is an overall business management 80. ERP is software architecture that allows the
system that caters need of all the people connected exchange of information between ________.
with the organization. (a) Specific functions
(a) Non-Integrated system (b) All functions
(b) Relative system (c) Some functions
(c) Cloud application (d) General functions
(d) Enterprise Resource Planning
74. ______________________ is an enterprise-wide
information system designed to coordinate all 81. Enterprise Resource Planning (ERP)
the resources, information, and activities needed (a) Is essentially a software which integrates all
to complete business processes such as order the departments and their functions within a
fulfilment or billing. company through a single IT system.
(a) Non-Integrated system (b) Is software architecture that allows the exchange
(b) Enterprise Resource Planning of information between all functions, e.g.
(c) Relative system manufacturing, finance, procurement and human
resources, and manages them as processes not (d) All of the above
functions. 89. ERP controls ensure that information remains
(c) ERP is the technological backbone of e-business, ___________.
an enterprise wide transaction framework with
(a) Accurate
links into sales order processing, inventory
(b) Confidential
management and control, production and
(c) Available when required
distribution planning, and finance.
(d) All of the above (d) All of the above
82. ERP has the ability to customize an organization’s 90. Which of the following is a main characteristic of
requirements. Which of the following feature of an Integrated ERP System?
ERP is highlighted in the above statement? (a) Separate data maintenance by each department

(a) Customization (b) Integration (b) Centralized Database
(c) Security (d) Access Control (c) No direct inter department communication
83. ERP integrates business operations with accounting
and financial reporting functions. Which of the 91. Which of the following information about ERP is not
following feature of an ERP is highlighted in the true?
above statement? (a) It integrates all the departments and their
(a) Customization (b) Integration functions within a company through a single IT
(c) Security (d) Access Control system.
(b) It allows the exchange of information between all
84. ERP Increases data security and application
functions.
controls. Which of the following feature of an ERP is
(c) It is the technological backbone of e-business.
highlighted in the above statement?
(a) Customization (b) Integration
(c) Access Control (d) Security RISKS IN AN ERP ENVIRONMENT
85. ERP builds strong access and segregation of duties
controls. Which of the following feature of an ERP is 92. Which of the following are risk to electronic safety of
highlighted in the above statement? data?
(a) Customization (b) Integration (a) Risk of unauthorized changes in data
(c) Access Control (d) Security (b) Risk of partial/complete deletion of data
(c) Risk of leakage of information
86. ERP has strong reporting capabilities which aid
management and other stakeholders in appropriate
decision making. Which of the following feature of 93. In ERP environment, data is stored ______________.
an ERP is highlighted in the above statement? (a) Separately (b) Individually
(a) Reporting Capability (c) Centrally (d) Department-wise
(b) Debugging 94. ______________________ consists of one or more
(c) Process Huge Data processes to verify the identity of a subject
(d) Customization attempting to access an object.
87. _________________________ is a term applied to (a) Authentication
processes implemented by a company to handle its (b) Authorization
contact with its customers. (c) Identity Management
(a) Middleware (d) Accountability
(b) Cloud Application 95. Identity management and authentication are
(c) Customer Relationship Management ___________.
(d) Enterprise Resource Planning (a) Inseparable (b) Unrelated
88. To safeguard software systems, procedures are (c) Not associated (d) Separable
developed and implemented for protecting them 96. Identity management includes ___________.
from ____________________. (a) Assigning a subject’s identity
(a) Unauthorized modification (b) Managing a subject’s identity
(b) Unauthorized disclosure (c) Neither a Nor b
(c) Unauthorized destruction (d) Both a and b
97. ______________________ is the process of verifying a 104. If Cash ledger is grouped under Indirect income,
subject’s identity at the point of object access. __________________.
(a) Authentication (a) It shall be displayed in profit and loss account
(b) Authorization (b) It shall still be considered in balance sheet as it is
(c) Identity Management a cash ledger
(d) Accountability (c) Software shall show error message
98. _____________________ identifies what systems, (d) None of above
network resources, etc. a subject can access.
ERP- BUSINESS PROCESS MODULES
Related processes also enforce least privilege, need-
to-know, and separation of duties. 105. __________________ includes tracking of flow of
(a) Authentication financial data across the organization in a controlled

(b) Authorization manner and integrating all the information for
(c) Identity Management effective strategic decision making.
(d) Accountability (a) Financial accounting module
99. __________________ provide insight into how well the (b) Controlling module
access control process is working: whether or not (c) Sales and distribution module
subjects abuse their access. (d) Human resource module
(a) Authentication 106. ____________ facilitates coordinating, monitoring,
(b) Authorization and optimizing all the processes in an organization.
(c) Identity Management (a) Financial accounting module
(d) Accountability (b) Sales and distribution module
100. Which of the following approaches to access control (c) Human resource module
can be established within an organisation? (d) Controlling module
(a) Rule based access control 107. ___________________ controls the business flow in an
(b) Role based access control organization.
(c) Either a or b (a) Financial accounting module
(d) Both a and b (b) Controlling module
(c) Sales and distribution module
TYPES OF ACCESS (d) Human resource module
101. Which of the following access controls can be used 108. _________________ helps in analysing the actual
to create data? figures with the planned data and in planning
(a) Alter (b) View business strategies.
(c) Create (d) Print (a) Financial accounting module
(b) Sales and distribution module
AUDIT OF ERP SYSTEMS (c) Controlling module
(d) Human resource module
102. GAAP stands for _____________.
(a) Generally Accepted Accounting Practice 109. _____________________ is used by organizations to
(b) Generally Accepted Accounting Principles support sales and distribution activities of products
(c) Generally Admired Accounting Principles and services, starting from enquiry to order and
then ending with delivery.
(d) Generally American Accounting Principles
(a) Financial accounting module
AUDIT IN CASE OF ERP (b) Sales and distribution module
(c) Controlling module
103. ___________________ includes testing of different (d) Human resource module
functions in the system and testing of the overall
110. _______________________ can monitor a plethora of
process or part of process in the system and its
activities that take place in an organization such as
comparison with actual process.
products enquires, quotation (pre-sales activities),
(a) Final audit (b) Interim audit
placing order, pricing, scheduling deliveries (sales
(c) Functional audit (d) Continuous audit
activity), picking, packing, goods issue, shipment
of products to customers, delivery of products and 118. If stock balance for a stock item touches
billings. ______________, order for purchase of goods is to be
(a) Financial accounting module placed.
(b) Sales and distribution module (a) Re-order (b) Price level
(c) Human resource module (c) Stock group (d) Stock ageing
(d) Controlling module 119. It is pre-decided rate structure for different
111. ________________________ includes all activities stock items for different customers for different
right from hiring a person to evaluating quantities.
one’s performance, managing promotions, (a) Re-order (b) Price level
compensation, handling payroll and other related (c) Stock group (d) Stock ageing

activities of an HR is processed using this module. 120. ______________ is the process of Identifying age of
(a) Financial accounting module stock items and arranging it as per its age.
(b) Sales and distribution module (a) Re-order (b) Price level
(c) Human resource module (c) Stock group (d) Stock ageing
(d) Controlling module
121. Which of the following term is used for perishable
112. ___________________ include prospecting of goods?
customers, identifying prospective customers, (a) Expiry date (b) Price level
gathering data, contacting them and fixing (c) Stock group (d) Stock ageing
appointments, showing demo, discussion,
submission of quotations, etc. 122. ________________ includes software designed
specifically for production planning and
(a) Pre-Sales Activities
management.
(b) Sales Order
(c) Inventory sourcing
(b) Production planning module
(d) Material delivery
(c) Controlling module
113. ___________________ includes making arrangements (d) Human resource module
before delivery of goods, ensuring goods are ready
123. ________________ consists of master data, system
and available for delivery.
configuration and transactions in order to
(a) Pre-Sales Activities accomplish plan procedure for production.
(b) Sales Order (a) Financial accounting module
(c) Inventory sourcing (b) Controlling module
(d) Material delivery (c) Production planning module
114. ___________ is the item of stock intended for sale / (d) Human resource module
consumption in normal course of business. 124. _________________ collaborate with master data,
(a) Stock item (b) Stock group sales and operations planning, distribution resource
(c) Batch (d) Stock ageing planning, material requirements planning, product
115. All television of different sizes of one brand are cost planning and so on while working towards
placed under one group for reporting purpose. This production management in enterprises.
is an example of ________________. (a) Financial accounting module
(a) Stock item (b) Stock group (b) Production planning module
(c) Batch (d) Stock ageing (c) Controlling module
(d) Human resource module
116. _________________ is a group used for reporting of
125. _______________ manages materials required,
similar stock items.
processed and produced in enterprises.
(a) Stock item (b) Batch
(c) Stock group (d) Stock ageing
(b) Production planning module
117. ______________ is level of stock set for placing an (c) Controlling module
order for purchase.
(d) Material Management (MM) Module
(a) Stock item (b) Batch
126. __________________manages different types of
(c) Stock ageing (d) Stock group
procurement processes.
(a) Financial accounting module 133. ____________________ application component

(b) Production planning module provides you with a comprehensive software
(c) Material Management (MM) Module solution for all maintenance activities that are
(d) Controlling module performed within a company.
(a) Material Management (MM) Module
127. Some of the popular sub-components in
(b) Plant Maintenance (PM) Module
_______________ are vendor master data,
consumption based planning, purchasing, (c) Quality Management Module
inventory management, invoice verification and so (d) Production planning module
on. 134. ____________________ is an integrated project
(a) Material Management (MM) Module management tool used for planning and managing
(b) Financial accounting module projects.

(c) Production planning module (a) Project system module
(d) Controlling module (b) Supply chain module
128. _____________________ deals with movement of (c) Material Management (MM) Module
materials via other modules like logistics, Supply (d) Plant Maintenance (PM) Module
Chain Management, sales and delivery, warehouse 135. ____________________ has several tools that enable
management, production and planning. project management process such as cost and
(a) Financial accounting module planning budget, scheduling, requisitioning of
(b) Material Management (MM) Module materials and services.
(c) Production planning module (a) Supply chain module
(d) Controlling module (b) Material Management (MM) Module
129. ______________ helps in management of quality in (c) Project system module
productions across processes in an organization. (d) Plant Maintenance (PM) Module
(a) Quality Management Module 136. ________________________ provides extensive
(b) Material Management (MM) Module functionality for logistics, manufacturing, planning,
(c) Production planning module and analytics.
(d) Controlling module (a) Supply chain module
(b) Material Management (MM) Module
130. ________________ helps an organization to
accelerate their business by adopting a structured (c) Project system module
and functional way of managing quality in different (d) Plant Maintenance (PM) Module
processes. 137. When attendance and leave records are used for
(a) Material Management (MM) Module calculation of salary on monthly basis. Which of the
(b) Production planning module following modules be integrated?
(c) Controlling module (a) Human resource module & Project system
(d) Quality Management Module module
(b) Human resource module & financial accounting
131. ____________________collaborates in procurement
module
and sales, production, planning, inspection,
notification, control, audit management and so on. (c) Project system module & Plant Maintenance
(PM) Module
(a) Material Management (MM) Module
(d) Plant Maintenance (PM) Module& financial
(b) Quality Management Module
accounting module
(c) Production planning module
(d) Controlling module 138. Which of the following modules are integrated for
receipts/issues against production orders?
132. _______________________ handles the maintaining
(a) Human resource module & Project system
of equipment and enables efficient planning of
module
production and generation schedules.
(b) Human resource module & financial accounting
(a) Plant Maintenance (PM)
module
(b) Material Management (MM) Module
(c) Project system module & Plant Maintenance
(c) Quality Management Module
(PM) Module
(d) Production planning module
(d) Material management Module&production
planning module
139. Which of the following modules shall be integrated 140. Which of the following modules shall be integrated
in the areas of delivery and stock transfer check? for quality inspection?
(a) Material management Module & Sales and (a) Material management Module & Quality
distribution module management module
(b) Human resource module & Project system (b) Plant maintenance management & quality
module management module
(c) Human resource module & financial accounting (c) Human resource module & quality management
module module
(d) Project system module & Plant Maintenance (d) Plant maintenance management & quality
(PM) Module management module

Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a c d d c a b d b c a b d b c a c d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
a c a b b a c a b c d a b d a c d a c d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b b c b d b c d a c b d a b b a a c
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
c b c c d d c b d d a d d b b d d a c b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
d a b d c a c d d b d d c c a d a b d d
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
c b c a a d b c b d c a c a b c d a b d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
a b c b d c a b a d b a b a c a b d a a
Unit II
Business Reporting Data Analytics and
XBRL
REPORTING SYSTEM (d) Inventory Reports
8. An MIS report would contain which of the following

1. Presentation of information in proper and
data?
meaningful way is called _____________.
(a) The number of calls your staff takes
(a) MIS (b) Report
(b) The average amount of time it takes to answer a
(c) EIS (d) ERP
phone call or email
2. A ________________ is a system of regular reporting
(c) The number of questions that your staff answers
some pre-decided aspects.
correctly vs. the number that are incorrect
(a) OLAP (b) MIS
(c) OLTP (d) Reporting system
3. Which of the following is used for basic analysis of Data Analytics
financial position and financial performance of an
enterprise? 9. The process of examining data sets in order to draw
(a) Balance Sheet (b) Profit & Loss Account conclusions about the information they contain,
increasingly with the aid of specialized systems and
(c) Cash flow statement (d) Both a and b
software is called __________________.
4. ___________________ reports are used to obtain
(a) Data analytics (b) Data processing
information on the financial position, operational
performance and economic activities of the (c) Data storing (d) Data warehousing
business.
10. Data analytics (DA) _________________.
(a) Financial Reports
(a) is the process of examining data sets in order to
(b) Accounting Reports draw conclusions about the information they
(c) Inventory Reports contain, increasingly with the aid of specialized
(d) Management Control Reports systems and software.
5. ___________________ reports are used to determine (b) Data analytics technologies and techniques are
the financial condition of an organisation as required widely used in commercial industries to enable
by shareholders, creditors and government units. organizations to make more-informed business
(a) Financial Reports decisions
(b) Accounting Reports (c) Data analytics refers to an assortment of
(c) Inventory Reports applications, from basic business intelligence
(d) Management Control Reports (BI), reporting and online analytical processing
6. ___________________ reports are used to manage the (OLAP) to various forms of advanced analytics.
Inventory effectively since the actual status of stock (d) All of the above
items is obtained. 11. Data Analytics initiatives can help businesses to
(a) Accounting Reports __________________.
(b) Financial Reports (a) Increase revenues
(c) Inventory Reports (b) Improve operational efficiency
(d) Management Control Reports (c) Optimize marketing campaigns and customer
7. ___________________ reports are used to utilise service efforts
budgets, cost centre reports, scenario reports, etc. (d) All of the above
for controlling activities. 12. Which of the following statement about Data science
(a) Accounting Reports is true?
(b) Management Control Reports (a) It deals with unstructured data only.
(c) Financial Reports (b) It deals with structured data only.
(c) It deals with unstructured as well as structured (a) Scorecard (b) Dashboard
data. (c) Data mining (d) OLTP
(d) It does not deal with any kind of data. 21. _________________ involves data analysis for
13. Which of the following type of Data Analytics (DA) discovering useful patterns that are “hidden” in
application involves analysis of numerical data large volume of diverse data.
with quantifiable variables that can be compared or (a) Scorecard (b) Dashboard
measured statistically? (c) Data mining (d) OLTP
(a) Exploratory DA 22. _________________________ is a process of delivering
(b) Quantitative Data Analysis business intelligence (BI) or information about
(c) Confirmatory DA business operations as they occur.

(d) Qualitative Data Analysis (a) OLTP (b) OLAP
14. ______________________ aims to find patterns and (c) Real-time Business Intelligence
relationships in data. (d) Operational Business Intelligence
(a) Exploratory DA 23. Extract Transform Load (ETL) is a part of
(b) Quantitative Data Analysis _________________.
(c) Confirmatory DA (a) Business Reporting
(d) Qualitative Data Analysis (b) Inventory Accounting
15. ______________ applies statistical techniques to (c) Financial Accounting
determine whether hypotheses about a data set are (d) Payroll Accounting
true or false. 24. OLAP stands for __________________.
(a) Exploratory DA (a) Offline Analytical Processing
(b) Quantitative Data Analysis (b) Online Analytical Processing
(c) Confirmatory DA (c) Online Analytical Product
(d) Qualitative Data Analysis (d) Offline Analytical Product
16. _____________________ involves analysis of 25. ______________________ is a BI tool capability that
numerical data with quantifiable variables that can relates geographic contexts to business data.
be compared or measured statistically. (a) Scorecard (b) Dashboard
(a) Exploratory DA (c) OLAP (d) Location intelligence
(b) Quantitative Data Analysis
(c) Confirmatory DA BUSINESS REPORTING
(d) Qualitative Data Analysis 26. Business Reporting is the _____________.
(a) Public reporting of operating and financial data
BUSINESS INTELLIGENCE TOOLS
by an enterprise.
17. Business Intelligence tools are a type of software (b) Regular provision of information to decision-
that is designed to ______________. makers within an organization to support them
(a) Retrieve (b) Analyse in their work. It helps them in better business
(c) report data (d) all of the above intelligence development and knowledge
18. Which of the following is a business intelligence management.
tool? (c) BR is implemented through Extract, Transform,
(a) Scorecard (b) Dashboard and Load (ETL) procedures in coordination with
(c) Data mining (d) All of the above a data warehouse.
19. Which of the following business tools involve using (d) All of the above
the data warehouse to get response to the query: 27. Business Reporting is implemented through
“Tell me what happened”. _______________________ procedures in coordination
(a) Dashboard with a data warehouse.
(b) Simple reporting and querying (a) Extract (b) Transform
(c) Scoreboard (c) Load (d) All of the above
(d) Data mining 28. Organisations can perform which of the following
20. A ________ has a graphical list of specific, attainable type of reporting?
strategic milestones, combined with metrics that (a) Financial and regulatory reporting.
serve as benchmarks. (b) Environmental, social, and governance (ESG)
reporting or sustainability reporting.
(c) Integrated reporting. Miscellaneous

35. The process of transforming data into information
29. Which of the following statement signifies the
and making it available to the user in a timely
importance of business reporting?
manner to facilitate proper decisions is known
(a) Allows organizations to present a cohesive as_________________________.
explanation of their business.
(a) Data Analytics (b) Data Warehouse
(b) Helps them engage with internal and external
(c) Data Examinations
stakeholders, including customers, employees,
(d) Data Research
shareholders, creditors, and regulators.
36. Applying statistical techniques and determine
(c) Crucial for stakeholders to assess organizational
whether an by pothouses about a data set are true
performance and make informed decisions with

or false, is called__________________.
respect to an organization’s capacity to create and
(a) Exploratory Data Analytics
preserve value.
(b) Confirmatory Data Analytics
(c) Patter nary Data Analytics
30. Allows organizations to present a _______________
explanation of their business. (d) Systematic Data Analytics
(a) Irrational (b) Cohesive 37. Understanding the content of non-numerical data
like text, images, audio and video, themes and
(c) Incongruence (d) Incomprehensible
points of view, is known as_______________________.
XBRL (a) Quantitative Data Analytics
(b) Qualitative Data Analytics
31. XBRL allows ___________.
(c) Exploratory Data Analytics
(a) Multilingual support
(d) Confirmatory Data Analytics
(b) Strong software support
38. An Artificial Intelligence (AI) technique that uses
(c) Business rules automated algorithms to process data sets quickly
(d) All of the above that data scientists can do through conventional
32. XBRL is used by _______________. analytical modeling, is referred to as________.
(a) Government only (b) Accountants only (a) Data mining
(c) Investors only (d) All of above (b) Machine Learning
33. XBRL stands for ____________. (c) Data Research
(a) Extensible Business Reporting Language (d) Business Intelligence
(b) Environmental Business Reporting Lesson 39. Mobile Network operators examine customer data
(c) Environmental Business Reporting Language to prevent defections to business rivals, to boost
(d) Extensible Business Reporting Lesson customer relationship management efforts, etc.
34. In _____________________, the financial data is tagged This is an example of
with the most appropriate element in an accounting (a) Data Analytics
taxonomy that best represents the data in addition (b) Data Research
to tags that facilitate identification/classification. (c) Machine Learning
(a) Data discovery (b) Data mining (c) None of the above
(c) XBRL tagging (d) XBRL programming 40. XBRL allows the creation of reusable, authoritative
definitions, called
(a) Schema (b) Link Path
(c) Taxonomies (d) Name Spaces
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b d d b a c b d a d d c b a a b d d b a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c c a b c d d d d b d d a c b b b b a c
c h a p t e r
C h a p t e r
3
Amendments at a Glance D I
Information System and
Components
V E (Applicable for May 2022 Onwards)
I
Functions of Information Systems
R
T
Input Processing Output
(Business problems in the (Software, Programs, people (Solution to problems in the
form of data, information, communication, equipment) form reports, graphics calcu-
instructions, opportunities lations, voices)
O M Storage
(Memory for storing and
.
retrieving information)
O F
a. Input: Data is collected from an organization or from external environments and converted into suitable format required
for processing.
b. Processing: A process is a series of steps undertaken to achieve desired outcome or goal. Information Systems are
R
becoming more and more integrated with organizational processes, bringing more productivity and better control to
those processes.
P
c. Output: The system processes the data by applying the appropriate procedure on it and the information thus produced
is stored for future use or communicated to user.
d. Storage: The storage of data shall be done at the most detailed level possible. Regular backups should be stored in a
geographically different locations to avoid impact on both the original data storage and the backup data storage due to
any major disasters such as flooding or fires etc.
e. Feedback: Apart from these activities, information system also needs feedback that is returned to appropriate members
of the enterprises to help them to evaluate at the input stage.
Controls for Fire Exposure

i. Smoke Detectors
ww Smoke detectors should be positioned at places above and below the ceiling tiles.
ww Upon activation, these detectors should produce an audible alarm and must be linked to a monitored station (A
fire station).
ii. Norms to reduce Electric Firing

ww To reduce the risk of electric firing, the location of the computer room should be strategically planned and should
not be in the basement or ground floor of a multi-storey building.
ww Less wood and plastic material should be used in computer rooms. To reduce the risk of electric fire occurring and
spreading, wiring should be placed in the fire-resistant panels and conduit. This conduit generally lies under the
fire-resistant raised floor in the computer room.
ww Fireproof Walls, Floors and Ceilings surrounding the Computer Room and Fire-resistant office materials such
as waste baskets, curtains, desks, and cabinets should be used.
iii. Fire Extinguishers
ww Manual fire extinguishers can be placed at strategic locations.
ww Fire Alarms, Extinguishers, Sprinklers, Instructions / Fire Brigade Nos., Smoke detectors, and Carbon-dioxide based
fire extinguishers should be well placed and maintained.
iv. Fire Alarms
ww Both automatic and manual fire alarms may be placed at strategic locations and a control panel may be installed
to clearly indicate this.
ww Besides the control panel, master switches may be installed for power and automatic fire suppression system.
ww A gas-based fire suppression system is preferable, however, depending upon the situation, different fire suppression
techniques like Dry-pipe sprinkling systems, water-based systems, halon etc., may be used.
ww When a fire alarm is activated, a signal may be sent automatically to permanently manned station.
v. Regular Inspection and Raising awareness
ww Regular inspection by Fire Department Officials should be conducted.
ww The procedures to be followed during an emergency should be properly documented.
ww Fire Exits should be clearly marked, and all the staff members should know how to use the system in case of
emergency.
vi. Documented and Tested Emergency Evacuation PlansA
ww Relocation plans should emphasize human safety but should not leave information processing facilities physically
unsecured.
ww Procedures should exist for a controlled shutdown of the computer in an emergency.
Controls for Water Exposure

i. Water Detectors: These should be placed under the raised floor, near drain holes and near any unattended equipment
storage facilities.
ii. Strategically locating the computer room: To reduce the risk of flooding, the computer room should not be located in
the basement of ground floor of a multi-storey building.
iii. Some of the major ways of protecting the installation against water damage are as follows:
ww Wherever possible have waterproof ceilings, walls and floors;
ww Ensure an adequate positive drainage system exists;
ww Install alarms at strategic points within the installation;
ww In flood-prone areas, have the installation above the upper floors but not at the top floor;
ww Water proofing; and
ww Water leakage Alarms.
Systems Development Management Controls

It includes controls at controlling new system development activities. The activities discussed below deal with system
development controls in an IT setup.
a. Problem definition and Feasibility assessment
ww Information Systems can be developed to help resolve problems or to take advantage of opportunities.
ww All the stakeholders must reach to agreement on the problem and should understand the possible threats associated
with possible solutions/systems related to asset safeguarding, data integrity, system effectiveness, and system
efficiency.
Chap ter 3: I nfo r m at i o n System and Co m p o nent s 101
ww The feasibility assessment is done to obtain a commitment to change and to evaluate whether cost-effective
solutions are available to address the problem or opportunity that has been identified.
ww All solutions must be properly and formally authorized to ensure their economic justification and feasibility.
ww This requires that each new solution request to be submitted in written form by stakeholders to systems professionals
who have both the expertise and authority to evaluate and approve (or reject) the request.
b. Analysis of existing system
Designers need to analyze the existing system that involves two major tasks:
ww Studying the existing organizational history, structure, and culture to gain an understanding of the social and
task systems in place, the ways these systems are coupled, and the willingness if stakeholders to change.
ww Studying the existing product and information flows as the proposed system will be based primarily on current
product and information flows. The designers need to understand the strengths and weaknesses of existing product
to determine the new system requirements and the extent of change required.
c. Information Processing System design
This phase involves following activities:
ww Elicitation of detailed requirements: Either ask the stakeholders for their requirement in case they are aware about
it or discover the requirement through analysis and experimentation in case stakeholders are uncertain about their
need.

ww Design of data/information flow: The designers shall determine the flow of data/information and transformation
points, the frequency and timing of the data and information flows and the extent to which data and information
flows will be formalized. Tools such as DFD can be used for this purpose.
ww Design of Database and user interface: Design of database involves determining its scope and structure, whereas
the design of user interface determines the ways in which users interact with a system.
ww Physical design: This involves breaking up the logical design into units which in turn can be decomposed further
into implementation units such as programs and modules.
ww Design of the hardware/software platform: In case the hardware and software platforms are not available in the
organization, the new platforms are required to be designed to support the proposed system.
d. Hardware/Software acquisition and procedures development
ww To purchase the new application system or hardware, a request for a proposal must be prepared, vendor proposals
are sought, and final decisions is made based on evaluation.
ww During procedures development, designers specify the activities that users must undertake to support the ongoing
operation of the system and to obtain useful output.
e. Acceptance Testing and Conversion
ww Acceptance Testing is carried out to identify errors or deficiencies in the system prior to its final release into
production use.
ww The conversion phase comprises the activities undertaken to place the new system in operation.
f. Operation and Maintenance
ww The new system is run as a production system and periodically modified to better meet its objectives.
ww A formal process is required to identify and record the need for changes to a system and to authorize and control the
implementation of needed changes.
ww The maintenance activities associated with these systems need to be approved and monitored carefully.
Data Resource Management Controls

ww If data repository system is used properly, it can enhance data and application system reliability.
ww It must be controlled carefully, however, because the consequences are serious if the data definition is compromised
or destroyed.
ww Careful control should be exercised over the roles by appointing senior, trustworthy persons, separating duties to
the extent possible and maintaining and monitoring logs of the data administrator’s and database administrator’s
activities.
Data integrity is defined as maintenance, assurance, accuracy, consistency of data and the control activities that are
involved in maintaining it are as under:
a. Definition Controls: These controls are placed to ensure that the database always corresponds and comply with
itsdefinition standards.
b. Existence/Backup Controls
ww These controls ensure the existence of the database by establishing backup and recovery procedures.
ww Backup refers to making copies of the data so that these additional copies may be used to restore the original data
after a data loss.
ww Backup controls ensure the availability of system in the event of data loss due to unauthorized access, equipment
failure or physical disaster; the organization can retrieve its files and databases.
ww Various backup strategies like dual recording of data; periodic dumping of data; logging input transactions and
changes to the data may be used.
c. Access Controls: These controls are designed to prevent unauthorized individual from viewing, retrieving, computing, or
destroying the entity’sdata. User Access Controls are established through passwords, tokens and biometric controls; and
Data Encryption controls are established by keeping the data in database in encrypted form.
d. Update Controls: These controls restrict update of the database to authorized users in two ways either by permitting
only addition of data to the database or allowing users to change or delete existing data.
e. Concurrency Controls: These controls provide solutions, agreed-upon schedules, and strategies to overcome the data
integrity problems that may arise when two update processes access the same data item at the same time.
f. Quality Controls: These controls ensure the accuracy, completeness, and consistency of data maintained in the database.
This may include traditional measures such as program validation of input data and batch controls over data in transit
through the organization.
Boundary Controls
The major controls of the boundary system are the access control mechanisms that links the authentic users to the
authorized resources, they are permitted to access.
The boundary subsystem establishes the interface between the would-be user of a computer system and the computer itself.
Major Controls at the Boundary subsystem are as follows:
a. Cryptographic Controls
ww These are designed to protect the privacy of data and prevent unauthorized modification of data by scrambling
data.
ww These deal with programs for transforming data into cipher text that are meaningless to anyone, who does not possess
the authentication to access the respective system resource or file.
ww A cryptographic technique transforms (encrypts)data (known as clear text) into cryptograms (known as
ciphertext) and its strength depends on the time and cost to decipher the ciphertext by a cryptanalyst.
ww Three techniques of cryptography that are used are Transposition (permute the order of characters within a set
of data), Substitution (replace text with a key-text) and Product Ciphers (combination of transposition and
substitution).
b. Access Controls
ww These controls restrict the use of computer system resources to authorized users, limit the actions authorized users
can take with these resources and ensure that users obtain only authentic computer system resources.
ww The access control mechanism involves three steps: Identification, Authentication and Authorization.
ww User’s identification is done by user itself by providing his/her unique user id allotted to him/her or account number.
ww Authentication mechanism is used for proving the identity with the help of a password which may involve personal
characteristics like name, birth date, employee code, designation or a combination of two or more of these. Biometric
identification including thumb or finger impression, eye retina etc. and information stored in identification cards
can also be used in an authentication process.
ww Authorization refers to the set of actions allowed to a user once authentication is done successfully. Example:Read,
Write, Print, etc. permissions allowed to an individual user.
ww An access control mechanism is used to enforce an access control policy which are mainly of two types - Discretionary
Access Control and Mandatory Access Control policies (already discussed in Chapter 2).
c. Personal Identification Numbers (PIN)
ww As already discussed before, we may recall that it is a form of remembered information used to authenticate users
like verification of customers in electronic fund transfer systems.
ww PIN is like a password assigned to a user by an institution, a random number stored in its database
independent to a user identification details.
ww Several phases of the life cycle of PINs include the steps that are (a) Generation of the PIN; (b)
Issuance and delivery of PIN to users; (c) Validation of the PIN upon entry at the terminal device; (d)
Transmission of the PIN across communication lines; (e) Processingof the PIN; and (i) Termination of the PIN.
ww A PIN may be exposed to vulnerabilities at any stage of the life cycle of PIN and therefore, controls need to be put
in place and working to reduce exposures to an acceptable level.
d. Digital Signatures
ww Establishing the authenticity of persons and preventing the denial of message or contracts are critical requirements
when data is exchanged in electronic form.
ww A counterpart known as Digital Signature (a string of 0’s and 1’s) is used as an analog signature for such
e-documents.
ww Digital Signatures are not constant like analog signatures – they vary across messages and cannot be forged.
e. Plastic Cards:
ww We may recall that while PIN and Digital Signatures are used for authentication purposes, plastic cards are used
primarily for identification purpose.
ww This includes the phases namely - application for a card, preparation of the card, issue of the card, use of the card and
card return or card termination.

f. Audit Trail Controls: This maintains the chronology of events that occur when a user attempts to gain access to and
employ systems resources.
Accounting Audit Trail Operational Audit Trail
All material application-oriented events occurring within the This includes the details like resource usage from log-on to
boundary subsystem should be recorded that may include log-out time and log of resource consumption.
the data related to identity of the would-be user of system;
authentication information supplied; resources requested/
provided or denied; terminal Identifier and Start/Finish Time;
number of Sign-on attempts; & Action privileges allowed/
denied.
Communication Controls
Physical Component Controls
ww In the communications subsystem, the physical components shall have characteristics that make them reliable and
incorporate features and controls that mitigate the possible effects of exposures.
ww Major physical components that affect the reliability of communication subsystem are Transmission media,
Communication lines, Modem, Port protection devices, Multiplexers, and Concentrators etc.
Flow Controls
ww Flow controls are needed because two nodes in a network can differ in terms of the rate at which they can be sent,
receive, and process data.
ww Example: Data transmission between mainframe and microcomputers may become erroneous because of difference
in their speed and storage capacity.
ww Flow controls will be used therefore to prevent the main frame flooding the microcomputer and as a result, data
being lost.
Topological Controls
ww A communication network topology specifies the location of nodes within a network, the ways in which these
nodes will be linked, and the data transmission capabilities of the links between the nodes.
ww The network must be available for use at any one time by a given number of users that may require alternative
hardware, software, or routing of messages.
Controls over Subversive threats
ww Firstly, the physical barriers are needed to be established to the data traversing into the subsystem.
ww Secondly, in case the intruder has somehow gained access to the data, the data needs to be rendered useless when
access occurs.
Internet working Controls
ww Different internet working devices like bridge, router, gateways are used to establish connectivity between
homogeneous or heterogeneous networks.
ww Therefore, several control functions in terms of access control mechanisms, security and reliability of the networks
are required to be established.
Database Controls
These controls are used within an application software to maintain the integrity of data, to prevent integrity violations when
multiple programs have concurrent access to data, and the ways in which data privacy can be preserved within the database
subsystem.
a. Access Controls: These controls in database subsystem seek to prevent unauthorized access to and use of the data. A
security policy has to be specified followed by choosing an access control mechanism that will enforce the policy chosen.
If database is replicated, the same access control rules must be enforced by access control mechanism at each site.
b. Integrity Controls: These are required to ensure that the accuracy, completeness, and uniqueness of instances used
within the data or conceptual modeling are maintained. Integrity Constraints are established to specify the type of
relationship and consistency among rows (tuple) in relationship.
c. Application Software Controls: When application software acts as an interface to interact between the user and the
database, the DBMS depends on application software to pass across a correct sequence of commands and
update parameters so that appropriate actions can be taken when certain types of exception condition
arise. This is achieved through Update Controls that ensure that changes to the database reflect changes
to the real-world entities and associations between entities that data in the database is supposed to
represent and Report Controls that identify errors or irregularities that may have occurred when the
database has been updated.
d. Concurrency Controls: These are required to address the situation that arises either due to simultaneous access to the
same database or due to deadlock.
e. Cryptographic Controls: These controls can be well used for protecting the integrity of data stored in the database using
block encryption.
f. File Handling Controls: These controls are used to prevent accidental destruction of data contained on a storage
medium. These are exercised by hardware, software, and the operators or users who load/unload storage media.
g. Audit Trail Controls:
This includes the data items to confirm whether an application properly accepts, processes, and This maintains a chronology of
stores information, to attach a unique time stamp to all transactions, to attach before-imag- resource consumption events
es and after-images of the data item on which a transaction is applied to the audit trail, any that affects the database defini-
modifications or corrections to audit trail transactions accommodating the changes that occur tion or the database.
within an application system, and to not only test the stated input, calculation, and output rules
for data integrity; but also should assess the efficacy of the rules themselves.
These controls ensure that the data delivered to users will be presented, formatted, and delivered in a consistent and secured
manner. Output can be in any form, it can either be a printed data report or a database file in a removable media.
a. Inference Controls: These are used to prevent compromise of statistical databases from which users can obtain only
aggregate statistics rather than the values of individual data items. These are restriction controls which limit the set of
responses provided to users to try to protect the confidentiality of data about persons in the database.
b. Batch Output Production and Distribution Controls: Batch output in the form of tables, graphs or images etc. is produced
at some operations facility and distributed to users of the output.
This includes several controls like
ww Report program execution Controls to ensure that only authorized users are permitted to execute batch report
programs and these events are logged and monitored;
ww Spooling file Controls so that the user(s) can continue working while a queue of documents waiting to be printed on
a particular printer to ensure that the waiting files to get printed shall not be subject to unauthorized modifications;
ww Printing Controls to ensure that output is made on the correct printer, and unauthorized disclosure of printed
information does not take place;
ww Report collection Controls to ensure that report is collected immediately and secured to avoid unauthorized
disclosure and data leakage;
ww User/Client service Review Controls to ensure user should obtain higher quality output and detection of errors or
irregularities in output;
ww Report distribution Controls ensuring that the time gap between generation and distribution of reports is reduced,
and a log is maintained for reports that were generated and to whom these were distributed;
ww User output Controls to be in place to ensure that users review output on a timely basis;
ww Storage Controls to ensure proper perseverance of output in an ideal environment, secured storage of output and
appropriate inventory controls over the stored output and Retention and
ww Destruction Controls in terms of deciding the time duration for which the output shall be retained and then
destroyed when not required.
c. Batch Report Design Controls: Batch report design features should comply with the control procedures laid down for
them during the output process. The information incorporated in a well-designed batch reportshall facilitate its flow
though the output process and execution of controls.
d. Online output production and Distribution Controls: It deals with the controls to be considered at various phases
like establishing the output at the source, distributing, communicating, receiving, viewing, retaining and destructing the
output.
ww Source controls ensure that output which can be generated or accessed online is authorized, complete and timely;
ww Distribution Controls to prevent unauthorized copying of online output when it was distributed to a terminal;
ww Communication Controls to reduce exposures from attacks during transmission;

ww Receipt Controls to evaluate whether the output should be accepted or rejected;
ww Review Controls to ensure timely action of intended recipients on the output;
ww Disposition Controls to educate employees the actions that can be taken on the online output they receive; and
ww Retention Controls to evaluate for how long the output is to be retained and Deletion Controls to delete the output
once expired.
e. Audit Trail Controls:
This includes what output was assimilated for This maintains the record of resources consumed by components in the output
presentation to the users; what output was subsystem to assimilate, produce, distribute, use, store and dispose of various
then presented to the users; who received types of output like graphs, images etc., to record data that enables print times,
the output; when the output was received; response times and display rates for output to be determined and to manage the
and what actions were subsequently taken information that enables the organization to improve the time lines of output
with the output. production and reduce the number of resources consumed in producing output.
Auditing Data Resource Management Controls

ww Auditors should determine what controls are exercised to maintain data integrity.
ww They might also interview database users to determine their level of awareness of these controls.
ww Auditors might employ test data to evaluate whether access controls and update controls are working.
ww Auditors might interview the Data Administrator (DA) and Database Administrator (DBA) to determine the
procedures used by them to monitor the database environment.
ww Auditors need to assess how well the DA and DBA carry out the functions of database definition, creation,
redefinition, and retirement.
Auditing Security Management Controls

ww Auditors must evaluate whether security administrators are conducting ongoing, high-quality security reviews
or not;
ww Auditors need to evaluate the performance of BCP controls. The BCP controls are related to having an operational
and tested IT continuity plan, which is in line with the overall business continuity plan and its related business
requirements to make sure IT services are available as required and to ensure a minimum impact on business in the
event of a major disruption.
ww Auditors check whether the organizations audited have appropriate, high-quality disaster recovery plan in place
or not; and
ww Auditors check whether the organizations have opted for an appropriate insurance plan or not.
Auditing The Application Control Framework

In case the external auditors have evaluated the reliability of management controls, the next step is to determine the
adequacy of application controls.
Auditing Boundary Controls

ww Auditors need to determine how well the safeguard assets are used and preserve data integrity.
ww For any application system in particular, auditors need to determine whether the access control mechanism
implemented in that system is sufficient or not.
ww Auditors need to ensure that careful control must be exercised over maintenance activities, in case of hardware
failure.
ww Auditors need to address three aspects to assess cryptographic key management -
§§How keys will be generated?
§§How they will be distributed to users?
§§How they will be installed in cryptographic facilities?
ww Auditors need to understand which approach has been used to implement access control so that they can predict the
likely problems they will encounter in the application systems they are evaluating.
Auditing Input Controls

ww Auditors must understand the fundamentals of good source document design so as to analyze what and how the
data will be captured and by whom, how the data will be prepared and entered into the computer systems and
how the document will be handled, stored and filed.
ww Auditors must be able to examine the data-entry screens used in an application system and to come to judgement
on the frequency with which input errors are likely to be made and the extent to which the screen design enhances
or undermines effectiveness and efficiency.
ww Auditors must evaluate the quality of the coding systems used in application system to determine their likely impact
in the data integrity, effectiveness, and efficiency objectives.
ww Auditors need to comprehend various approaches used to enter data into an application system and their relative
strengths and weaknesses.
ww Auditors need to check whether input files are stored securely and backup copies of it are maintained at an off site
location so that recovery remains unaffected in case system’s master files are destroyed or corrupted.
Auditing Communication Controls

ww Auditors shall adopt a structured approach to examine and evaluate various controls in the communication
subsystem.
ww Auditors need to collect enough evidence to establish a level of assurance that data transmission between two
nodes in a wide area network is being accurate and complete.
ww Auditors need to look whether adequate network backup and recovery controls are practiced regularly or not.
These controls may include automatic line speed adjustments by modems based on different noise-levels, choice
of network topology, alternative routes between sender and receiver etc., to strengthen network reliability.
ww Auditors must assess the implementation of encryption controls to ensure the protection of privacy of sensitive
data.
ww Auditors must assess the topological controls to review the logical arrangement of various nodes and their
connectivity using various internet working devices in a network.
Auditing Processing Controls

ww Auditors should determine whether user processes are able to control unauthorized activities like gaining access
to sensitive data.
ww Auditors should evaluate whether the common programming errors that can result in incomplete or inaccurate
processing of data has been taken care or not.
ww Auditors should assess the performance of validation controls to check for any data processing errors.
ww Auditors need to check for the checkpoint and restart controls that enable the system to recover itself from the
point of failure. The restart facilities need to be implemented well so that restart of the program is from the point the
processing has been accurate and complete rather than from the scratch.
Auditing Database Controls

ww Auditors should check for the mechanism if a damaged or destroyed database can be restored in an authentic,
accurate, complete, and timely way.
ww Auditors should comprehend backup and recovery strategies for restoration of damaged or destroyed database
in the event of failure that could be because of application program error, system software error, hardware failure,
procedural error, and environmental failure.

ww Auditors shall evaluate whether the privacy of data is protected during all backup and recovery activities.
ww Auditors should check for proper documentation and implementation of the decisions made on the maintenance
of the private and public keys used under cryptographic controls.
ww Auditors should address their concerns regarding the maintenance of data integrity and the ways in which files
must be processed to prevent integrity violations.
Auditing Output Controls

ww Auditors should determine what report programs are sensitive, who all are authorized to access them and that only
the authorized persons are able to execute them.
ww Auditors should review that the action privileges that are assigned to authorized users are appropriate to their
job requirement or not.
ww Auditors must evaluate how well the client organizations are provided controls in terms of alteration of the content
of printer file, number of printed copies etc.
ww Auditors should determine whether the report collection, distribution and printing controls are well executed in
an organization or not.

CA In 2017, XYZ Systems had shifted to the SQL Server Relational Database Management System from
the previously used IBM Information Management System which used a hierarchical database model
SE
to create a well-organized database to store organizational data.

On acquiring a good number of global clients and keeping in view the increased number, complexity
S TU D Y
of the overseas transactions and the management’s need for periodic performance analysis; XYZ
Systems planned to leverage the benefit of data warehouse whereas the research team suggested
the implementation of Big data. However, XYZ Systems did not implement suitable security controls
and hence recently faced data security breach which led to the unauthorized manipulation of certain
confidential data. This resulted in XYZ Systems paying a substantial amount as compensation and loss
of a major client.
Consequently, XYZ Systems has now implemented varied controls starting from strict password
management to high level access controls and monitoring mechanism ensuring that there are no further
data security issues. In this context, let’s analyze and answer the following questions:
A. The XYZ Systems initially used IBM Information Management system which used a hierarchical
database model. Which type of relationship is not supported by such database model?
i. One-to-One
ii. Many-to-One
iii. One-to-Many
iv. None of the above
B. The XYZ Systems recently shifted to the SQL Server DBMS from the IBM Information Management
system that it previously used. Under which aspect, the SQL Server differs from IBM Information
Management System?
i. One-to-one relationship
ii. One-to-many relationship
iii. Relational Database structure
C. Which among the following is not an advantage of the SQL Server DBMS?
i. Data Sharing
ii. Data Redundancy
iii. Program and File consistency
D. To ensure that the communication between their private network and public network is secured,
one of the step taken by XYZ Systems are to install firewall. The installation of firewall is
__________type of control.
i. Preventive
ii. Corrective
iii. Detective
E. XYZ Systems made its access privileges more stringent so as to prevent unauthorized users
gaining entry into secured area and also minimum entry granted to users based on their job
requirements. Which of the following Logical Access control covers this aspect?
i. Operating System Access Control
ii. Network Access Controls
iii. User Access Management
iv. Application and Monitoring System control
F. Based on the risk assessment by the audit team, the management of XYZ Systems decided to
specify the exact path of the internet access by routing the internet access by the employees
through a firewall and proxy. This is referred to as_______.
i. Encryption
ii. Enforced Path
iii. Call Back Devices
iv. None of these
Solution
Question No. Answer
A (ii) Many-to-One
B (iii) Relational Database structure
C (ii) Data Redundancy
D (i) Preventive

E (iii) User Access Management
F (ii) Enforced Path

CA Bianc Computing Ltd. has implemented a set of controls including those with respect to security, quality
assurance and boundary controls to ensure that the development, implementation, operation and
SE
maintenance of information systems takes place in a planned and controlled manner. It has also
ensured that logs are designed to record activity at the system, application, and user level.
S TU D Y
Along with the implementation of controls and maintenance of logs, it has approached a leading firm
of IS auditors to conduct a comprehensive audit of its controls. Within the organization also, it has
opened new job roles and has hired people with the required skill sets for the same. In this context,
answer the following.
A. The team of network engineers of Bianc Computing Ltd. recommended certain controls to be
implemented in the organization to bridge the rate of data reception and transmission between
two nodes. Which types of controls are being referred to here?
i. Link Controls ii. Flow Controls
iii. Channel Access Controls iv. Line Error Controls
B. A process is used to ensure that the user can continue working, while the print operation is
getting completed. This is known as ___________.
i. Logging
ii. Spooling
iii. Spoofing
iv. Print-Run-to Run Control Totals
C. Bianc Computing Ltd. has also opened up new job roles and has hired persons with the required
skill sets for the same as given below.
Job Role Person Responsible
1. Developing logical and physical designs of data models (a) Operations Manager
2. Providing front line user support services (b) Security Analyst
3. Staffing of resources for upcoming projects. (c) Database Architect
4. Examining logs from firewalls, and providing security advisories (d) Help Desk Analyst
5. Performing maintenance and configuration operations on sys- (e) Systems Analyst
tems.
6. Build and maintain network devices such as routers, switches etc. (f ) System Administrator
7. Developing technical requirements, program design, and soft- (g) Network engineer
ware test plans
Identify the right match to the job roles assigned and the responsible persons for the job role.
i. 1(c), 2(d), 3(a), 4(b), 5(f), 6(g), 7(e)
ii. 1(d), 2(b), 3(c), 4(g), 5(f), 6(a), 7(e)
iii. 1(e), 2(b), 3(c), 4(g), 5(a), 6(f), 7(d)
iv. 1(g), 2(f), 3(e), 4(d), 5(c), 6(b), 7(a)
Solution
Question No. Answer
A (ii) Flow Controls
B (ii) Spooling
C (i) 1(c), 2(d), 3(a), 4(b), 5(f ), 6(g), 7(e)

CA Manoramdeep Advertisements (India) Ltd. is one of the largest advertisement and marketing co. in
India. It owns one of the most popular web portals www.ads2nukkad.com which has more than 10
SE
crores members and subscribers. Now, it is integrating thousands of small advertisers and AD agencies
from across the country as their AD service partners, sellers and resellers on its portal. It provides
S TU D Y
‘Dashboards’ to each of its partners, sellers and resellers (advertisers and AD agencies), so that they
can upload their multimedia contents and offer their products to the larger population through www.
ads2nukkad.com. They can upload their data through the ‘Dashboards’ on www.ads2nukkad.com.
Manoramdeep Advertisements (India) Ltd. appoints you as a BPA consultant.
Required:
i. Suggest the company a suitable Database Model, that caters to the data upload requirements
of multimedia content through the ‘Dashboards’ on www.ads2nukkad.com.
ii. Define the suggested Database Model and explain the manner in which it is executed, with a
real-life example.

Question 1: ABC Ltd., an automobile manufacturer intends to establish its new manufacturing unit plant at Bhuj, Gujarat.
Out of many controls that need to be in place, the management has little more focus on successful implementation of
Environmental controls as the Bhuj area is earthquake prone. Mr. Nanda, the auditor of ABC Ltd. conducted various physical
inspections of the building at Bhuj to determine the implementation of environmental controls in the said manufacturing unit.
Briefly explain his role and the activities he shall conduct to audit the Environmental Controls. (RTP December 2021)
Answers: Role of Auditor in Auditing Environmental Controls: Audit of environmental controls should form a critical part of
every IS audit plan. The IS auditor should satisfy not only the effectiveness of various technical controls but also the overall
controls safeguarding the business against environmental risks. Audit of environmental controls requires the IS auditor to
conduct physical inspections and observe practices. Auditing environmental controls requires knowledge of building
mechanical and electrical systems as well as fire codes. The IS auditor needs to be able to determine if such controls are
effective and if they are cost-effective.
Auditors shall conduct following activities in auditing Environmental controls:
1. Power conditioning: The IS auditor should determine how frequently power conditioning equipment, such as UPS,
line conditioners, surge protectors, or motor generators, are used, inspected and maintained and if this is performed by
qualified personnel.
2. Backup power: The IS auditor should determine if backup power is available via electric generators or UPS and how
frequently they are tested. S/he should examine maintenance records to see how frequently these components are
maintained and if this is done by qualified personnel.
3. Heating, Ventilation, and Air Conditioning (HVAC): The IS auditor should determine if HVAC systems are providing
adequate temperature and humidity levels, and if they are monitored. Also, the auditor should determine if HVAC systems
are properly maintained and if qualified persons do this.
4. Water detection: The IS auditor should determine if any water detectors are used in rooms where computers are used.
He or she should determine how frequently these are tested and if there are monitored.
5. Fire detection and suppression: The IS auditor should determine if fire detection equipment is adequate, if staff
members understand their function, and i f they are tested. S/he should determine how frequently fire suppression
systems are inspected and tested, and if the organization has emergency evacuation plans and conducts fire drills.
6. Cleanliness: The IS auditor should examine data centers to see how clean they are. IT equipment air filters and the
inside of some IT components should be examined to see if there is an accumulation of dust and dirt.
Question 2: The processing subsystem of any application software is responsible for computing, sorting, classifying, and
summarizing the data. The processor controls of the application software are responsible to reduce the expected losses from
errors and irregularities associated with Central processors. Discus these controls. (RTP December 2021)
Answers:
The processor controls of any application software are as follows:

1. Error Detection and Correction: Occasionally, processors might malfunction because of design errors, manufacturing
defects, damage, fatigue, electromagnetic interference, and ionizing radiation. The failure might be transient (that
disappears after a short period), intermittent (that reoccurs periodically), or permanent (that does not correct with time).
For the transient and intermittent errors; re-tries and re-execution might be successful, whereas for permanent errors,
the processor must halt and report error.
2. Multiple Execution States: It is important to determine the number of and nature of the execution states enforced by the
processor. This helps auditors to determine which user processes will be able to carry out unauthorized activities, such as
gaining access to sensitive data maintained in memory regions assigned to the operating system or other user processes.
3. Timing Controls: An operating system might get stuck in an infinite loop. In the absence of any control, the program will
retain use of processor and prevent other programs from undertaking their work.
4. Component Replication: In some cases, processor failure can result in significant losses. Redundant processors allow
errors to be detected and corrected. If processor failure is permanent in multicomputer or multiprocessor architectures,
the system might reconfigure itself to isolate the failed processor.
Question 3: Information systems have set high hopes to companies for their growth as it reduces processing speed and
helps in cutting cost. Being an auditor of ABC manufacturing company, discuss the key areas that should pay attention to while
evaluating Managerial controls by top management. (January 2021)
Answer:
The key areas that auditors should pay attention to while evaluating Managerial controls are as follows:
1. Planning: Auditors need to evaluate whether top management has formulated a highquality information system’s plan
that is appropriate to the needs of an organization or not. A poor-quality information system is ineffective and inefficient
leading to losing of its competitive position within the marketplace.
2. Organizing: Auditors should be concerned about how well top management acquires and manages staff resources.
3. Leading: Generally, the auditors examine variables that often indicate when motivation problems exist or suggest poor
leadership – for example, staff turnover statistics, frequent failure of projects to meet their budget and absenteeism level
to evaluate the leading function. Auditors may use both formal and informal sources of evidence to evaluate how well
top managers communicate with their staff.
4. Controlling: Auditors should focus on subset of the control activities that should be performed by top management
– namely, those aimed at ensuring that the information systems function accomplishes its objectives at a global level.
Auditors must evaluate whether top management’s choice to the means of control over the users of IS services is likely to
be effective or not.
Question 4: Briefly explain any two output controls. (July 2021)

Answer:
Question 5: Data Warehouse extracts data from one or more of the organization’s databases and loads it into another
database for storage and analysis purpose. As a Data Warehouse Manager, determine the design criteria, which should be met
while designing Date Warehouse. (May-2018, 6 Marks)
Hint:
The Data Warehouse extracts data from one or more of the organization’s databases and loads it into another database for
storage and analysis purpose. A data warehouse should be designed so that it meets the following criteria:
◘◘ It uses non-operational data ◘◘ The data is time-variant ◘◘ The data is standardized
There are two approaches to follow when designing a data warehouse:
◘◘ The Bottom-Up Approach ◘◘ The Top-Down Approach
Question 6: Explain, briefly the objectives of Information System’s Auditing. (May-2018, 4 Marks)
Hint:
The major objectives of Information System’s (IS) Auditing are as follows:
◘◘ Asset Safeguarding ◘◘ System Effectiveness
◘◘ Data Integrity ◘◘ System Efficiency

Question 7: Explain various types of Data Coding Errors. (May-2018, 2 Marks)
Data Coding Control
◘◘ Transcription Errors ◘◘ Transposition Errors
Question 8: Explain the term ‘Cryptography’. (Nov-2018, 2 Marks)
Question 9: Data that is waiting to be transmitted are liable to unauthorized access called ‘Asynchronous Attack’. Explain
various types of Asynchronous attacks on data. (Nov-2018, 4 Marks)
Question 10: An operating system allows users and their applications to share and access common computer resources
and execute a variety of activities. Hence, protecting operating system access is extremely crucial. Identify various steps through
which protection of operating system access can be achieved. (Nov-2018, 8 Marks)
Hint:
◘◘ Automated Terminal ID ◘◘ Access Control List ◘◘ User of System Utilities
◘◘ Terminal Login procedure ◘◘ User ID ◘◘ Duress Alarm
◘◘ Access Token ◘◘ Pw. Mgt. System ◘◘ Terminal time-out
Question 11: Company XYZ is implementing the software using the program development life cycle methodology and
applying control phases in parallel to the development phases to monitor the progress against plan. Being an IT developer,
design the various phases and their controls for program development life cycle. (May-2019, 6 Marks)
Hint:
◘◘ Planning ◘◘ Coding ◘◘ Maintenance
◘◘ Analysis ◘◘ Testing
◘◘ Design ◘◘ Implementation
Question 12: General controls are pervasive controls and apply to all system components, processes and data for a given
enterprise or systems environment. As an IT consultant, discuss some of the controls covered under general controls which
you would like to ensure for a given enterprise. (May-2019, 6 Marks)
Hint:
ww Information Security Policy
ww Administration, Access and Authentication
ww Separation of key IT functions
ww Management of Systems Acquisition and Implementation
ww Backup, Recovery and Business Continuity
ww Proper Development and Implementation of Application Software

ww Confidentiality, Integrity and Availability of Software and data files
ww Incident response and management
Question 13: Discuss the key activities, which require special attention for auditing the user access provisioning.
(May-2019, 4 Marks)
Hint:
ww Access request processes ww Segregation of Duties
ww Access approvals ww Access reviews
ww New employee provisioning
Question 14: An Internet connection exposes an organization to the harmful elements of the outside world. As a network
administrator, which Network Access control will you implement in the organization to protect from such harmful elements?
(Nov-2019, 6 Marks)
Hint:
ww Network Policy ww Security
ww Enforced Path ww Firewall

ww SON ww Encryption
ww Routing Control ww Call Back Devices
Question 15: Physical security mechanisms in an organization provides protection to people, data, equipment, systems,
facilities and company assets. Determine some major ways of protecting the organization’s computer installation in the event
of any explosion or fire. (RTP May-2018)
Hint: Fire Damage is one of the major threats to the physical security of a computer installation. Some of the major ways of
protecting the installation against fire damage are as follows:
ww Both automatic and manual fire alarms may be placed at strategic locations and a control panel may be installed
to clearly indicate this.
ww Besides the control panel, master switches may be installed for power and automatic fire suppression system.
ww Different fire suppression techniques like Dry- pipe sprinkling systems, water-based systems, halon etc.,
depending upon the situation may be used.
ww Manual fire extinguishers can be placed at strategic locations.
ww Fireproof Walls: Floors and Ceilings surrounding the Computer Room and Fire-Resistant Office Materials such as
wastebaskets, curtains, desks, and cabinets should be used.
ww Fire exits should be clearly marked. When a fire alarm is activated, a signal may be sent automatically to permanently
manned station.
ww All staff members should know how to use the system. The procedures to be followed during an emergency should be
properly documented are Fire Alarms, Extinguishers, Sprinklers, Instructions / Fire Brigade Nos., Smoke detectors,
and Carbon dioxide-based fire extinguishers.
ww Less wood and plastic should be in computer rooms.
ww Use a gas-based fire suppression system.
ww To reduce the risk of firing, the location of the computer room should be strategically planned and should not be in
the basement or ground floor of a multi- story building.
ww Regular Inspection by Fire Department should be conducted.
ww Fire suppression systems should be supplemented and not replaced by smoke detectors.
ww Documented and Tested Emergency Evacuation Plans
ww Smoke Detectors
ww Wiring Placed in Electrical Panels and Conduit
Question 16:
a. As an Information Systems (IS) Auditor, you need to keep yourself up to date with the latest Audit tools, techniques and
methodology to meet the demands of the job. Discuss about various Audit Tools that you should be aware about.
b. Discuss the advantages of continuous Audit Techniques. (RTP May-2018)
Hint:
a. As an Information Systems (IS) Auditor, various Audit Tools that can be used to perform IS Auditing are as follows:
i. Snapshots
ii. Integrated Test Facility (ITF)
iii. System Control Audit Review File (SCARF)
iv. Continuous and Intermittent Simulation (CIS)
v. Audit Hooks
b. Some of the advantages of continuous audit techniques are as under:
ww Timely, Comprehensive and Detailed Auditing
ww Surprise test capability
ww Information to system staff on meeting of objectives
ww Training for new users
Question 17: Recognize the activities that deal with the System Development Controls in an IT Setup. (RTP Nov-2018)
Hint: The activities that deal with system development controls in IT setup are as follows:
i. System Authorization Activities
ii. User Specification Activities

iii. Technical Design Activities
iv. Internal Auditor’s Participation
v. Program Testing
vi. User Test and Acceptance Procedures
Question 18: Determine the controls that are classified based on the time when they act, relative to a security incident.
(RTP Nov-2018)
Hint: The controls per the time that they act, relative to a security incident can be classified as under:
ww Preventive Controls
ww Detective Controls
ww Corrective Controls
Question 19: In Information Systems, identify the type of Managerial controls that are responsible for the daily running of
software and hardware facilities. Prepare a detailed note on these controls. (RTP May-2019)
Hint: Under the Managerial Controls, Operations Management Controls are responsible for the daily running of hardware and
software facilities. Operations management typically performs controls over the functions as below:
i. Computer Operations
ww Operation Controls: These controls prescribe the functions that either human operators or automated operations
facilities must perform.
ww Scheduling Controls: These controls prescribe how jobs are to be scheduled on a hardware/software platform.
ww Maintenance Controls: These controls prescribe how hardware is to be maintained in good operating order.
ii. Network Operations vi. Documentation and Program Library
iii. Data Preparation and Entry vii. Help Desk/Technical support
iv. Production Control viii. Capacity Planning and Performance Monitoring
v. File Library ix. Management of Outsourced Operations
Question 20: Many organizations now recognize that data is a critical resource that must be managed properly and
therefore, accordingly, centralized planning and control are implemented. Identify the various control activities involved in
maintaining the integrity of the database. (RTP Nov-2019)
Hint: Many organizations now recognize that data is a critical resource that must be managed properly and therefore,
accordingly, centralized planning and control are implemented. For data to be managed better; users must be able to share
data, data must be available to users when it is needed, in the location where it is needed, and in the form in which it is needed.
Careful control should be exercised over the roles by appointing senior, trustworthy persons, separating duties to the extent
possible and maintaining and monitoring logs of the data administrator’s and database administrator’s activities.
The control activities involved in maintaining the integrity of the database is as under:
i. Definition Controls iv. Update Controls

ii. Existence/Backup Controls v. Concurrency Controls
iii. Access Controls vi. Quality Controls
Question 21: An Internet connection exposes an organization to the harmful elements of the outside world. Prepare a list
of various Network Access Controls by means of which the protection can be achieved against these harmful elements.
(RTP Nov-2019)
Hint:
ww Policy on use of network services ww Security of network services
ww Enforced path ww Firewall
ww Segregation of networks ww Encryption
ww Network connection and routing control ww Call Back Devices
Question 22: Mr. A is a System Administrator of the company who must ensure the protection of Operating System used in
information system of the company. How can this purpose be achieved? (RTP May-2020)
Hint: Operating System protection can be achieved using following steps.
ww Automated terminal identification ww Password management system

ww Terminal log-in procedures ww Use of system utilities
ww Access Token ww Duress alarm to safeguard users
ww Access Control List ww Terminal time out
ww Discretionary Access Control ww Limitation of connection time
ww User identification and authentication
Question 23: Database Management System (DBMS) provides the facility to create and maintain a well-organized database for
any enterprise. Describe the various advantages of Database Management System used in an organization. (RTP May-2020)
Hint:
ww Permitting Data Sharing ww User-friendly
ww Minimizing Data Redundancy ww Improved security
ww Integrity can be maintained ww Achieving program/data independence
ww Program and File consistency ww Faster Application Development
Question 24: Discuss briefly the components of Information Systems. (Study Material)
Question 25: What do you understand by the term ’Operating System’? Discuss various operations performed by the
Operating System. (Study Material)
Question 26: Discuss about prominent Database Models. (Study Material)
Question 27: Discuss advantages and disadvantages of Database Management Systems.

(Study Material)
Question 28: What do you understand by Boundary Controls? Explain major Boundary Control techniques in brief.
(Study Material)
Question 29: Briefly explain major update and report controls regarding Database Controls in brief.
(Study Material)
Question 30: What do you mean by Corrective Controls? Explain with the help of examples. Also, discuss their broad
characteristics in brief. (Study Material)
Question 31: What do you mean by Preventive Controls? Explain with the help of examples. Also, discuss their broad
characteristics in brief. (Study Material)
Question 32: Write short notes on the following: (Study Material)

ww Snapshots
ww Audit Hooks
Question 33: “Virtual Memory is in fact not a separate device, but an imaginary memory area supported by some operating
systems (for example, Windows) in conjunction with the hardware”. Explain what virtual memory is and what is its importance
in memory management? (Study Material)
Question 34: Data warehouse and Data Mining are the order of the day for better management of information and quicker
and effective decision-making in organizations. Critically evaluate.
(Study Material)
Question 35: What is the difference between data and information? (May 2017)
Question 36: What is a Central Processing Unit (CPU)? What are the three functional units of a Central Processing Unit
(CPU)?
Question 37: What is the difference between RAM and ROM?

Question 38: What is the difference between Processor Registers and Cache Memory?
Question 39: What is the difference between Primary Memory and Secondary Memory?
Question 40: Application software has been created to perform a specific task for a user. Explain different types of
application software and give examples. [Nov - 2015]
Question 41: MySQL and Oracle are they leading examples of database management systems. What is Database
management system? Explain.
Question 42: A DBMS is very important for every enterprise. State its objectives and operations that could be done on the
files.
Question 43: Eesha Ltd. follows a Hierarchical Database Structure Model. What is Hierarchical Database Structure Model?
Also explain its features.
Question 44: Vishal Ltd. followed a Hierarchical Database Structure Model, now it wishes to follow Network Database
Structure Model. State how a Hierarchical Database Structure Model is different from Network Database Structure Model.
Question 45: Analytica Ltd. followed Big Data analytics to find insights that help organizations make better business
decisions. In your opinion, what are the benefits of Big Data processing for Analytica Ltd.
Question 46: ‘Today, organizations have begun to utilize databases as the center piece of their operations; the need to
fully understand and leverage the data they are collecting has become more and more apparent.” Explain the benefit of data
warehouse.
Question 47: Data Warehouse extracts data from one or more of the organization’s databases and loads it into another
database for storage and analysis purpose. As a Data Warehouse Manager, determine the design criteria, which should be met
while designing Data Warehouse.
Question 48: What can be the critical controls lacking in a computerized environment?
Question 49: Physical security mechanisms in an organization provide protection to people, data, equipment, systems,
facilities and company assets. Determine some major ways of protecting the organization’s computer installation in the even
to any explosion or fire.
Question 50: In OTC Media Pvt. Ltd., big data in a data warehouse are analyzed to reveal hidden patterns and trends in
historical business activity. OTC Media Pvt. Ltd. uses this analysis to help managers make decisions about strategic changes
in business operations to gain competitive advantages in the marketplace. List out the steps involved in the above analysis
process.
Question 51: Technical exposures are the unauthorized modification or change of data or resource. What are the different
types of technical exposures?
Question 52: Operating System security involves policy, procedure and controls that determine, ‘who can access the
operating system,’ ‘which resources they can access’, and ‘what action they can take’. As an Information Systems auditor,
determine the key areas which shall be put in place by any organization.
Question 53: Program development and implementation is a major phase within the systems development life cycle. What
are the phases of a system development life cycle?
Question 54: Recognize the major reasons for the emergence of Quality assurance in many organizations nowadays?
Question 55: Om Trivedi, a chartered accountant was appointed as the information system’s auditor of Eesha Enterprises.
What is an information system (IS) audit? Explain. Also, explain the objectives of an IS audit.
Question 56: An information system (IS) audit or information technology (IT) audit is an examination of the controls
within an entity’s Information technology infrastructure. What is the need of information system (IS) audit? Explain.
Question 57: What is an audit trail? What are its types and objective?
Question 58: What do you mean by continuous audit? Discuss the advantages of continuous Audit Techniques.
Hint: Some of the advantages of continuous audit techniques are as under:
i. Timely, Comprehensive and Detailed Auditing: Evidence would be available more timely and in a comprehensive

manner. The entire processing can be evaluated and analyzed rather than examining the inputs and the out puts only.
ii. Surprise test capability: As evidences are collected from the system itself by using continuous audit techniques, auditors
can gather evidence without the systems staff and application system users being aware that evidence is being collected
at that particular moment. This brings in the surprise test advantages.
iii. Information to system staff on meeting of objectives: Continuous audit techniques provides information to systems
staff regarding the test vehicle to be used in evaluating whether an application system meets the objectives of asset
safeguarding, data integrity, effectiveness, and efficiency.
iv. Training for new users: Using the Integrated Test Facilities (ITF)s, new users can submit data to the application system,
and obtain feedback on any mistakes they make via the system’s error reports.
Question 59: What do you mean by managerial controls and their audit trail? Explain.
Question 60: What do you mean by application controls and their audit trail? Explain.
Question 61: What do you mean by segregation of duties? Explain with Examples of SOD Controls.

Unit I- Information Systems and Its Components
INFORMATION SYSTEM CONCEPTS (c) Process (d) System
9. __________________ is a guide consisting of orderly
1. ______________ is a collection of facts.
steps, which need to be followed and implemented
(a) Data (b) Knowledge in order to get a certain decision on a certain matter.
(c) Experience (d) Information (a) Data (b) Process
2. ______________ is the lowest level of abstraction from (c) Information (d) System
which __________ and _______________ are derived.
10. Process explains the activities carried out by
(a) Information; data; knowledge ______________________.

(b) Knowledge; Data; information (a) Users (b) Managers
(c) Data; information; Experience (c) Staff (d) All of the above
(d) Data; information; knowledge
11. The ________________ can be defined as “a group of
3. _______________ is data that have been processed so mutually related, cooperating elements working
that they are meaningful. towards reaching a common goal by taking inputs
(a) Knowledge (b) Experience and producing outputs in organized transformation
(c) Information (d) Wisdom processes.”
4. Information systems change data into _____________, (a) Data (b) System
which is useful and capable of giving a certain (c) Process (d) Information
meaning to its users. 12. System is defined as _______________.
(a) Knowledge (a) A group of mutually related elements
(b) Information (b) A group of mutually cooperating elements
(c) Experience (c) Elements working towards reaching a common
(d) Wisdom goal by taking inputs and producing outputs in
5. While ______________ is raw facts and figures, organized transformation processes.
_____________ is facts or figures ready for (d) All of the above
communication or use. 13. In systems, __________ are used as the input for a
(a) Information; wisdom _____________ that creates _________________ as an
(b) wisdom; information output.
(c) Data; wisdom (a) Data, process, information
(d) Data; information (b) Process, data, information
6. ______________ is data that has been selected and (c) Information, data, process
organized into meaningful patterns, and recorded (d) Data, experience , knowledge
by the human intellect. 14. To monitor the performance of the system, some
(a) Information (b) Wisdom kind of ________________ mechanism is required.
(c) Knowledge (d) Experience (a) Directing (b) Planning
7. _________________ is unorganised. (c) Feedback (d) Staffing
(a) Information (b) Process 15. _________________ must be exerted to correct any
(c) System (d) Data problems that occur and ensure that the system is
fulfilling its purpose.
8. _____________________ explains the activities carried
by users, managers and staff. (a) Feedback (b) Control
(a) Data (b) Information (c) Planning (d) Leadership
COMPONENTS OF INFORMATION SYSTEMS (c) Are all of which are physical objects that can be
touched
16. Which of the following is not a component of (d) All of the above
Information Systems?
23. ____________________ are a necessity in order to
(a) People ensure that data is entered into a computer to be
(b) Data processed and the results given out.
(c) Transaction Processing System (a) Input Devices (b) Output devices
(d) Network (c) Neither a nor b (d) Both a and b
17. Which of the following is a people resource of 24. Which of the following is a hardware unit?
Information Systems (IS)? (a) Graphic cards (b) Sound cards
(a) Operating system program (c) Motherboard (d) All of the above
(b) System analyst and developers 25. Which of the following is an output device?
(c) Customer records (a) Light pen
(b) Visual Display Unit (VDU)
(d) Communication media
(c) Optical scanner
18. Which of the following is an information product of

(d) Mouse
Information Systems (IS)?
26. Which of the following is a peripheral device?
(a) Management reports
(a) Light pen
(b) Spreadsheet programs (b) Visual Display Unit (VDU)
(c) System analysts (c) Optical scanner
(d) Optical disk (d) All of the above
19. Information Systems (IS) can perform which of the 27. Which of the following is an on-Line data entry
following purpose for a business enterprise? device?
(a) Support of business processes and operations. (a) Touch screen (b) MICR
(b) Support of decision making by employees and (c) OMR (d) OCR
managers.
28. Which of the following is a direct data entry device?
(c) Support of strategies for competitive advantage.
(a) Joy-stick (b) Light pen
(c) MICR (d) Touch screen
20. Which of the following information is true about
29. Optical disk is a _____________.
manual information system?
(a) Input device
(a) The level of human intervention is very limited.
(b) Secondary memory device
(b) The level of manual intervention is very high.
(c) Output device
(c) Its records are stored in digital form.
(d) Primary memory device
(d) Presentation of information to users and
management using various tools, like picture 30. Which of the following is a direct data entry device?
graph, reports, etc. (a) OCR (b) Mouse
21. Which roles can information systems perform for a (c) Touch screen (d) Key board
business enterprise?
31. Which of the following is an online data entry
(a) Support of business processes and operations. device?
(b) Support of decision making by employees and (a) OCR (b) OMR
managers.
(c) Scanner (d) Touch screen
(c) Support of strategies for competitive advantage.
32. Which of the following is an output device?
(d) All of the above.
(a) VDU (b) OMR
HARDWARE (c) OCR (d) Track ball
33. On-line data entry is when data is
22. Hardware _______________________.
____________________.
(a) Is the collection of physical elements that
constitute a computer system (a) Stored
(b) Refers to the physical parts or components of a (b) Shared
computer (c) Input straight into the computer for processing.
(d) later transferred from the disk or tape to a (d) Microchip

computer for processing 42. CU stands for ________________.
34. _______________________ is usually achieved by (a) Control Unit (b) Central Unit
methods known as key-to-disk or key-to-tape. (c) Carbonized Unit (d) Control Unit
(a) On-line data entry
43. All the computer’s resources are managed from the
(b) Off-line data entry _______________.
(c) Both a and b (a) ALU (b) Register
(d) None of the above (c) CU (d) All of the above
35. Which of the following devices allow movement on 44. __________________ is the logical hub of the
the screen? computer.
(a) Mouse (b) Joystick (a) ALU (b) CU
(c) Light pen (d) All of the above (c) Register (d) Terminal
PROCESSING DEVICES 45. Logical operations include which of the following

operation?
36. The main memory storage in a CPU _____________ (a) Addition

volatile. (b) whether one number is equal to another number
(a) is normally (b) is rarely (c) Subtraction
(c) is always (d) is never (d) Multiplication
37. Volatile means ___________________.
(a) No data in memory is lost even when power is MEMORY UNITS
turned off.
46. _______________ are internal memory within CPU,
(b) All data in memory is automatically saved when which are very fast and very small.
power is turned off.
(a) Registers (b) ROM
(c) All data in memory is lost when power is turned
(c) RAM (d) CMOS
off.
(d) All data in memory is transferred to the hard drive 47. Registers are _____________.
when power is turned off. (a) Internal memory
38. CPU stands for _________________________. (b) Secondary memory
(a) Central Processing user interface (c) Primary memory
(b) Central Powered Unit (d) External memory

(c) Centralized Processing Unit 48. There is a huge speed difference between
(d) Central Processing Unit ____________ and _________________ to bridge these
speed differences, we have cache memory.
39. The Central Processing Unit (CPU) is the __________
(a) Primary Memory, Secondary memory
of the computer.
(b) Registers, Secondary Memory
(a) Heart (b) Soul
(c) Registers, Primary Memory
(c) Brain (d) All of the above
(d) RAM, ROM
40. Which of the following is not a functional unit of
Central Processing Unit (CPU)? 49. Which of the following is a type of Register?
(a) Control unit (a) Accumulators
(b) Input Devices (b) Instruction Registers (IR)
(c) Registers (c) Memory Registers (MR)
(d) Arithmetic and Logic Unit (d) All of the above
41. In a microcomputer, the entire CPU is on a tiny chip 50. Primary Memory is of how many types?
called a _________________. (a) Two (b) Three
(a) Micro powered unit (c) Four (d) Five
(b) Microprocessor 51. Which of the following is a primary memory?
(c) Micro unit (a) RAM (b) ROM
(c) CMOS (d) All of the above 63. Virtual memory is an allocation of __________ space
52. The full form of RAM is _____________. to help RAM.
(a) Random Access Memory (a) CMOS (b) ROM
(b) Read Access Memory (c) Hard disk (d) Bubble memory
(c) Random Accessible Memory 64. CMOS memory stands for _________________.
(d) Random Authorization Memory (a) Complex Metal Oxide Semiconductor Memory
53. Which of the following is volatile memory? (b) Complementary Metal Oxide Sodium-conductor
Memory
(a) RAM (b) Hard drive
(c) Complementary Metallic Oxide Semiconductor
(c) Pen drive (d) ROM
Memory
54. The data written on ______________ cannot be (d) Complementary Metal Oxide Semiconductor
modified. Memory
(a) RAM (b) Virtual memory
(c) Flash Memory (d) ROM SYSTEM SOFTWARE
55. ROM stands for _________________________. 65. Which of the following is an example of a system

(a) Random Only Memory software?
(b) Read Operational Memory (a) Microsoft Windows 10
(c) Read Only Memory (b) Mac OS X
(d) Read Oscillation Memory (c) Linux
56. _________ is temporary and is erased when computer (d) All of the above
is switched off. 66. ________________ allows the part of a computer to
(a) RAM (b) ROM work together by performing tasks like transferring
(c) CMOS (d) All of the above data between memory and disks or rendering
57. _________________ is made of thin crystal film known output onto a display device.
as synthetic garnet. (a) Operating system (b) Utility software
(a) RAM (b) Bubble Memory (c) Interpreter (d) Compiler
(c) Flash Memory (d) ROM 67. ____________________ helps to analyse, configure,
58. The Black Strip on the back side of a Credit or Debit optimize and maintain the computer.
card is an example of ____________. (a) Operating system (b) Interpreter
(a) RAM (b) Flash Memory (c) Utility software (d) Compiler
(c) ROM (d) Bubble Memory 68. Which of these is not a mobile operating system?
(a) Android (b) iOS
59. _________________ is non-volatile and can be used
for auxiliary storage also. (c) Tywin (d) Windows Phone OS
69. GUI stands for ______________________.
(a) ROM
(a) Global User Interface
(b) Bubble memory
(b) Graphical User Interface
(c) Flash Memory
(c) Graphical User Index
(d) Graphical User Index
60. _______________ is a volatile and cannot be used for 70. Which of the following is an operating system?
auxiliary storage. (a) Google Chrome (b) Internet Explorer
(a) ROM (b) RAM (c) Mozilla Firefox (d) Linux
(c) Bubble memory (d) Flash Memory 71. Which of the following feature of operating system
61. ______________ is an imaginary memory. does efficient management of all peripheral
devices, such as printer, hard-disk, scanner, etc.
(a) Virtual memory (b) ROM
and it also efficiently manages efficiently different
(c) RAM (d) Bubble Memory
applications/software like MS-Office, printer’s
62. When RAM runs low, virtual memory moves data software, etc.
from RAM to a space called a _____________. (a) Performing Hardware Function
(a) Debug files (b) Recycle bin (b) User Interface
(c) Paging file (d) CMOS (c) Hardware Independence
(d) Memory Management 78. Which of the following type of application software
72. ____________________ helps in a user friendly has multiple applications bundled together?
interaction between a computer and users. (a) Enterprise Software
(a) Character User Interface (CUI) (b) Application Suit
(b) Graphical User Interface (GUI) (c) Enterprise Infrastructure Software
(c) Both a and b (d) Information Worker Software
(d) None of the above 79. Which of the following type of application software
73. Every computer could have different specifications addresses an enterprise’s need and data flow in a
and configurations of hardware. If application huge distributed environment?
developers would have to rewrite code for every (a) Enterprise Software
configuration they would be in a big trouble. Which (b) Application Suit
of the following feature of an operating system deals
(c) Enterprise Infrastructure Software
with the above problem?
(d) Information Worker Software
(a) Performing Hardware Function
80. Which of the following type of application software
(b) User Interface
provides capabilities required to support enterprise
(c) Hardware Independence

software systems?
(d) Memory management
(a) Application Suit
74. API stands for _____________________. (b) Enterprise Software
(a) Application Program Index (c) Information Worker Software
(b) Application Program Interfaces (d) Enterprise Infrastructure Software
(c) Application Program Index
(d) Acquisition Program Interfaces addresses individual needs required to manage and
create information for individual projects within
APPLICATION SOFTWARE departments?
75. _________________ has been created to perform a (a) Application Suit
specific task for a user. (b) Enterprise Software
(a) Application software (c) Information Worker Software
(b) System software (d) Enterprise Infrastructure Software
(c) Utility software 82. Which of the following type of application software
(d) Operating system is used to access contents and addresses a desire for
published digital content and entertainment?
76. Which of the following statement is true?
(a) Content Access Software
(a) Application software has been created to perform
a specific task for a user. (b) Educational Software
(b) Application software is software that employs the (c) Media Development Software
capabilities of a computer directly and thoroughly (d) Information Worker Software
to a task that the user wishes to perform using a 83. Which of the following type of application software
computer. holds contents adopted for use by students?
(c) Application software is any program designed to (a) Content Access Software
perform a specific function directly for the user or,
(b) Educational Software
in some cases, for another application program.
(c) Media Development Software
77. Which of the following is an application software?
(a) Email reader
addresses individual needs to generate and print
(b) Web browser electronic media for others to consume?
(c) Desktop publishing (a) Content Access Software
(d) All of the above (b) Educational Software
(c) Information Worker Software
(d) Media Development Software (c) Inserting data in existing files.

85. MS Office 2010, 2013 which has MS-Word, MS-Excel (d) All of the above
and MS-Access is an example of ____________. 94. In a _______________ structure, records are logically
(a) Enterprise Software organized into a hierarchy of relationships.
(a) Hierarchical database
(b) Enterprise Infrastructure Software
(b) Network database
(c) Application Suit
(c) Relational database
(d) Object oriented database
86. Email servers and security software are examples of 95. A hierarchically structured database is arranged
______________. logically in an _________________ pattern.
(a) Enterprise Software (a) Tree (b) Cloud
(b) Enterprise Infrastructure Software (c) Inverted tree (d) Box
(c) Application Suit
96. All records in the hierarchy are called _______.
(a) Nodes (b) Server
87. Spreadsheets are example of _____________. (c) Computer (d) Books

(a) Enterprise Software
97. Hierarchically structured databases are
(b) Enterprise Infrastructure Software ______________ flexible than other database
(c) Application Suit structures because the hierarchy of records must be
(d) Information Worker Software determined and implemented before a search can
88. Windows media player is an example of be conducted.
_______________. (a) More (b) Less
(a) Content Access Software (c) Similarly (d) Much more
(b) Educational Software 98. A network database structure views all records
(c) Information Worker Software ___________.
(d) Media Development Software (a) in sets (b) individually
(c) one by one (d) on real time basis
DATABASE Management System 99. The hierarchical model permits a record to be a
89. Which of the following term is not used in Relational member of ______________.
Database Models? (a) Only one set at one time
(a) Relations (b) Attributes (b) Two set at one time
(c) Objects (d) Tables (c) Two set at one time
90. Which of these is not an example of Relational (d) More than 1 set at one time
Database? 100. A ______________________ is structured into a series
(a) Access (b) MySQL of two-dimensional tables.
(c) Java (d) Oracle (a) Hierarchical database
91. Which of these is not an example of Relational (b) Network database
Database? (c) Relational database
(a) Access (b) MySQL (d) Object oriented database
(c) Java (d) Oracle
92. What is the objective of DBMS? DATABASE MANAGEMENT SYSTEM (DBMS)
(a) To know its information needs.
101. In DBMS, Same information ______________.
(b) To acquiring that information.
(c) To organize the acquired information in a (a) Can be made available to different users
meaningful way. (b) Can’t be made available to different users
(d) All of the above (c) Can be made available to a single user only
93. What DBMS Operations can be done on the Files? (d) Can’t be made available to any user
(a) Adding new files to database.
(b) Deleting existing files from database.
102. Data integrity is maintained by having 108. ___________________ is a key intellect who is
_____________________ data. employed owing to his or her acquaintance of a
(a) Accurate (b) Consistent subject matter, rather than their ability to perform
(c) Up-to-date (d) All of the above manual labour.
(a) Worker (b) Knowledge worker
103. Which of the following is a disadvantage of DBMS?
(c) Collaborator (d) System Analyst
(a) Implementing a DBMS system can be expensive
109. _____________________________ is a key intellect who
and time-consuming, especially in large
is employed owing to his or her acquaintance of a
enterprises.
subject matter, rather than their ability to perform
(b) Training requirements alone can be quite costly. manual labour.
(c) Even with safeguards in place, it may be possible (a) Knowledge worker
for some unauthorized users to access the (b) Intellectual worker
database. If one gets access to database, then it (c) Brain worker
could be an all or nothing proposition.
(d) All of the above 110. ___________________________ is a major use of
data warehouse databases and the static data
SOME RELATED CONCEPTS OF DBMS
they contain to reveal hidden trends in historical

104. _____________ refers to such massively large data business activity.
sets that conventional database tools do not have (a) Data mining
the processing power to analyse them. (b) Data discovery
(a) Enormous data (b) Huge data (c) Data transformation
(c) Big data (d) Enlarged data (d) Data Diddling
111. Data warehouse databases contain _____________
105. Big data is __________information assets that
data.
demand cost-effective, innovative forms of
(a) Dynamic (b) Static
information processing that enable enhanced
insight, decision-making, and process automation. (c) Neither a nor b (d) Both a and b
112. In data mining, the data in a data warehouse are
(a) High-volume (b) High-velocity
analysed to reveal _________________.
(c) High-variety (d) All of the above
(a) Hidden patterns
106. _________________ is referred to as extracting data (b) Hidden trends in historical business activity
from one or more of the organizational database (c) Neither a nor b
and load it into the new database for storage and
(d) Both a and b
analysis.
(a) Data warehouse (b) Data mining NETWORKING AND COMMUNICATION SYSTEM
(c) Data recovery (d) Data inventory
113. ______________________ is a collection of
107. Which of the following is an advantage of data
computers and other hardware interconnected
warehouse?
by communication channels that allow sharing of
(a) Data warehouse development process forces an resources and information.
organization to better understand the data that
(a) Computer Network
it is currently collecting and, equally important,
(b) Node
what data is not being collected.
(c) Terminal
(b) A data warehouse provides a centralized view of
(d) Station
all data being collected across the enterprise and
114. A network is an interconnected set of devices known
provides a means for determining data that is
as _____________.
inconsistent.
(a) Nodes (b) Terminals
(c) By having a data warehouse, snapshots of data can
(c) Stations (d) All of the above
be taken over time. This creates a historical record
115. _______________ refers to the process of deciding
of data, which allows for an analysis of trends. A
on how to communicate the data from source to
data warehouse provides tools to combine data,
destination in a network.
which can provide new information and analysis.
(a) Routing (b) Bandwidth
(c) Resilience (d) Contention
116. ________________ refers to the amount of data which 125. Which of the following is not a feature of RAM?
can be sent across a network in given time. (a) Power interruptions destroy RAM contents.
(a) Resilience (b) Contention (b) Data and Programs can be stored in RAM through
(c) Routing (d) Bandwidth Input Device or through auxiliary storage devices.
117. ________________ refers to the ability of a network
(c) Data and instruction written on the RAM can be
to recover from any kind of error like connection
read or re-written.
failure, loss of data, etc.
(a) Routing (b) Bandwidth (d) RAM is permanent memory (non – volatile)
(c) Resilience (d) Contention 126. Which of the following is not a feature of ROM?
118. _______________ refers to the situation that arises (a) Instruction written on the ROM can be read but
when there is a conflict for some common resource. cannot be rewritten.
(a) Routing (b) Contention (b) Programmers and Machines use ROM.
(c) Bandwidth (d) Resilience
(c) ROM is permanent memory (non – volatile).
119. In computer networks, _________ refers to the ability
(d) ROM will not allow to store data or instruction
of a network to recover from any kind of error like
instead they will be written by the Manufacturer
connection failure, loss of data etc.
once and for all.
(a) Routing (b) Resilience

(c) Contenton (d) Bandwidth 127. Which of the following is not true about outputs
120. Which of the following is a component of a generated by computer system?
telecommunications network? (a) Information on Display Device exists
(a) Terminals electronically and is displayed for a temporary
(b) Telecommunications processors period of the time.
(c) Computers (b) Output can be generated only by user
(d) all of the above intervention and not by system software.
(c) Output can be generated only by user intervention
NETWORK RELATED CONCEPT and not by system software.
121. A ____________ is a gizmo that gives your network (d) Some output in digital form can directly become
signals a boost so that the signals can travel farther. the input of another application.
(a) Hub (b) Switch 128. Operating Systems is an example of:
(c) Repeater (d) Bridge
(a) System Software
122. ________________ is a card installed in a computer
(b) Application Software
that enables the computer to communicate over a
network. (c) Interactive Software
(a) Graphic card (d) Running Software
(b) Network Interface Card (NIC) 129. Which of the following gives the correct hierarchy of
(c) Music card a database?
(d) All of the above (a) File, Characters, Record, Field
123. Modem is an abbreviation of _________________. (b) File, Field, Record, Characters
(a) Modulator-demodulator (c) File, Record, Field, Characters
(b) Modern-demodulator (d) Field, Record, File, Characters
(c) Mechanised - demodulator
130. A Doctor sees many patients and writes prescriptions
(d) None of the above for each person separately. This is an example of
___________ record relationship.
Miscellaneous
(a) One to One (b) One to Many
124. Secondary Storage is accessible by the (c) Many to One (d) Many to Many
CPU______________________. 131. Inverted Tree Structure, Nodes, Parent – Child
(a) Directly like main memory. Relationship, are all related to ____________
(b) Only through input or output channels. Database Model.
(c) Both of the above. (a) Hierarchical (b) Network
(d) None of the above. (c) Relational (d) Object Oriented
132. Table Structure, Relations, Attributes and Domains (a) Hub (b) Bridge
are all concepts used in ________ Database model. (c) Switch (d) Router
(a) Hierarchical (b) Network 140. A protocol that enables sounds to be converted to
(c) Relational (d) Object Oriented a digital format for transmission over the Internet
133. No child record can have more than one Parent and then recreated at the other end is called
record. However, each Parent Record can have as______________.
multiple lower – level (child) records. This is a (a) Internet Protocol
distinguishing feature of _____________ Database (b) Network Protocol
model. (c) Voice Over Internet Protocol
(a) Hierarchical (b) Network (d) None of the above
(c) Relational (d) Object Oriented
141. A Technology that takes an Internet
134. ____________________ database model permits Signal and converts it into Radio Waves is
multiple – branches from one or more nodes. called__________________.
(a) Hierarchical (b) Network (a) Wi Fi Technology
(c) Relational (d) Object Oriented (b) Internet Technology
135. In a relationship database model, the named (c) Network Technology

columns of the relation are called. (d) None of the above
(a) Effects (b) Attributes 142. In a computer network, a single length of wire,
(c) Domains (d) Tables cable, or optical fiber connects several Nodes. This
136. __________ refers to massive and hue data sets, that is called as
traditional database – management tools do not (a) Star Network (b) Bus Network
have the processing power to analyze them. (c) Ring Network (d) Mesh Network
(a) Hyper Data (b) Big Data 143. In a Computer Network, each Node is connected
(c) Massive Data (d) All of the above by a dedicated point – to – point link to every other
137. Which of the following is not true about data Node. This is called as_____________.
warehouses? (a) Star Network (b) Bus Network
(a) Whenever data is loaded into the data warehouse, (c) Ring Network (d) Mesh Network
it receives a time stamp, which allows for 144. In the context of Networks, MAC address is a Unique
comparisons between different time periods. Identification Number assigned to a Network
(b) It is updated on scheduled basis, i.e., current data Adapter or Network Interface Card. Here, MAC
from an entity’s Active / Operational databases stands for__________________.
are pulled into the data warehouse on a regular, (a) Media Access Control
scheduled basis.
(b) Master Access Control
(c) It uses only Operational data, i.e. data which
(c) Manufacturer Authorization Control
is required for day – to - day operations.
(d) Media Authority Control
145. In the context of a “System”, which of the following is
138. A company builds small data warehouses, called
true –
Data Marts, to solve specific business problems
initially. All these Data Marts are then integrated (a) A System has a number of inter – related and inter
into a larger data warehouse. This is an example of: – dependent sub-systems or components, which
depends on other sub-systems for its inputs and
(a) Bottom up approach
do not function in isolation.
(b) Top down approach
(b) Failure of a sub-system or component disables
(c) Mart to warehouse Approach the whole system depending on the inter-relation
(d) None of the above of the sub-systems.
139. A communications Processor that connects two (c) Both ‘a’ and ‘b’
Local Area Networks (LANs) working on the same (d) None of the above
protocol is called as_______________.
146. ________________ involves the five activities – (1) (b) Procedures – Data Entry Procedures, Error
Identification of Information Needs, (2) Obtaining Correction Procedures, Paycheck Distribution
that Information from various sources, (3) Procedures, etc.
Organizing that information in a meaningful way, (c) Both of ‘a’ and ‘b’
(4) Ensuring Information quality, and (5) Providing (d) None of the above
Software Tools for users to access the required
information. 149. In CBIS, which of the following is correct about
“People”?
(a) Information System
(a) Both Internal Users (Management Staff, System
(b) Information Management
Users) and External Users (Government, Vendors,
(c) Information Analysis Customers, etc.) may required information
(d) Information Processing Cycle provided by the CBIS, and constitute the “People”
147. In CBIS, Hardware Resources refer to: Component of the CBIS.
(a) Machines – Computers, Video Monitors, (b) Internal users may be at all levels of the Entity’s
Magnetic Disk Drive, Printers, Optical Scanners hierarchy, - (a) End User, (b) Programmers,
(b) Media – Floppy Disks Magnetic tape Optical (c) System Analysts, and (b) Database
Administrators.

Disks, Plastic Cards, Paper forms etc.
(c) Both of a and b (c) Within the Entity, People include System Users
and Information System Personnel, i.e., all the
people who manage, run, program and maintain
148. In CBIS, Software Resources refer to: the system.
(a) Programs – Operating System Programs, (d) All of the above.
Spreadsheet Programs, Word Processing
Programs, Payroll Programs
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a c d d c a b d b c a b d b c a c d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
a c a b b a c a b c d a b d a c d a c d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b b c b d b c d a c b d a b b a a c
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
c b c c d d c b d d a d d b b d d a c b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
d a b d c a c d d b d d c c a d a b d d
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
c b c a a d b c b d c a c a b c d a b d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
a b c b d c a b a d b a b a c a b d a a
Unit II
Information System Controls and Auditing
INTRODUCTION (c) Compliance (d) Valuation
8. Which of the following objective of auditing verify
1. Auditing assures that ____________________.
that the program, area, or activity is performed
(a) Assets and information resources are safeguarded economically, efficiently, and effectively?
(b) Data integrity is protected (a) Operational (b) Authorisation
(c) System complies with applicable policies, laws (c) Cut off (d) Valuation
and regulations.
9. _______________________ requires the use of CAAT
tools.
2. Which of the following is a cause of the exposure to (a) Manual audit (b) IT audit
potential loss?
(c) Both a and b (d) None of the above
(a) Errors or omissions
(b) Improper authorizations OBJECTIVE OF CONTROLS
(c) Inefficient activity
10. Which of the following are causes of the exposure to
potential loss?
3. Which of the following objective of auditing verifies (a) Errors or omissions in data, procedure,
that the assets, liabilities, ownership, and/or processing, judgment and comparison.
activities are real?
(b) Improper authorizations and improper
(a) Authorisation (b) Valuation accountability with regard to procedures,
(c) Cut off (d) Existence processing, judgment and comparison.
4. Which of the following objective of auditing verify (c) Inefficient activity in procedures, processing and
that events have occurred in accordance with comparison.
management’s intent? (d) All of the above
(a) Existence (b) Authorisation 11. Which of the following control is based on Objective
(c) Valuation (d) Cut off of Control?
5. Which of the following objective of auditing verify (a) Detective (b) Managerial
that the accounting values fairly present an item is (c) Application (d) Logical access control
worth?
12. Which of the following control is not based on
(a) Valuation (b) Existence Objective of Control?
(c) Authorisation (d) Cut off (a) Preventive (b) Application
6. Which of the following objective of auditing verify (c) Detective (d) Corrective
that the transaction is re-coded in the proper
13. Which of the following control is based on nature of
accounting period?
IS resource?
(a) Existence (b) Authorisation
(a) Preventive (b) Detective
(c) Cut off (d) Valuation
(c) Logical access (d) Corrective
7. Which of the following objective of auditing
14. Which of the following control is not based on
verify that the processing is in compliance with
nature of IS resource?
governmental laws and regulations, generally
accepted accounting procedures, and the (a) Environmental (b) Physical Access
organization’s policies and procedures? (c) Logical Access (d) Detective
(a) Operational (b) Authorisation
15. Which of the following control is based on audit 24. Encryption techniques, Anti-virus programs and
functions? Firewall are all part of which of the following
(a) Managerial (b) Application controls?
(c) Logical Access (d) Both a and b (a) Physical Access (b) Logical Access
16. Which of the following control is not based on audit (c) Environmental (d) Detective
functions? 25. Which of the following key factors are considered in
(a) Application (b) Managerial designing logical access control controls?
(c) Logical Access (d) Both a and b (a) Abuse of data processing resources
(b) Blackmail
CLASSIFICATION BASED ON NATURE OF (c) Embezzlement
INFORMATION SYSTEM RESOURCES (d) All of the above
17. Smoke detectors are a part of which of the following 26. _______________ is a piece of bad code deliberately
control? planted by an insider or supplier of a program.
(a) Environmental (b) Physical Access (a) Bomb (b) Worm
(c) Logical Access (d) Detective (c) Trojan (d) Christmas card

18. ______________ are controls relating to physical 27. A ___________ does not require a host program to
security of the tangible IS resources and intangible relocate itself. It copies itself to another machine on
resources stored on tangible media etc. the network.
(a) Physical Access (b) Logical Access (a) Bomb (b) Virus
(c) Environmental (d) Detective (c) Worm (d) Trojan
19. ________________________ relating to physical 28. _______________ is easiest to detect as compared to
security of the tangible IS resources and intangible others.
resources stored on tangible media etc. (a) Virus (b) Worm
(a) Logical Access (b) Environmental (c) Trojan (d) All of the above
(c) Physical Access (d) Detective 29. ________________ refers to rounding of small
20. Bolting door locks is an example of which of the fractions of a denomination and transferring these
following control? small fractions into an authorized account.
(a) Logical Access (b) Environmental (a) Data diddling
(c) Detective (d) Physical Access (b) Bombing
21. Alarm system and perimeter fencing is a part of (c) Salami techniques
which of the following controls? (d) Rounding down
(a) Logical Access (b) Physical Access 30. Which of the following is not a Corrective Control?
(c) Environmental (d) Detective (a) Backup Procedure
22. ________________ are implemented to ensure that (b) Rerun Procedure
access to systems, data and programs is restricted to (c) Contingency Planning
authorized users. (d) Hash Totals
(a) Logical Access (b) Physical Access
31. _________ is the conversion of data into a secret
(c) Environmental (d) Detective code for storage in databases and transmission over
23. Logical access controls safeguard information networks.
against unauthorized _________. (a) Cipher Text (b) Logging
(a) Use (c) Decryption (d) Encryption
(b) disclosure or modification 32. Under Data Coding Control, _____________ occurs
(c) damage or loss when a digit or character is removed from the end of
(d) all of the above a code.
(a) Transposition Error
(b) Substitution Error
(c) Addition Error (a) Data Leakage (b) Subversive attack

(d) Truncation Error (c) Wire-tapping (d) Piggy-backing
33. Under Application Controls, __________maintains
CLASSIFICATION BASED ON NATURE OF
the chronology of events that occur when a user
INFORMATION SYSTEM RESOURCES
attempts to gain access to and employ systems
resources. 43. _____________________ is the act of following
(a) Boundary Controls an authorized person through a secured door
or electronically attaching to an authorized
(b) Input Controls
telecommunication link that intercepts and alters
(c) Communication Controls transmissions.
(d) Processing Controls
(a) Data Leakage (b) Subversive attack
34. ___________ technique involves embedding audit
(c) Wire-tapping (d) Piggy-backing
software modules within a host application system
to provide continuous monitoring of the system’s 44. _____________________ involves intercepting
transactions. communication between the operating system and
(a) Audit hooks the user and modifying them or substituting new.
(b) SCARF (a) Data Leakage (b) Piggy-backing

(c) Integrated Test Facility (ITF) (c) Subversive attack (d) Wire-tapping
(d) Continuous and Intermittent Simulation (CIS) 45. Which of the following can be a potential logical
35. SCARF stands for ____________. access violator?
(a) System Control Audit Review File (a) Hackers
(b) System Control Audit Report File (b) Employees (current/past)
(c) Simulation Control Audit Review File (c) Information system personnel
(d) System Control Audit Review Format
36. _____________ involves the change of data before or
after they are entered in the system 46. Which of the following type of logical access control
ensures that every information about the user is
(a) Data mining (b) Data discovery
documented?
(c) Data diddling (d) Data bank
(a) User registration
37. Which of the following is a name of a Trojan?
(a) Christmas card (b) Melissa (b) Privilege management
(c) Storm (d) Stone (c) User-password management
38. ______ involves forging one’s source address (d) Review of user access right
(a) Spoofing (b) Christmas card 47. Which of the following type of logical access control
(c) Rounding down (d) SCARF ensures that Access privileges are to be aligned with
job requirements and responsibilities and are to be
39. ______________ involves slicing of small amounts of
minimized with reference to their job functions?
money from a computerized transaction or account.
(a) User registration
(a) Bouncing (b) Salami techniques
(b) User-password management
(c) Christmas card (d) Data diddling
(c) Privilege management
40. _______________ involves leaking information out of
(d) Review of user access right
the computer by means of dumping files to paper or
48. Which of the following type of logical access control
stealing computer reports and tape
states that user’s need for accessing information
(a) Data Leakage (b) Subversive attack
changes with time and requires a periodic review
(c) Wire-tapping (d) Piggy-backing of access rights to check anomalies in the user’s
41. ____________ can provide intruders with important current job profile, and the privileges granted
information about messages being transmitted and earlier?
the intruder may attempt to violate the integrity of (a) User registration
some components in the sub-system. (b) Review of user access right
(a) Data Leakage (b) Subversive attack (c) User-password management
(c) Wire-tapping (d) Piggy-backing (d) Privilege management
42. ___________ involves spying on information being 49. Which of the following type of logical access control
transmitted over communication network. states that based on risk assessment, it is necessary
to specify the exact path or route connecting the 56. If users are forced to execute some instruction
network? under threat, the system should provide a means to
(a) Enforced path alert the authorities.
(b) Privilege management (a) Duress alarm to safeguard users
(c) Segregation of networks (b) Terminal time out
(d) Call back devices (c) Limitation of connection time
50. Based on the sensitive information handling (d) Clock synchronisation
function; say a VPN connection between a branch 57. Which of the following logical access control defines
office and the head-office, this network is to be the available time slot and does not allow any
isolated from the internet usage service. The above transaction beyond this time?
example is the implementation of which of the type (a) Duress alarm to safeguard users
of logical access control? (b) Terminal time out
(a) Enforced path (c) Limitation of connection time
(b) Privilege management (d) Clock synchronisation
(c) Segregation of networks 58. Which of the following logical access control creates
(d) Call back devices event logs maintained across an enterprise network

51. _______________________ is the conversion of data that plays a significant role in correlating an event
into a secret code for storage in databases and and generating report on it?
transmission over networks. (a) Duress alarm to safeguard users
(a) Encryption (b) Firewall (b) Terminal time out
(c) Call back devices (d) Enforced path (c) Limitation of connection time
52. ________________________ is based on the principle (d) Clock synchronisation
that the key to network security is to keep the
intruder off the Intranet rather than imposing MANAGERIAL FUNCTIONS BASED CONTROLS
security measure after the criminal has connected
59. ___________________________ determines the goals
to the intranet.
of the information systems function and the means
(a) Encryption (b) Firewall
of achieving these goals.
(c) Call back devices (d) Enforced path
(a) Planning (b) Organising
53. ________________________ requires the user to
(c) Leading (d) Controlling
enter a password and then the system breaks the
connection. 60. Which of the following roles are playedby Steering
(a) Encryption (b) Firewall Committee in Planning
(c) Enforced path (d) Call back devices (a) The steering committee shall comprise of
54. The system administrator usually determines representatives from all areas of the business, and
who is granted access to specific resources and IT personnel.
maintains the access control list. However, in (b) The committee would be responsible for the
distributed systems, resources may be controlled by overall direction of IT.
the end-user. The above statement is an example of (c) The steering committee should assume overall
_________________. responsibility for the activities of the information
(a) Discretionary access control systems function.
(b) Access token (d) All of the above
(c) Terminal login procedures 61. In accordance to which of the following function
(d) Call back devices of management should be a prescribed IT
55. Log out the user if the terminal is inactive for a organizational structure with documented roles
defined period. This will prevent misuse in absence and responsibilities and agreed job descriptions?
of the legitimate user. (a) Planning (b) Organising
(a) Duress alarm to safeguard users (c) Leading (d) Controlling
(b) Terminal time out
62. _______________________ includes gathering,
(c) Limitation of connection time
allocating, and coordinating the resources needed
(d) Clock synchronisation
to accomplish the goals that are established during 70. The scope of _______________________ includes
planning function. systems analysis, general systems design, feasibility
(a) Planning (b) Leading analysis, and detailed systems design.
(c) Controlling (d) Organising (a) Technical Design Activities
63. ___________________ includes motivating, guiding, (b) System Authorization Activities
and communicating with personnel. (c) User Specification Activities
(a) Planning (b) Leading (d) Internal Auditor’s Participation
(c) Controlling (d) Organising 71. The internal auditor plays an important role in the
64. The process of ____________________ requires control of systems and should become involved at
managers to motivate subordinates, direct them the inception of the system development process
and communicate with them. to make conceptual suggestions regarding system
requirements and controls and should be continued
(a) Leading (b) Planning
throughout all phases of the development process
(c) Controlling (d) Organising and into the maintenance phase. The above phrase
65. _______________________ includes comparing actual states which of the following activities?
performance with planned performance as a basis
(a) System Authorization Activities

for taking any corrective actions that are needed. (b) User Specification Activities
(a) Leading (b) Planning (c) Technical Design Activities
(c) Controlling (d) Organising (d) Internal Auditor’s Participation
66. Systems Development Management has 72. _____________________ states that all program
responsibility for which of the following functions modules must be thoroughly tested before they
concerned with IS’s? are implemented. The results of the tests are then
(a) Analysis (b) Design compared against predetermined results to identify
(c) Build (d) All of the above programming and logic errors.
67. ______________________ ensures that all systems (a) Program Testing
must be properly and formally authorized to ensure (b) System Authorization Activities
their economic justification and feasibility. (c) User Specification Activities
(a) System Authorization Activities (d) Technical Design Activities
(b) User Specification Activities
(c) Technical Design Activities 73. ________________________ controls are placed to
(d) Internal Auditor’s Participation ensure that the database always corresponds and
68. ___________________ ensures that all users must comply with its definition standards.
be actively involved in the systems development (a) Existence/Backup Controls
process. (b) Access Controls
(a) System Authorization Activities (c) Definition Controls
(b) User Specification Activities (d) Update Controls
(c) Technical Design Activities 74. ___________________ ensure the existence of the
(d) Internal Auditor’s Participation database by establishing backup and recovery
69. _______________________________ translate the procedures.
user specifications into a set of detailed technical (a) Definition Controls
specifications of a system that meets the user’s (b) Existence/Backup Controls
needs. (c) Access Controls
(d) Update Controls
(a) System Authorization Activities
75. __________________ are designed to prevent
(b) User Specification Activities unauthorized individual from viewing, retrieving,
(c) Technical Design Activities computing or destroying the entity’s data.
(d) Internal Auditor’s Participation (a) Definition Controls
(b) Existence/Backup Controls
(c) Update Controls
(d) Access Controls 81. ________________________ prescribe the functions

76. ___________________ restrict update of the database that either human operators or automated
to authorized users by permitting only addition of operations facilities must perform.
data to the database and allowing users to change or (a) Scheduling Controls
delete existing data. (b) Maintenance Controls
(a) Definition Controls (c) Operation Controls
(b) Existence/Backup Controls (d) All of the above
(c) Update Controls
82. ________________________ prescribe how jobs are to
(d) Access Controls
be scheduled on a hardware/software platform.
77. _________________________ provide solutions,
(a) Operation Controls
agreed-upon schedules and strategies to overcome
(b) Scheduling Controls
the data integrity problems that may arise when two
update processes access the same data item at the (c) Maintenance Controls
same time. (d) All of the above
(a) Concurrency Controls 83. ______________________ prescribe how hardware is
(b) Quality Controls to be maintained in good operating order.
(c) Existence/Backup Controls (a) Maintenance Controls

(d) Access Controls (b) Operation Controls
78. _______________ ensure the accuracy, completeness, (c) Scheduling Controls
and consistency of data maintained in the database. (d) All of the above
(a) Concurrency Controls 84. __________________________ includes the proper
(b) Quality Controls functioning of network operations and monitoring
(c) Existence/Backup Controls the performance of network communication
(d) Access Controls channels, network devices, and network programs
and files.
79. Which of the following is a reason for the emergence (a) Network Operations
of Quality Assurance in organizations?
(b) Data Preparation and Entry
(a) Organizations are increasingly producing safety-
(c) Production Control
critical systems.
(b) Organizations are undertaking more ambitious (d) File Library
projects when they build software. 85. ____________________ includes the major functions
(c) Users are becoming more demanding in terms of like- receipt and dispatch of input and output;
their expectations about the quality of software. job scheduling; management of service-level
(d) All of the above agreements with users; transfer pricing/charge-out
80. Which of the following is a reason for the emergence control; and acquisition of computer consumables.
of Quality Assurance in organizations? (a) Network Operations
(a) Organizations are becoming more concerned (b) Data Preparation and Entry
about their liabilities if they produce and sell
(c) Production Control
defective software.
(d) File Library
(b) Poor quality control over the production,
implementation, operation, and maintenance 86. ____________________ includes the management of
of software can be costly in terms of missed an organization’s machine-readable storage media
deadlines, dissatisfied users and customer, lower like magnetic tapes, cartridges, and optical disks.
morale among IS staff, higher maintenance and (a) Network Operations
strategic projects that must be abandoned. (b) Data Preparation and Entry
(c) Improving the quality of Information Systems is (c) Production Control
a part of a worldwide trend among organizations (d) File Library
to improve the quality of the goods and services
they sell. 87. _________________ involves that documentation
librarians ensure that documentation is stored
securely and kept up-to date.
(a) Documentation and Program Library
(b) Network Operations 94. Unit testing focuses on _____________.

(c) Data Preparation and Entry (a) individual program modules
(d) Production Control (b) groups of program modules
88. Documentation and Program Library help (c) whole program
librarians ensure that _____________. (d) All of the above
(a) Documentation is stored securely. 95. Integration testing focuses in _______________.
(b) Only authorized personnel gain access to (a) individual program modules
documentation. (b) groups of program modules
(c) Documentation is kept up-todate. (c) whole program
(d) All of the above (d) all of the above
89. The documentation includes ___________. 96. Whole-of-Program testing focuses on _______.
(a) Policies and procedures. (a) individual program modules
(b) Job descriptions. (b) groups of program modules
(c) Segregation of Duties. (c) whole program
(d) All of the above (d) all of the above

90. The documentation includes ___________. 97. _______________ are placed to ensure that the
(a) Reporting of responsibility and authority of each database always corresponds and comply with its
function. definition standards.
(b) Definition of responsibilities and objectives of (a) Existence/Backup Controls
each functions. (b) Definition Controls
(c) Reporting responsibility and authority of each (c) Access Controls
function.
(d) Update Controls
98. ____ ensure the existence of the database by
91. _______________________assists end-users to establishing backup and recovery procedures.
employ end-user hardware and software such
(a) Existence/Backup Controls
as micro-computers, spreadsheet packages,
database management packages etc. and provided (b) Definition Controls
the technical support for production systems by (c) Access Controls
assisting with problem resolution. (d) Update Controls
(a) Help Desk or Technical support 99. __________ are designed to prevent unauthorized
(b) Network Operations individual from viewing, retrieving, computing or
(c) Data Preparation and Entry destroying the entity’s data.
(d) Production Control (a) Definition Controls
92. ________________________ has the responsibility (b) Existence/Backup Controls

for carrying out day-to-day monitoring of the (c) Update Controls
outsourcing contract. (d) Access Controls
(a) Help Desk or Technical support 100. _______________ restrict update of the database to
(b) Network Operations authorized users.
(c) Management of Outsourced Operations (a) Definition Controls
(d) Data Preparation and Entry (b) Existence/Backup Controls
(c) Update Controls
CLASSIFICATION BASED ON AUDIT FUNCTIONS (d) Access Controls
93. Application controls ensure that all transactions are 101. ________________ provide solutions, agreed-upon
_________________. schedules and strategies to overcome the data
(a) Authorized (b) Complete integrity problems that may arise when two update
(c) Accurate (d) All of the above processes access the same data item at the same
time.
(a) Definition Controls (d) All of the above

(b) Concurrency Controls 108. Transcription Errors is commonly made by
(c) Access Controls _______________.
(d) Update Controls (a) Human operators
102. ________________ ensure the accuracy, (b) By Optical Character Recognition (OCR)
completeness, and consistency of data maintained programs
in the database. (c) Both a and b
(a) Quality Controls (d) None of the above
(b) Definition Controls 109. ___________________ is a simple error of data entry
(c) Concurrency Controls that occur when two digits that are either individual
(d) Update Controls or part of larger sequence of numbers are reversed
when posting a transaction.
103. _____________________ prescribe the functions that
either human operators or automated operations (a) Transposition Error
facilities must perform. (b) Addition errors
(a) Scheduling Controls (c) Truncation errors

(b) Maintenance Controls (d) Substitution errors
(c) Operation Controls 110. __________________ occurs when an extra digit or
(d) All of the above character is added to the code.
104. ________ prescribe how jobs are to be scheduled on (a) Transposition Error
a hardware/software platform. (b) Addition errors
(a) Operation Controls (c) Truncation errors
(b) Scheduling Controls (d) Substitution errors
(c) Maintenance Controls 111. Mr. Vishal Tiwari, the Chief Information Officer
(CIO) of VKT enterprises notices that Inventory
Code “SQC1066” is recorded as “SQC10666”. This
105. _____________ prescribe how hardware is to be kind of error is known as _________________.
maintained in good operating order. (a) Transposition Error
(a) Maintenance Controls (b) Truncation errors
(b) Operation Controls (c) Addition errors
(c) Scheduling Controls (d) Substitution errors
(d) All of the above 112. ______________ occurs when a digit or character is
removed from the end of a code.
TYPES OF APPLICATION CONTROLS (a) Truncation errors
(b) Transposition Error
106. Which of the following statements state the purpose
of Controls in the boundary subsystem? (c) Addition errors
(d) Substitution errors
(a) To establish the identity and authenticity of
would-be-users of a computer system. 113. Mr. Pankaj Kumar, the Manager (Inventory) of
Narang enterprises notices that Inventory Code
(b) To establish the identity and authenticity of
“SQC1066” is recorded as “SQC106”. What kind of
computer-system resources that users wish to
error is this?
employ.
(c) To restrict the actions undertaken by users who
(b) Addition errors
obtain computer resources to a set of authorized
(c) Substitution errors
actions.
(d) Truncation errors
114. _________________ are the replacement of one digit
107. Which of the following is a part of boundary control? in a code with another.
(a) Cryptographic controls (a) Transposition Error
(b) Personal Identification Numbers (PIN) (b) Addition errors
(c) Biometric sets (c) Truncation errors
(d) Substitution errors
115. Ms. Prathama Trivedi, data analyst of Kumar (c) Valid code check (d) Check digits
enterprises notices that inventory code “SQC1066” 122. Which of the following checks are made against
is recorded as “SQC0661”. predetermined transactions codes, tables or order
(a) Transposition Error data to ensure that input data are valid?
(b) Truncation errors (a) Limit check (b) Picture check
(c) Addition errors (c) Valid code check (d) Check digits
(d) Substitution errors 123. A ____________________ is a control digit (or digits)
added to the code when it is originally assigned that
116. Mr. Raj Trivedi, the data entry operator of Prathama
allows the integrity of the code to be established
Ltd. While recording the inventory code, records
during subsequent processing.
Inventory Code “SQC1066” as “SQC1076”. This is an
(a) Check digits (b) Limit check
example of which of the following errors?
(c) Picture check (d) Valid code check
(b) Addition errors 124. The check digit can be ______________________.
(c) Truncation errors (a) Located anywhere in the codeas a prefix
(d) Substitution errors (b) Located anywhere in the code as a suffix
117. ___________ involves programmed procedures that (c) Embedded someplace in the middle.
examine the characters of the data in the field. (d) All of the above
(a) Field Interrogation
125. _____________________ ensure that the data
(b) Cryptographic controls delivered to users will be represented, formatted
(c) Personal Identification Numbers (PIN) and delivered in a consistent and secured manner.
(d) Biometric sets (a) Database controls
118. Which of the following statements depicts an
(b) Output controls
exposure that arises in the communication
(c) Update controls
subsystem?
(a) As data is transported across a communication (d) Report controls
subsystem, it can be impaired through 126. Which of the following component of a processor
attenuation, delay distortion, and noise. fetches programs from memory and determines
(b) The hardware and software components in a their type?
communication subsystem can fail. (a) Control unit (CU)
(c) The communication subsystem can be subjected (b) An Arithmetic and Logical Unit (ALU)
to passive or active subversive attacks.
(c) Registers
119. Which of the following exposure arise in the (d) All of the above
communication subsystem. 127. Which of the following component of a processor
(a) As data is transported across a communication performs operations?
subsystem, it can be impaired through (a) Control unit (CU)
attenuation, delay distortion, and noise. (b) Registers
(b) The hardware and software components in a
(c) Arithmetic and Logical Unit (ALU)
communication subsystem can fail.
(c) The communication subsystem can be subjected to (d) All of the above
passive or active subversive attacks. 128. Which of the following component of a processor
(d) All of the above is used to store temporary results and control
120. Which of the following type of check fieldis checked information?
by the program against predefined limits to ensure (a) Control unit (CU)
that no input/output error has occurred or at least (b) Registers
no input error exceeding certain pre-established
(c) An Arithmetic and Logical Unit (ALU)
limits has occurred?
(a) Picture check (b) Valid code check
(c) Limit check (d) Check digits 129. _____________ ensure that the data delivered to
121. Which of the following is a check againstentry into users will be represented, formatted and delivered
processing of incorrect or invalid characters? in a consistent and secured manner.
(a) Limit check (b) Picture check
(a) Output controls (c) Schedules supporting or additional item in the

(b) Update Controls accounts.
(c) Report Controls (d) All of the above
(d) Maintenance Controls
AUDIT TRAIL
130. Which of the following statement about Audit Trail
is true? 136. _________________ is a step-by-step record by which
(a) It is a step-by-step record by which accounting accounting data can be traced to their source.
data can be traced to their source. (a) Recording
(b) Audit Trails are logs that can be designed to (b) Audit Trail
record activity at the system, application, and (c) Audit documentation
user level. (d) Audit sampling
(c) Audit trail controls attempt to ensure that a
137. Audit Trails are ________ that can be designed to
chronological record of all events that have
record activity at the system, application, and user
occurred in a system is maintained.
level.
(a) Accounts (b) Ledgers

131. Output controls have to be enforced in a (c) Logs (d) Financial statement
______________________
138. Audit trail controls attempt to ensure that a
(a) Batch-processing environment
___________ record of all events that have occurred
(b) Online environment in a system is maintained.
(c) Either a or b (a) Chronological (b) Spatial
(d) Both a and b (c) Sequential (d) Cause effect
132. When mapping between the masters records to 139. The ___________________ shows the source and
transaction record results in a mismatch due nature of data and processes that update the
to failure in the corresponding record entry in database.
the master record; then these transactions are
(a) Accounting Audit Trail
maintained in a ________________.
(b) Operations Audit Trail
(a) Expense account
(c) Either a or b
(b) Suspense account
(d) Both a and b
(c) Remote account
(d) Extra ordinary expense account 140. The _______________ maintains a record of attempted
or actual resource consumption within a system.
133. A non-zero balance of the suspense accounts
(a) Accounting Audit Trail
reflects __________________.
(b) Operations Audit Trail
(a) The errors to be corrected
(c) Either a or b
(b) The errors to be increased
(d) Both a and b
(c) The errors to be reduced
(d) No effect CONCURRENT AUDIT AND TYPES OF
CONCURRENT AUDIT TOOLS
IS AUDIT AND AUDIT EVIDENCES
141. Continuous auditing techniques uses which of the
134. Audit Documentation refers to the following bases for collecting audit evidence?
______________________. (a) Use of embedded modules in the system to
(a) Record of audit procedures performed collect, process, and print audit evidence.
(b) Relevant audit evidence obtained (b) Special audit records used to store the audit
evidence collected.
(c) Conclusions the auditor reached
(c) Either a or b
(d) Both a and b
135. Why audit evidences are needed? 142. The _______________ software is built into the system
(a) Means of controlling current audit work. at those points where material processing occurs
(b) Evidence of audit work performed. which takes images of the flow of any transaction as
it moves through the application.
(a) Snapshot (c) Introduction of new regulations

(b) Integrated Test Facility (ITF) (d) All of the above
(c) System Control Audit Review File (SCARF)
(d) Audit Hooks JOB POSITIONS IN IT
143. ________________ is the creation of a dummy entity
149. ________________ is the title of the top most leaders
in the application system files and the processing
in a larger IT organization.
of audit test data against the entity as a means of
verifying processing authenticity, accuracy, and (a) CIO (Chief Information Officer)
completeness. (b) CTO (Chief Technical Officer)
(a) Snapshot (c) CSO (Chief Security Officer)
(b) Integrated Test Facility (ITF) (d) CISO (Chief Information Security Officer)
(c) System Control Audit Review File (SCARF) 150. _______________ is usually responsible for an
(d) Audit Hooks organization’s overall technology strategy.
144. ____________ technique involves embedding audit (a) CIO (Chief Information Officer)
software modules within a host application system (b) CSO (Chief Security Officer)
to provide continuous monitoring of the system’s
(c) CTO (Chief Technical Officer)

transactions.
(d) CISO (Chief Information Security Officer)
(a) Snapshot
(b) Integrated Test Facility (ITF) 151. _________________ is responsible for all aspects of
(c) System Control Audit Review File (SCARF) security, including information security, physical
security, and possibly executive protection.
(d) Audit Hooks
(a) CIO (Chief Information Officer)
145. When _____________ are employed, auditors can be
(b) CSO (Chief Security Officer)
informed of questionable transactions as soon as
they occur. (c) CTO (Chief Technical Officer)
(a) Snapshot (d) CISO (Chief Information Security Officer)
(b) Integrated Test Facility (ITF) 152. ________________ is responsible for all aspects of
(c) System Control Audit Review File (SCARF) data-related security. This usually includes incident
management, disaster recovery, vulnerability
(d) Audit Hooks
management, and compliance.
146. Which of the following is a reason as to why an
(a) CIO (Chief Information Officer)
organization is structured?
(b) CTO (Chief Technical Officer)
(a) Structure largely dictates how objectives and
(c) CSO (Chief Security Officer)
policies will be established.
(b) Structure dictates how resources will be allocated.
(c) Both a and b 153. _____________is responsible for the protection and
use of personal information.
(d) Either a or b
(a) CPO (Chief Privacy Officer)
ORGANISATION STRUCTURES AND (b) CIO (Chief Information Officer)
RESPONSIBILITES (c) CTO (Chief Technical Officer)
147. An organization is structured for which of the (d) CSO (Chief Security Officer)
following reasons? 154. __________________ is usually responsible for the
(a) Structure largely dictates how objectives and overall information systems architecture in the
policies will be established. organization.
(b) Structure dictates how resources will be allocated. (a) Systems Architect
(c) Either a or b (b) Systems Analyst
(d) Both a and b (c) Software Developer
(d) Software Tester
148. Organisational structures can change for which of
the following reasons? 155. _____________ may develop technical requirements,
program design, and software test plans.
(a) Change in long term or short term objectives
(a) Systems Architect
(b) Change in market conditions
(b) Systems Analyst
(c) Software Developer (c) Network Administrator

(d) Software Tester (d) Telecom Engineer
156. __________________ develops application software. 163. ________________ builds and maintains network
(a) Systems Architect devices such as routers, switches, firewalls, and
(b) Systems Analyst gateways.
(c) Software Programmer (a) Network Engineer
(d) Software Tester (b) Network Architect
157. _________________ tests changes in programs made (c) Network Administrator
by software developers. (d) Telecom Engineer
(a) Systems Architect 164. _________________performs routine tasks in the
(b) Systems Analyst network such as making minor configuration
(c) Software Developer changes and monitoring event logs.
(d) Software Tester (a) Network Architect
158. _____________________ is usually responsible for (b) Network Engineer
the overall information systems architecture in the (c) Telecom Engineer
organization. (d) Network Administrator

(a) Systems Architect 165. __________________work with telecommunications
(b) Systems Analyst technologies such as data circuits, phone systems,
and voicemail systems.
(c) Software Developer/Programmer:
(a) Network Architect
(d) System Programmer
(b) Network Engineer
159. __________________ develops logical and physical (c) Telecom Engineer
designs of data models for applications. With
(d) Network Administrator
sufficient experience, this person may also design
166. _____________________ is usually also responsible
an organization’s overall data architecture.
for the design of services such as authentication,
(a) Database Architect e-mail, and times synchronization.
(b) Database Administrator (a) Systems Engineer
(c) Database Analyst (b) Storage Engineer
(d) All of the above (c) Systems Architect
160. _________________ monitors databases, tunes them (d) Systems Administrator
for performance and efficiency, and troubleshoots 167. _____________________ is responsible for designing,
problems. building, and maintaining servers and server
(a) Database Architect operating systems.
(b) Database Administrator (a) Systems Architect
(c) Database Analyst (b) Systems Engineer
(c) Storage Engineer
(d) Systems Administrator
161. ___________________ performs tasks that are junior
168. ___________________ is responsible for designing,
to the database administrator, carrying out routine
building, and maintaining storage subsystems.
data maintenance and monitoring tasks.
(a) Storage Engineer
(a) Database Architect
(b) Systems Architect
(b) Database Administrator (c) Systems Engineer
(c) Database Analyst (d) Systems Administrator
(d) All of the above 169. _____________________ is responsible for performing
162. _________________ designs data and (increasingly) maintenance and configuration operations on
voice networks and designs changes and upgrades systems.
to the network as needed to meet new organization (a) Storage Engineer
objectives. (b) Systems Architect
(a) Network Engineer (c) Systems Engineer
(b) Network Architect (d) Systems Administrator
170. _____________________ is responsible for overall (a) Security Architect (b) Security Engineer
operations that are carried out by others. (c) Security Analyst (d) Security Auditor
Responsibilities will include establishing operations 178. ____________________ is responsible for examining
shift schedules. logs from firewalls, intrusion detection systems,
(a) Operations Manager and audit logs from systems and applications. This
(b) Operations Analyst position may also be responsible for issuing security
(c) Controls Analyst advisories to others in IT.
(d) Systems Operator (a) Security Architect (b) Security Engineer
171. ___________________ is be responsible for the (c) Security Analyst (d) Security Auditor
development of operational procedures; examining 179. ________________ is responsible for performing
the health of networks, systems, and databases; internal audits of IT controls to ensure that they are
setting and monitoring the operations schedule; being operated properly.
and maintaining operations records. (a) Security Architect (b) Security Engineer
(a) Operations Manager (c) Security Analyst (d) Security Auditor
(b) Controls Analyst 180. ___________________ is responsible for providing
(c) Operations Analyst front line user support services to personnel in the
(d) Systems Operator organization.

172. ____________________ is responsible for monitoring (a) Security Architect (b) Help desk Analyst
batch jobs, data entry work, and other tasks to make (c) Security Analyst (d) Technical Support Analyst
sure that they are operating correctly. 181. __________________ is responsible for providing
(a) Operations Manager technical support services to other IT personnel,
(b) Controls Analyst and perhaps also to IT customers.
(c) Operations Analyst (a) Security Architect (b) Security Engineer
(d) Systems Operator (c) Security Analyst (d) Technical Support Analyst
173. _________________is responsible for monitoring
systems and networks, performing backup tasks, SEGREGATION OF DUTIES
running batch jobs, printing reports, and other 182. ___________________________ is also known as
operational tasks. separation of duties.
(a) Operations Manager (a) Segregation of duties
(b) Operations Analyst (b) Accounting audit trail
(c) Controls Analyst (c) Operational audit trail
(d) Systems Operator (d) None of the above
174. __________________ is responsible for keying batches 183. SOD ______________________________.
of data from hard copy sources. (a) Is concerned with the large volume sensitive data
(a) Data Entry Operator(b) Operations Analyst and privilege control and check and balances
(c) Controls Analyst (d) Systems Operator over the possession of such data .
175. _________________________ is responsible for (b) Ensures that single individuals do not possess
maintaining and tracking the use and whereabouts excess privileges that could result in unauthorized
of backup tapes and other media. activities such as fraud or the manipulation or
(a) Data Entry Operator exposure of sensitive data.
(b) Operations Analyst (c) Separates individuals or groups are responsible
(c) Media Librarian for the creation of vendors, the request for
(d) Controls Analyst payments, and the printing of checks.
176. ________________ is responsible for the design of (d) All of the above
security controls and systems such as authentication,
audit logging, intrusion detection systems, intrusion Miscellaneous
prevention systems, and firewalls.
184. Due to widespread use of IT in business, there is a
(a) Security Architect (b) Security Engineer
need to ensure that all information that is generated
(c) Security Analyst (d) Security Auditor
from system is accurate, complete and reliable for
177. ________________ is responsible for designing, decision–making. This need is achieved by
building, and maintaining security services and
(a) Information Security
systems that are designed by the security architect.
(b) Information System Controls
(c) Information System Audit 192. Database Backup procedures are scheduled
(d) Shift over to Manual System for every hour on the customer sales records
of the Enterprise Database. This is an example
185. Control Objectives define what is sought to be
of__________________________ Controls.
accomplished by implementing the control and the
purpose thereof. What are the purposes of these
control objectives? (c) Corrective (d) Compensatory
193. Hash Totals are calculated both at the sender and
(a) Outline the policies of the organization as laid
receiver end of the data Transmission Network.
down by the Management.
This is an example of__________________________
(b) Provide a Benchmark for evaluating whether
Controls.
control objectives are met.
(c) Both ‘a’ and ‘b’.
(c) Corrective (d) Compensatory
(d) None of the above. 194. Based on IS Audit Functions, controls may be
186. Which of these is not a control objective, in the classified into managerial controls and Application
context of IT Environment? controls. In this regard, identify which of these is
(a) Completeness (b) Validity not covered under Application controls?

(c) Error Handling (d) Transparency (a) Source Document Controls
(b) Data backup and recovery
187. Environmental Controls, Physical Access Controls
and Logical Access Controls are sub types of (c) Motivating, guiding and communication
Controls based on with Personnel
(d) Media Identification
(a) Functional Nature
195. Use of Dry pipe sprinkling systems, water sprinkling
(b) Nature of IS Resources
systems and Halon systems are all example of
(c) Objectives of Controls
(a) Fire Protection Techniques
(d) Audit Functions.
(b) Fire Management Techniques
188. Which of these is an example of preventive control (c) Fire Suppression Techniques
in an IT Environment?
(d) Firewalls
(a) Intrusion Detection Systems
196. Which of the following Locks on doors is appropriate
(b) Anti – Virus Software
in places where extremely sensitive facilities must
(c) Echo Control in Telecommunications be protected, e.g., military defense systems?
(d) Duplicate checking of calculations. (a) Cipher Locks
189. Detective controls are designed to detect errors, (b) Bolting Door Locks
omissions or malicious acts that occur and report (c) Electronic Door Locks
the occurrence. Identify which of these is NOT a
(d) Biometric Door Locks
detective control measure.
(a) Overdue Accounts Receivable Report 197. Which of the following is not a Physical Access
Control measure?
(b) Error Message over Tape Labels
(a) Perimeter Fencing
(c) Cash Counts and Bank Reconciliation
(b) User Password Management
(d) Firewalls
(c) Controlled single entry Point
190. One of the classifications of IT controls is Preventive
Controls, Detective Controls, Corrective controls (d) Dead Man doors
and compensatory controls. In this regard, “Access 198. IN the context of Technical Exposures/Threats to
Control, e.g. use of Passwords”, is an example Information Systems, a Bomb can be
of__________________________ Controls. (a) Time Bomb (b) Logic Bomb
(a) Preventive (b) Detective (c) Both ‘a’ and ‘b’ (d) None of the above
199. Where an Intruder attempts to violate the integrity
191. The user ID of an Employee, who initiates a
of some components in the sub system, by using
transaction, is recorded in the database. This is an
an Invasive Tap or an Inductive Tap, it is called
example of __________________________ Controls.
as________________.
(a) Wire Trapping
(b) Shut Down of Computer
(c) Subversive Threat (d) Application and Monitoring System Access

(d) Denial of Service Attack 206. “Sensitive System isolation” as a Logical Access
200. Password management functions consists of Control Technique can be classified under the
___________________ of Passwords heading
(a) Allocation and Storages (a) Application and Monitoring System Access
(b) Revocation (b) Operating System Access
(c) Re – issue (c) Network Access Control
(d) All of the above (d) User Responsibilities
201. “Users should ensure that none of the equipment 207. “Terminal Time Out” as a Logical Access Control
under their responsibility is ever left unprotected. Technique can be classified under the heading
They should also secure their PCs with a password, (a) Operating System Access
and should not leave it accessible to other.” This (b) Application and Monitoring system Access
principle is within the scope of Logical Access (c) User Management
control under
(d) Network
(a) User Access Management
208. “Limits on the number of Incorrect Passwords” as a

(b) user Password Management
Logical Access Control Technique can be classified
(c) User Responsibilities under the heading
(d) Privilege Management (a) User Responsibilities
202. Which of the following is NOT within the scope (b) Application and Monitoring System Access
of Logical Access control under “Network Access (c) User Management
Control”?
(d) Operating System Access
(a) Use of call back devices
209.The scope of Management Control s includes
(b) Connection and routing control
(a) Framing high level IT Polices, Procedures and
(c) Security of Network Services
Standards holistic view.
(b) Establishing a sound Internal Controls
203. In the context of Logical Access control under Framework within the organization.
“Operating System Access”, if the terminal (c) Both ‘a’ and ‘b’.
is inactive for a defined period, the system
(d) None of the above.
should___________________.
(a) Alert the IS Auditor is this regard. 210. Controls that cover activities to identify major
threats to the IS functions, and to design, implement,
(b) Log out the user from the system.
operate, and maintain controls that reduce expected
(c) Ask the User from the system. losses from these threats to an acceptable level are
(d) None of the above. classified under
204. In the context of Logical Access Control under (a) Systems Development Management Control
“Operating System Access”, if users are forced to (b) Programming Management Control
execute some instruction under treat, under threat, (c) Resource Management Control
the system should provide a means to alert the
(d) Security Management Control
authorities. This is called__________________.
(a) Discretionary Access control 211. Which of the following is the correct sequence of
Program Development Life Cycle (PDLC)?
(b) Terminal Time Out
(a) Planning, Control, Design, Coding, Testing,
(c) Duress Alarm
Operation and Maintenance
(d) System Alert
(b) Planning, Testing, Design, Coding, Control
205. “Clock Synchronization” as a Logical Access Operation and Maintenance
control technique can be classified under the (c) Planning, Design, Control, Coding, Testing
heading_________________________________. Operation and Maintenance
(a) User Management (d) Design, Planning, Coding, Testing Control,
(b) User Responsibilities Operation and Maintenance
(c) Network Access Control
212. Which of the following is not part of Control Activities (b) Input Control
for maintaining the integrity of the database? (c) Processing Control
(a) Definition Controls (d) Communication Control
(b) Quality Controls 215. “Field Initializations” is an example
(c) Existence / Backup Controls of___________________ controls.
(d) Piggybacking Controls (a) Data Coding
213. Which of these are within the scope of Security (b) Data Processing
Management control? (c) Data Validation
(a) Insurance (d) Data Identification
(b) Disaster Recovery Plan 216. Maintaining integrity of these Internal tables,
(c) Business Continuity Plan i.e., Pay Rate Table, Price Table and Interest
(d) All of the above Table, etc. is important. This is achieved
214. _____________ establishes interface between the through___________________ controls.
User of the system and the system itself. (a) Report (b) Update
(a) Boundary Control (c) Table (d) System

Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d d d b a c c a b d a b c d d c d c c d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
b b a b d a c b d d b d a b a c a a b a
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
b c d b d a c b a c a c d a b a c c a d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b d b a c d a b c a d a c b d c a b d d
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
c b a a c d a d d d a c d a b c b a d c
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
b a c b a d d c a b c a d c b d a d d c
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
b c a d b a c b a d d b a d d b c a a b
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
d a b b b c d d a c b d a a b c d a a b
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
c b a d c c b a d a c b d a c a b c d b
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200
d a d b c d b b d a a c b c c d b c c d
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
c d b c d a a d c d b d d a b a
c h a p t e r
C h a p t e r
4
E-Commerce, M-Commerce
and Computing Technologies

V
R I
e – Mall (electronic mall)
T
An e-mall, in its basic form, consists of a collection of e-shops usually grouped under a single Internet address. It is a website
that displays electronic catalog from several suppliers, and charges commission from them for the sales revenue generated
at that site. The basic idea of it is the same as retailing model of a regular shopping mall, a conglomeration of different e-shops
that provide consumers a one-stop shopping place offering variety of products and services.
M
They are mainly of following types:
◘◘ General stores/malls: These are online stores that have a variety of items for sale and do not specialize in selling any
one item and are thus called General stores.
O
Example: amazon.comwhich is primarily an e-mall that provides platform to vendors sell and users to purchase various
products ranging from books, music, movies, housewares, electronics, toys, clothes etc.
.
◘◘ Specialized stores/malls: The specialized stores would sell only specialized items.
Example: www.99acres.comis a website that specializes in buying and selling property and housing on an online
F
platform.
O
e-Rupi
Government of India has launched a new mode of cashless and contactless digital payment named e-Rupi based on UPI
R
systems to ensure seamless transfer of benefits to the citizens in a “leak-proof” manner.
ww It is an e-voucher, which will be delivered to beneficiaries in the form of a QR code and SMS-string-based voucher
P
through which funds will be directly transferred to their bank account.
ww These vouchers are person- and purpose-specific, meaning if they are released by the government for the purpose
of vaccination, for instance, then they can be redeemed only for that.
ww This contactless e-RUPI is easy, safe, and secure as it keeps the details of the beneficiaries completely confidential.
ww The entire transaction process through this voucher is relatively faster and at the same time reliable, as the required
amount isalready stored in the voucher.
ww Any government agency and corporation can generate e-RUPI vouchers via their partner banks.
Blockchain
Blockchain, also referred as Distributed Ledger Technology(DLT) is
ww a shared,
ww peer-to-peer, and
ww decentralized
open ledger oftransactions system with no trusted third parties in between.
C h a p te r 4 : E - Co m m erce, M - Co m m erce and Co m p ut ing Tec hno lo gi es 145
ww This ledger database has every entry as permanent as it is an append-only database which cannot be changed or
altered.
ww All transactions are fully irreversible with any change in the transaction being recorded as new transaction.
ww The decentralised network refers to the network which is not controlled by any bank, corporation, or government.
ww A blockchain generally uses a chain of blocks, with each block representing the digital information stored in public
database (“the chain”).
ww A simple analogy for understanding blockchain technology is a Google Doc.
ww When we create a document and share it with a group of people, the document is distributed instead of copied or
transferred.
ww This creates a decentralized distribution chain that gives everyone access to the document at the same time.
ww No one is locked out awaiting changes from another party, while all modifications to the document are being
recorded in real-time, making changes completely transparent.
How does a transaction get into the blockchain?

Applications
1. Financial Services: Blockchain can be used to provide an automated trade lifecycle in terms of the transaction log of any
transaction of asset or property - whether physical or digital suchas laptops, smartphones, automobiles, real estate, etc.
from one person to another.
2. Healthcare: Blockchain provides secure sharing of data in healthcare industry by increasing the privacy,security, and
interoperability of the data by eliminating the interference of third party and avoiding the overhead costs.
3. Government: At the government front, there are instances where the technical decentralization isnecessary but
politically should be governed by governments like land registration, vehicle registration and management, e-voting etc.
Blockchain improves the transparency and provides a better way to monitor and audit the transactions in these systems.
4. Travel Industry: Blockchain can be applied in money transactions and in storing important documents like passports/
other identification cards, reservations and managing travel insurance, loyalty, and rewards thus, changing the working
of travel and hospitality industry.
5. Economic Forecasts: Blockchain makes possible the financial and economic forecasts based on decentralized prediction
markets, decentralized voting, and stock trading, thus enabling the organizations to plan and shape their businesses.
Risks
1. With the use of blockchain, organizations need to consider risks with a wider perspective as different members of a
particular blockchain may have different risk appetite/risk tolerances that may further lead to conflict when monitoring
controls are designed for a blockchain. There may be questions about who is responsible for managing risks if no one
party is in-charge and how proper accountability is to be achieved in a blockchain.
2. The reliability of financial transactions is dependent on the underlying technology and if this underlying consensus
mechanism has been tampered with, it could render the financial information stored in the ledger to be inaccurate and
unreliable.
3. In the absence of any central authority to administer and enforce protocol amendments, there could be a challenge
in the establishment of development and maintenance of process control activities and in such case, users of public
blockchains find difficult to obtain an understanding of the general IT controls implemented and the effectiveness of
these controls.
4. As blockchain involves humongous data getting updated frequently, risk related to information overload could potentially
challenge the level of monitoring required.
5. To find competent people to design and perform effective monitoring controls may again prove to be difficult.
Controls
1. As opposed to traditional manual techniques, computerized continuous monitoring techniques shall be used to perform
ongoing evaluations, considering the large volume of data processed and the frequency at which these transactions are
getting processed.
2. Suitable data analytics procedures shall be developed to identify and obtain relevant and quality data from the blockchain
so that it can then be processed into information that subsequently can be used to support management’s business
processes and reporting objectives.
3. Communication methods shall be developed to ensure that operational changes and updates relating to the use of
blockchain are communicated to appropriate personnel so that internal control related responsibilities are carried out in
proper manner.
4. The unique aspects of blockchain such as consensus protocols, smart contracts, and private keys, as well as factors
relating to the ongoing health, governance, and overall reliability of the blockchain in use; shall be assessed thoroughly.
5. Both internal and external auditors shall be engaged in discussions during the development or identification of a
blockchain so as to make the management understand the typical auditability issues associated with using blockchain.
Subsequently, processes can be established to mitigate against those issues so that the appropriate information and
support for transactions is available.

CA Trivedi and Narang Insurance Co. (India) Ltd. is country’s largest medical and general insurance
services provider in the country. It has a collaborative network of more than 25,000 hospitals and a
SE
customer base of more than 85,00,000 customers across the country. It handles Mediclaim requests of
approximately 51,000 patients on daily basis. The numbers are so large that there is a great risk of
S TU D Y
fraud in Mediclaim processing. Keeping the situation in mind, Trivedi and Narang Insurance Co. (India)
Ltd. urgently needs a modern computing technology that can handle such a huge volume of Mediclaim
requests from 85 lacs customers and 25,000 hospitals and mine data from partner hospitals to detect
and prevent fraud at the right time. It appoints Parimal Jha and Associates as its auditor. You are an
article clerk with Parimal Jha and Associates.
Required:
i. As an auditor, which emerging computing technology will you suggest to Trivedi and Narang
Insurance Co. (India) Ltd.?
ii. Define the suggested emerging computing technology.
iii. Explain the Computing Architecture and resources of the suggested emerging computing
technology

CA Prathama Ltd. has recently launched an e-commerce web portal “www.pendriveclass.com” to promote
its books, study notes, DVDs, Pen drive lectures and online video tutorials with animation. It also
SE
deals in corporate, retail, consumer, social, political and community related databases of very
sensitive, sensitive and general nature. It has recently collaborated with 3 of the like-minded virtual
S TU D Y
organizations (communities) in the same field to gain the benefits of synergy and an strategic edge
over its rivals like Amazon, Flipkart and Snapdeal. The CEO, Prathama Trivedi, is planning to use the
services of the cloud service providers (CSPs) to reduce the burden of IT Management by outsourcing
the whole IT infrastructure to a third party vendor. She appoints you an advisor on this matter.
Required: Suggest her the most suitable Cloud Computing Deployments, keeping the nature, diversity
and complexity of business of Prathama Ltd. in mind.

Flipkart started as E-commerce and has now moved to M-commerce space.
Back in 2007, when Flipkart was launched, Indian e-commerce industry was taking its beginner steps.
The company is registered in Singapore, but their headquarters are in the city of Bangalore, India.
CA The promoters are Binny Bansal and Sachin Bansal.
One can easily call that a risky move.
SE
Flipkart began selling books to begin with. It soon expanded and began offering a wide variety of
S TU D Y
goods. Innovating right from the start, Flipkart has been home to few of the striking features of Indian
e-commerce. Flipkart made good profits in the first few years of its existence. Flipkart raised funds
through venture capital funding. As the company grew in stature, more funding arrived.
Flipkart addressed major issues in online purchasing in India. Indians love to pay after getting
the product in hand so Flipkart was the first to implement the popular ’Cash On Delivery’ facility,
which every online shopping website in India offers as an option today. Second major issue Flipkart
addressed was timely delivery. It was more of a cultural revolution to ensure the whole supply chain
was revamped and sensitized to the issue of timely delivery.

JUGNOO started as an m-commerce company.

Jugnoo is an auto-rickshaw aggregator, focused on doubling the driver’s efficiency and earnings,
and providing affordable transportation to the masses on a tap. There are around 5 million
CA auto-rickshaws in our country, whereas the utilization is only 30%. Jugnoo started operations in
October 2014 from Chandigarh.
SE
Despite being one of the most popular and economical modes of public transportation in
S TU D Y
India, auto-rickshaws have remained highly underutilized due to inefficiencies prevalent in the
conventional hailing procedure such as availability and fares. Jugnoo was started with a vision
to overcome these roadblocks by bringing structure into this space, aggregating auto-rickshaws
via technology, thereby, and enabling optimum utilization of resources.

OYO started as an m-commerce company.
OYO MEANS”ON YOUR OWN”. OYO Rooms was nothing but an idea to create India’s largest chain
CA of efficient, young, standardized rooms with an intention to build the coolest chain of no add-on (rooms
which might not have Spa, Gym etc.) like the star hotels but will live up to the basic standards & high
SE
expectations for prices like never before. The rooms would have few basic amenities including, clean
rooms, clean linen, AC, clean bathroom, free wifi, and free breakfast.
S TU D Y
The teenage boy – Ritesh Agarwal is the young Founder & CEO of OYO Rooms – fastest growing
Branded network of hotels offline & online. OYO rooms does nothing out of the box but provides
travelers the coolest yet cheapest efficient, young, standardized rooms with no add-ons attached to it!

A person in Hydrabad was caught for returning mobiles with defective parts
Modus operandi:
CA He used to buy new mobile online from India’s largest m-commerce vendor.
Return them with complaint that mobile purchased is defective.
SE
He used to replace the new mobiles internal components with defective components.
He kept on doing this for two years before being caught.
S TU D Y
What control lapse lead to above fraud?

Entities poor policy documentation regarding accepting mobile returns as defective.
Within the organization there must have been a person putting a red mark when the
same person was returning mobiles as defective. This reflects poor audit mechanism.

CA Purchase fake/inferior products online.
Certain websites allow anybody to sell products on, which creates a market for fake and bootleg
SE
products. It is important to check the history of the seller and read all the details to ensure the
product is the brand name product you originally intended to buy. A good rule of thumb is that if it’s
S TU D Y
too good to be true, it usually is. Designer headphones, purses, and watches will always cost around
retail price online.

CA Indian Railway Catering and Tourism Corporation (IRCTC) is a subsidiary of the Indian Railways that
SE handles the catering, tourism and online ticketing operations of the Indian railways, with around
5,50,000 to 6,00,000 bookings everyday is the world’s second busiest network and a web portal. It’s
tagline is “Lifeline of the nation”. It pioneered internet-based rail ticket booking through its website,
S TU D Y
as well as from the mobile phones via WiFi, GPRS or SMS. It also provides SMS facility to check PNR
status and Live Train Status as well. In addition to e-tickets, Indian Railways Catering and Tourism
Corporation also offers I-tickets that are basically like regular tickets except that they are booked
online and delivered by post.
Required:
i. Considering the number of users IRCTC has, you are supposed to find out the kind of Networking
Architecture used by it.
ii. Define the particular kind of Networking Architecture of IRCTC.
iii. Explain the need of using such type of Networking Architecture by IRCTC.
iv. Mention the advantages of the Networking Architecture of IRCTC.

CA Five Japanese automobile companies of Japan (Mitsui, Mitsubishi, Fuyo, Sanwa and Sumitomo) in
collaboration with its banker DKB (Dai-ichi Kangyo Bank), 20 distributors and 18 suppliers have formed
SE
a “Horizontal and Vertical keiretsu” to compete against it’s main rivals in International market, Ford
Automobiles and General Motors and to gain a competitive advantages over them. To communicate
S TU D Y
and share data, documents, files, databases and other computing resources with privacy and in a
secured manner, these companies have formed a private logical network.
Required:

i. What is private logical network called?
ii. How many types of private logical networks are there. Define all of them.
iii. Name the kind of private logical network being used by the “Keiretsu” partners from the above-
mentioned types.

Question 1: Considering the Covid situation nowadays, there has been a paradigm shift on the usage of electronic
devices like servers, laptops, tablets, storage devices and various networking and communication devices like routers
etc. Thus, arises the dire need to have relevant reforms to reduce the use of hazardous materials and importance of
recyclability or biodegradability of these defunct products and factory waste. The said objective is achieved using Green
Computing Best Practices. Elaborate some practices of these in detail. (RTP December 2021)
Answers: The details of Green Computing Practices are as follows:
1. Develop a sustainable Green Computing plan
ww Involve stakeholders to include checklists, recycling policies, recommendations for disposal of used equipment,
government guidelines and recommendations for purchasing green computer equipment in organizational
policies and plans;
ww Encourage the IT community for using the best practices and encourage them to consider green computing
practices and guidelines.
ww On-going communication about and campus commitment to green IT best practices to produce notable results.
ww Include power usage, reduction of paper consumption, as well as recommendations for new equipment and
recycling old machines in organizational policies and plans; and
ww Use cloud computing so that multiple organizations share the same computing resources thus increasing the
utilization by making more efficient use of hardware resources.
2. Recycle
ww Dispose e-waste according to central, state and local regulations;
ww Discard used or unwanted electronic equipment in a convenient and environmentally responsible manner as
computers emit harmful emissions;
ww Manufacturers must offer safe end-of-life management and recycling options when products become unusable;
and
ww Recycle computers through manufacturer’s recycling services.
3. Make environmentally sound purchase decisions
ww Purchase of desktop computers, notebooks and monitors based on environmental attributes;
ww Provide a clear, consistent set of performance criteria for the design of products;
ww Recognize manufacturer efforts to reduce the environmental impact of products by reducing or eliminating
environmentally sensitive materials, designing for longevity, and reducing packaging materials; and
ww Use Server and storage virtualization that can help to improve resource utilization, reduce energy costs, and
simplify maintenance.
4. Reduce Paper Consumption
ww Reduce paper consumption by use of e-mail and electronic archiving;
ww Use of “track changes” feature in electronic documents, rather than red line corrections on paper;
ww Use online marketing rather than paper-based marketing; e-mail marketing solutions that are greener, more
affordable, flexible and interactive than direct mail; free and low-cost online invoicing solutions that help cut
down on paper waste; and
ww While printing documents; make sure to use both sides of the paper, recycle regularly, use smaller fonts and
margins, and selectively print required pages.
5. Conserve Energy
ww Use Liquid Crystal Display (LCD) monitors rather than Cathode Ray Tube (CRT) monitors;
ww Develop a thin-client strategy wherein thin clients are smaller, cheaper, simpler for manufacturers to build than
traditional PCs or notebooks and most importantly use about half the power of a traditional desktop PC.
ww Use notebook computers rather than desktop computers whenever possible;
ww Use the power-management features to turn off hard drives and displays after several minutes of inactivity;
ww Power-down the CPU and all peripherals during extended periods of inactivity;
ww Try to do computer-related tasks during contiguous, intensive blocks of time, leaving hardware off at other
times;
ww Wherever possible, the devices that can perform more than one function should be used. For example, multi-
purpose printer saves energy by combining a printer, scanner, fax, and photocopier into one device.
ww Power-up and power-down energy-intensive peripherals such as laser printers according to need;
ww Employ alternative energy sources for computing workstations, servers, networks and data centers; and
ww Adapt more of Web conferencing offers instead of travelling to meetings to go green and save energy.
Question 2: Ms. Anita, a final year student of undergraduate course had to submit her project report in pdf form. She
initially prepared her report in MS Word and used online software from google to edit the photos used in her assignment.
Later, for final submission, she used online pdf converter to convert her word file into pdf. Identify the Cloud Computing
Service Model that is being used by her and further discuss the Model’s different instances. (RTP December 2021)
Answers: The Cloud Computing service model used by Ms. Anita is Software as a Service (SaaS). The different
instances of the model are as follows:
ww Testing as a Service (TaaS): This provides users with software testing capabilities such as generation of test
data, generation of test cases, execution of test cases and test result evaluation on a pay-per-use basis.
ww API as a Service (APIaaS): This allows users to explore functionality of Web services such as Google Maps,
Payroll processing, and credit card processing services etc.
ww Email as a Service (EaaS): This provides users with an integrated system of emailing, office automation,
records management, migration, and integration services with archiving, spam blocking, malware protection,
and compliance features.

Question 3: Write a short note on (i) Digital Library (ii) Payment Gateway. (RTP Jan – 221)
Answer:
(i) Digital Library
ww A Digital Library is a special library with a focused collection of digital objects that can include text, visual
material, audio material, video material, stored as electronic media formats (as opposed to print, microform,
or other media), along with means for organizing, storing, and retrieving the files and media contained in the
library collection.
ww Digital libraries can vary immensely in size and scope, and can be maintained by individuals, organizations, or
affiliated with established physical library buildings or institutions, or with academic institutions.
ww The digital content may be stored locally or accessed remotely via computer networks. An electronic library is a
type of information retrieval system.
(ii) Payment Gateway
ww Payment gateway is the payment mode through which customers shall make payments. Payment gateway
represents the way e-commerce / m-commerce vendors collects their payments.
ww The payment gateway is the last and most critical part of e-commerce transactions. These assure seller of
receipt of payment from buyer of goods/services from e-commerce vendors.
ww Presently numerous methods of payments by buyers to sellers are being used, including Credit / Debit Card
Payments, Online bank payments, Vendors own payment wallet, Third Party Payment wallets, like SBI BUDDY or
PAYTM, Cash on Delivery (COD) and Unified Payments Interface (UPI).
Question 4: PQR limited is planning to receive payment from the customers through Digital Payments. Though
there are lots of benefits of digital payments but there are drawbacks as well. Briefly explain any six drawbacks of digital
payments. (July 2021, 6 Marks)
Answer:
Some drawbacks of Digital Payments are listed below:
1. Difficult for a Non-technical person: As most of the digital payment modes are based on mobile phone, the
internet, and cards; these modes are somewhat difficult for non-technical persons such as farmers, workers etc.
2. The risk of data theft: There is a big risk of data theft associated with the digital payment. Hackers can hack the
servers of the bank or the E-Wallet a customer is using; and easily get his/her personal information. They can use
this information to steal money from the customer’s account.
3. Overspending: One keeps limited cash in his/her physical wallet and hence thinks twice before buying anything.
But if digital payment modes are used, one has access to all his/her money that can result in overspending.
4. Disputed transactions: In case the electronic money such as credit card is misused by someone else, it is very
difficult to receive a refund.
5. Increased business costs: Digital payment systems come with an increased need to protect sensitive financial
information stored in a business’s computer systems from unauthorized access. Businesses have to incur additional
costs in procuring, installing and maintaining sophisticated payment-security technologies.
6. The necessity of internet access: Digital payment cannot be performed if Internet connection fails.
Question 5: Hybrid cloud is a combination of both at least one private and at least one public cloud computing
environments. Explain the characteristics of Hybrid Cloud. (July 2021, 4 Marks)
Answer:
The characteristics of Hybrid Cloud are as follows:
1. Scalable: The hybrid cloud has the property of public cloud with a private cloud environment and as the public
cloud is scalable; the hybrid cloud with the help of its public counterpart is also scalable.
2. Partially Secure: The private cloud is considered as secured and public cloud has high risk of security breach. The
hybrid cloud thus cannot be fully termed as secure but as partially secure.
3. Stringent SLAs: In the hybrid cloud, the Service Level Agreements (SLAs) are overall more stringent than the
private cloud and might be as per the public cloud service providers.
4. Complex Cloud Management: Cloud management in hybrid cloud is complex as it involves more than one type of
deployment models, and the number of users is high.
Question 6: Explain the concept of green computing. How will you develop a sustainable green computing plan?
(January 2021, 6 Marks)
Answer:
Green Computing
ww Green Computing or Green IT refers to the study and practice of environmentally sustainable computing
or IT. It is the study and practice of establishing/ using computers and IT resources in a more efficient and
environmentally friendly and responsible way.
ww The objective of Green computing is to reduce the use of hazardous materials, maximize energy efficiency
during the product’s lifetime, and promote the recyclability or biodegradability of defunct products and factory
waste.
ww Green computing’s practices include the implementation of energy-efficient Central Processing Units (CPUs),
servers and peripherals as well as reduced resource consumption and proper disposal of electronic waste
(e-waste).
The steps to develop a sustainable Green Computing plan are as follows:
ww Involve stakeholders to include checklists, recycling policies, recommendations for disposal of used equipment,
government guidelines and recommendations for purchasing green computer equipment in organizational
policies and plans;
ww Encourage the IT community for using the best practices and encourage them to consider green computing
practices and guidelines.
ww On-going communication about and campus commitment to green IT best practices to produce notable results.
ww Include power usage, reduction of paper consumption, as wel l as recommendations for new equipment and
recycling old machines in organizational policies and plans; and
ww Use cloud computing so that multiple organizations share the same computing resources thus increasing the
utilization by making more efficient use of hardware resources.
Question 7: Explain various Control Objectives of e-commerce or m-commerce. (May-2018, 4 Marks)
Question 8: Draw Workflow Diagram for e-commerce and describe various steps and corresponding activities
involved in this diagram. (May-2018, 8 Marks)
Question 9: Describe the term ‘Digital Library’. (Nov-2018, 2 Marks)
Question 10: After demonetization, one of your elderly neighbours, who was using traditional digital methods of
making payments like cards, net banking etc., asked for your help to know about the various new methods of Digital Payments.
Identify and explain various new methods of Digital Payments for him.
(Nov-2018, 6 Marks)
Question 12: Discuss various application areas of ‘Virtualization’. (Nov-2018, 4 Marks)
Question 13: Write any two application areas of Internet of Things (IOT). (May – 2019, 3 Marks)
Question 14: Mobile computing is an important and rapidly evolving technology that allows users to transmit data
from remote location to other locations in mobility condition. Being a communication expert, identify the limitations in
current scenario that impede or hesitate users to use this technology frequently. (May – 2019, 8 Marks)
Question 15: Every business decision is accompanied with a set of threats and so is BYOD program. Explain briefly
the areas in which the risks associated with BYOD program can be classified.
(Nov – 2019, 4 Marks)
Question 16: Explain the concept of E-Commerce briefly. How can you protect your E-Commerce business from
intrusion? (Nov – 2019, 4 Marks)
Question 17: Write a brief description of three tier architecture of Application Software.
(Nov – 2019, 2 Marks)

Question 18: A customer X intends to place an order for an electric cooker on an online portal ABC.com. With the
help of the diagram, determine the general workflow of the E- Commerce transaction that will take place. (RTP May-2018)
Hint:
Step 1 - Customers Login Step 5 - Dispatch and Shipping Process
Step 2 - Product / Service Step 6 - Delivery Tracking
Step 3 - Customer Places Step 7 - COD Tracking
Step 4 - Payment Gateway
Question 19: E-business benefits individuals, businesses, government and society at large. As a business seller,
analyze the benefits that you would draw from e-business. (RTP Nov-2018)
Hint: E-businesses benefits individuals, businesses, governments and society at large. As a seller, the benefits to Business
/ Sellers are as follows:
ww Increased Customer Base ww Efficiency improvement due to
ww Recurring payments made easy ww Creation of new markets
ww Instant Transaction ww Easier entry into new markets
ww Provides a dynamic market ww Better quality of goods
ww Reduction in costs ww Elimination of Time Delays
Question 20: As an IT consultant, advise some tips to an aspiring e-commerce vendor so that his business can be
protected from intrusion. (RTP Nov-2018)
Hint: Tips to protect any e-Commerce business from intrusion are as follows:
ww Viruses
ww Hackers
ww Passwords
ww Regular software updates
ww Sensitive data
ww Know the details of your payment service provider contract.
Question 21: Discuss the concept of “Virtualization” and its application areas. (RTP May-2019)
Hint: In computing, Virtualization means to create a virtual version of a device of resource, such as a server, storage
device, network or even an operating system where the framework divides the resource into one or more execution
environments. Virtualization refers to technologies designed to provide a layer of abstraction between computer
hardware systems and the software running on them. By providing a logical view of computing resources, rather than
a physical view; virtualization allows its’ users to manipulate their systems’ operating systems into thinking that a
group of servers is a single pool of computing resources and conversely, allows its users to run multiple operating
systems simultaneously on a single machine. Thus, the core concept of Virtualization lies in Partitioning, which divides a
single physical server into multiple logical servers. For example - Partitioning of a hard drive is considered virtualization
because one drive is partitioned in a way to create two separate hard drives. Devices, applications and human users
can interact with the virtual resource as if it were a real single logical resource. Application Areas of Virtualization are as
follows:
ww Server Consolidation ww Portable Applications
ww Disaster Recovery ww Portable Workspaces
ww Testing and Training
Question 22: Though Mobile computing is a versatile and strategic technology that increases information quality
and accessibility; however, it has its own limitations. Analyze them. (RTP May-2019)
Hint: Limitations of Mobile Computing are as follows:
ww Insufficient Bandwidth ww Transmission interferences
ww Security Standards ww Potential health hazards
ww Power consumption ww Human interface with device
Question 23: The Prime Minister Office of a country X plans to establish specific infrastructure setup with its access
shared amongst members of the group constituting of some selected high-profiled dignitaries and officers from different
ministries. The objective of the group is to carry out certain assignments related to nation’s security and integrity. Which is the
most suitable choice of the cloud under Cloud Computing? Discuss its advantages and limitations as well. (RTP Nov-2019)
Hint: The most suitable choice is Community Cloud which is the cloud infrastructure provisioned for exclusive use by
a specific community of consumers from organizations that have shared concerns (e.g. mission security requirements,
policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations
in the community, a third party or some combination of them, and it may exist on or off premises. In this, a private cloud
is shared between several organizations. This model is suitable for organizations that cannot afford a private cloud and
cannot rely on the public cloud either.
Advantages of Community Cloud are as follows:
ww It allows establishing a low-cost private cloud.
ww It allows collaborative work on the cloud.
ww It allows sharing of responsibilities among the organizations.
ww It has better security than the public cloud.
The limitation of the Community Cloud is that the autonomy of the organization is lost and some of the security features
are not as good as the private cloud. It is not suitable in the cases where there is no collaboration.
Question 24: DEF is a car battery manufacturing company which intends to provide online business to its customers.
Briefly explain various components involved in any e-Commerce transaction. (RTP May-2020)
Hint: Various components of e-Commerce transaction are as follows:
i. User
ii. E-commerce Vendors
iii. Technology Infrastructure
ww Computers, Servers and Database ww Digital Library
ww Mobile Apps ww Data Interchange
iv. Internet/Network
v. Web portal
vi. Payment Gateway
Question 25: ABC University wants to conduct online exams for its different courses for which a contract is given
to vendor XYZ. The vendor provides computing resources such as processing power, memory, storage, and networks to
ABC university users to run their online exam application on-demand. Identify the Service Model of Cloud Computing
that vendor XYZ is providing to ABC University and also describe its characteristics. (RTP May-2020)
Hint: The Service Model provided by vendor XYZ to ABC University is Infrastructure as a Service (IaaS).
Characteristics of Infrastructure as a Service (IaaS) of Cloud Computing are as follows:
ww Web access to the resources ww Shared infrastructure
ww Centralized Management ww Metered Services
ww Elasticity and Dynamic Scaling
Question 26: Define the following: (Study Material)
a. E- Commerce d. Bring Your Own Device
b. M-Commerce e. Grid Computing Security
c. Machine learning
Question 27: What are the risks associated with E-Commerce Transactions that are high as compared to general
Internet activities? (Study Material)
Question 28: Miss Prathama is confused between e- business and e-commerce. Advise her whether they are the
same or not.
Question 29: Mr. Pankaj, the Managing Director of Carvinowledge Ltd, wants to know about e-commerce. He has
appointed you as his consultant. Explain to him the concept of E-commerce and its benefit to his enterprise and its

customers. (Study Material)
Question 30: E- Commerce has become an important part of day to day purchase by consumers. Discuss the
components of E- Commerce. (Study Material)
Question 31: E- Commerce has made our lives so convenient. However, it is not an unmixed blessing. Explain.
(Study Material)
Hint: This means it is a mixed blessing which means it has a positive as well as a negative side. It has some benefits as
well as some risks.
Question 32: D4Delivery.com is an online portal. How can it apply control in E- Commerce Environment?
Question 33: Carvinowledge is an online book seller and operates through its site Carvinowledge.com. It wants to
apply control in its E-Commerce Environment. On whom should control be placed?
Question 34: What are the Levels through which Cyber Breach can occur? Also illustrate the considerations as
controls addressing key cyber security risks. (Study Material)
Question 35: There are various types of traditional digital payment s method. Enumerate and explain different kinds
of traditional digital payment method. (Study Material)
Question 36: Digital Payment is a mechanism that has evolved with e-commerce transactions and is becoming
increasingly popular. Its advantageous for the banks to implement digital payments, however the same has certain
drawbacks also. Support the statement by identifying advantages as well as drawbacks of digital payments.
Question 37: Now-a-days, Credit Cards are extensively being used for payment purpose. As a consultant to credit
card section of a bank, advise the risks involved in the credit card process.
Question 38: Ms. Y is using Google Apps through which she can access any application, service and data storage
facilities on the Internet and pay asper-usage. Analyze which computing model is providing her these facilities. Also,
determine the model’s key characteristics. [May 2015]
Hint: Cloud computing model provides the facility to access shared resources and common infrastructure offering
services on demand over the network to perform operations that meet changing business needs. Thus, we can say that
Ms. Y is using the Cloud Computing model which allows her to use many computing resources as a service through
networks, typically the Internet. Also, Refer to page 212 (characteristics of Cloud Computing).
Question 39: Trivedi enterprises want to avail cloud service. What are the different types of clouds in a Cloud
computing environment? [Nov. 2014]
Question 40: Google provides cloud computing services. What are the advantages of Cloud computing?
[Nov. 2015]
Question 41: What is Mobile Computing? Discuss its components. [Nov. 2014, (Study Material)]
Question 42: Mobile computing gives users the freedom to roam, with access to data and services at any time and in
any place. However, there are also some limitations of mobile computing. Explain.
Question 43: What is Grid Computing? What are the possible reasons of using Grid Computing? [Nov. 2014]
Question 44: Vishal Insurance Corporation, an insurance company has established grid computing system in its enterprise
to mine data from partner hospitals for fraud detection. Discuss the benefits of grid computing. (Study Material)
Question 45: With the help of grid computing Eesha enterprises wants to configure internal and external resources
to support e-Business workload. Advise it on the type of resources it will need to successfully use grid computing.
Question 46: To develop security architecture, some constraints are taken from the characteristics of grid environment
and application. Explain.
Question 47: Virtualization means to create a virtual version of a device or resource, where the framework divides the
resource into one or more execution environments. Explain the types of virtualization. (Study Material)
Question 48: The concept of green computing was launched by the U.S. environmental protection agency in 1992
through the Energy Star program. What does green computing Refer to? Also state its objectives.
Question 49: Carvinowledge press, a publishing house follows a BYOD policy. Explain BYOD policy and its benefits.
Question 50: BYOD policy renders the workspaces flexible, empowers employees to be mobile and gives them the
right to work beyond their required hours. Despite all these benefits to the enterprise and its employees, Prathama ltd is
not agreeing to implement. What could be the possible reasons for so? (Study Material)
Question 51: What is semantic web? Also, what are the components of semantic web?
Question 52: What are the various risks of IOT?
Question 53: Artificial intelligence (AI) is on the rise both in business and in the world in general. What is Artificial
intelligence? Explain. Also, state its application.
Question 54: Artificial intelligence is attempting to duplicate the attributes of intelligent behavior and capabilities in
computer-based systems. What are the risks of Artificial intelligence?
Question 55: E-commerce business is expected to grow at a rapid pace. With the advancement in technology, such
as smart phones and Apps, it is clear that there will be astonishing growth for this sector in the coming years. In your
opinion, what are the latest trends evolving in the area of E-Commerce?
Question 56: What do you mean by Machine Learning? List down any 5 application areas of Machine Learning

Unit I - Computing Technologies (Emerging
Technologies)
CLOUD COMPUTING Payroll processing, and credit card processing
services etc.?
1. Which of the following are an email client? (a) Testing as a Service (TaaS)
(a) Gmail (b) Hotmail (b) Communication as a Service (CaaS)
(c) Yahoo (d) All of the above (c) Data as a Service (DaaS)
2. NIST stands for _____________________________. (d) API as a Service (APIaaS)
(a) Nigerian Institute of Standards and Technology 9. IaaS stands for _________________________.
(b) National Institute of Standards and Technology (a) Information as a Service
(c) National Institute of Science and Technology (b) Integration as a Service
(d) National Institute of Spain and Turkey (c) Investment as a Service

3. The ______________ of the cloud computing (d) Infrastructure as a Service
system comprises of the client’s devices and some
10. __________________ is the foundation of cloud
applications are needed for accessing the cloud
services.
computing system.
(a) SaaS (b) IaaS
(a) Back end (b) Front end
(c) Naas (d) CaaS
(c) Neither a Nor b (d) Both a or b
11. _________________ provides clients with access to
4. In cloud computing, the __________________ is a
server hardware, storage, bandwidth and other
cloud itself which may encompass various computer
fundamental computing resources.
machines, data storage systems and servers.
(a) SaaS (b) Naas
(a) Back end (b) front end
(c) Iaas (d) CaaS
(c) Neither a Nor b (d) Both a or b
12. NaaS stands for _________________________.
5. The front end in a cloud application consists
____________. (a) Network as a Service
(a) Fat client (b) Thin client (b) Software as a Solution
(c) Mobile device (d) All of the above (c) Node as a Service
(d) Node as a Solution
CLOUD COMPUTING SERVICE MODELS 13. ____________________ is a category of cloud services
where the capability provided to the cloud service
6. SaaS stands for _________________________.
user is to use network/transport connecting
(a) Solution as a Service services.
(b) Software as a Solution (a) SaaS (b) NaaS
(c) Software as a Service (c) IaaS (d) CaaS
(d) Sample as a Service
7. _________ includes a complete software offering on 14. _____________________ involves optimization of
the cloud. resource allocation by considering network and
(a) SaaS (b) IaaS computing resources as a whole.
(c) Naas (d) CaaS (a) Naas (b) SaaS
8. Which instance of SaaS allows users to explore (c) IaaS (d) CaaS
functionality of Web services such as Google Maps,
15. CaaS stands for _________________________. 22. What feature of a cloud service can completely
(a) Communication as a Solution isolate the failure of server and storage resources
(b) Communication as a Service from cloud users. Work is migrated to a different
physical resource in the cloud with or without user
(c) Customization as a Service
awareness and intervention.
(d) Customization as a Solution
(a) Resiliency
16. The _______________ vendor is responsible for all (b) Elasticity and Scalability
hardware and software management and offers
(c) Pay per use
guaranteed Quality of Service (QoS).
(d) On-demand service
(a) NaaS (b) SaaS
(c) IaaS (d) CaaS 23. Public cloud service providers often can host the
cloud services for multiple users within the same
17. Voice over IP (VoIP) and Instant Messaging (IM) is infrastructure. Which of the following features does
an example of _________________________. the above statement signify?
(a) CaaS (b) Naas (a) Pay per use
(c) SaaS (d) Iaas (b) On-demand service
18. PaaS stands for _________________________. (c) Multi Tenancy
(a) Platform as a Solution (d) Elasticityand Scalability
(b) Program as a Solution
(c) Platform as a Service CLOUD COMPUTING ENVIRONMENT
(d) Program as a Service 24. Which of the following cloud describes cloud
computing where resources are dynamically

CHARACTERISTICS OF CLOUD COMPUTING provisioned on an on-demand, self-service basis
19. Cloud computing gives us the ability to expand and over the Internet, via web applications/web
reduce resources according to the specific service services, from a third-party provider who bills on a
requirement. Which of the following features does utility computing basis?
the above statement signify? (a) Public (b) Community
(a) Elasticity and Scalability (c) Private (d) Hybrid
(b) Pay per use 25. A ___________ cloud is established for a specific
(c) On-demand service group or organization and limits access to just that
(d) Resiliency group.
(a) Public (b) Private
20. We pay for cloud services only when we use them,
either for the short term or for a longer duration. (c) Community (d) Neither a Nor b
Which of the following features does the above 26. _________________ are also called internal clouds.
statement signify? (a) Private (b) Public
(a) Elasticity and Scalability (c) Community (d) Hybrid
(b) Resiliency 27. A ___________ cloud is formed when several
(c) Pay per use organizations with similar requirements share
(d) On-demand service common infrastructure.
21. We invoke cloud services only when we need (a) Public (b) Private
them, they are not permanent parts of the IT (c) Community (d) Hybrid
infrastructure: this is a significant advantage for 28. A __________________ cloud is shared among two
cloud use as opposed to internal IT services. Which or more organizations that have similar cloud
of the following features does the above statement requirements.
signify?
(a) Community (b) Public
(a) Pay per use
(c) Private (d) Hybrid
(b) Elasticity and Scalability
29. A hybrid cloud is essentially a combination of
(c) Resiliency
______________.
(a) Private and public clouds only
(b) Public and community clouds only
(c) Community and private clouds only (b) It is feasible to confine within budgetary allocations
(d) At least two clouds, where the clouds included are and can be ahead of completion cycle times.
a mixture of public, private, or community. (c) Storing information in the cloud could make the
30. A _____________ cloud is essentially a combination company vulnerable to external hack attacks and
of at least two clouds. threats.
(a) Public (b) Private (d) Surrendering all the company’s sensitive
information to a third-party cloud service
(c) Community (d) Hybrid
provider could potentially put the company to
great risk.
BENEFITS/ DRAWBACKS OF CLOUD COMPUTING
31. Which of the following is a benefit of cloud MOBILE COMPUTING
computing?
35. _______________________ is a computing system
(a) Data and applications can be accesses anytime, where the users with portable computers still have
anywhere, using any smart computing device, network connections while they move.
making our life so much easier.
(a) Cloud computing
(b) Not required to spend huge money on hardware,
(b) Grid computing
software, or licensing fees.
(c) Mobile computing
(c) Volume output or productivity can be increased
even with fewer systems and thereby reduce the (d) Parallel computing
cost per unit of a project or product. 36. __________ refers to the infrastructure put in place to
(d) All of the above ensure that seamless and reliable communication

goes on.
32. Which of the following is a drawback of cloud
computing? (a) Mobile Communication
(a) Technical issues (b) Mobile Hardware
(b) Inter-operability (c) Mobile Software
(c) Storing information in the cloud could make the (d) All of the above
company vulnerable to external hack attacks and 37. _______________________ include devices such
threats. as Protocols, Services, Bandwidth and Portals
(d) All of the above necessary to facilitate and support the stated
services.
33. Which of the following is a drawback of cloud
computing? (a) Mobile Hardware
(a) Storing information in the cloud could make the (b) Mobile Software
company vulnerable to external hack attacks and (c) Mobile Communication
threats. (d) None of the above
(b) Getting more work done in less time with less 38. Which of the following is the correct sequence of
resources are possible. Mobile Computing?
(c) It is possible to make fast changes in our work (i) The user enters or accesses data using the
environment without serious issues at stake. application on handheld computing device.
(d) It is feasible to confine within budgetary (ii) Now both systems (handheld and site’s computer)
allocations and can be ahead of completion cycle have the same information and are in sync.
times. (iii) The process works the same way starting from the
34. Which of the following is a benefit of cloud other direction.
computing? (iv) Using one of several connecting technologies, the
(a) There are chances that all the application new data are transmitted from handheld to site’s
needed by the user may not be stationed with a information system where files are updated and
single cloud vendor and two vendors may have the new data are accessible to other system user.
applications that do not co-operate with each other. (a) (i), (ii), (iii), (iv) (b) (iv), (iii), (ii), (i)
(c) (i), (ii), (iv), (iii) (d) (i), (iv), (ii), (iii)
39. Which of the following is a benefit of mobile (a) Virtualization (b) Cloud computing
computing? (c) Grid computing (d) Mobile computing
(a) Cell phones may interfere with sensitive medical 44. Grid computing in general is a special type of
devices. Cell phone signals may cause health parallel computing that ______.
problems.
(a) Relies on the entire computer systems (with
(b) Weather, terrain, and the range from the nearest on-board CPU, storage, power supply, network
signal point can all interfere with signal reception. interface, and so forth)
Reception in tunnels, some buildings, and rural
(b) Is a computer network in which each computer’s
areas is often poor.
resources are shared with every other computer
(c) Screens and keyboards tend to be small, which in the system.
may make them hard to use.
(c) Connected to a network (private, public, or the
(d) Mobile device enables employees to work from Internet) by a conventional network interface.
anywhere, anytime by accessing and updating
information as required. Thus, increase in
workforce productivity. 45. Which of the following persons can incorporate grid
computing in its operations?
40. Which of the following is a drawback of mobile
computing? (a) Civil engineers collaborate to design, execute,
and analyse shake table experiments.
(a) Mobile computing gives users the freedom to
roam, with access to data and services at any time (b) An application service provider off loads excess
and in any place. load to a compute cycle provider.
(b) Screens and keyboards tend to be small, which (c) Large-scale science and engineering are done
may make them hard to use. through the interaction of people, heterogeneous
computing resources, information systems and
(c) Customer service can be improved by responding
instruments, all of which are geographically and
to customer queries on site or off site.
organizationally dispersed.
(d) Incident management can be improved by
resolving problems faster without limitation of
time as the concerned employees can attend to 46. Which of the following is a benefit of grid computing?
these regardless of their location. (a) Virtual resources and virtual organizations for
collaboration
GRID COMPUTING (b) Enforcing security rules
41. _______________________ is a computer network in (c) Access to additional resources

which each computer’s resources are shared with (d) All of the above
every other computer in the system. 47. In which of the following ways can a computation
(a) Cloud computing resources of a grid be exploited?
(b) Grid computing (a) To run an existing application on an available
(c) Mobile computing machine on the grid rather than locally
(d) Distributed Computing (b) To use an application designed to split its work in
such a way that the separate parts can execute in
42. Which of the following statement about Grid parallel on different processors
computing is true?
(c) To run an application, that needs to be executed
(a) It relies on entire computer systems (with on- many times, on many different machines in the
board CPU, storage, power supply, network grid.
interface, and so forth). (d) All of the above
(b) It is connected to a network (private, public, or 48. A grid providing an integrated view of data storage
the Internet) by a conventional network interface. is sometimes called a ______________.
(c) It is a special kind of distributed computing. (a) Knowledge grid (b) Data grid
(d) All of the above (c) Wisdom grid (d) Information grid
43. _________________ refers to technologies designed 49. Authentication and access control issues
to provide a layer of abstraction between computer (a) Provide authentication to verify the users,
hardware systems and the software, running on processes which have user’s computation, and
them. resources used by the processes to authenticate
(b) Allow local access control mechanisms to be used (b) Support for multiple implementations
without change. (c) Protection of Credentials
(c) Neither a Nor b (d) Interoperability with local security solutions
(d) Both ‘a’ and ‘b’
55. There should be a security policy which should
50. In a grid computing system, a user should
provide security to multiple sources based on
authenticate once and they should be able to
public and private key cryptography. Which of the
acquire resources, use them, and release them and
following feature of a grid security architecture is
to communicate internally without any further
highlighted in the above statement?
authentication. Which of the following feature of
(a) Support for secure group communication
a grid security architecture is highlighted in the
above statement? (b) Support for multiple implementations
(a) Protection of Credentials (c) Protection of Credentials
(b) Interoperability with local security solutions (d) Interoperability with local security solutions
(c) Single Sign-on
VIRTUALISATION
(d) Exportability
51. In a grid computing system, user passwords, 56. ____________ is the process of creating logical
private keys, etc. should be protected. Which of the computing resources from available physical
following feature of a grid security architecture is resources.
highlighted in the above statement? (a) Grid computing
(a) Single Sign-on (b) Mobile computing
(c) Virtualization

(b) Protection of Credentials
(c) Interoperability with local security solutions (d) Cloud computing
(d) Exportability 57. Virtualisation is the process of creating
52. Access to local resources should have local security _______________ computing resources from
policy at a local level. Despite of modifying every available physical resources.
local resource there is an inter-domain security (a) Arithmetic (b) Physical
server for providing security to local resource. (c) Logical (d) Reasonable
Which of the following feature of a grid security 58. Once installed, the virtualized computing resources
architecture is highlighted in the above statement? such as memory, CPUs, network and disk I/O
(a) Interoperability with local security solutions and storage can all be pooled and provisioned to
(b) Single Sign-on workloads without regard for its _______within a
(c) Protection of Credentials data centre.
(d) Exportability (a) Logical location (b) Physical location
53. The code should be exportable, i.e., they cannot use (c) Memory location (d) Hardware location
a large amount of encryption at a time. There should 59. The core concept of Virtualization lies in
be a minimum communication at a time. Which of ________________, which divides a single physical
the following feature of a grid security architecture server into multiple logical servers.
is highlighted in the above statement? (a) Partitioning (b) Consolidation
(a) Single Sign-on (c) Sedimentation (d) Decantation
(b) Protection of Credentials 60. Which of the following statement is true about
(c) Interoperability with local security solutions virtualization?
(d) Exportability (a) It means to create a virtual version of a device or
54. In a communication there are number of processes resource.
which coordinate its activities. This coordination (b) It refers to technologies designed to provide a
must be secure, and for this, there is no such layer of abstraction between computer hardware
security policy. Which of the following feature of systems and the software, running on them.
a grid security architecture is highlighted in the (c) It is the process of creating logical computing
above statement? resources from available physical resources.
(a) Support for secure group communication (d) All of the above
61. In ______________, a single physical server is divided 68. The basic idea of ___________________ is to
into multiple logical servers. consolidate many small physical servers into one
(a) Partitioning (b) Consolidation large physical server so that the processor can be
(c) Grouping (d) Both b and c used more effectively.
(a) Network virtualisation
62. _____________________ are used to consolidate many
physical servers into fewer servers, which in turn (b) Storage virtualisation
host virtual machines. (c) Operating virtualisation
(a) Virtual machines (d) Platform virtualisation
(b) Physical machines 69. _________________ is the apparent pooling of data
(c) Relational machines from multiple storage devices, even different types
(d) Logical machines of storage devices, into what appears to be a single
device that is managed from a central console.
63. Virtual machines are used to _______________ many
physical servers into fewer servers, which in turn
host virtual machines. (b) Storage virtualisation
(a) Partition (c) Hardware virtualisation
(b) Parallel compute (d) Platform virtualisation
(c) Consolidate 70. Hardware virtualisation is also known as
(d) Distributed compute _____________________________.
64. Platform Virtualization is also known as
(b) Platform virtualisation
_____________________.
(a) Hardware Virtualization (c) Storage virtualisation
(b) Network Virtualization (d) Operating virtualisation
(c) Storage Virtualization
GREEN COMPUTING
65. __________________ refers to the creation of a virtual 71. _________________ refers to the study and practice of
machine that acts like a real computer with an environmentally sustainable computing.
operating system. (a) Sustainable development
(a) Hardware Virtualization (b) Green Computing
(b) Platform Virtualization (c) Green IT
(c) Storage Virtualization (d) Both b and c
(d) Both a and b 72. Which of the following is an objective of green
66. _________________________ is a method of combining computing?
the available resources in a network by splitting (a) To promote the recyclability or biodegradability
up the available bandwidth into channels, each of of defunct products and factory waste.
which is independent from the others, and each of (b) To reduce the use of hazardous materials.
which can be assigned (or reassigned) to a particular (c) To maximize energy efficiency during the
server or device in real time. product’s lifetime.
(a) Hardware Virtualization (d) All of the above
(b) Network virtualization 73. Which of the following is not a practice under Green
(c) Platform Virtualization Computing?
(d) Storage Virtualization (a) Disposing waste according to central, state and
67. ____________________ refers to the creation of a local regulations
virtual machine that acts like a real computer with (b) Purchase of desktop computers, notebooks and
an operating system. monitors based on environmental attributes
(a) Network virtualisation (c) Power-down the CPU and all peripherals during
(b) Storage virtualisation extended periods of inactivity
(c) Platform virtualisation (d) Use Cathode Ray Tube (CRT) monitors than
(d) Operating virtualisation Liquid Crystal Display (LCD) monitors
BYOD (c) Internet Of Time

(d) Interconnection Of Time
74. BYOD stands for __________________________.
83. Which of the following is an application area of
(a) Bring your own device
Internet of things (IOT)?
(b) Business your own device
(a) Smart home (b) Smart city
(c) Bring your own Duplicate
(c) Smart cars (d) All of the above
(d) Business your own Duplicate
84. Which of the following is a risk factor of Artificial
75. ____________ is a business policy that allows Intelligence (AI)?
employees to use their preferred computing
(a) AI relies heavily on the data it gets.
devices, like smart phones and laptops for business
purposes. (b) AI (robots) carries a security threat.
(a) Cloud computing (b) Grid computing (c) AI, in the long term may kill human skills of
thinking the unthinkable.
(c) BYOD (d) Mobile computing
76. Which of the following is an advantage of BYOD
policy? ARTIFICIAL INTELLIGENCE
(a) Happy employees
(b) Reduce IT budget 85. The goal of ______________________ is to develop
computers that can simulate the ability to think, as
(c) Reduced support requirement
well as see, hear, walk, talk, and feel.
(a) Artificial intelligence
77. ______________________ is normally exemplified and

(b) Cloud computing
hidden in ‘Lack of Device Visibility’.
(c) Mobile computing
(a) Device Risk (b) Application Risks
(d) Grid computing
(c) Network Risk (d) Implementation Risks
86. Which of the following are attributes of intelligent
78. It is normally exemplified and hidden in ‘Loss of behaviour?
Devices’.
(a) Think and reason
(a) Network Risk (b) Device Risk
(b) Use reason to solve problems.
(c) Application Risks (d) Implementation Risks
(c) Learn or understand from experience.
79. Which type of risk is normally exemplified and (d) All of the above
hidden in ‘Application Viruses and Malware’.
87. Which of the following is not a risk of AI?
(a) Application Risks (b) Network Risk
(a) AI relies heavily on the data it gets. Incorrect data
(c) Device Risk (d) Implementation Risks
can lead to incorrect conclusions.
80. _________________________ is normally exemplified (b) AI (robots) carries a security threat. Countries are
and hidden in ‘Weak BYOD Policy’. discussing to have a KILL button in all AI capable
a. Network Risk machines. This is important otherwise someday
b. Device Risk machines may start controlling humans.
c. Application Risks (c) AI, in the long term may kill human skills of
d. Implementation Risks thinking the unthinkable. All data shall be
processed in a structured manner, where
WEB 3.0 machines shall provide solution based on their
learning over a period of time. These machines
81. Web 3.0 is an extension of _________. shall not have capability of thinking out of box.
(a) World wide web (b) Internet explorer (d) All of the above
(c) Semantic web (d) Both a and c 88. The set of controls in AI will be ___________________
because of the nature of processing of information
IOT and must be dealt with based on the nature of the AI
82. IOT stands for ________________. tool and the purpose, etc.
(a) Internet Of Things (a) Simple (b) Rigid
(b) Interconnection Of Things (c) Extremely complex (d) Easy
MACHINE LEARNING 95. In a cloud, availability of data is affected by

(a) Denial of service (DoS) attacks
89. In which of the following fields can machine learning
(b) Equipment Failure
be applied?
(c) Both a and b
a. Autonomous vehicles (such as drones and self-
driving cars). (d) None of the above
b. Medical diagnosis, in cancer research. Predicting 96. Which of these relates to software as a services?
the chances of an individual getting ill by a disease. (a) Mail Service (b) Social Network
c. Playing games (such as Chess or Go), and (c) Storage (d) All of the above
predicting the outcomes. 97. Google App Engine, Windows Azure Compute, etc.
d. All of the above are example of_________________.
(a) Infrastructure as a service
Miscellaneous
(b) Platform as a service
90. In Grid Concept, occasional peak loads of activity (c) Software as service
can be routed to relatively idle machines in the Grid. (d) Internet as a service
This is sometimes referred to as
98. In the context of platform as a service (PaaS),
(a) Activity Management “Python” is an example of_____________.
(b) Resource Balancing (a) Programming Languages
(c) Network Management (b) Application Frameworks
(d) None of the above (c) Databases
91. Which of the following is not an advantage of Grid (d) Testing Tools
computing?
99. In the context of “Software as a Service”,
(a) Resource Sharing amongst Entities ______________ provides users with an integrated
(b) Higher Computing Capacity system of office automation, records management,
(c) Increased use of Internet migration, and integration services with archiving,
(d) Resource Balancing spam blocking malware protection, and compliance
features.
92. Use of Internet – based computing is called
(a) Testing as a Service (TaaS)
(a) Grid Computing (b) Cloud Computing
(b) API as a Service (APIaaS)
(c) Virtualization (d) Internetworking
(c) E-mail as a Service (Eaas)
93. ________ feature is cloud computing allows
servers and storage devices to share and utilize
applications, by easy migration from one physical 100. In “Data as Service” model, which of the following is
server to another. not TRUE?
(a) Agility (b) Scalability (a) Data can be made available only to a
(c) Virtualization (d) Reliability restricted set of users, systems or application
(b) Users can only perform read operations on the
94. Which of the following is not true about cloud
data
computing?
(c) Users have access to high – quality data in a
(a) Software Integration occurs automatically without
centralized place and pay by volume or data type
additional efforts to customize and integrate the
applications as per User’s preferences (d) None of the above
(b) Cloud computing is suitable only for 101. When an End user (Client Entity) accesses the
SMEs since they need not invest heavily in Authentication Infrastructure that is built, hosted,
infrastructure managed and provided by the Third party service
(c) Cloud Computing also permits customization provider, it is said to avail _______ facility.
with greater ease, i.e., select those services and (a) Communication as a service
software application that fits best to the Entity (b) Data as a service
(d) Project Managers can also track user – wise and (c) Security as a Service
project – wise time usage on various type of (d) Identity as Service
clouds
102. Which of these is NOT within the scope of “Identity (a) Recycling
as a Service”? (b) Reducing paper consumption
(a) Directory Services (c) Conserving energy
(b) Risk and Event Monitoring (d) Green security
(c) Web content filtering 107. Which of the following is not a risk associated with
(d) Identity and Profile Management bring your own device (BYOD) concept?
103. Which of these is a service model operated by (a) Lack of device Visibility
“Network as Service” (NaaS) providers? (b) Application Viruses and Malware
(a) Bandwidth on Demand (Bod) (c) Need to provide End user support to a variety
(b) Virtual Private Network (VPN) of devices
(c) Mobile Virtual Network (MVN) (d) Loss of Corporate data if device is stolen
(d) All of the above 108. In BYOD Environment, Loss of employee’s Personal
104. Which of the following is not TRUE about mobile devices which contains sensitive corporate
computing? information, can cause financial and reputational
(a) Use of portable computing devices embarrassment to an organization.
(b) Allows data transmission through a computer This is an a example of________________.
(c) There is a need for connecting to a fixed (a) Network Risk (b) Device Risk
physical link (c) Application Risk (d) Implementation Risk
(d) Data is being sent and received across the 109. Internet of Things (IoT) has many risks. There are

network, on a wireless platform hardware variations and differences in the software
105. Which of the following is not a part of Mobile running on various devices, leading to platform
Communication Infrastructure available to ensure fragmentation and lack of technical standards. This
seamless and reliable communications? poses______________________risk.
(a) Communication Properties (a) Environmental (b) Technology
(b) Protocols (c) Internet (d) Privacy
(c) Data Formats 110. Internet of Thins (IoT) has many risks. Individuals
(d) None of the above may lose control over their personal life,
which can be hacked and made public. This
106. Use of “Track change” feature is electronic
creates__________________ risk.
documents, rather than redline corrections on
paper, is a method of _________________ in Green IT. (a) Environmental (b) Technology
(c) Internet (d) Privacy
Answer Keys - MCQs

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d b b a d c a d d b c a b a b d a c a c
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d a c a c a c a d d d d a b c a c d d b
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
b d a d d d d b d c b a d a b c c b a d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
a b c a d b c d b b d d d a b d c b a d
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
d a d d a d d c d b c b c b c b b a c a
101 102 103 104 105 106 107 108 109 110
d c d c d c c b b d
Unit II
E-Commerce and M-Commerce
E-COMMERCE (a) Any form of business transaction in which the
parties interact electronically rather than by
1. E-commerce transactions can be executed with the
physical exchanges.
help of __________.
(b) Usually associated with buying and selling over
(a) Laptop (b) Mobile
the internet, or conducting any transaction
(c) PCs. (d) All of the above
involving the transfer of ownership or rights
2. E- Business provides a __________ market to the to use goods or services through a computer-
sellers. mediated network.
(a) Dynamic (b) Static
(c) The use of electronic communications and digital
(c) Both a and b (d) None of the above information processing technology in business
3. Which one of the following is not an Operating transactions to create, transform, and redefine
system? relationships for value creation between or
(a) Android (b) Blackberry among organizations, and between organizations

(c) Firefox (d) Chrome and individuals.
4. In traditional commerce __________________. (d) All of the above
(a) Goods can be inspected physically before
purchase BENEFITS OF E-COMMERCE
(b) Goods cannot be inspected physically before
purchase 10. The number of operations that can be performed by
buyers and sellers can be _______________________
(c) Neither ‘a’ Nor ‘b’
because of e-commerce.
(a) Increased
5. Which of the following is an advantage of
e-commerce? (b) Decreased
(a) Increases the profit margin of manufacturers. (c) Maintained at the same rate as traditional
(b) Allows manufacturers to give discounts to marketing
customers. (d) None of the above
(c) Customers get better prices. 11. The transaction of e-commerce is based on
(d) All of the above __________________ processes.
6. In e-commerce customer interaction is (a) Real time (b) Batch
_________________. (c) Online (d) All of the above
(a) Screen to face (b) Screen to screen
12. Since there are several players, E-commerce
(c) Face to face (d) All of the above
provides a ________ market which enhances the
7. E-commerce uses _____________ marketing.
quality and business.
(a) One to one (b) One to many
(a) Static (b) Dynamic
(c) Many to one (d) Many to many
(c) Constant (d) Equilibrium
8. Traditional commerce uses _____________
13. Which of the following is a benefit to customers,
marketing.
given by e-commerce?
(a) One to many
(a) Various options
(b) Many to one
(b) Time saving
(c) One way marketing
(c) Reviews and coupons available
(d) Many to many
9. E-commerce is ____________________________.
14. Which are the advantages of e-commerce to sellers? (c) Suppliers and supply chain management
(a) Reduction in cost (d) Guarantees
(b) Creation of new markets 21. ____________________________ is the application
(c) Easier entry into new markets through which users interact with the e-commerce
(d) All of the above vendors.
(a) Internet/Network
15. Which of the following is a benefit of e-commerce (b) Payment gateway
available to the sellers? (c) Web portal
(a) Reduction in error (d) Digital libraries
(b) Better quality of goods 22. In two-tier architecture, ______________ is an
(c) Reduction in cycle time interface that allows user to interact with the
(d) All of the above e-commerce / m-commerce vendor.
(a) Presentation Tier
16. Which of the following is not a component of
e-commerce? (b) Database Tier
(a) Warehouse operations (c) Physical Tier
(b) Supply chain (d) Application Tier
(c) Shipping and returns 23. Arrange the following in the correct order:
(d) Data Grid. i. User places the order
ii. Payment gateway requests for confirmation from
E-COMMERCE COMPONENTS

bank
iii. Merchant’s web server requests to payment
17. ____________________________ as the demand
gateway
for goods and services is electronically linked
through just-in- time inventory and integrated iv. Bank transfers fund to the merchants bank
manufacturing techniques. account
(a) Reduction in inventories v. Payment gateway responses to the merchant’s
web portal
(b) Reduction of risk of obsolete inventories
vi. Bank responses to the payment gateway and
(c) Reduction in time for completing business
confirms the payment
transactions
vii. Merchant’s web server responds to the user
placing the order and confirms payment
18. Which of the following is a component of (a) i, ii, iii, iv, v, vi, vii
e-commerce?
(b) i, v, vi, vii, ii, iii, iv
(a) Warehouse operations
(c) i, iii, ii, iv, vi, v vii
(b) Privacy policy
(d) i, , ii, iii, iv, vi, vii, v
(c) Shipping and returns
24. FEMA stands for _____________.
(a) Foreign Exchange Management Activity
19. Which of the following is a component of
(b) Foreign Exchange Management Act
e-commerce?
(c) Foreign Exchange Managerial Act
(a) Mobile apps (b) Payment gateways
(d) Foreign Enterprise Management Act
(c) Web portals (d) All of the above
20. ________________________________ is a place where MULTI-TIER ARCHITECTURE
online retailers pick products from the shelf,
pack them as per customers, specification or pre- 25. A ____________ system requires only one stand-
decided standards, and prepare those products to alone computer.
be delivered. (a) One-tier (b) Two-tier
(a) Warehouse operations (c) Three-tier (d) N-tier
(b) Shipping and returns
26. A single computer that contains a database and (c) A single tier system is impractical for an
a front end to access the database is known as organization which requires two or more users to
__________________. interact with the organizational data stores at the
(a) One-tier (b) Two-tier same time.
(c) Three-tier (d) N-tier (d) All of the above
27. One - tier architecture is also known as ____. 36. Which of the following is a disadvantage of a single
(a) Lone-tier (b) Stand-alone tier tier architecture?
(c) Isolated tier (d) Single- tier (a) A single-tier system requires only one stand-
alone computer.
28. A ____________ system consists of a client and a
(b) It also requires only one installation of proprietary
server.
software which makes it the most cost-effective
(a) One-tier (b) Two-tier system available.
(c) Three-tier (d) N-tier (c) It is impractical for an organization which
29. In ______________ system, the database is stored requires two or more users to interact with the
on the server, and the interface used to access the organizational data stores at the same time.
database is installed on the client. (d) All of the above
(a) Two-tier (b) One-tier 37. The performance of _____________ deteriorates if
(c) Three-tier (d) N-tier number of users is greater than 100.
30. In two-tier system, the database is stored on the (a) Single tier (b) Two- tier
_________________. (c) Three- tier (d) N- tier
(a) Server (b) Client 38. Which of the following is an objective of applying
(c) Neither a Nor b (d) Both a and b control in e-commerce environment?
31. In two-tier system, the interface is used (a) Prevent loss of Computer Hardware, Software
to access the database is installed on the and Personnel
_________________________. (b) Prevent high costs of computer Error
(a) Server (b) Client (c) Safeguard assets from un-authorized access
(c) Either a or b (d) Both a and b (d) All of the above
32. In _______________ system, the user system interface 39. Which of the following is an advantage of two-tier
is usually located in the user’s desktop and the architecture?
database management services are usually in a (a) Since processing was shared between the client
server which is a more powerful machine that and server, more users could interact with system.
services many clients.
(b) Performance deteriorates if number of users is
(a) One-tier (b) Three-tier greater than 100.
(c) Two-tier (d) N-tier (c) Limited functionality in moving the program or
33. In two tier system, the user system interface is programs across servers.
usually located in the ________________________. (d) All of the above
(a) Server (b) User’s desktop 40. Which of the following is a disadvantage of a two-
(c) Either a or b (d) Both a and b tier architecture?
34. In two tier system, the database management (a) Since processing was shared between the client
services are usually in a ________ which is a more and server, more users could interact with system.
powerful machine that services many clients. (b) Performance deteriorates if number of users is
(a) Server (b) User’s desktop greater than 100.
(c) Either a or b (d) Both a and b (c) Limited functionality in moving the program or
35. Which of the following is an advantage of single tier programs across servers.
architecture? (d) Both b and c
(a) It requires only one installation of proprietary 41. A ____________ system can handle users only up to
software which makes it the most cost-effective 100 ueses,
system available. (a) One-tier (b) Three-tier
(b) Can be used by only one user at a time. (c) Two-tier (d) N-tier
42. Which of the following is an advantage of 3 -tier iii. Customer pays through credit card
architecture, as compared to two-tier system? iv. Shipping is scheduled an sent tocustomer
(a) Improved scalability v. Order sent to warehouse for shipping
(b) Improved data integrity (a) i, ii, iii, iv, v
(c) Improved security (b) i, iii, v, iv, ii
(d) All of the above (c) i, iii, iv, ii, v
(d) iv, iii, v, i, ii
E-COMMERCE ARCHITECTURE
51. Arrange the following steps in an e-commerce
43. Client / user interface includes ________. transaction in the correct order:
(a) Web server (b) Web browser i. Customers login
(c) Internet (d) All of the above ii. If product/service inventory is managed by
44. The application layer includes the ___________. e-commerce vendor, then dispatch shall be
initiated at merchant warehouse or if e-commerce
(a) Web server
merchants allow third party vendors to sale
(b) Back end server through merchant websites.
(c) Information store house iii. Order placed for selected product/service by
(d) All of the above customer.
45. The client interface includes ___________. iv. Customer makes a selection of the payment
(a) Application server method.
(b) Back end server v. In case products/services were sold on cash on

(c) Information store house delivery basis (CoD), cash is collected and is
updated in the merchants system.
(d) Internet
vi. Customer selects products/services from
46. Database layers includes _______________.
available options
(a) Application server
vii. Delivery is made to the customer and is updated
(b) Back end server in the merchants system.
(c) Information store house (a) i, vi, iii, iv, ii, vii, v
(d) Internet (b) i, vi, iii, iv, vii, v, ii
47. _______________ helps the e-commerce customer to (c) ii, i, vi, vii, iii, iv, v
connect to e-commerce merchant. (d) iv,i, vi, iii, ii, vii, v
(a) Client interface
(b) Application layer RISK AND CONTROLS IN E-COMMERCE
(c) Database layer
52. Which of the following is a risk in e-commerce
(d) All of the above environment?
48. ____________________________ allows customer to (a) Hidden costs and delay in delivery of goods
check the products available on the merchant’s (b) Lack of personal touch
website.
(c) Security risks
(a) Client interface (b) Application layer
(c) Database layer (d) All of the above
53. There is need to identify and authenticate users
49. ___________________________ is accessible to user in the virtual global market where anyone can
through application layer. sell to or buy from anyone and anything from
(a) Client interface anywhere. Which of the following risks with respect
(b) User interface to e-commerce environment is highlighted in the
(c) Database layer above statement?
(d) All of the above (a) Repudiation of contract
(b) Lack of authenticity of transactions
50. Arrange the following in the correct order:
(c) Problem of anonymity
i. Customer submits order online
(d) Data Loss or theft or duplication
ii. Good are delivered to the customer
54. There is a possibility that the electronic transaction (b) Non-recognition of electronic transactions
in the form of contract, sale order or purchase by the (c) Denial of Service
trading partner or customer may be denied. Which (d) Lack of audit trails
of the following risk in an e-commerce environment
is highlighted in the above? 60. Audit trails in e-commerce system may be lacking
and the logs may be incomplete, too voluminous or
(a) Repudiation of contract
easily tampered with. Which of the following risk in
(b) Problem of anonymity an e-commerce environment is highlighted in the
(c) Lack of authenticity of transactions above?
(d) Data Loss or theft or duplication (a) Attack from hackers
55. The electronic documents that are produced (b) Denial of Service
during an e-commerce transaction may not be (c) Non-recognition of electronic transactions
authentic and reliable. Which of the following risk (d) Lack of audit trails
in an e-commerce environment is highlighted in the
above? 61. Intellectual property may not be adequately
protected when such property is transacted through
(a) Problem of anonymity
e-commerce. Which of the following risk in an
(b) Repudiation of contract e-commerce environment is highlighted in the
(c) Lack of authenticity of transactions above?
(d) Data Loss or theft or duplication (a) Attack from hackers
56. The data transmitted over the internet may be lost, (b) Problem of piracy
duplicated, tampered with or replayed.Which of the (c) Denial of Service
following risk in an e-commerce environment is (d) Non-recognition of electronic transactions

highlighted in the above?
62. __________ need to ensure availability and security
(a) Problem of anonymity
of network. Any downtime of network can be
(b) Repudiation of contract disastrous for business.
(c) Lack of authenticity of transactions (a) Network Service Providers
(d) Data Loss or theft or duplication (b) Technology Service Providers
57. Web servers used for e-commerce may be (c) Logistics Service Providers
vulnerable to hackers. Which of the following risk in (d) Payment gateways
an e-commerce environment is highlighted in the
above? 63. ______________________ include all other service
provider other than network service providers, for
(a) Denial of Service
example, cloud computing back-ends, applications
(b) Non-recognition of electronic transactions back-ends and the like. They are also prone to risk
(c) Attack from hackers of availability and security.
(d) Lack of audit trails (a) Network Service Providers
58. Service to customers may be denied due to non- (b) Technology Service Providers
availability of system as it may be affected by viruses, (c) Logistics Service Providers
e-mail bombs and floods. Which of the following (d) Payment gateways
risk in an e-commerce environment is highlighted
in the above? 64. Logistics service providers are the ones who are
finally responsible for timely product deliveries.
(a) Denial of Service
(a) Network Service Providers
(b) Attack from hackers
(b) Technology Service Providers
(c) Non-recognition of electronic transactions
(c) Logistics Service Providers
(d) Lack of audit trails
(d) Payment gateways
59. E-Commerce transactions, as electronic records
and digital signatures may not be recognized as 65. E-commerce vendors’ business shall run only when
evidence in courts of law. Which of the following their ______ are efficient, effective and fool proof.
risk in an e-commerce environment is highlighted (a) Government (b) Users
in the above? (c) Sellers (d) Payment gateways
(a) Attack from hackers
66. Data is a critical resource of an organization for its (c) Safeguard assets from un-authorized access
present and future process and its ability to adapt (d) System efficiency objectives
and survive in a changing environment. Which of
71. The importance to maintain integrity of data of an
the following control objective is being highlighted
organization depends on the value of information,
in the above statement?
the extent of access to the information and the
(a) Prevent organizational costs of data Loss value of data to the business from the perspective
(b) Prevent loss from incorrect decision making of the decision maker, competition and the
(c) Prevent loss of Computer Hardware, Software market environment. Which of the following
and Personnel control objective is being highlighted in the above
(d) Prevent from high costs of computer Error statement?
67. Management and operational controls taken by (a) Ensure data integrity
managers involve detection, investigations and (b) Safeguard assets from un-authorized access
correction of out-of-control processes. These high- (c) System effectiveness objectives
level decisions require accurate data to make (d) System efficiency objectives
quality decision rules. Which of the following
72. Effectiveness of a system is evaluated by auditing
control objective is being highlighted in the above
the characteristics and objective of the system to
statement?
meet substantial user requirements.Which of the
(a) Prevent organizational costs of data Loss following control objective is being highlighted in
(b) Prevent loss from incorrect decision making the above statement?
(c) Prevent loss of Computer Hardware, Software (a) Safeguard assets from un-authorized access
and Personnel

(b) Ensure data integrity
(d) Prevent from high costs of computer Error (c) System effectiveness objectives
68. These are critical resources of an organization (d) System efficiency objectives
which has a credible impact on its infrastructure and
73. To optimize the use of various information system
business competitiveness.Which of the following
resources (machine time, peripherals, system
control objective is being highlighted in the above
software and labour) along with the impact on its
statement?
computing environment. Which of the following
(a) Prevent organizational costs of data Loss control objective is being highlighted in the above
(b) Prevent loss from incorrect decision making statement?
(c) Prevent loss of Computer Hardware, Software (a) Safeguard assets from un-authorized access
and Personnel (b) System efficiency objectives
(d) Prevent from high costs of computer Error (c) Ensure data integrity
69. In a computerized enterprise environment where (d) System effectiveness objectives
many critical business processes are performed, a
data error during entry or process would cause great CYBER SECURITY RISK CONSIDERATION
damage. Which of the following control objective is
being highlighted in the above statement? 74. In accordance to SA-315, which of the following risk
(a) Prevent organizational costs of data Loss to the internal controls has been specified by it?
(b) Prevent loss from incorrect decision making (a) Unauthorized changes to data in master files.
(c) Prevent loss of Computer Hardware, Software (b) Unauthorized changes to systems or programs.
and Personnel (c) Failure to make necessary changes to systems or
(d) Prevent from high costs of computer Error programs.
70. The information system assets (hardware, software,
data files etc.) must be protected by a system 75. What are the impacts of cyber security risks on the
of internal controls from unauthorized access. financial statements?
Which of the following control objective is being (a) Direct financial impact
highlighted in the above statement? (b) Indirect financial impact
(a) Ensure data integrity (c) Neither a Nor b
(b) System effectiveness objectives (d) Both a and b
76. A _____________________ could be if the application 81. _____________________ store the financial
at the company’s retailers which contains financial information.
information has weak passwords at all OSI layers (a) Application layer
resulting in harming the integrity of data. (b) Internal network
(a) Direct Financial Impact (c) Database layer
(b) Indirect Financial Impact (d) Perimeter network
(c) Neither a Nor b
82. Cyber breach incidents ___________________.
(d) Both a and b
(a) Occur through perimeter network
77. A______________________ could be if the sensitive (b) Occur through internal network
customer information in the form of bank account
(c) Attack database and application layer
numbers recipes of patented products, etc. could be
breached which would result in legal and regulatory (d) All of the above
actions on the Company on account of breach of
confidential information.
DIGITAL PAYMENTS AND ITS TYPES
(a) Direct Financial Impact 83. UPI stands for ___________.
(b) Indirect Financial Impact (a) Universal Payment Interface
(c) Neither a Nor b (b) Unified Proximity Interface
(d) Both a and b (c) Unified Payment Interface
78. Unauthorized access to data may result in (d) Unified Payment Interaction
______________________________. 84. BHIM (Bharat Interface for Money) is an example of
(a) Destruction of data ___________.

(b) Improper changes to data, including the recording (a) Mobile App
of unauthorized or non-existent transactions (b) Mobile Hardware
(c) Inaccurate recording of transactions (c) Mobile Operating System
(d) All of the above (d) Mobile Wallet
LEVELS THROUGH WHICH CYBER BREACH CAN 85. GSM stands for _____________.
(a) Global Service for Mobile Communication
OCCUR
(b) Global System for Mobile Communication
79. Which of the following are controls addressing key (c) Global Semantics for Mobile Communication
cyber security risks? (d) Global System for Mobile Code
(a) A Network Diagram detailing servers, databases, 86. AEPS stands for _________________________.
hubs, routers, internal and external network, etc.
(a) Aadhaar Enabled Payment Station
(b) List of the Digital Assets used by the Company and
(b) Aadhaar Employed Payment Service
the IT Managers responsible for the protection
for those digital assets along with the physical (c) Aadhaar Enabled Payment Service
location of those assets. (d) Aadhaar Enterprise Payment Service
(c) Policy and Procedure document of the Digital 87. Which of the following statement about digital
Assets payment is true?
(d) All of the above (a) It is also called electronic payment.
80. Which of the following stores the financial (b) No hard cash is involved in the digital payments.
information? (c) All the transactions in digital payments are
(a) Application layer completed online.
(b) Database layer (d) All of the above
(c) Internal network 88. UPI stands for _________________.
(d) Perimeter network (a) Unitary Payment Interface
(b) Unified Payment Interface
(c) Unified Payment Index (b) Indian Financial Systems Code

(d) Unitary Payment Index (c) International Financial Systems Coding for
89. Which of the following is an UPI app? monetary transactions
(a) BHIM (b) PayTm (d) Indian Financial Systems Coding for monetary
transactions
(c) PhonePe (d) All of the above
97. MMID stands for ___________________.
90. AEPS stand for ________________________.
(a) Monetary Mobile Identifier Code
(a) Aadhar Enabled Payment Service
(b) Mobile Modem Identifier Code
(b) Aadhar Enabled Payment System
(c) Mobile Monetary Indian Code
(c) Aadhar Enabled Purchase Service
(d) Mobile Money Identifier Code
(d) Aadhar Enabled Purchase System
91. Which of the following is a traditional method of Miscellaneous
payment?
(a) E-wallet 98. Which of the following is not true about E –
Commerce?
(b) Smart cards
(a) Available on 24 x 7 x 365 basis
(c) Electronic purses
(b) Goods cannot be inspected physically before
purchase
92. Smartcards are used to pay in which of the following (c) No direct interaction between seller and buyer
manner?
(d) Has more Supply side focus
(a) It needs to be inserted into a reader.

99. _________ provides the application Interface
(b) It does not need to be inserted into a reader. Just
through which the User interacts with the vendor to
waving them near a reader is sufficient for the
perform the e- commerce transactions.
card to exchange data.
(a) Payment Gateway
(c) It contain both of the above technologies and
allow a wider range of applications. (b) Web Portal
(d) All of the above (c) Internet / Network
93. Digital payments are _______________.
(a) Easy (b) Complex 100. Which of these is not a payment method under
E-commerce?
(c) Convenient (d) Both ‘a’ and ‘c’
(a) Cash on Delivery
94. Mr. Pankaj, uses E-wallet to shop at retail stores.
(b) Payment Wallet
Which of the following is an advantage of making
digital payments? (c) Unified Payments Interface
(a) With digital payment modes, one can pay from (d) None of the above
anywhere anytime. 101. Which of the following is not covered under “Return”
(b) Government has announced many discounts to Policy Area of E-Commerce?
encourage digital payments. (a) Type of goods for which Returns can be accepted
(c) The payments are automatically recorded in (b) Number of days within which returns can be
passbook or inside the users E-Wallet app. This accepted
helps to maintain record, track spending and (c) Time within which Buyer shall be credited back
budget planning. for the goods returned
(d) All of the above (d) Personal Responsibility of Vendor to Buyer
95. BHIM stands for _________________. due to supply of below – quality goods
(a) Bharat Interface For Money 102. In the context of Client Server Technology, a client is
(b) Bharat Interface For Monetary transaction a
(c) Bank of India for Money transaction (a) Single User Workstation
(d) Bharat Interface For Making payments (b) System of Multi User Processors
96. IFSC stands for _____________________. (c) Both of the above
(a) International Financial Systems Code (d) None of the above
103. In the context of client Server Technology, a Tier is a (a) Policy Clarity
(a) distinct part of Hardware (b) Regulatory Compliance
(b) level of system software (c) Training and Education
(c) distinct part of Hardware or Software (d) All of the above
(d) None of the above 107. Which of the following is not directly relevant Law
104. In a 3 – Tier Architecture, the data in Database Tier applicable to e – commerce Transactions?
is kept independent of (a) The Indian Contract, 1872
(a) Application layer (b) The Factories Act, 1948
(b) Presentation layer (c) The Internet Banking Act, 2002
(c) Both a and b (d) The Customs Act, 1962
(d) None of the above 108. “SBI Buddy” is an example of
105. In E-Commerce with a 3-Tier Architecture, the (a) IMPS system
Customer checks the products and services on the (b) E-wallet
website, and places his order therein, using the (c) Mobile Apps
__________ Tier.
(d) UPI Apps
(a) Presentation
109. There is a risk that Intellectual Property may not
(b) Application
be adequately protected when such property is
(c) Database transacted through e – commerce. This risk is
(d) All of the above generally referred to as
106. Each participant should have policies, practices and (a) Hacking (b) Piracy
procedures in place to protect from e-commerce / (c) Anonymity (d) Authenticity
m-commerce related risks. These will includes
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d a d b d a a c d a a b d d d d d d d a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c a c b a a d b a a b c b a a c b d a d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
c d d b d c a b c b a d c a c d c a b d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b a b c d a b c d c a c b d d a b d d b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
c d c a b c d b d a d d d d a b d d b d
101 102 103 104 105 106 107 108 109
d a c c b d c b b
c h a p t e r
C h a p t e r
5
CORE Banking Systems (CBS)
V E
I
Non-life Insurance
R
Insurance contracts that do not come under the ambit of life insurance are called Non-life or General Insurance. As the
tangible assets like home, vehicle etc. are susceptible to damages, the general insurance provides protection against
unforeseeable contingencies like loss of the asset due to fire, marine, motor, accident etc.
T
Cyber Security
Comprehensive Cyber Security Framework is prescribed by RBI for Banks to ensure effective information security governance.
Some key features of Cyber Security Framework as prescribed by are RBI for banks are as under:
M
1. Network Security and Secure Configuration: The following key measure are required to be implemented:
a. Multi-layered boundary defense through properly configured proxy servers, firewalls, intrusion detection systems to
O
protect the network from any malicious attacks and to detect any unauthorized network entries.
b. Different LAN segments for in-house/onsite ATM and CBS/branch network to confirm the adequacy of bandwidth
to deal with the volume of transactions so as to prevent slowing down and resulting in lower efficiency.
.
c. To ensure secure network configuration; proper usage of routers, hubs and switches should be envisaged.
d. Periodic security review of systems and terminals to assess the network’s vulnerability and identify the weaknesses.
F
e. Identification of the risks to ensure that risks are within the bank’s risk appetite and are managed appropriately.
2. Application Security: Full-fledged Security policy to ensure Confidentiality, Integrity and Availability (CIA) of data and
O
information needs to be development and implemented covering following key features:
a. Implementation of bank specific email domains (example, XYZ bank with mail domain xyz.in) with anti-phishing
R
(security measures to prevent steal of user data) and anti-malware software (software tool/program to identify and
prevent malicious software/malware from infecting network) with controls enforced at the email solution.
P
b. Two factor authentication, an extra step added to the log-in process, such as a code sent to user’s phone or a
fingerprint scan, that helps verify the user’s identity and prevent cybercriminals from accessing private information.
c. Implementation of Password Management policy to provide guidance on creating and using passwords in ways that
maximize security of the password and minimize misuse or theft of the password.
d. Effective training of employees to educate them to strictly avoid clicking any links received via email.
e. Proper reporting mechanism to save the banks from the effects of misconduct – including legal liability, lasting
reputational harm, and serious financial losses.
f. Required to conduct effective due diligence and oversight to thoroughly assess the credentials of vendors/third party
service providers/partners and making non-disclosure and security policy compliance agreements mandated for them.
g. Effective change management process to record/ monitor all the changes that are moved/ pushed into production
environment.
h. Robust configuration management processes to register changes to business applications, supporting technology,
service components and facilities.
i. Incident response and management mechanism to take appropriate action in case of any cyber security incident
with well written incident response procedures elaborating the roles of staff handling such incidents.
j. Capturing of the audit logs pertaining to user actions and an alert mechanism to monitor any change in the log
settings.
k. Continuous surveillance to stay regularly updated on the latest nature of emerging cyber threats.

CA Mr. Shoren has recently been associated with the procurement and sale of drugs and narcotic substances
without a license which is illegal as per Narcotic Drugs and Psychotropic Substances Act, 1985. A
SE
major part of the sale proceeds amounting to ` 65 lakhs was collected and routed through various
bank accounts held in SNFC Bank which was subsequently advanced to various bogus companies and
S TU D Y
a series of transactions were initiated to make the money appear to have been obtained from a
legal legitimate source. These activities were carried out with the assistance of one of the employees
of SNFC Bank who intentionally altered few computer sources codes so that no records for major
transactions that took place could be found in the database. A series of transactions ranging from `
10,000 to ` 1 lakh was initiated in a month for depositing the amount of ` 65 lakhs in SNFC Bank.
However, SNCF Bank had failed to keep proper record of information relating to few of the transactions
as they were not of substantial amount. Furthermore, it was later found that one of the staff members
of SNFC bank whose relative was an insurance agent, used to obtain medical information of the
customers having account with the bank for obtaining personal benefits.
In this context, answer the following:
i. Which amongst the following activities carried out by Mr. Shoren could be considered as an
offence of Money Laundering?
a. Expenses incurred for procurement of narcotic drugs
b. Sale of narcotic drugs without a license.
a. Routing the illegal proceeds through bank and other transactions to appear as obtained
from legitimate source.
d. Being a part of the cartel/association carrying out illegal sale of drugs.
ii. The employee of SNFC Bank who had assisted Mr. Shoren in routing the illegal money through
bank by altering the computer source code so that major transactions’ amounts were not
traceable in the bank’s database. Under which section of IT Act 2000 will this act be punishable?
a. Section 66E b. Section 66B
c. Section 65 d. Section 66D
iii. Mr. Shoren was involved in the collection and sale of illegal drugs and got the routing done
through various banking transactions and advances to bogus companies. Which stages of Money
Laundering process address these afore said activities?
a. Placement and Integration b. Layering and Integration
c. Placement and Layering d. Placement, Layering and Integration
iv. SNFC Bank failed to maintain records of information relating to baking transactions carried
out by Mr. Shoren as many of the transaction amounts were not substantial. Also, the privacy
regarding the details of medical history of its customers was breached. Which kind of risk
would SNFC bank be exposed to if it has to face legal penalties as it had failed to act in
accordance with laws and requirements as per Prevention of Money Laundering Act (PMLA).
a. Legal and Compliance Risk
b. Compliance and Information Security Risk
c. Information Security and People Risk
d. Transaction processing and Legal risk
Solution
Question No. Answer
1. (c) Routing the illegal proceeds through bank and other transactions to appear as obtained from
legitimate source.
2. (c) Section 65
3. (c) Placement and Layering
4. (b) Compliance and Information Security Risk
Chap ter 5: COR E B ank ing System s (C B S) 177

GNI Bank is one of the age-old conventional banks which offers an array of banking services like EFT’S,
Collections, clearing, Letter of credits/guarantees etc. to its customers. To provide latest functionalities
and to improve the overall efficiency with respect to banking services, it has recently implemented
a core banking solution. It has also put in place the necessary controls to safeguard its business from
CA being exposed to probable IT risks.
Mr. Doshi, a senior software developer having a savings bank account with GNI Bank has requested
SE
for internet banking facilities. He has also applied and produced all the necessary documents for
availing a housing loan from the said bank. Though the procedures followed for sanctioning housing
S TU D Y
loans are quite stringent, GNI bank offers floating interest rate on its loans and offers comparatively
higher interest rates on its fixed deposits compared to the other banks in the state also.
In this context, answer the following:
i. Given below are the features of Core Banking Solution recently implemented by GNI Bank that
prove advantageous to both the bank and its customers. Which among the following advantages
would relate the most to Mr. Doshi who has recently availed a housing loan in terms of easy and
effortless Internet banking?
a. Reliance on transaction balancing
b. Highly dependent system-based controls
c. Daily, half yearly and annual closing
d. Automatic processing of standing instructions
ii. GNI Bank during this stage of the loan processing of Mr. Doshi, checks the borrower’s ability to
repay the loan based on an analysis of his credit history, and his earning capacity. This process
which forms a major aspect in loan approvals is referred to as _________.
a. Clearing b. Underwriting
c. Collections d. Letter of Credit
iii. GNI bank has also implemented necessary controls to ensure safeguards against the exposure

to IT risks. As a practice, whenever a connection is made to website in another network, it will
be routed through a particular server. Which among the servers would be utilized for making
connections with other network services?
a. Web Server b. Application Server
c. Proxy Server d. Database Server
iv. GSI Bank has also implemented necessary controls to ensure safeguards against the exposure to
IT risks. Which among the following controls could be implemented when risk arises due to lack
or inadequate management direction and commitment to protect information assets?
a. The identity of users is authenticated to the systems through passwords.
b. Security policies are established and management monitors compliance with policies.
c. Access to sensitive data is logged and the logs are regularly reviewed by management.
d. Physical access restrictions are implemented and administered.
Solution
Question No. Answer
1. (d) Automatic processing of standing instructions
2. (b) Underwriting
3. (c) Proxy Server
4. (b) Security policies are established and management monitors compliance with policies.

Question 1: In the Core Banking Systems, the central server supports the entire banking process through
front-end and back-end applications and enables the users to access numerous online banking facilities
24x7. Explain various Front-end applications of Core Banking Systems. (RTP December 2021)
Answers: Various Front-end applications of core banking systems are as follows:
◘◘ Internet Banking also known as Online Banking, is an electronic payment system that enables
customers of a bank or other financial institution to conduct a range of financial transactions through
the financial institution’s website accessed through any browser. The online banking system offers
over 250+ services and facilities that give us real-time access to our bank account. We can make and
receive payments to our bank accounts, open Fixed and Recurring Deposits, view account details,
request a cheque book and a lot more, while you are online.
◘◘ Mobile Banking is a service provided by a bank or other financial institution that allows its
customers to conduct financial transactions remotely using a mobile device such as a smartphone
or tablet. Unlike the related internet banking, it uses software, usually called an app, provided by the
financial institution for the purpose. The app needs to be downloaded to utilize this facility. Mobile
banking is usually available on a 24-hour basis.
◘◘ Phone Banking: It is a functionality through which customers can execute many of the banking
transactional services through Contact Centre of a bank over phone, without the need to visit a
bank branch or ATM. Registration of Mobile number in account is one of the basic perquisite to
avail Phone Banking. The use of telephone banking services, however, has been declining in favor of
internet banking. Account related information, Cheque Book issue request, stop payment of cheque,
Opening of Fixed deposit etc. are some of the services that can be avai led under Phone Banking.
◘◘ Branch Banking: Core Banking Systems are the bank’s centralized systems that are responsible for
ensuring seamless workflow by automating the frontend and backend processes within a bank. CBS
enables single view of customer data ac ross all branches in a bank and thus facilitate information
across the delivery channels. The branch confines itself to the following key functions:
ww Creating manual documents capturing data required for input into software;
ww Internal authorization;
ww Initiating Beginning-Of-Day (BOD) operations;
ww End-Of-Day (EOD) operations; and
ww Reviewing reports for control and error correction.
Question 2: BMN Bank limited has recently started its core banking operations. The Bank approached
Mr. X for his advice regarding the maintenance of records as a reporting entity considering the provisions
of the PMLA, 2002. What do you think shall be the probable reply of Mr. X mentioning the relevant
provisions of the PMLA, 2002? (RTP December 2021)
Answers: Section 12 of the Prevention of Money Laundering Act, 2002 provides for the obligation of
Banking Companies, Financial Institutions and Intermediaries i.e. the reporting entity to maintain
records of transactions. Mr. X should have advised BMN Bank Ltd. To maintain records in the compliance
to said section.
1. Accordingly, every reporting entity shall –
i. maintain a record of all transactions, including information relating to transactions covered
under point (ii) below, in such manner as to enable it to reconstruct individual transactions.
Here records shall be maintained for a period of five years from the date of transaction between
a client and the reporting entity.
ii. furnish to the Director within such time as may be prescribed, information relating to such
transactions, whether attempted or executed, the nature and value of which may be prescribed;
iii. Omitted
iv. Omitted
v. Maintain record of documents evidencing identity of its clients and beneficial owners as well as
account files and business correspondence relating to its clients.
2. Every information maintained, furnished or verified, save as otherwise provided under any law for
the time being in force, shall be kept confidential.
3. The records referred to in clause (i) of sub-section (1) shall be maintained for a period of five years
from the date of transaction between a client and the reporting entity.
4. The records referred to in clause (e) of sub-section (1) shall be maintained for a period of five years
after the business relationship between a client and the reporting entity has ended or the account
has been closed, whichever is later.
5. The Central Government may, by notification, exempt any reporting entity or class of reporting
entities from any obligation under this Chapter.
Question 3: Briefly discuss the characteristics of Core Banking Systems (CBS). (July 2021, 2 Marks)
Answers: The characteristics of Core Banking Systems (CBS) are as follows:
ww CBS is centralized Banking Application software that has several components which have been
designed to meet the demands of the banking industry.
ww CBS is supported by advanced technology infrastructure and has high standards of business
functionality.
ww Core Banking Solution brings significant benefits such as a customer is a customer of the bank

and not only of the branch.
ww CBS is modular in structure and is capable of being implemented in stages as per requirements
of the bank.
ww A CBS software also enables integration of all third-party applications including in-house
banking software to facilitate simple and complex business processes.
ww There is a common database in a central server located at a Data Center which gives a
consolidated view of the bank’s operations.
ww Branches function as delivery channels providing services to its customers.
Question 4: Automation of business processes has introduced new types of risks in banking service.
You are the Branch Manager of a CBS branch, list out some of the internal controls you think to be
implemented in your branch. (May – 2018, 6 Marks)
Question 5: Now-a-days, Credit Cards are extensively being used for payment purpose. As a consultant
to credit card section of a bank, advise the risks involved in the credit card process. (May – 2018, 4 Marks)
Question 6: Define ‘Proxy Server’. (Nov – 2018, 2 Marks)
Question 7: Explain various key aspects in-built into the architecture of a Core Banking System.
(Nov – 2018, 4 Marks)
Question 8: In line with the suggestions of RBI, M/s. ABC Bank is planning to obtain ISO 27001: 2013
certification for its Information Security Management System. As an IS Auditor, you are required to
prepare a sample list of Risks w.r.t. Information Security for the Bank. (Nov – 2018, 4 Marks)
Question 9: Information Technology (IT) risks can be reduced by implementing the right type and level
of control in automated environment that is done by integrated controls into information technology.
Being an IT consultant, suggest various steps of IT related control to a branch manager of a bank.
(May – 2019, 6 Marks)
Question 10:
a. In Core Banking Systems, discuss the possible risks and their controls around the CASA (Current
and Savings Account) process.
b. Define Money Laundering. (RTP May-2018)
Hint:
Risks Controls
Credit Line setup is unauthorized and The credit committee checks that the Financial Ratios, the Net-worth, the Risk fac-
not in line with the banks policy. tors and its corresponding mitigating factors, the Credit Line offered and the Credit
amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit
Line.
Credit Line setup in CBS is unauthorized Access rights to authorize the credit limit in case of account setup system should be
and not in line with the banks policy. restricted to authorized personnel.
Customer Master defined in CBS is not Access rights to authorize the customer master in CBS should be restricted to
in accordance with the Pre- Disburse- authorized personnel.
ment Certificate.
Inaccurate interest / charge being calcu- Interest on fund-based facilities are automatically calculated in the CBS as per the
lated in CBS. defined rules.
Unauthorized personnel approving the Segregation of Duties to be maintained between the initiator and authorizer of the
CASA’s transaction in CBS. transaction for processing transaction in CBS.
Inaccurate accounting Accounting entries are generated by CBS basis the facilities requested by the cus-
entries generated in CBS. tomer and basis defined configurations for those facilities in CBS.
In Core Banking Systems (CBS), the possible risks and their controls around the CASA (Current and
Savings Account) Process are as follows:
c. Money Laundering: Money Laundering is the process by which the proceeds of the crime and the
true ownership of those proceeds are concealed or made opaque so that the proceeds appear to
come from a legitimate source. The objective in money laundering is to conceal the existence, illegal
source, or illegal application of income to make it appear legitimate. Money laundering is commonly
used by criminals to make ‘dirty’ money appear ‘clean’ or the profits of criminal activities are made
to appear legitimate. Money Laundering involves three stages namely – Placement, Layering and
Integration.
Question 11: Analyze new set of IT risks and challenges associated with the businesses and standards
that the banks should consider? (RTP Nov-2018)
Hint: The business processes and standards adapted by Banks should consider these new set of IT
risks and challenges:
i. Frequent changes or obsolescence of technology: Technology keeps on evolving and changing
constantly and becomes obsolete very quickly. Hence, there is always a risk that the investment
in technology solutions unless properly planned may result in loss to bank due to risk of
obsolescence.
ii. Multiplicity and complexity of systems: The core of banking services remain same but by using
technology the way these banking products and services are provided changes drastically. The
Technology architecture used for services could include multiple digital platforms and is quite
complex. Hence, this requires the bank personnel to have personnel with requisite technology
skills or the management of the bank’s technology could be outsourced to a company having the
relevant skill set.
iii. Different types of controls for different types of technologies/ systems: Deployment of
Technology gives rise to new types of risks which are explained later in this chapter. These risks
need to be mitigated by relevant controls as applicable to the technology/information systems
deployed in the bank.
iv. Proper alignment with business objectives and legal/ regulatory requirements: Banks must
ensure that the CBS and allied systems implemented, cater to all the business objectives and
needs of the bank, in addition to the legal/regulatory requirements envisaged.
v. Dependence on vendors due to outsourcing of IT services: In a CBS environment, the bank
requires staff with specialized domain skills to manage IT deployed by the bank. Hence, these
services could be outsourced to vendors and there is heavy dependency on vendors and gives
rise to vendor risks which should be managed by proper contracts, controls and monitoring.
vi. Vendor related concentration risk: There may not one but multiple vendors providing different
services. For example, network, hardware, system software and banking software services may
be provided by different vendors or these services may be provided by a single vendor. Both
these situations result in higher risks due to heavy dependence on vendors.
vii. Segregation of Duties (SoD): Banks have a highly defined organization structure with clearly
defined roles, authority and responsibility. The segregation of duties as per organization
structure should be clearly mapped in the CBS used by the bank. This is a high-risk area since
any SoD conflicts can be a potential vulnerability for fraudulent activities. For example, if a single
employee can initiate, authorize and disburse a loan the possibility of misuse cannot be ignored.
viii. External threats leading to cyber frauds/ crime: The CBS environment provides access to
customers anytime, anywhere using internet. Hence, information system which was earlier
accessible only within and to the employees of the bank is now exposed as it is open to be
accessed by anyone from anywhere. Making the information available is business imperative but
this is also fraught with risks of increased threats from hackers and others who could access the
software to commit frauds/crime.
ix. Higher impact due to intentional or unintentional acts of internal employees: Employees in
a technology environment are the weakest link in an enterprise. This is much more relevant

in bank as banks deal directly with money. Hence, the employee acts done intentionally or
unintentionally may compromise security of the IT environment.
x. New social engineering techniques employed to acquire confidential credentials: Fraudsters
use new social engineering techniques such as socializing with employees and extracting
information which is used unauthorizedly to commit frauds. For example: extracting information
about passwords from bank’s staff acting as genuine customer and using it to commit frauds.
xi. Need for governance processes to adequately manage technology and information security:
Controls in CBS should be implemented from macro and business perspective and not just from
function and technology perspective. As Technology, has become key enabler for bank and is
implemented across the bank, senior management of bank should be involved in directing how
technology is deployed in bank and approve appropriate policies. This requires governance
process to implement security as required.
xii. Need to ensure continuity of business processes in the event of major exigencies: The high
dependence on technology makes it imperative to ensure resilience to ensure that failure does
not impact banking services. Hence, a documented business continuity plan with adequate
technology and information systems should be planned, implemented and monitored.
Question 12: Explain the Internal controls in banks? (RTP Nov-2018)
Hint: Risks are mitigated by implementing internal controls as appropriate to the business
environment. These types of controls must be integrated in the IT solution implemented at the
bank’s branches. Some examples of internal controls in bank branch are given here:
◘◘ Work of one staff member is invariably supervised/ checked by another staff member, irrespective
of the nature of work (Maker-Checker process).
◘◘ A system of job rotation among staff exists.
◘◘ Financial and administrative powers of each official/ position is fixed and communicated to all
persons concerned.
◘◘ Branch managers must send periodic confirmation to their controlling authority on compliance of
the laid down systems and procedures.
◘◘ All books are to be balanced periodically. Balancing is to be confirmed by an authorized official.
◘◘ Details of lost security forms are immediately advised to controlling so that they can exercise caution.
◘◘ Fraud prone items like currency, valuables, draft forms, term deposit receipts, traveler’s cheques
and other such security forms are in the custody of at least two officials of the branch.
Question 13: Discuss the risks and their corresponding controls associated with the Treasury Process
in Core Banking Systems (CBS). (RTP May-2019)
Hint: The Risks and their corresponding Controls associated with the Treasury Process in Core
Banking Systems are as follows:
S.No. Risk Key Controls
Unauthorized securities setup in
Appropriate Segregation of duties and review controls around securities
1. systems such as Front office/Back
master setup/amendments.
office.
Appropriate Segregation of duties and review controls to ensure the accuracy
2. Inaccurate trade is processed.
and authorization of trades.
Unauthorized confirmations are
3. Complete and accurate confirmations to be obtained from counterparty.
processed.
Insufficient Securities available for
4. Effective controls on securities and margins.
Settlement
Incomplete and inaccurate data
5. Inter-system reconciliations, Interfaces and batch processing controls.
flow between systems.
Controls at Clearing Corporation of India Limited (CCIL)/ National Electronic

Insufficient funds are available for
6. Funds Transfer (NEFT)/ Real Time Gross Settlement (RTGS) to ensure the mar-
settlements.
gin funds availability and the timely funds settlements.
Incorrect Nostro payments pro-
7. Controls at Nostro reconciliation and payments.
cessed.
Question 14: “The deployment and implementation of Core Banking Systems (CBS) should be controlled
at various stages to ensure that the banks automation objectives are achieved”. Analyze the statement.
(RTP No-2019)
Hint: The deployment and implementation of Core Banking Systems (CBS) should be controlled at
various stages to ensure that banks automation objectives are achieved:
◘◘ Planning: Planning for implementing the CBS should be done as per strategic and business
objectives of bank.
◘◘ Approval: The decision to implement CBS requires high investment and recurring costs and will
impact how banking services are provided by the bank. Hence, the decision must be approved by
the Board of directors.
◘◘ Selection: Although there are multiple vendors of CBS, each solution has key differentiators. Hence,
bank should select the right solution considering various parameters as defined by the bank to meet
their specific requirements and business objectives.
◘◘ Design and develop or procured: CBS solutions used to be earlier developed in-house by the bank.
Currently, most of the CBS deployment are procured. There should be appropriate controls covering
the design or development or procurement of CBS for the bank.
◘◘ Testing: Extensive testing must be done before the CBS is live. The testing is to be done at different
phases at procurement stage to test suitability to data migration to ensure all existing data is correctly
migrated and testing to confirm processing of various types of transactions of all modules produces
the correct results.
◘◘ Implementation: CBS must be implemented as per pre-defined and agreed plan with specific
project milestones to ensure successful implementation.
◘◘ Maintenance: CBS must be maintained as required. E.g. program bugs fixed, version changes
implemented, etc.
◘◘ Support: CBS must be supported to ensure that it is working effectively.
◘◘ Updating: CBS modules must be updated based on requirements of business processes, technology
updates and regulatory requirements.
◘◘ Audit: Audit of CBS must be done internally and externally as required to ensure that controls are
working as envisaged.
Fundamentally, in a CBS, all the bank’s branches access applications from centralized datacenters. All
transactions are routed through core systems, which are available 24x7 and accessible from anywhere,
anytime and through multiple devices such as desktops, laptops, ATM, Internet, mobile phone, tablets,
etc.
Question 15: Differentiate between Internet Banking Channel Server (IBCS) and Internet Banking
Application Server (IBAS) used in Core Banking Systems (CBS). (RTP Nov-2019)
Hint: Internet Banking Channel Server (IBCS): IBCS (Internet Banking Channel Server) software
stores the name and password of the entire internet banking customers. IBCS server also contains
the details about the branch to which the customer belongs. The Internet Banking customer would
first have to log into the bank’s website with the username and password.
Internet Banking Application Server (IBAS): The Internet Banking Software which is stored in the IBAS
(Internet Banking Application Server) authenticates the customer with the login details stored in the

IBCS. Authentication process is the method by which the details provided by the customer are compared
with the data already stored in the data server to make sure that the customer is genuine and has been
provided with internet banking facilities.
Question 16: Internal controls must be integrated in the IT solution implemented at the bank’ branches
to mitigate risks. State few examples indicating the internal controls in banks. (RTP May-2020)
Question 17: Distinguish between Application Server and Database Server. Study Material
Question 18: Briefly explain core features of Core Banking Software. Study Material
Question 19: Briefly explain technology components of a CBS solution. Study Material
Question 20: Briefly explain Key Modules of CBS. Study Material
Question 21: Explain the technology architecture of CBS. Study Material
Question 22: What are the risks associated with CBS software? Study Material
Question 23: What do you mean by electronic clearing services? Explain. What are its types?
Question 24: What are the IT Risk Related to CBS in core banking system? Explain.
Question 25: What are the objectives of internal control systems in banks?
Question 26: What are the CBS stages?
Question 27: In Core Banking Systems, discuss the possible risks and their controls around the CASA
(Current and Savings Account) process. (May 2018)
Question 28: Briefly discuss the Overview or Characteristics of Core Banking Systems (CBS).

Unit: I- CORE Banking Systems (CBS)
CORE BANKING SYSTEM (CBS) 7. Which of the following is not an element of CBS?
(a) Managing customer accounts.
1. CBS allows the bank’s customers to deposit money
(b) Establishing criteria for minimum balances,
in _______________________.
interest rates, number of withdrawals allowed
(a) The home branch only and so on.
(b) The specified branches in the city only (c) Maintaining records for all the bank’s transactions.
(c) All branches other than home branch (d) None of the above
(d) All the branches of the bank
8. Core Banking System may be defined as the ________
2. CBS allows the customer to _________. components that manage the services provided by a
(a) Deposit from home branch and get it withdrawal bank to its customers through its branches (branch
easily from the home branch. network).
(b) Deposit from home branch and get it withdrawal (a) Set of basic rules
easily from the other branch. (b) Set of basic software
(c) Deposit from any branch and get it withdrawal (c) Set of basic hardware
easily from the any other branch. (d) Set of basic application
(d) Deposit from any branch and get it withdrawal

9. Which of the following statements about CBS is
easily from the home branch.
true?
3. Which of the following is a facility offered by CBS? (a) It is defined as the set of basic software
(a) Automatic Teller Machine (ATM). components that manage the services provided
(b) Electronic Fund Transfers (EFT). by a bank to its customers through its branches
(c) Tele-Banking. (branch network).
(d) All of the above (b) It is the platform where communication
technology and information technology are
4. Which of the following is a facility offered by CBS?
merged to suit core needs of banking is known as
(a) Tele-Banking. Core Banking Solutions (CBS).
(b) Internet Banking. (c) It is networking of branches, which enables
(c) Branch clearing facility for banking branch customers to operate their accounts, and avail
offices. banking services from any branch of the bank on
(d) All of the above CBS network, regardless of where he maintains
5. Which of the following is an element of CBS? his account.
(a) Making and servicing loans. (d) All of the above
(b) Opening new accounts.
SOME OF THE IMPORTANT BANKING SERVICES
(c) Processing cash deposits and withdrawals.
(d) All of the above 10. In the case of ______________, there is a single
receiver of funds from a large number of customers.
6. Which of the following is an element of CBS?
(a) ECS credit (b) ECS debit
(a) Processing payments and cheques.
(c) Guarantee (d) Letter of credit
(b) Calculating interest.
(c) Customer relationship management (CRM) 11. In the case of ___________, there is a single account
activities. to be debited against which many accounts with a
number of banks in the same clearing house area (a) High Net worth Individuals
are credited. (b) Harmonized Network Individuals
(a) ECS credit (b) Guarantee (c) High Network Interface
(c) ECS debit (d) Letter of credit (d) Harmonized Network Interface
12. A _____________ is an undertaking by a bank to the
payee (the supplier of goods and/or services) to pay RISK MANAGEMENT AND IT RISKS
to him, on behalf of the applicant (the buyer) any
21. Which of the following are risks relating to Banking?
amount up to the limit specified in the aforesaid
document, provided the terms and conditions (a) Inaccuracy of data leading to incorrect decision-
mentioned herein are complied with. making
(a) ECS credit (b) Letters of Credit (b) Loss of money or reputation or business due to
frauds
(c) Reporting (d) Guarantee
(c) Unauthorized access to customer information
13. The _____________ is required by the customers
of banks for submission to the buyers of their
goods or services to guarantee the performance 22. Which of the following are risks to data?
of contractual obligations undertaken by them or (a) Unauthorized data changes
satisfactory performance of goods supplied by them, (b) Absence of logs and audit trail.
or for submission to certain departments like excise (c) Unauthorized transactions
and customs, electricity boards, or to suppliers of
goods, etc. in lieu of the stipulated security deposit.
23. Which of the following are risks to data?
(a) ECS credit (b) Letters of Credit
(a) Unauthorized entry or corrections or deletions.
(c) Reporting (d) Guarantee
(b) Transactions without vouchers.
14. ____________________ cover all operations done at
(c) Changing data using other’s password.
the back office of the bank.
(a) Back operations (b) Front operations

(c) Retail banking (d) Reporting 24. Which of the following are risks to data?
(a) Wilful and wrong inputs.
15. ________________ are related to General Ledger,
Management Information Systems, Reporting, etc. (b) Hiding erroneous outputs.
(a) Retail banking (b) Reporting (c) Changing data using other’s password.
(c) Back operations (d) Front operations (d) All of the above
16. ______________ are also called front-office 25. Which of the following is an IT risk?
operations. (a) Unauthorized or incorrect Interest rate changes.
(a) Back operations (b) Retail banking (b) Incorrect Interest computation.
(c) Reporting (d) Front operations (c) Incorrect computation of charges
17. ______________________ covers all operations which (d) All of the above
provide direct retail services to customers. 26. Which of the following is an IT risk?
(a) Back operations (b) Reporting (a) Unauthorized increased in credit limits.
(c) Front operations (d) Retail banking (b) Payments of stolen drafts.
18. ______________________ covers all operations which (c) Payment of stopped cheques.
provide direct retail services to customers. (d) All of the above
(a) Back operations (b) Reporting 27. Which of the following is an IT risk?
(c) Front operations (d) Retail banking (a) Payment of duplicate drafts.
19. Risk management should be done at (b) Opening of new accounts without complying
____________________. with KYC.
(a) Strategic (b) Tactical (c) Payments of stolen drafts.
(c) Operational (d) All of the above (d) All of the above
20. HNI stands for _______________.
28. Which of the following is not a core banking 35. If a single employee can initiate, authorize and
services? disburse a loan the possibility of misuse ________.
(a) Advances (b) Letters of Credit (a) Is reduced (b) Is increased
(c) Reporting (d) Deposits (c) Does not exist (d) Has no effect
29. Which of the following is a challenge of IT in core
36. Which of the following strategy of risk management
banking system?
refers to eliminating the risk by not taking up
(a) Frequent changes or obsolescence of technology or avoiding the specific business process which
(b) Multiplicity and complexity of systems involves risk?
(c) Dependence on vendors due to outsourcing of IT (a) Avoid (b) Mitigate
services
(c) Transfer (d) Accept
30. Which of the following is an indicator of high IT 37. Which of the following strategy of risk management
risk? means sharing risk with partners or transfer to
insurance coverage?
(a) IT security is not given required priority.
(b) Attitude of ‘Computer will take care of everything (a) Avoid (b) Mitigate
– no checking is required”. (c) Transfer (d) Accept
(c) Lack of transparency of IT operations and 38. Which of the following strategy of risk management
responsibility assigned. refers to formally acknowledging that the risk exists
(d) All of the above and monitoring it?
31. Which of the following is an indicator of high IT (a) Avoid (b) Mitigate
risk? (c) Transfer (d) Accept
(a) Lack of Input control.
39. Which of the following strategy of risk management
(b) Lack of output verification. refers to implementing controls?
(c) Lack of evidence.
(a) Avoid (b) Mitigate
(c) Transfer (d) Accept
32. Which of the following is an indicator of high IT
risk? IT CONTROLS IN CBS AND OBJECTIVE OF

(a) Lack of access control. INTERNAL CONTROL SYSTEM IN BANK
(b) Lack of audit trails.
40. IT Controls perform which of the following roles?
(c) Lack of dual checks for sensitive and high value
(a) They enable enterprise to achieve objectives; and
transactions.
(b) They help in mitigating risks.
(c) Both a and b
33. Which of the following is an indicator of high IT
risk?
(a) Lack of documented DRP and BCP. 41. Which of the following indicate effective IT controls?
(b) Lack of controls leading to temptation to commit (a) Upgradation of IT infrastructure
frauds; (b) Cost effective Projects
(c) No check on vendors for reliability of software; (c) Resource allocations
and (d) All of the above
(d) All of the above 42. Which of the following indicate effective IT controls?
34. Which of the following is an indicator of high IT (a) Reliability of IS
risk? (b) Clear Communication
(a) Lack of controls leading to temptation to commit (c) Projection against threats and Vulnerability
frauds;
(b) No check on vendors for reliability of software;
43. Which of the following indicate effective IT controls?
and
(a) Efficient Help-Desk
(c) Over-dependence on long serving – ‘trusted’
operators, supervisors, managers, etc. (b) Security awareness programs
(d) All of the above (c) Cost effective Projects
44. Which of the following is an objective of Internal (a) Work of one staff member is invariably supervised/
Control System in Banks? checked by another staff member, irrespective of
(a) To ensure orderly and efficient conduct of the nature of work (Maker-Checker process).
business. (b) A system of job rotation among staff exists.
(b) To ensure adherence to management policies. (c) Financial and administrative powers of each
(c) To ensure safeguarding assets through prevention official/ position is fixed and communicated to
and detection of fraud and error. all persons concerned.
52. Which of the following illustrates the application of
45. Which of the following is an objective of Internal internal controls in bank branch?
Control System in Banks?
(a) Branch managers must send periodic
(a) To ensure adherence to management policies. confirmation to their controlling authority
(b) To ensure accuracy and completeness of the on compliance of the laid down systems and
accounting record. procedures.
(c) To ensure timely preparation of the reliable (b) All books are to be balanced periodically.
financial information. Balancing is to be confirmed by an authorized
(d) All of the above official.
(c) Details of lost security forms are immediately
APPLYING IT CONTROLS advised to controlling so that they can exercise
caution.
46. Which of the following is an application control?
(a) Configuring system software 53. Which of the following illustrates the application of
(b) Setting parameters in masters internal controls in bank branch?
(c) Transaction Logging (a) A system of job rotation among staff exists.
(d) Back up of data (b) Details of lost security forms are immediately
47. Which of the following is a General control? advised to controlling so that they can exercise

(a) Setting Database Security caution.
(b) Edit checks (c) Fraud prone items like currency, valuables, draft
forms, term deposit receipts, traveller’s cheques
(c) Completeness check
and other such security forms are in the custody
(d) Format check of at least two officials of the branch.
48. Which of the following is a core feature of CBS? (d) All of the above
(a) On-line real-time processing 54. Which of the following illustrates IT Controls in
(b) Transactions are posted in batches Bank?
(c) Databases are maintained as per branch (a) The system maintains a record of all log-ins and
(d) Loan processing is done at branch log-outs.
49. Which of the following is one of the primary (b) If the transaction is sought to be posted to a
objectives of implementing controls? dormant (or inoperative) account, the processing
(a) All computer errors are prevented is halted and can be proceeded with only with a
(b) Frauds are detecting pro-actively supervisory password.
(c) Undesired events are prevented or detected and (c) The system checks whether the amount to be
corrected withdrawn is within the drawing power.
(d) Revenue targets are achieved (d) All of the above
50. Which of the following best defines a risk? 55. Which of the following illustrates IT Controls in
(a) Undesired events are prevented Bank?
(b) Inherent vulnerabilities are identified (a) The system maintains a record of all log-ins and
(c) Physical threats are documented log-outs.
(d) Threat exploits vulnerability (b) If the transaction is sought to be posted to a
51. Which of the following illustrates the application of dormant (or inoperative) account, the processing
internal controls in bank branch? is halted and can be proceeded with only with a
supervisory password.
(c) The system checks whether the amount to be 61. Which of the following shows the implementation of
withdrawn is within the drawing power. general controls?
(d) All of the above (a) Management of Systems Acquisition and
Implementation.
56. Which of the following illustrates IT Controls in
Bank? (b) Backup, Recovery and Business Continuity
(c) Proper Development and Implementation of
(a) The system flashes a message if the balance in
Application Software
a lien account would fall below the lien amount
after the processing of the transaction. (d) All of the above
62. Which of the following shows the implementation of
(b) Access to the system is available only between
general controls?
stipulated hours and specified days only.
(a) Backup, Recovery and Business Continuity
(c) Individual users can access only specified
(b) Confidentiality, Integrity and Availability of
directories and files. Users should be given access
Software and Data Files
only on a ‘need-to-know basis’ based on their role
in the bank. This is applicable for internal users of (c) Proper Development and Implementation of
the bank and customers. Application Software
63. ______________ are controls which are implemented
57. Which of the following illustrates IT Controls in in an application to prevent or detect and correct
Bank? errors.
(a) Exception situations such as limit excess, (a) Application control
reactivating dormant accounts, etc. can be (b) Report control
handled only with a valid supervisory level
(c) General Control
password.
(d) Update Control
(b) A user time out is prescribed. This means that
64. ________________ are in-built in the application
after a user logs-in and there is no activity for a
software to ensure accurate and reliable processing.
pre-determined time, the user is automatically
(a) Application control
logged- out of the system.

(b) General Control
(c) Once the end-of-the-day process is over, the
ledgers cannot be opened without a supervisory (c) Report control
level password. (d) Update Control
(d) All of the above 65. Which of the following is an example of application
58. ______________ is also known as Infrastructure controls?
Control. (a) Data edits (editing of data is allowed only for
(a) General Control permissible fields);
(b) Application control (b) Separation of business functions (Transaction
(c) Report control initiation versus authorization);
(d) Update Control (c) Balancing of processing totals (debit and credit of
59. _____________________________ is pervasive controls all transactions are tallied);
and applies to all systems components, processes, (d) All of the above
and data for a given enterprise or systems 66. Which of the following is an example of application
environment. controls?
(a) Application control (a) Transaction logging (all transactions are
(b) Report control identified with unique id and logged);
(c) General Control (b) Error reporting (errors in processing are
(d) Update Control reported); and
60. Which of the following shows the implementation of (c) Exception Reporting (all exceptions are reported).
general controls?
(a) Information Security Policy
(b) Administration, Access, and Authentication
(c) Separation of key IT functions
CBS ARCHITECTURE TECHNOLOGY AND WORK FLOW OF CBS

67. Which of the following is a key module of CBS? 76. CBS is a Technology environment based on client-
(a) Back office (b) Branch server architecture, and has a remote Server called
(c) Mobile banking (d) All of the above ______________________ and Client branches called
__________________.
68. Which of the following is a key module of CBS?
(a) Data Centre, Service Outlets
(a) Data warehouse (b) ATM switch
(b) Data Centre, Service Stations
(c) Internet banking (d) All of the above
(c) Data Units, Service Outlets
69. Which of the following is a key module of CBS? (d) Data Units, Service Stations
(a) Back office (b) Credit card system
77. Which of the following is a technology component?
(c) Phone banking (d) All of the above
(a) Database Environment
70. Which of the following is a core feature of CBS? (b) Web Environment
(a) On-line real-time processing. (c) Application Environment
(b) Transactions are posted immediately. (d) All of the above
(c) All databases updated simultaneously.
(a) Security solution
71. Which of the following is a core feature of CBS? (b) Connectivity to the Corporate Network
(a) On-line real-time processing. (c) Internet
(b) Transactions are posted immediately. (d) All of the above
(c) All databases updated simultaneously.
(a) Network Solution architecture to provide total
72. Which of the following is a core feature of CBS? connectivity
(a) Remote interaction with customers. (b) Branch and Delivery channel environment

(b) Reliance on transaction balancing. (c) Online Transaction monitoring for fraud risk
(c) Highly dependent system-based controls. management
73. Which of the following is a core feature of CBS? 80. Which of the following is a technology component?
(a) Authorizations occur within the application. (a) Network Solution architecture to provide total
(b) Increased access by staff at various levels based connectivity
on authorization. (b) Branch and Delivery channel environment
(c) Daily, half yearly and annual closing. (c) Online Transaction monitoring for fraud risk
(d) All of the above management
74. Which of the following is a component of the CBS (d) All of the above
solution? 81. Which of the following is a customer to the CBS, in
(a) Interest calculation and management. reference to CBS?
(b) Payments processing. (a) Brach Server (b) ATM/POS
(c) Loans disbursement and management. (c) WAP Server (d) Web Server
(d) All of the above 82. Which of the following is not a customer to the CBS,
75. Which of the following is a component of the CBS in reference to CBS?
solution? (a) Branch (b) Telephone
(a) Processing cash deposits and withdrawals. (c) ATM switch (d) TV browser
(b) Processing and servicing loans. 83. Which of the following is a server to the CBS, in
(c) Accounts management. reference to CBS?
(d) All of the above (a) ATM Switch (b) Branch
(c) Telephone (d) TV browser
84. Which of the following is not a server to the CBS, in (b) File server
reference to CBS? (c) Internet server
(a) Brach Server (b) WAP Server (d) Printer server
(c) ATM/POS (d) Web Server 90. The ____________________ hosts the core banking
85. Which of the following is a host-database server, in application.
reference to CBS? (a) Application server
(a) Oracle (RDBMS) (b) File server
(b) Business Intelligence (c) Print server
(c) TP Monitors (d) Web server
(d) cHost Connect 91. _______________ is a powerful and robust system
86. Which of the following is an application Servers, in that performs all the core banking operations.
reference to CBS? (a) File server
(a) Business Intelligence (b) Application server
(b) TP Monitors (c) Web server
(c) cHost Connect (d) Database server
(d) all of the above 92. Which of the following statement about web host is
87. Following is the list of CBS stages. Which of the true?
following order is correct? (a) There is a web host attached to the web server.
i. Planning (b) The web host has an operating system and runs
ii. Approval the services from the web server.
iii. Selection (c) It accepts web page requests from the customers
iv. Design and develop or procured and processes the same.
v. Testing (d) All of the above
vi. Implementation 93. ______________ of the bank contains the entire data
vii. Maintenance of the bank.
viii. Support (a) Database server
ix. Updation (b) File server
x. Audit (c) Application server
(a) i, ii, iii, vi, vii, iv, v, viii, ix, x (d) Web server
(b) i, ii, iii, iv, v, vi, vii, viii, ix, x 94. ___________________ can access the database server.
(c) i, ii, iii, iv, v, vi, vii, viii, ix, x (a) ATM server
(d) i, vii, iv, v, viii, ix, x, iii, ii, vi, (b) Internet Banking Application Server (IBAS)
(c) Application server
CBS IT ENVIRONMENT (d) All of the above
88. Which of the following statement is true? 95. When the Central Database is busy with central
(a) It is a computer (Hardware) or device on a end-of- day activities or for any other reason, the
network dedicated to run one or more services file containing the account balance of the customer
(as a host), to serve the needs of the users of other is sent to the ATM switch. Such a file is called
computers on a network. _____________________.
(b) Servers operate within client-server architecture. (a) Neutral Balance File
(c) Servers are computer programs running to serve (b) Positive Balance File
the requests of other programs, the clients. (c) Negative Balance File
(d) All of the above (d) Unique Balance File
89. Web servers, mail servers, FTP servers, multimedia 96. As most of the ATMs are attached to the central
servers and real-time communication servers are network, the only control is through ____________.
all examples of ___________________. (a) ATM server
(a) Application server (b) Internet Banking Application Server (IBAS)
(c) ATM Switch 104. A ______________ acts in conjunction with the

(d) Application server firewall and provides network security by filtering
malicious data from entering the network.
97. __________________ stores the user name and
password of all the internet banking customers. (a) Proxy server
(a) Internet Banking Channel Server (IBCS) (b) Mail server
(b) Internet Banking Application Server (IBAS) (c) Internet Banking Application Server (IBAS)
(c) Application server (d) Application server
(d) Web server 105. __________________ secures the internal Internet
Protocol (IP) addresses of the Bank’s servers by
98. __________________ contains the home branch
performing a Network Address Translation (NAT)
details of each internet banking customer.
whenever data are transferred from the bank’s
(a) Internet Banking Application Server (IBAS) network to a public network like Internet.
(b) Application server (a) Mail server
(c) Internet Banking Channel Server (IBCS) (b) Proxy server
(d) Web server (c) Internet Banking Application Server (IBAS)
99. __________________ is software that formats the data (d) Application server
to make it compatible with different applications.
106. Domain controller is primarily used for _______.
(a) Middleware
(a) Identification (b) Authentication
(b) Internet Banking Application Server (IBAS)
(c) Confidentiality (d) Access to the network
(d) Web server CORE BUSINESS PROCESSES FLOW AND
100. __________________ is required when more than RELEVANT RISKS AND CONTOLS
one application with different data requirements 107. Access to a set of servers is controlled by the domain
processes a common database. controller.

(a) Internet Banking Application Server (IBAS) (a) Mail server
(b) Application server (b) Internet Banking Application Server (IBAS)
(c) Middleware (c) DNS
(d) Web server (d) Application server
101. A _____________ is a server that handles the 108. Customer applies for credit card facility through
network’s e-mail needs. ____________.
(a) Mail server (a) Internet banking (b) Branch
(b) Internet Banking Application Server (IBAS) (c) Both a and b (d) None of the above
(c) Application server 109. KYC documents of the applicant are signed by the
(d) Web server ___________ and shared to the bank.
102. Which of the following functions are performed by (a) Customer (b) RBI
mail server? (c) Manager (d) Cashier
(a) Collaboration features that simplify the 110. Which of the following is a risk in the credit card
management of collaborative projects. processing?
(b) Audio and video conferencing (a) Credit Line setup is unauthorized and not in line
(c) Send and receive electronic mail with the bank’s policy.
(d) All of the above (b) Masters defined for the customer are not
103. Microsoft Exchange Server is an example of which in accordance with the Pre- Disbursement
of the following type of server? Certificate.
(a) Mail server (c) Credit Line setup is unauthorized and not in line
with the bank’s policy.
(b) Internet Banking Application Server (IBAS)
(d) Web server
111. Which of the following is a risk in the credit card (b) Incorrect loan amount disbursed.
processing? (c) Interest amount is in-correctly calculated and
(a) Credit Line setup can be breached charged.
(b) Inaccurate interest or charge being calculated in (d) All of the above
the Credit Card system. 118. Which of the following are the controls for the risk
(c) Inaccurate reconciliations performed. of capturing incorrect customer and loan details, in
the Mortgage Process?
(a) There is secondary review performed by an
BUSINESS PROCESS FLOW OR MORTAGAGES independent team member who will verify loan
amount to be disbursed with the core banking
112. _________________ is a secured loan which is secured application to the signed offer letter.
on the borrower’s property by marking a lien on the (b) There is secondary review performed by an
property as collateral for the loan. independent team member who will verify loan
(a) Hypothecation (b) Mortgage details captured in core banking application with
(c) Lien (d) Pledge offer letter.
(c) System enforced segregation of duties exist in the
113. _______________ is a traditional mortgage where
core banking application where the inputter of the
customer has an option of selecting fixed or variable
transaction cannot approve its own transaction
rate of interest and is provided for the purchase of
and reviewer cannot edit any details submitted
property.
by inputter.
(a) Home Loan
(d) Interest amount is auto calculated by the core
(b) Top Up Loan
banking application basis loan amount, ROI and
(c) Loans for Under Construction Property tenure.
119. Which of the following are the controls for the risk of
114. In case of ________________, the customer already disbursing incorrect loan amount, in the Mortgage
has an existing loan and is applying for additional Process?
amount either for refurbishment or renovation of (a) There is secondary review performed by an
the house. independent team member who will verify loan
(a) Home Loan amount to be disbursed with the core banking
(b) Top Up Loan application to the signed offer letter.
(c) Loans for Under Construction Property (b) There is secondary review performed by an
(d) All of the above independent team member who will verify loan
115. In case of ________________________, the loan is details captured in core banking application with
disbursed in branches or parts as per construction offer letter.
plan. (c) System enforced segregation of duties exist in the
(a) Home Loan core banking application where the inputter of the
(b) Top Up Loan transaction cannot approve its own transaction
(c) Loans for Under Construction Property and reviewer cannot edit any details submitted
(d) All of the above by inputter.
116. In which of the following loans the customer already (d) Interest amount is auto calculated by the core
has an existing loan and is applying for additional banking application basis loan amount, ROI and
amount either for refurbishment or renovation of tenure.
the house? 120. Which of the following are the controls for the risk
(a) home loan of calculating and charging wrong interest, in the
(b) top-up loan Mortgage Process?
(c) loan for under construction property (a) There is secondary review performed by an
(d) all of the above independent team member who will verify loan
117. Which of the following are the risks around the details captured in core banking application with
Mortgage Process? offer letter.
(a) Incorrect customer and loan details are captured (b) There is secondary review performed by an
which will affect the over-all downstream process. independent team member who will verify loan
amount to be disbursed with the core banking (c) Venture Capital Funds
application to the signed offer letter. (d) Interest derivatives
(c) System enforced segregation of duties exist in the 125. With reference to treasury process, which of the
core banking application where the inputter of the following doesn’t fall under the list of products in
transaction cannot approve its own transaction investment category?
and reviewer cannot edit any details submitted (a) Options (b) Swaps
by inputter. (c) Futures (d) Security Receipts
(d) Interest amount is auto calculated by the core 126. ___________________ includes dealing room
banking application basis loan amount, ROI and operations wherein the dealers enter into deal
tenure. with the various corporate and interbank Counter-
121. Which of the following are the controls for the risk of parties.
unauthorised changes been made, in the Mortgage (a) Front office (b) Middle office
Process? (c) Back office (d) All of the above
(a) There is secondary review performed by an 127. In the _____________________, deals are entered
independent team member who will verify loan by dealers on various trading /communication
details captured in core banking application with platform such as Routers’ system, telephonic
offer letter. conversation, Brokers or any other private channel
(b) There is secondary review performed by an with the respective counter-party.
independent team member who will verify loan (a) Front office (b) Middle office
amount to be disbursed with the core banking (c) Back office (d) All of the above
application to the signed offer letter. 128. _________________________ includes risk
(c) System enforced segregation of duties exist in the management, responsibility for treasury
core banking application where the inputter of the accounting, and documentation of various types,
transaction cannot approve its own transaction producing the financial results, analysis and budget
and reviewer cannot edit any details submitted forecasts for the treasury business unit, input into
by inputter. regulatory reporting.

(d) Interest amount is auto calculated by the core (a) Front office (b) Middle office
banking application basis loan amount, ROI and (c) Back office (d) All of the above
tenure. 129. ______________________ is also known as the trading
room.
TREASURY PROCESSES (a) Front office (b) Middle office
(c) Back office (d) All of the above
122. With reference to treasury process, which of the
following fall under the Investment category? 130. _____________________ is the direct support of the
trading room.
(a) Options
(a) Front office (b) Middle office
(b) Certificate of Deposits
(c) Swaps
131. ________________________ includes activities like
(d) Interest derivatives
verification by confirmation, settlement, checking
123. With reference to treasury process, which of the
existence of a valid and enforceable International
following fall under the list of products in the trading
Swap Dealers Association (‘ISDA’) agreement and
category?
reconciliation of NOSTRO accounts (a bank account
(a) Options
held by a UK bank with a foreign bank, usually in the
(b) Security Receipts currency of that country) as soon as possible.
(c) Units of Mutual Funds (a) Front office (b) Middle office
(d) Venture Capital Funds (c) Back office (d) All of the above
124. With reference to treasury process, which of 132. Pre Deal Analytics, trade deals capture and position
the following doesn’t fall under the Investment management are done by __________.
category?
(a) Front office (b) Middle office
(a) Security Receipts
(b) Units of Mutual Funds
133. Reconciliation, Confirmations, Securities or Funds (c) Password Management

Settlements and accounting are the functions of (d) All of the above
______________. 142. Which of the following is not computer related
(a) Front office (b) Middle office offence, as per IT Act, 2000?
(c) Back office (d) All of the above (a) Identify theft
134. Risk Management, Asset liability management, (b) Stealing of mobile
Pricing and Valuations andPosition management (c) Stealing computer resource
or Limit management is the function of (d) Violation of privacy
_____________________________. 143. What is the primary objective of SPDI?
(a) Front office (b) Middle office (a) Protecting computer software
(c) Back office (d) All of the above (b) Securing critical information
APPLICATION SOFTWARE- CONFIGURATION, (c) Securing Personal Information
MASTERS, TRANSACTIONS AND REPORTS (d) Identifying Sensitive Information
144. Which of the following is a cybercrime?
135. To protect the web server from unauthorized use
(a) Breaking into ATM
and abuse, the traffic is necessarily to go past a
(b) Physical theft at branch
____________.
(c) Software piracy
(a) Anti-virus (b) Firewall
(d) Altering name in demand draft
(c) Malwares (d) Bomb
136. ________________ Software is the life-blood of an Miscellaneous
enterprise as they process all core transactions of
145. MICR code is a _____________ code comprising
an enterprise.
relevant information about the transaction and the
(a) Application (b) Web
bank.
(c) Firewall (d) All of the above
(a) 3 – Digit (b) 5 – Digit
137. __________________ refers to the way a software
(c) 7 – Digit (d) 9 – Digit
system is set up for use.
146. In Banks access to the system is available only

(a) Programme (b) Master
between stipulated hours and specified days only.
(c) Configuration (d) All of the above This is called as
138. _______________ refer to the setting parameters for
(a) Access Time control
various types of product and service type as per
(b) Access Mode Control
software modules used in the bank.
(c) Maker – Checker Process
(a) Programme (b) Master
(c) Configuration (d) All of the above (d) Timeout Control
139. The _________________ are also referred to as 147. The technology architecture of CBS has a
standing data as these are changed only when ______________ model.
required and will require higher level of access. (a) 4 Layer (b) 3 Layer
(a) Master (b) Programme (c) 2 Layer (d) None of the above
(c) Configuration (d) All of the above 148. In a Bank’s System (CBS), _______________ includes
140. Which of the followings are examples of branch server, web server, ATM/POS switch, WAP or
configuration? SMS server, IVR server, etc.
(a) Defining access rules from various devices/ (a) Overall Server
terminals. (b) Channel Server
(b) Creation of User Types (c) Application Server
(c) Creation of Customer Type, Deposit Type, year- (d) Host Server
end process
149. In a Bank’s IT System (CBS), ____________ house the
(d) All of the above execution logic, and also has an appropriate DBMS.
141. Which of the following are examples of (a) Overall Server
configurations?
(b) Channel Server
(a) Creation of Customer Type, Deposit Type, year-
(c) Application Server
end process
(d) Host Server
(b) User Access and privileges-Configuration and its
management
150. In a Bank’s IT system (CBS), channel Servers route with various corporate and Inter – Bank counter –
the Client Request to the Parties?
(a) Overall Server (a) Front Office (b) Middle Office
(b) Channel Server (c) Back office (d) All of the above
(c) Application Server 153. In an Internet Banking System, the user’s Password
151. In Bank’s IT system (CBS), no user is granted access will be displayed as
to CBS directly. Access is always through ________ (a) Plain Text (b) Dots
that processes the request and fetches or sends data (c) Both (a) and (b) (d) None of the above
to the CBS for updating.
(a) ATMs (b) Central Server
(c) Channel Server (d) Database Server
152. A Bank’s Treasury Operations can be functionally
divided into – (1) Front Office, (2) Middle Office,
and (3) Back office. Which of these relate to dealing
room operations where the dealers enter into deal

Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d c d d d d d b d a c b d a c d c c d a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d d d d d d c d d d d d d b a c d b c
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
d d d d d c a a c d d d d d d d d a c d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
d d a b d d d d d d d d d d d a d d d b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
b c a c a d b d c a b d a d b c a c a c
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
a d d a b b c c a d d b a b c b d b a d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
c b a d d a a b a c c a c b b d c b a d
141 142 143 144 145 146 147 148 149 150 151 152 153
d b c c d a a b d c c a b
c h a p t e r
C h a p t e r
6 Regulatory Compliances
D I
V E
I
Question 1: Explain the salient features of Section 134 & Section 143 of the Companies Act 2013. (Study Material)
R
Question 2: Give five examples of computer related offences that can be prosecuted under the IT Act 2000 (amended
via 2008). (Study Material)
Question 3:
T
Corporate governance is the framework of rules and practices, by which a board of directors ensures
accountability, fairness and transparency in a company’s relationship with all its stakeholders. List out the rules and procedures
that constitute corporate governance framework. (May – 2019, 3 Marks)
M
Hint:
Corporate Governance is the framework of rules and practices by which a board of directors ensures accountability,
O
fairness, and transparency in a company’s relationship with its all stakeholders.
The corporate governance framework consists of:
◘◘ Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities,
.
rights, and rewards.
F
◘◘ Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with their duties,
privileges, and roles, and
◘◘ Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
Question 4:
R O
As a cyber-expert, you have been invited in a seminar to share your thoughts on data protection and
privacy in today’s electronic era. In your PowerPoint presentation on the same, you wish to incorporate the main
principles on data protection and privacy enumerated under the IT Act, 2000. Identify them.
P
Question 5: Describe any six commercial laws each in brief, that are applicable to any e-commerce or m-commerce
transactions. (RTP May-2018/Nov-2019)
Hint: All e-commerce transactions are commercial business transactions. All these transactions are covered under
multiple laws, including commercial laws. Following commercial laws are applicable to e-commerce and m-commerce
transactions.
◘◘ Income Tax Act, 1961: Income Tax Act, has detailed provisions regarding taxation of income in India. In respect
of e-commerce / m-commerce transactions, the issue of deciding place of origin transaction for tax purpose is
critical.
◘◘ Companies Act, 2013: Companies Act, 2013, regulates the corporate sector. The law defines all regulatory aspects
for companies in India. Most of the merchants in e-commerce/m-commerce business are companies, both private
and public.
◘◘ Foreign Trade (Development and Regulation) Act, 1992: An Act to provide for the development and regulation
of foreign trade by facilitating imports into, augmenting exports from, India and for matters connected therewith or
incidental thereto. Amazon has recently allowed Indian citizens to purchase from its global stores. All these shall
be regulated through above law.
Chap ter 6: R egulato r y Co m p li ances 197
◘◘ The Factories Act, 1948: Act to regulate working conditions of workers. The act extends to place of storage as well as
transportation. Most of the merchants in e- commerce / m-commerce business need to comply with provisions of the act.
◘◘ The Custom Act, 1962: The act that defines import / export of goods / services from India and provides for levy of
appropriate customs duty. India being a signatory to General Agreement on Trade and Tariff (GATT) under World
Trade Organization, cannot levy any custom duty that GATT non-compliant.
◘◘ The Goods and Services Tax Act, 2017 (GST): This Act requires each applicable business, including e-commerce/
m-commerce, to upload each sales and purchase invoice on one central IT infrastructure, mandating reconciliations
of transactions between business, triggering of tax credits on payments of GST, facilitating filling of e-returns, etc.
◘◘ Indian Contract Act,1872: The act defines constituents of a valid contract. In case of e-commerce / m-commerce
business it becomes important to define these constituents.
◘◘ The Competition Act, 2002: Law to regulate practices that may have adverse effect on competition in India.
Competition Commission have been vigilant to ensure that e-commerce / m-commerce merchants do not engage
in predatory practices.
◘◘ Foreign Exchange Management Act (FEMA 1999): The law to regulate foreign direct investments, flow of
foreign exchange in India. The law has important implications for e-commerce / m-commerce business. Foreign
investment in Business to Customer (B2C) e-commerce activities has been opened in a calibrated manner and an
entity is permitted to undertake retail trading through e-commerce under certain circumstances.
◘◘ Consumer Protection Act, 1986: The law to protect consumer rights has been source of most of litigations for
transaction done through e-commerce and m- commerce.
Question 6: Explain the important provisions of IT Act 2000 related to e-commerce.

Question 7: Explain the important provisions of Guidelines for E-Commerce.
Question 8: Describe the three key functions of RBI. (Nov – 2019, 3 Marks)
ww Monetary Authority
ww Regulator and supervisor of the financial system
ww Issuer of currency
Question 8: What are the key provisions of Information Technology Act, 2000? (Study Material)
Question 9: Money laundering is used by anti-social elements to make ‘dirty’ money appear ‘clean’ that affects the
economy of any country. Discuss the various stages involved in the process of Money Laundering.
(Nov – 2019, 6 Marks, RTP May-2020)
Hint: Stages of Money Laundering are as follows:
i. Placement: The first stage involves the Placement of proceeds derived from illegal activities - the

movement of proceeds frequently currency from the scene of the crime to a place, or into a form,
less suspicious and more convenient for the criminal.
ii. Layering: Layering involves the separation of proceeds from illegal source using complex
transactions designed to obscure the audit trail and hide the proceeds. The criminals frequently
use shell corporations, offshore banks or countries with loose regulation and secrecy laws for
this purpose. Layering involves sending the money through various financial transactions to change
its form and make it difficult to follow. Layering may consist of several banks to bank transfers or
wire transfers between different accounts in different names in different countries making deposit
and withdrawals to continually vary the amount of money in the accounts changing the money’s
currency purchasing high value items to change the form of money- making it hard to trace.
iii. Integration: Integration involves conversion of illegal proceeds into apparently legitimate
business earnings through normal financial or commercial operations. Integration creates the
illusion of a legitimate source for criminally derived funds and involves techniques as numerous
and creative as those used by legitimate businesses.
Question 10: Discuss the Penalty and compensation for damage to computer, computer system, etc. under section 43.
Question 11: Discuss the Punishment for publishing or transmitting obscene material in electronic form under
section 67.

Regulatory Compliances
REGULATORY COMPLIANCE (a) May, 2000 (b) October, 2000

(c) July, 2000 (d) December, 2000
1. Which of the following Act works to regulate working
conditions of the workers? 7. Information Technology Act, 2000 extends to the
_____________________.
(a) The Factories Act, 1948
(a) Mainland land India only
(b) The Competition Act, 2002
(b) Whole of India except the state of Jammu and
(c) Indian Contract Act, 1872
Kashmir.
(d) The Custom Act, 1962
(c) whole of India including the state of Jammu and
2. Which of the following statement about regulatory Kashmir
compliances is true? (d) none of the above
(a) It means conforming to a rule, such as a
8. Which of the following is an objective of the
specification, policy, standard or law.
Information Technology Act, 2000?
(b) It refers to organization’s adherence to laws,
(a) To give legal recognition to any transaction which
regulations, guidelines and specifications
is done electronically or use of internet?
relevant to its business.
(b) To give legal recognition to digital signature for
(c) Violations of regulatory compliance regulations
accepting any agreement via computer.
often result in legal punishment, including
interest, penalty and prosecution in some cases. (c) To provide facility of filling document online
relating to school admission or registration in
employment exchange.
3. Which of the following is an example of general law? (d) All of the above
(a) Companies Act 2013

(b) Central Goods and Services Act, 2017 Information Technology Act, 2000?
(c) The Payment of Bonus Act 1965 (a) To provide legal recognition for storage in
(d) Income Tax Act, 1961 electronic format.
4. Which of the following is an example of a specific (b) To stop computer crime and protect privacy of
law? internet users.
(a) Companies Act 2013 (c) To give legal recognition for keeping books of
(b) Central Goods and Services Act, 2017 accounts by bankers and other companies in
(c) The Payment of Bonus Act 1965 electronic form.
PART1- AUTOMATED BUSINESS PROCESSES Information Technology Act, 2000?
(a) To make more power to IPO, RBI and Indian
5. The Information Technology Act was passed on
Evidence Act, 1872 for restricting electronic
____________________.
crime.
(a) May, 2000 (b) October, 2000
(b) To give legal recognition to any transaction which
(c) July, 2000 (d) December, 2000 is done electronically or use of internet?
6. The Information Technology Act came to force on
____________________.
(c) To amend the Indian Penal Code, 1860, Indian (a) Harassment via fake public profile on social
Evidence Act, 1872, The Bankers’ Books Evidence networking site.
Act, 1891 and the Reserve Bank of India Act, 1934. (b) E-mail Account Hacking.
(d) All of the above (c) Credit Card Fraud.
11. The important issues dealt in by the Information (d) All of the above
Technology Act, 2000 includes _______________. 17. Which of the following is a computer related
(a) Legality of products or services being offered offence?
online. (a) Web Defacement.
(b) Data Protection (b) Introducing Worms
(c) Protecting your Customer’s Privacy Online. (c) Cyber Terrorism.
12. The important issues dealt in by the Information 18. Which of the following is a computer related
Technology Act, 2000 includes _______________. offence?
(a) Protecting your Customer’s Privacy Online. (a) Online sale of illegal Articles.
(b) Online Advertising Compliance. (b) Cyber Pornography.
(c) Compliance with Information Technology Act, (c) Phishing and Email Scams.
provisions. (d) All of the above
(d) All of the above 19. Which of the following is a computer related
offence?
13. Which of the following is an advantage of cyber
(a) Theft of Confidential Information.
laws?
(b) Source Code Theft.
(a) E-mail would now be a valid and legal form of
(c) Introducing Viruses
communication in India.
(b) Companies can carry out e-commerce using the
20. Introducing _______________ into a system is a
legal infrastructure provided by the Act.
computer related offence.
(c) Digital signatures have been given legal validity.
(a) Viruses (b) Worms
(c) Backdoors (d) All of the above
14. Which of the following is an advantage of cyber
21. Introducing _______________ into a system is a
laws?
computer related offence.
(a) Opens the doors for the entry of corporate
(a) Rootkits (b) Trojans
companies in the business of being Certifying

(c) Bugs (d) All of the above
Authorities for issuing Digital Signatures
Certificates.
PRIVACY
(b) Allows Government to issue notification on the
web to promote e-governance. 22. Section 72A punishes for the breach ofConfidentiality
(c) Electronic filing of any form, application or any and Privacy with __________________________.
other document. (a) Imprisonment for a term which may extend to
(d) All of the above two years
15. Which of the following is an advantage of cyber (b) With fine which may extend to one lakh rupees
laws? (c) With fine which may extend to ten lakh rupees
(a) Opens the doors for the entry of corporate and Imprisonment for a term which may extend
companies in the business of being Certifying to six months
Authorities for issuing Digital Signatures (d) Both a and b
Certificates. 23. Privacy Policy describes how and when your
(b) Addresses the important issues of security. information is ______________.
(c) Companies can carry out e-commerce using the (a) Collected (b) Used
legal infrastructure provided by the Act. (c) Shared (d) All of the above
16. Which of the following is a computer related
offence?
CYBER CRIME (c) Output data

24. Cybercrime is a crime like any other crime against
____________. 34. Information includes _______________.
(a) Individual (a) Data (b) Text
(b) Group of individuals (c) Images (d) All of the above
(c) An organization or a group of organizations; 35. Information includes _______________.
(d) All of the above (a) Data (b) Text
25. Cybercrime is a crime that involves the crime (c) Images (d) All of the above
related to ______________. 36. Information includes ____________________.
(a) Computer (b) Computing systems (a) Sound
(c) Networks (d) All of the above (b) Voice
26. Cybercrime is a crime that involves the crime (c) Computer programmes
related to ______________. (d) All of the above
(a) Modern telecommunication networks
(b) Internet
SPDI
(c) Mobile phones 37. SPDI stands for ________________.
(d) All of the above (a) Sensitive and Private Data Information
27. Which of the following is an example of cybercrime? (b) Sensitive and Personal Data Information
(a) Hacking (b) Malware attack (c) Secret and Personal Data Information
(c) Financial thefts (d) All of the above (d) Secret and Private Data Information
28. Which of the following is an example of cybercrime? 38. In accordance to rule 3 of SPDI Rules, 2011, sensitive
(a) Phishing (b) Spam personal information involves ________.
(c) Privacy breach (d) All of the above (a) Passwords
29. Which of the following is an example of cybercrime? (b) Financial information
(a) Hacking (b) Malware attack (c) physical/physiological/mental health condition
(c) Financial thefts (d) All of the above (d) all of the above
30. Which of the following is an example of cybercrime? 39. In accordance to rule 3 of SPDI Rules, 2011, sensitive
personal information involves _________________.
(a) Spam
(a) Sexual orientation

(b) Sextortion
(b) Medical records and history
(c) Child pornography
(c) Biometric information
DEFINITONS UNDER IT ACT
THE COMPANIES ACT, 2013
31. Computer means any _____________ device or
system. 40. Director’s responsibility statement states that the
(a) Electronic magnetic directors had taken proper and sufficient care
(b) Optical ______________________________
(c) High-speed data processing (a) for the maintenance of adequate accounting
(d) All of the above records in accordance with the provisions of this
32. A computer performs ____________ functions. Act
(a) Logical (b) Arithmetic (b) for safeguarding the assets of the company and
(c) Memory (d) All of the above (c) for preventing and detecting fraud and other
33. A computer system contains____________ . irregularities
(a) Computer programmes (d) All of the above
(b) Electronic instructions
41. In accordance to section 143(3) the auditor’s report 45. ___________________ is an Act to regulate working
shall state ___________________________. conditions of workers.
(a) Whether the company has adequate internal (a) Income Tax Act, 1961
financial controls system in place (b) Companies Act, 2013
(b) Whether the operating effectiveness of such (c) The Factories Act, 1948
controls has been ensured (d) Foreign Trade (Development and Regulation)
(c) Either a or b Act, 1999
(d) Both a and b 46. _________________________ defines import / export
of goods / services from India and provides for levy
CORPORATE GOVERNANCE
of appropriate customs duty.
42. Corporate Governance is the framework of rules (a) Income Tax Act, 1961
and practices by which a board of directors ensures (b) The custom Act, 1962
_________________ in a company’s relationship with (c) The Factories Act, 1948
its all stakeholders.
(d) Foreign Trade (Development and Regulation)
(a) Accountability Act, 1999
(b) Fairness
47. ________________________ requires each applicable
(c) Transparency business, including e-commerce or m-commerce,
(d) All of the above to upload each sales and purchase invoice on one
43. The corporate governance framework consists of: central IT infrastructure, mandating reconciliations
(a) Explicit and implicit contracts between the of transactions between business, triggering of tax
company and the stakeholders for distribution of credits on payments of GST, facilitating filling of
responsibilities, rights, and rewards. e-returns, etc.
(b) Procedures for reconciling the sometimes- (a) The Goods and Services Tax Act, 2017 (GST)
conflicting interests of stakeholders in accordance (b) The Factories Act, 1948
with their duties, privileges, and roles, and (c) Foreign Trade (Development and Regulation)
(c) Procedures for proper supervision, control, and Act, 1999
information-flows to serve as a system of checks- (d) Income Tax Act, 1961

and-balances. 48. ______________________________ defines
(d) All of the above constituents of a valid contract.
PART 4- E-COMMERCE, M-COMMERCE AND (a) The Factories Act, 1948

EMERGING TECHNOLOGIES (b) Foreign Trade (Development and Regulation)
44. _______________________ is an Act to provide for Act, 1999
the development and regulation of foreign trade (c) Indian Contract Act, 1872
by facilitating imports into, augmenting exports (d) Income Tax Act, 1961
from, India and for matters connected therewith or 49. _________________________ is an Act to regulate
incidental thereto. practices that may have adverse effect on
(a) Income Tax Act, 1961 competition in India.
(b) Companies Act, 2013 (a) The Competition Act, 2002
(c) The Factories Act, 1948 (b) The Factories Act, 1948
(d) Foreign Trade (Development and Regulation) (c) Foreign Trade (Development and Regulation)
Act, 1999 Act, 1999
(d) Income Tax Act, 1961
50. ____________ regulates foreign direct investments, (b) To keeping of reserves with a view to securing
flow of foreign exchange in India. monetary stability in India.
(a) The Factories Act, 1948 (c) To operate the currency and credit system of the
country to its advantage.
(b) Foreign Trade (Development and Regulation)
Act, 1999
(c) Foreign Exchange Management Act (FEMA 1999) MONEY LAUNDERING
(d) Income Tax Act, 1961
55. Money laundering is to conceal the ____________ of
PART 5- CORE BANKING SYSTEM (CBS) income to make it appear legitimate.
(a) Existence
51. The Act gives the Reserve Bank of India (RBI) the (b) Illegal source
power to ______________.
(c) Illegal application
(a) license banks
(b) have regulation over shareholding and voting
rights of shareholders 56. _____________________ involves conversion of illegal
proceeds into apparently legitimate business
(c) supervise the appointment of the boards and
earnings through normal financial or commercial
management
operations.
(d) all of the above
(a) Integration (b) Placement
52. The Act gives the Reserve Bank of India (RBI) the (c) Layering (d) All of the above
power to ______________.
57. _________________ involves the separation of
(a) regulate the operations of banks
proceeds from illegal source using complex
(b) lay down instructions for audits transactions designed to obscure the audit trail and
(c) issue directives in the interests of public good and hide the proceeds.
on banking policy and (a) Integration (b) Placement
(d) all of the above (c) Layering (d) All of the above
53. The Act gives the Reserve Bank of India (RBI) the 58. The first stage of money laundering involves the
power to ______________. _______________ of proceeds derived from illegal
(a) lay down instructions for audits activities.
(b) issue directives in the interests of public good and (a) Integration (b) Placement
on banking policy and (c) Layering (d) All of the above
(c) impose penalties

(d) all of the above
54. The basic function of RBI is ________________.
(a) To regulate the issue of Bank Notes.
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a d d d a b d d d d d d d d d d d d d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d d d d d d d d d d d d d d d d d d d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
d d d d c b a c a c d d d d d a c b
Appendix - I
1. OTC Enterprises is implementing BPA in purchase despite of having a good CRM team in place.
order generation process for its manufacturing Auditors have also reported serious concerns over
facility in Jamnagar, Gujrat. To keep cost at the mismatch of data of different departments,
minimum, it has calculated EOQ for which orders
violations of regulatory compliances and have
are placed for procurement of Raw Material. Which
raised doubts over the internal control measures
of the following steps of BPA implementation will be
followed for above process? taken by the firm’s top management. It is a matter
(a) Document the process for which BPA is required of serious concern for an organization like CNP
(b) Define the objectives/goals during BPA Enterprises and basis this, the CEO of the company,
implementation Mr. D N Albela, forms a committee headed by
(c) Understand the rules which need to be complied Ms. Krishna Sobati to look into this matter to find
with out the reasons for above-mentioned issues and
(d) Define why we plan to go for a BPA? submit the report within a week.
2. ENT Enterprises is implementing BPA in employee The committee submits its report within a week
attendance process for its refinery in Mumbai. It
and the findings are as follows: There is system of
wants correct recording of attendance and timely
compilation of monthly attendance so that salary
maintaining data in a decentralized way
can be calculated and distributed on a timely basis. (Non-integrated System).
Which of the following steps of BPA implementation Each department within the organization
will be followed for above process? maintains its own data separately and not in an
(a) Document the process for which BPA is required integrated way.
(b) Define the objectives/goals during BPA This gives rise to the issues like:
implementation (i) Access of data and availability of right information
(c) Understand the rules which need to be complied at the right time has been slower many a times when
with it was needed the most to reply to the customers or
(d) Define why we plan to go for a BPA? the stakeholders.
3. Which of the following Enterprise Process or (ii) Several instances of access and privilege violations
Activities of the Value Chain , in case of a hotel, have been found in financial and accounting
would include reception, room service etc.? systems.
(a) Inbound logistics (b) Outbound logistics (iii) Decision making is slow and weaker at times where
(c) Marketing and sales (d) Operations fast and dynamic ones were needed.
4. RSC Ltd. is implementing ERP to run its business 5. As an advisor, which of the following Enterprise
effectively and efficiently. They believe that there Information Systems will you suggest for CNP
could be a possibility of an information gap between Enterprises that can handle all the issues raised by
day-to-day program management activities and the committee headed by Ms. Krishna Sobati?
ERP-enabled functions like MM , PP, QM, PM, SCM (a) Non-Integrated EIS (b) Integrated EIS
and CRM. Which type of ERP Implementation (c) ERP (d) Both B and C
Related Risks is involved in this case? 6. In an integrated system, all the data are updated
(a) People Related to the minute, is available in the centralized
(b) Implementation Related database and all the procedures are automated,
(c) Process Related almost all these activities are done without human
(d) Technology Related intervention. This efficiency of the ERP systems
Scenario Based MCQs helps in______________ ________________________.
(a) Easy Shipment and Delivery
CNP Enterprises is a manufacturer of furniture
(b) Reduction of Quality Costs
for house and offices. It has been facing serious (c) Better Analysis and Planning
customer dissatisfaction issues on daily basis (d) Reduction of Cycle time
7. Since the implementation of ERP in CNP Enterprises, 11. __________________________ are needed when
all functions involved in Material Management, running an application from a removable drive,
Production Planning and Sales are integrated without installing it on the system’s main disk drive.
and the procedures are automated; the chances of (a) Server consolidation
errors are minimal and the production efficiency is (b) Portable applications
high. By integrating the various business functions (c) Disaster recovery
and automating the procedures and tasks the ERP (d) Portable workspace
system ensures _________________. 12. In a grid computing system, large amount of
(a) Easy Shipment and Delivery of Raw Material encryption shall not be used at a time. There should
(b) Reduction of Quality Costs of Goods and Services be a minimum communication at a time. Which
(c) On-time delivery of goods to the customers of the following constraint of security on grid is
(d) Reduction of Cycle time of Production highlighted in the above phrases?
8. While implementing ERP in CNP Enterprises, it (a) Single Sign-on
can face risks related to Change Management, Top (b) Exportability
management’s support for funds, consultants, (c) Protection of Credentials
etc. Which of the following categories of ERP (d) Interoperability with local security solutions
implementation risk is involved in this? 13. Benefits to the sellers in terms of efficiency
(a) Process Related improvement due to reduction in inventories is
(b) People Related possible as the demand for goods and services is
(c) Technology Related electronically linked through ________________ and
(d) Implementation Related integrated manufacturing technique.
9. While implementing ERP in CNP, CNP is bridging (a) JIT Inventory
the information gap between traditional ERP-based (b) Inventory Control
functions and high value operational management (c) ABC Analysis
functions, such applications can provide reliable (d) All of the Above
real-time information linkages to enable high- 14. ____________________________ is the application
quality decision making.Which of the following ERP through which users interact with the e-commerce
implementation control is involved in this? vendors.
(a) Programme Management (a) Internet (b) Payment mechanism
(b) Business Process Management (c) Web portal (d) Digital libraries
(c) Application Portfolio Management 15. Which of the following is the correct sequence of
(d) Change Management Mobile Computing?
10. _________________________ is a method of combining (i) The user enters or access data using the
the available resources in a network by splitting application on handheld computing device.
up the available bandwidth into channels, each of (ii) Now both systems (handheld and site’s computer)
which is independent from the others, and each of have the same information and are in sync.
which can be assigned (iii) The process work the same way starting from the
(or reassigned) to a particular server or device in other direction.
real time. (iv) Using one of several connecting technologies, the

(a) Hardware Virtualization new data are transmitted from handheld to site’s
(b) Network virtualization information system where files are updated and the
(c) Platform Virtualization new data are accessible to other system user.
(d) Storage Virtualization (a) (i), (ii),(iii), (iv) (b) (iv), (iii),(ii), (i)
(c) (i), (ii), (iv), (iii) (d) (i), (iv), (ii), (iii)
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
C b d c d d c b a b b b d c d
Ap p endix - 1: S elf - Evaluat io n Test 205

1. Which of the following Enterprise Process or (d) Compiler
Activities of the Value Chain , in case of a hotel, 7. A conceptual framework that defines the logical
would entail the ways of bringing customers to the relationships among the data elements needed to
hotel after online booking. support a basic business or other process is called:
(a) Inbound logistics (a) Database
(b) Outbound logistics (b) Data Mining
(c) Marketing and sales (c) Database Model
(d) Operations (d) Data Warehouse
2. __________________ provides a clear view of firm’s 8. ____________________ helps to analyse, configure,
processing framework and involves activities of optimize and maintain the computer
obtaining necessary funds to run the organization,
(a) Operating system
repay creditors, and distribute profits to investors.
(b) Interpreter
(a) Financing Cycle
(c) Utility software
(b) Revenue Cycle
(d) Compiler
(c) Expenditure Cycle
(d) Production Cycle 9. Every computer could have different specifications
and configurations of hardware. If application
3. Establishing a ` 10,00,000 credit limit for a customer developers would have to rewrite code for every
of CNP Press Ltd. belongs to ________________ cycle. configuration they would be in a big trouble.
(a) Financial Reporting Cycle
Which of the following feature of an operating system deals
(b) Revenue Cycle with the above problem?
(c) Expenditure Cycle (a) Performing Hardware Function
(d) Payroll Cycle (b) User Interface
7. There is a huge speed difference between (c) Hardware Independence
____________ and _________________ to bridge these (d) Memory management
speed differences, we have __________.
10. The concept of green computing was launched by
(a) Registers, Primary Memory, cache memory
the U.S. environmental protection agency in 1992
(b) Primary Memory, cache memory, registers through the ___________ program.
(c) Registers, Secondary Memory, cache memory (a) Green Sustainability
(d) RAM, ROM, CMOS (b) Energy Star
8. When RAM runs low, virtual memory moves data (c) Recyclability Super Star
from RAM to a space called a _____________. (d) Biodegradability
(a) Debug files
11. Platform fragmentation and lack of technical
(b) Recycle bin standards are situations where the variety of IOT
(c) Paging file devices, in terms of both hardware variations and
(d) CMOS differences in the softwarerunning on them, makes
9. ________________ allows the part of a computer to the task of developing applications tough. This is
work together by performing tasks like transferring ____________________ Risk.
data between memory and disks or rendering (a) Manufacture’s
output onto a display device. (b) User’s
(a) Operating system (c) Technology
(b) Utility software (d) Environmental
(c) Interpreter
12. Which of the following Green Computing Best data error during entry or process would cause great
Practices involve stakeholders to include checklists, damage. Which of the following control objective is
recycling policies, recommendations for disposal being highlighted in the above statement?
of used equipment, government guidelines and (a) Prevent organizational costs of data Loss
recommendations for purchasing green computer (b) Prevent loss from incorrect decision making
equipment in organizational policies.
(c) Prevent loss of Computer Hardware, Software
(a) Conserve Energy and Personnel
(b) Make environmentally (d) Prevent from high costs of computer Error
(c) Develop a sustainable Green Computing plan
15. In IRCTC’s multi-tier architecture, many database
(d) Reduce Paper Consumption changes can be made transparently. A service in the
13. Which of the following is not considered as an Application Layer that exchanges data with other
advantage of IRCTC’s 3 tier architecture, as applications could retain its original interface while
compared to two tier system? the underlying database structure was enhanced
(a) Scalability during a new application release. This ITCTC’s
(b) Data integrity Multi-tier Architectural advantage is called-
(c) Security (a) Improved Data Security
(d) Static load balancing (b) Improved Data integrity
(c) Change Management
14. In a computerized enterprise environment where
many critical business processes are performed, a (d) Hidden Data Structure
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b a b a C a b d c b c c d d d

1. Business Process management involves 3. Mr. Aditya Raj, the Manager
concerted efforts to map, improve, and adhere to (sales) of OTC ltd., has set a goal of achieving
organizational processes.” the sales of 1 lakh units in the quarter of July-
i. To map the tasks to the roles involved in the September. Its previous records state that in the
process. current production capacity and capital availability
ii. To set up the organizational process that creates the sales cannot be more than 40,000 units even at
value throughout the organization. the full utilization of the company’s resources. So,
iii. To implement the steps the above goal were not achieved.
(tasks) in the process. Which of the following feature of an optimum goal is
iv. To define the steps (tasks) in the process. lacking in the above case?
v. To establish performance measures to improve (a) Specific (b) Measurable
the process. (c) Attainable (d) Timely
You are required to arrange them in the correct 4. Which of the following is ERP’s Post-implementation
sequence/order. issues?
(a) v , i, ii, iv, iii (b) iv, iii, v, ii, i (a) Data safety (b) Life long commitment
(c) i, iii, iv, ii, v (d) iv, i, iii, v, ii (c) Data access (d) System failure
2. Updating the allowance for uncollectible accounts 5. Controlling module includes-
is an activity of ____________________ Cycle (a) Cost Element (b) Revenue Element
(a) Revenue (b) Payroll (c) Internal Orders (d) All of the above
(c) Expenditure (d) Financial Reporting
6. CNP Ltd. Assumes that some risks may be considered (c) Develop a sustainable GreenComputing plan
minor because their impact and probability of (d) Reduce Paper Consumption
occurrence is low. Further, it believes that some 11. _________________________ is normally exemplified
risks remain even after the counter measures and hidden in ‘Weak BYOD Policy’.
are analyzed and implemented. In this case, the (a) Network Risk (b) Device Risk
most appropriate will be to make sure that risk is (c) Application Risks (d) Implementation Risks
periodically reviewed to ensure its impact remains 12. A user, desirous of connecting to a grid network, has
low. Which of the following Risk Management to enrol his machine as _______________ on the grid
Strategies is followed by CNP Ltd.? and install the provided grid software on his own
(a) Transfer/Share the Risk machine.
(b) Treat the Risk (a) Authenticator (b) Administrator
(c) Tolerate/Accept the Risk (c) Donor (d) Customer
(d) Terminate the Risk 13. Arrange the following in the correct order:
7. DBMS are software that provide the facility to create i. User places the order
and maintain a well-organized database. They aid in ii. Payment gateway requests for confirmation from
organizing, controlling and using the data needed issuer bank
by the ___________________ . iii. Merchant’s web server requests to payment gateway
(a) Decision Maker iv. Bank transfers fund to the merchants bank account
(b) User v. Payment gateway responses to the merchant’s web
(c) Application Programme portal
(d) Memory Unit vi. Bank responses to the payment gateway and
8. Integration of Big Data technologies and data confirms the payment
warehouse helps an organization to off load vii. Merchant’s web server responds to the user placing
infrequently accessed data, this leading to the order and confirms payment
_______________________. (a) i, ii, iii, iv, v, vi, vii (b) i, iii, v, vi, vii, ii, iv
(a) Access to Social Data. (c) i, iii, ii, iv, vi, v, vii (d) i, , ii, iii, iv, vi, vii, v
(b) Better operational efficiency. 14. Bean Enterprise’s B2B E-Commerce business has
(c) Early Identification of Risk. grown from a very small scale to medium scale level
(d) Improved Customer Services. with a network of over 5000 users across the country
9. _______ is ___________ information assets that and a turnover of over 3000 Crores. The performance
demand cost-effective, innovative forms of of its existing network has deteriorated drastically.
information processing that enable enhanced In your opinion, which of the following Network
insight, decision-making, and process automation. Architecture, it has been using so far?
(a) Big data, High-volume (a) Single tier (b) Two- tier
(b) Big data, High-velocity (c) Three- tier (d) N- tier
(c) Big data, High-variety 15. Which of the following is a disadvantage of a two-
(d) All of the above tier architecture?
10. Which of the following Green Computing Best (a) Since processing was shared between the client
Practices Recognizes manufacturer’s efforts to and server, more users could interact with system.
reduce the environmental impact of products by (b) Performance deteriorates if number of users is
reducing or eliminating environmentally sensitive greater than 100.
materials, designing for longevity and reducing (c) Limited functionality in moving the program or
packaging materials. programs across servers.
(a) Conserve Energy (d) Both b and c
(b) Make environmentally sound purchase decisions
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(d) (d) (c) (a) (c) (a) (c) (b) (d) (b) (d) (c) (c) (b) (d)

1. British Petroleum is one of the largest oil companies 7. _____________ is referred to as extracting data from
in the world. A huge oil spilling incidence from one or more of the organizational database and load
an oil well in Kuwait resulted in an assessed it into the new database for storage and analysis.
environmental damage of about ` 500 crores. (a) Data warehouse (b) Data mining
Further, the company incurred ` 500 crores on (c) Data recovery (d) Data Mart
promotional Ads. on an environmental project
under CSR. The Ads were done to prevent company 8. _______________ is a major use of data warehouse
from which of the following damages? databases and the static data they contain to reveal
hidden trends in historical business activity.
(a) Strategic (b) Reputational
(a) Data mining (b) Data discovery
(c) Operational (d) Financial
(c) Data transformation (d) Data diddling
2. The managers of Prathama ltd., desired to produce 5
lakh units of ice cream cups and cones and sell it in OT Advertisements
the month of July. Its current production capacity is (India) Ltd. is one of the largest advertisement and
of 7 lakh units with available resources and capital. marketing co. in India. It owns one of the most
On 15th July, the workers of Prathama ltd. went popular web portals www.eissmpendrive.in which
on strike for five days because of this the above has more than 10 crores members and subscribers.
budgeted sale level was achieved in the first week of Now, it is integrating thousands of small advertisers
August. Which of the following feature lacked in the and AD agencies from across the country as their AD
attainment of the above set goal? service partners, sellers and resellers on its portal. It
provides ‘Dashboards’ to each of its partners, sellers
(a) Specific (b) Measurable
and resellers (advertisers and AD agencies), so that
(c) Attainable (d) Timeliness they can upload their multimedia contents and offer
3. Which of the following steps of BPA implementation their products to the larger population through
allows room for improvements prior to the official www.eissmpendrive.in. They can upload their data
launch of the newly automated process. through the ‘Dashboards’ on www.eissmpendrive.
(a) Calculate the ROI for BPA project in. OT Advertisements
(b) Define the objectives/goals during BPA (India) Ltd. appoints you as a BPA consultant.
implementation 9. Which one of the suitable Database Models caters to
(c) Development of BPA the data upload requirements of multimedia content
(d) Testing of BPA through the ‘Dashboards’ on www.eissmpendrive.in.
(a) Hierarchical (b) Relational
4. In _______________________ view Balance Sheet
and Profit & Loss Account must be prepared easily (c) Object Oriented (d) Relational
without putting much time/efforts. 10. Which one of the suitable Database Models caters to
(a) Auditor’s view the data upload requirements of multimedia content

(b) Accountant’s through the ‘Dashboards’ on www.eissmpendrive.in.
(c) Business’s managers (a) Hierarchical (b) Relational
(d) Owners’ view (c) Object Oriented (d) Relational
5. Which of the following is not a part of Inventory 11. ‘Dashboards’ on www.eissmpendrive.in is typically
Master Data? built/developed on OOPs with:
(a) Stock Item (b) Stock Group (a) State (Value)
(c) Payroll Structure (d) Godowns (b) Behaviour (Operations)
(c) Both A and B
6. Structure and content of accounting vouchers which
will be used to enter transactions is an example of (d) None of the Above
_______________. 12. Which one of the following servers receives data
(a) Master data (b) Non-master data from all the client machines installed at the
(c) Relative data (d) Non-Relative data branches and performs necessary operations and
updates the central database?
(a) IBCS (b) POS Server (b) Lack of authenticity of transactions

(c) Application Server (d) IBAS (c) Problem of anonymity
13. The client interface includes ____________. (d) Non recognition of digital signature and e-records
(a) Application server (b) Back end server 15. There is a possibility that the electronic transaction
(c) Payment gateway (d) Internet in the form of contract, sale order or purchase by the
trading partner or customer may be denied. Which
14. There is need to identify and authenticate users in
of the following risk in an e-commerce environment
the virtual global market where anyone can sell to
is highlighted in the above?
or buy from anyone and anything from anywhere.
Which of the following risk in an e-commerce (a) Repudiation of contract
environment is highlighted in the above? (b) Problem of anonymity
(a) Repudiation of contract (c) Lack of authenticity of transactions
(d) Data Loss or theft or duplication
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (d) (d) (b) (c) (a) (a) (a) (c) (c) (c) (c) (d) (c) (a)

1. SSR Ltd. has developed a mobile phone for students ii. Termination or Transition
which is unique in terms of its simplicity and ease of iii. Recruiting and on boarding
use. During tests, it finds that the product is really iv. Orientation and Career Planning
robust and rarely fails. The industry norm is that
(a) iii, iv, i, ii (b) iv, iii, i, ii
mobile phone manufacturers offer customers the
reliable after sales service and including repair. (c) iv, i, ii, iii, (d) iii, iv, ii, i
After a lot of introspection, the company decides 4. Mr. Raichand Raibahadur Suggestionwala, a junior
that the probability of failure of their product was accountant in account department of SSR Ltd. is
so low and it would not be worthwhile to invest assigned with a role to record basic accounting
in a network of servicing facilities. They decided, transactions. All Hardware-Software required are
instead to offer a free replacement in the event provided in computer system along with the right
of failure of their product and they used this as a and permission based on “need to know “ and “need
marketing strategy for their product. It turned out to to do” basis. What kind of access control is this?
be a roaring success. What type of risk management © Carvinowledge Press (CNP), 2022
(a) RAC (b) RBAC
strategy has been adopted by SSR Ltd.? (c) Privilege Control
(a) Avoid the risk (b) Accept the risk (d) Discretionary access control
(c) Reduce the risk (d) Share the risk
5. For which of the following transactions are contra
2. Arrange the following stages in P2P process in the voucher types issued?
correct order: (a) Fund transfer from our one bank account to our
1. Stores 2. A/c Payable own another bank account.
3. Vendor 4. User Department (b) For recording of all types of payments. Whenever
5. Procurement Department the money is going out of business by any mode
(a) 1, 2, 3, 4, 5 (b) 4, 5, 3, 1, 2 (c) For recording of all types of receipts. Whenever
(c) 1, 2, 4, 5, 3 (d) 1, 3, 2, 5, 4 money is being received into business from
outside by any mode
3. Arrange the following stages in HRM process in the
correct order: (d) For recording of all non-cash/bank transactions
i. Career Development
6. Which sentence is true about installed software (c) ATM server. (d) Application Server
application? 12. The Internet Banking Software which is stored in the
(a) It is installed on the hard disc of the computer of IBAS
the user (Internet Banking Application Server) authenticates
(b) It is installed on the web server the customer with the login details stored in which
(c) It is installed on cloud server?
(d) It is installed on a website (a) IBCS (b) POS Server
7. A _____________ is an undertaking by a bank to the (c) Application Server (d) IBAS
payee 13. Intellectual property may not be adequately
(the supplier of goods and/or services) to pay to protected when such property is transacted through
him, on behalf of the applicant e-commerce. Which of the following risk in an
(the buyer) any amount up to the limit specified in e-commerce environment is highlighted in the
the aforesaid document, provided the terms and above?
conditions mentioned herein are complied with. (a) Attack from hackers
(a) ECS credit (b) Letters of Credit (b) Problem of piracy
(c) Reporting (d) Guarantee (c) Denial of Service
8. __________________________ functions include (d) Non-recognition of electronic transactions
settlements, clearances, record maintenance, 14. The _______________ vendor is responsible for all
regulatory compliance, accounting, and IT services. hardware and software management and offers
(a) Front Office (b) Back Office guaranteed Quality of Service
(c) Middle Office (d) Central Server (QoS).
9. In computer networks, _________ refers to the ability (a) Naas (b) SaaS
of a network to recover from any kind of error like (c) Iaas (d) CaaS
connection failure, loss of data etc. 15. Which of the following is the correct sequence of
(a) Routing (b) Resilience Mobile Computing?
(c) Contention (d) Bandwidth (i) The user enters or access data using the
10. Automated Teller Machine application on handheld computing device.
(ATM) server contains the details of all ATM account (ii) Now both systems (handheld and site’s
holders. It temporarily holds data that is converted computer) have the same information and are in
by the ___________ as requested by title ATM switch. sync.
(a) Application Software (iii) The process work the same way starting from the
(b) Middleware other direction.
(c) CBS (iv) Using one of several connecting technologies, the
(d) Firmware new data are transmitted from handheld to site’s
information system where files are updated and
11. When the Central Database is busy with central end- the new data are accessible to other system user.
of- day activities or for any other reason, the file
(a) (i), (ii), (iii), (iv) (b) (iv), (iii), (ii), (i)
containing the account balance of the customer is
sent to the ________________________. (c) (i), (ii),(iv), (iii) (d) (i), (iv),(ii), (iii)
(a) ATM switch. (b) Middleware
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (a) (b) (a) (a) (b) (b) (b) (b) (a) (a) (b) (d) (d)

1. Arrange the following stages in General Ledger (d) Enterprise Resource Planning
process in the correct order: 7. Which of the following is an example of business
i. Reviewing Transactions. application of telecommunication network to
ii. Approving Transactions. Posting of Transactions. overcome geographic barriers?
iii. Generating Financial Reports. (a) se the Internet and extranets to transmit customer
iv. Entering financial transactions into the system. orders from traveling sales people to a corporate
(a) iv, i, iii, ii (b) iv, i, ii, iii data centre for order processing and inventory
control.
(c) iv, ii ,i, iii, (d) iv, iii, ii, i
(b) Credit authorization at the point of sale using
2. Pick and Release, Invoicing, Shipping, Sales online POS networks.
Return, Credit Note and Cash Discount are the
(c) Desktop videoconferencing between a company
‘Transactions’ covered under which of the following
and its business partners using the Internet,
cycles?
intranets, and extranets.
(a) P2P Cycle (b) O2C Cycle
(d) Business-to-business electronic commerce
(c) Fixed Assets Cycle (d) Inventory Cycle Web sites for transactions with suppliers and
3. Which of the following steps of BPA implementation customers using the Internet and extranets.
provides clarity on the process, helps to determine 8. Which of the following is an example of business
the sources of inefficiency, bottlenecks, and allows application of telecommunication network to
to re-design the process to focus on the desired overcome structural barriers?
result with workflow automation.
(a) Use the Internet and extranets to transmit
(a) Document the process for which BPA is required customer orders from traveling sales people to a
(b) Define the objectives/goals during BPA corporate data centre for order processing and
implementation inventory control.
(c) Development of BPA (b) Credit authorization at the point of sale using
(d) Testing of BPA online POS networks.
4. Access rights need to be defined very carefully. (c) Business-to-business electronic commerce
Access to be given on “Need to know” and “Need to Web sites for transactions with suppliers and
do” basis only. It is associated with which kind of customers using the Internet and extranets.
control in ERP Environment? (d) Desktop video conferencing between a company
(a) Data Safety and its business partners using the Internet,
(b) System Failure intranets, and extranets.
(c) Change in Process 9. Abuse of data processing resources is ___________
(d) Data Access exposure.
(a) Technical (b) Physical
5. All the processes must be documents carefully in
the beginning of implementation itself so as to avoid (c) Environmental (d) All of the above
any discomfort in future. It is associated with which 10. IVR Server is _______________________ Server in
kind of control in ERP Environment? Technology Architecture of CBS.
(a) Data Safety (b) System Failure (a) Channel Server (b) Central Server
(c) Change in Process (d) Data Access (c) Database Server (d) Application Server
6. A ___________________ is a software program where 11. TP Monitor is a _______________________ Server in
CSP’s services and local components work together. the Technology Architecture of CBS.
(a) Middleware (a) Channel Server (b) Central Server
(b) Cloud application (c) Database Server (d) Application Server
(c) Artificial intelligence
12. Standing Orders, Payment Systems, Clearing, 14. The concept of green computing was launched by
Liquidity management, etc. are which of the the U.S. environmental protection agency in 1992
following layer of the Functional Architecture of through the ___________ program.
CBS? (a) Green Sustainability
(a) Enterprise CRM (b) Product Factory (b) Energy Star
(c) Functional Services (d) Infrastructure (c) Recyclability Super Star
13. In a grid computing system, large amount of (d) Biodegradability
encryption shall not be used at a time. There should 15. Which of the following Green Computing Best
be a minimum communication at a time. Which Practices encourages the use of online marketing,
of the following constraint of security on grid is e-mail marketing solutions that are greener, more
highlighted in the above phrases? affordable, flexibleand interactive than direct mail.
(a) Single Sign-on (a) Conserve Energy
(b) Exportability (b) Make environmentally
(c) Protection of Credentials (c) sound purchase decisions
(d) Interoperability with local security solutions (d) Develop a sustainable Green Computing plan
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (a) (?) (c) (b) (a) (c) (b) (a) (d) (c) (b) (b) (d)

1. Which one of the following deals with Section 143 of category of _____________________________________
the Companies Act 2013? _____.
(a) Acquisition and Mergers (a) Putting Incorrect Data in Centralized Database
(b) Powers and duties of auditors and auditing (b) Access Risk Due to Centralized Database
standards (c) Access Risk Due to decentralized Database
(c) Powers and duties of Board of Directors (d) Risk of leakage of data and information
(d) Penalties due to non-compliance 5. ____________ is the process of verifying a subject’s
2. The production manager of ENT Enterprises identity at the point of object’s access.
instructed its workers to produce paper cups to the (a) Authentication
best of their abilities. Which of the following feature (b) Authorization
of Goals and Objectives is lacking in the above (c) Identity Management
instruction of production manager? (d) Accountability

(a) Specific (b) Measurable 6. RSC Ltd. is implementing ERP to run its business
(c) Attainable (d) Timeliness effectively and efficiently. They believe that ERP
3. Due to reduction in number of steps in the processes implementation will fail if the top management does
of Narang Enterprises, time involved in the process not provide support and grant permission for the
flow of information throughout the production, availability of the huge resources required during
services, billing and collection is reduced. This the transition. Which type of ERP Implementation
results in: Related Risks is involved in this case?
(a) Enhanced reliability (a) People Related (b) Implementation Related
(b) Reduced cost (c) Process Related (d) Technology Related
(c) Cycle-time reduction 7. Encryption techniques, Anti-virus programs and
(d) Consistency Firewall are part of which of the following types of
4. A person from sales department checking salary of control?
a person in production. This risk comes under the (a) Physical Access (b) Logical Access
(c) Environmental (d) Detective financial institution to conduct a range of financial

8. _______________ is a piece of bad code deliberately transactions through the financial institution’s
planted by an insider or supplier of a program. website. This is a ______________________ of CBS.
(a) Bomb (b) Worm (a) Back End Applications
(c) Trojan (d) Christmas card (b) Middle Office Application
9. A ___________ does not require a host program to (c) Front End Applications
relocate itself. It copies itself to another machine on (d) Central Server Application
the network. 13. _________ is normally exemplified and hidden in
(a) Bomb (b) Virus ‘Lack of Device Visibility’.
(c) Worm (d) Trojan (a) Device Risk (b) Application Risks
10. Consumer banking like time deposit, term loans, (c) Network Risk (d) Implementation Risks
mortgages/ Corporate Banking and Trade Finance 14. Platform fragmentation and lack of technical
like commercial lendings, securitization; etc. are standards are situations where the variety of IOT
which of the following layer of the Functional devices, in terms of both hardware variations and
Architecture of CBS? differences in the software running on them, makes
(a) Enterprise CRM (b) Product Factory the task of developing applications tough. This is
(c) Functional Services (d) Infrastructure ____________________ Risk.
11. A pervasive control that applies to all systems (a) Manufacture’s (b) User’s
components, processes, and data for a given systems (c) Technology (d) Environmental
environment is called- 15. ___________________ is normally exemplified and
(a) Application control (b) Report control hidden in ‘Loss of Devices’.
(c) General Control (d) Update Control (a) Network Risk (b) Device Risk
12. Online Banking, is an electronic payment (c) Application Risks (d) Implementation Risks
system that enables customers of a bank or other
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (c) (b) (a) (a) (b) (a) (c) (b) (c) (c) (?) (c) (b)

1. OTC Ltd. was facing data leakage and lack of privacy 3. As per _________, if any person, dishonestly, or
in its manual execution. So, it implemented BPA in fraudulently, does any act referred to in ________,
its enterprise. OTC Ltd. wanted to ensure that data he shall be punishable with imprisonment for a
is only available to persons who have right to see term which may extend to _____________ or with fine © Carvinowledge Press (CNP), 2022
the same. Which of the following objective of BPA is which may extend to `5 Lakh or with both.
demonstrated in the above case? (a) Section 66, Section 43, 3 Years
(a) Integrity (b) Confidentiality (b) Section 43, Section 66, 2 Years
(c) Availability (d) Timeliness (c) Section 65, Section 43, 5 Years
2. While reviewing the control systems in a CIS (d) Section 66, Section 18, 5 Years
audit, the auditor of PKT Enterprises noticed that 4. Profitability analysis and profit centre accounting is
un-authorized amendments can be made in the the part of ________________________.
data while manually performing the tasks. So, he (a) Financial accounting module
suggested the enterprise to implement BPA in its (b) Sales and distribution module
enterprise. Which of the following objective does (c) Controlling module
the auditor seek from the implementation of BPA? (d) Human resource module
(a) Integrity (b) Confidentiality 5. Which of the following is an example of
(c) Availability (d) Timeliness Compensatory or Perfective Controls?
(a) Segregation of Duties
(b) Biometric enabled Data Centre (b) i, ii, iii, iv, v, vi, vii, viii, ix, x
(c) Review of payroll reports. (c) i, ii, iii, iv, v, vi, vii, viii, ix, x
(d) Access control (d) All of the above
6. ____________________ collaborates with master data, OTC Ltd. has recently launched an e-commerce
sales and operations planning, distribution resource web portal www.pendriveclass.com to promote it’s
planning, material requirements planning, product books, study notes, DVDs, Pen drive lectures and
cost planning and so on while working towards online video tutorials with animation. It also deals
production management in enterprises. in corporate, retail, consumer, social, political and
(a) Financial accounting module community related databases of very sensitive,
(b) Production planning module sensitive and general nature. It has recently
(c) Controlling module collaborated with 3 of the like-minded virtual
(d) Human resource module organizations
7. _______________ is a kind of Technical Exposure, A (communities) in the same field to gain the benefits
Trojan of synergy and an strategic edge over its rivals like
(A Malware) which hides within a system or network Amazon, Flipkart, Jiomart and Snapdeal.
with the help of _________________. 12. The CEO, Prathama Trivedi, is planning to reduce the
(a) Bomb, Rootkits burden of IT Management by outsourcing the whole
(b) Christmas Card, Spyware IT infrastructure of OTC Ltd.. She appoints you as an
(c) Christmas Card, Rootkits IT consultant and advisor of OTC Ltd.As an advisor,
(d) Bomb, Spyware Which of the following type of emerging computing
8. _______________ involves forging one’s source Technologies and their services/Application will
address. best suit the current business model of OTC Ltd?
(a) Spoofing (b) Christmas card (a) Grid Computing (b) Mobile Computing
(c) Rounding down (d) SCARF (c) BYOD (d) Cloud Computing
9. ___________ involves spying on information being 13. As an advisor of OTC Ltd., suggest CEO the most
transmitted over communication network. suitable Cloud Computing Deployments, keeping
(a) Data Leakage (b) Subversive attack the nature, diversity and complexity of their
(c) Wire-tapping (d) Piggy-backing business in mind.
10. Which of the following best defines Money (a) Private Cloud (b) Public Cloud
Laundering? (c) Community Cloud (d) Hybrid Cloud
(a) Converting proceeds of crime and projecting it as 14. As an advisor, suggest the most suitable Cloud
untainted property Deployments Combination of Hybrid Cloud to the
(b) Tax Planning as per provision of IT Act CEO, keeping the nature, diversity and complexity
(c) Gifting immoveable property to relatives of their business in mind.
(d) Transferring fixed deposit to employees (a) Private + Public
11. Following is the list of CBS stages. Which of the (b) Public + Community
following order is correct? (c) Private + Community + Public
i. Planning ii. Approval (d) Private + Community
iii. Selection 15. As an advisor of OTC Ltd., suggest CEO the most
iv. Design and develop or procured suitable Cloud Service Model that will reduce the
v. Testing vi. Implementation burden of IT Management by outsourcing it to a
vii. Maintenance third party vendor, keeping the nature, diversity
viii. Support and complexity of their business in mind.
ix. Updation (a) SaaS (b) PaaS
x. Audit (c) DaaS (d) IaaS
(a) i, ii, iii, vi, vii, iv, v, viii, ix, x
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (a) (c) (b) (b) (c) (a) (c) (?) (b) (d) (d) (c) (a)

1. System Outline Charts ___________________. (a) Cloud Application
(a) Lists the inputs, file processed and the outputs (b) Installed Application
without considering their sequence. (c) Web Application
(b) Are designed to present an overview of data flow (d) Grid Application
through all parts of a computer.
7. One machine is used to impersonate the other in
(c) Represent flow of documents, the operations or _____________________ technique.
activities performed, the persons or workstations.
(a) Spoofing (b) Christmas card
(d) Represent the operations of a system with the
(c) Rounding down (d) Data Didling
help of a logically drawn diagram, data, and
illustrates the correct flow of documents. 8. Which one of the following technical exposures
allows insertion of specific logic, such as program
2. Which of the following given combination is not a
interrupts that permit a review of data. They also
violation of maker - Checker Rule for the Internal
permit insertion of unauthorized logic.
Control in the organisation?
(a) Spoofing (b) Bomb
(a) Auditor Suggesting Controls
(c) Trapdoor (d) Data Diddling
(b) Cashier is also a Ledger Writer
(c) Auditor acting as Implementation Consultant 9. __________________is the act of following an
authorized person through a secured door
(d) System Developer acting as a System Quality
or electronically attaching to an authorized
Control Personnel
telecommunication link that intercepts and alters
3. _________________________ are diagrammatic transmissions.
representation of the data processing steps to be (a) Data Leakage (b) Subversive attack
performed within a computer program.
(c) Wire-tapping (d) Piggy-backing
(a) System Flow Charts
10. When the Central Database is busy with central
(b) System Outline Charts
end-of- day activities or for any other reason, the
(c) Program flow charts file containing the account balance of the customer
(d) Data Flow Diagram is sent to the ATM switch. Such a file is called
4. _________________________________ collaborates _____________________.
in procurement and sales, production, planning, (a) Neutral Balance File
inspection, notification, control, audit management (b) Positive Balance File
and so on. (c) Negative Balance File
(a) Material Management (MM) Module (d) Unique Balance File
(b) Quality Management Module
11. __________________ contains the home branch © Carvinowledge Press (CNP), 2022
(c) Production Planning Module details of each internet banking customer.
(d) Controlling Module (a) Internet Banking Application Server (IBAS)
5. Which of the following business intelligence tools (b) ATM Switch
involve using the data warehouse to get response to (c) Internet Banking Channel Server (IBCS)
the query: “Tell me what happened”?
(d) ATM Server
(a) Dashboard
12. __________________ is required when more than
(b) Simple reporting and querying
one application with different data requirements
(c) Scoreboard processes a common database.
(d) Data mining (a) Internet Banking Application Server (IBAS)
6. ______________ allows flexibility against both capital (b) Application server
expenditure (c) Middleware
(CAPEX) and Operating Expense
(d) Web server
(OPEX) to the user. User can scale up operations as
per need.
13. _______________ is a powerful and robust system customers across the country. It handles Mediclaim
that performs all the core banking operations. requests of approximately 60,000 patients on daily
(a) IBCS (b) Application server basis. The numbers are so large that there is a great
(c) IBAS (d) Web server risk of fraud in Mediclaim processing. Keeping the
situation in mind, TNN Insurance Co.
14. In the above scenario, by integrating the (India) Ltd. urgently needs a modern computing
_______________ services OTC Ltd. leverages cloud technology that can handle such a huge volume
solutions for specific functions that are too costly of Mediclaim requests from 90 lacs customers
to maintain on premise, such as virtual server and 30,000 hospitals and mine data from partner
disaster recovery, backups and test/development hospitals to detect and prevent fraud at the right
environments. time. It appoints VKT and Associates as its auditor.
(a) Private Cloud (b) Public Cloud You are an article clerk with VKT and Associates.As
(c) Community Cloud (d) Hybrid Cloud an auditor, which emerging computing technology
15. TNN Insurance Co. will you suggest to TNN Insurance Co.
(India) Ltd. is country’s largest medical and general (India) Ltd.?
insurance services provider in the country. It has a (a) Grid Computing (b) Mobile Computing
collaborative network of more than 30,000 hospitals (c) BYOD (d) Cloud Computing
and a customer base of more than 90,00,000
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (a) (c) (b) (b) (a) (a) (c) (d) (b) (c) (c) (b) (b) (a)

1. ______________________ are designed to present (a) Dashboard (b) Business Analysis
an overview of data flow through all parts of a (c) Scoreboard (d) Data mining
computer. 5. XBRL allows the creation of taxonomies that
(a) System Flow Charts capture themeaning contained in all the reporting
(b) System Outline Charts terms used in a business report, as well as the
(c) Program flow charts relationships between all of the terms. This feature
(d) ER Diagram of XBRL Reporting is known as:
2. ________________ represents flow of documents, the (a) Strong Software Support
operations or activities performed, the persons or (b) Multi Lingual Support

workstations. (c) Clear Definitions
(a) System Outline Charts (d) Testable Business Rules
(b) Program flow charts 6. Stop poor quality information being sent to a
(c) System Flow Charts regulator or third party, by being run by the
(d) None of the above preparer while the report is in draft.This feature of
3. A ___________represents the operations of a system XBRL Reporting is known as:
with the help of a logically drawn diagram, data, and (a) Strong Software Support
illustrates the correct flow of documents. (b) Multi Lingual Support
(a) System Outline Charts (c) Clear Definitions
(b) System Flow Charts (d) Testable Business Rules
(c) Program flow charts 7. User registration, privilege management, password
(d) None of the above management, etc. are ________________________
4. Which of the following business intelligence tools type of Logical Access Controls.
involve using the data warehouse to get response to (a) User Access Management
the query: “Tell me what happened and why”? (b) User Responsibility Management
(c) Network Access (b) It is a special kind of Parallel Computing

(d) All of the above (c) Company can mines data from partner hospitals
8. Which of the following type of logical access control for fraud detection
ensures that Access privileges are to be aligned with (d) It is a highly secured Computing technology
job requirements and responsibilities and are to be 14. In the above scenario, grid gives TNN Insurance Co.
minimized with reference to their job functions? (India) Ltd. And their partner 30,000 hospitals
(a) User registration a more uniform interoperability among
(b) User-password management heterogeneous grid participants. Which of the
(c) Privilege management following characteristics is reflecting in the above
(d) Review of user access right facilitation?
9. ____________ is the conversion of data into a secret (a) Distributed Computing
code for storage in databases and transmission over (b) Parallel Computing
networks. (c) Virtualization of Resources
(a) Encryption (b) Firewall (d) Reliability of Grid
(c) Call back devices (d) Enforced path 15. Er. Kapil Chawla has been appointed as the Security
10. A ______________ acts in conjunction with the Administrator of TNN Insurance Co.
firewall and provides network security by filtering (India) Pvt. Ltd. He has been informed by his
malicious data from entering the network. colleagues and consultants that the company’s
(a) Proxy server (b) TP Monitor computer network is very much vulnerable and
(c) Internet Banking Application Server exposed to network risk. The auditors of the firm,
(IBAS) VKT and Associated had also highlighted the
(d) Application server weaknesses in the network security and suggested
11. __________________ secures the internal Internet a series of internal control measures. It highlighted
Protocol its constraints regarding access to local resources
(IP) addresses of the Bank’s servers by performing a should have local security policy at a local level.
Network Address Translation Despite of modifying every local resource there
(NAT) whenever data are transferred from the is an inter-domain security server for providing
bank’s network to a public network like Internet. security to local resource. Er. Kapil Chawla is
(a) Internet Banking Channel Server (IBCS) supposed to conduct a security programme which
(b) Proxy server is a series of ongoing, regular and periodic review of
(c) Internet Banking Application Server controls exercised to ensure safeguarding of assets
(IBAS) and maintenance of confidentiality, accuracy and
(d) Application server integrity of data. You have been appointed as the
12. _________________ is a secured loan which is secured security program advisor to Er. Kapil Chawla. As an
on the borrower’s property by marking a lien on the advisor, suggest Er. Kapil Chawla that which of the
property as collateral for the loan. following constraints of Grid Computing Security
(a) Hypothecation (b) Mortgage has been challenges in the above scenario, keeping
(c) Lien (d) Pledge the nature, diversity and complexity of their
13. In the above scenario, your selection of the business in mind? © Carvinowledge Press (CNP), 2022
computing technology for your client TNN (a) Single Sign-on
Insurance Co. (b) Protection of Credentials
(India) Ltd. is based on the fact that- (c) Interoperability with local security solutions
(a) It is a special kind of Distributed Computing (d) Exportability
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (c) (b) (b) (c) (d) (a) (c) (a) (a) (b) (b) (c) (c) (c)

1. Which one of the processing is used in producing 7. _______________ is based on the principle that the
bills, stock control, producing monthly credit card/ key to network security is to keep the intruder off
debit card statements, payroll etc. in bulk? the Intranet rather than imposing security measure
(a) Interactive Processing after the criminal has connected to the intranet.
(b) Online Processing (a) Encryption (b) Firewall
(c) Batch Processing (c) Call back devices (d) Enforced path
(d) Real-time Processing 8. Access control list, discretionary access control
2. In case of ‘Indeterministic Counter’ and processing and access token are the controls defined under
for each variable __________________ Controls.
(one by one), the flowchart steps of Print and (a) User access
applying counter will be in a sequence like……… (b) Network access
(a) Ask then Print (b) Print only (c) Operating system access
(c) Print then Ask (d) No need to print (d) Application system access
3. _______________________may be a ‘physical object’ 9. Event logging, monitor system use, clock
such as a house or a car, an ‘event’ such as a house synchronization; etc. are the controls defined under
sale or a car service, or ‘concept’ such as a customer _____________________ Controls.
transaction or order. (a) User access
(a) Attributes (b) Processes (b) Network access
(c) Entity (d) Flows (c) Operating system access
4. Stop poor quality information being accepted by a (d) Application system access
regulator or third party, by being run at the point 10. _______________ is a traditional mortgage where
that the information is being received. Business customer has an option of selecting fixed or variable
reports that fail critical rules can be bounced back rate of interest and is provided for the purchase of
to the preparer for review and resubmission.This property.
feature of XBRL Reporting is known as:
(a) Home Loan (b) Top Up Loan
(a) Strong Software Support
(c) Loans for Under Construction Property
(b) Multi Lingual Support
(c) Clear Definitions
11. In which of the following loans the customer already
(d) Testable Business Rules
has an existing loan and is applying for additional
5. Stop poor quality information being accepted by a amount either for refurbishment or renovation of
regulator or third party, by being run at the point
the house?
that the information is being received. Business (a) Home loan (b) Top-up loan
reports that fail critical rules can be bounced back
(c) Loan for under construction property
to the preparer for review and resubmission.This
feature of XBRL Reporting is known as: (d) All of the above
(a) Strong Software Support 12. Which of the following are the controls for the risk of
(b) Multi Lingual Support unauthorised changes been made, in the Mortgage
Process?
(c) Clear Definitions
(a) There is secondary review performed by an
(d) Testable Business Rules
independent team member who will verify loan
6. ________________includes running data profiling details captured in core banking application with
and data cleansing jobs to make sure that the offer letter.
information in a data set is consistent and that (b) There is secondary review performed by an
errors and duplicate entries are eliminated. independent team member who will verify loan
(a) Data Collection (b) Data Integration amount to be disbursed with the core banking
(c) Data Modelling (d) Data Quality Fixation application to the signed offer letter.
(c) System enforced segregation of duties exist in the In the above scenario, Which of the following
core banking application where the inputter of the emerging computing technologies will you suggest
transaction cannot approve its own transaction to keiretsu Partners?
and reviewer cannot edit any details submitted (a) Grid Computing (b) Mobile Computing
by inputter. (c) BYOD (d) Cloud Computing
(d) Interest amount is auto calculated by the core
14. EISSM Ltd. implemented cloud computing
banking application basis loan amount, ROI and
technology in its enterprise, where the organization
tenure.
runs non-core applications on web servers/
13. Five Japanese automobile companies of Japan web applications of a third party who bills on a
(Mitsui, Mitsubishi, Fuyo, Sanwa and Sumitomo) in utility computing basis, while maintaining core
collaboration with its banker DKB applications and sensitive data in-house.
(Dai-Ichi Kangyo Bank), 20 distributors and
Which of the following type of cloud computing
18 suppliers have formed a “Horizontal and
environment is used by EISSM Ltd.?
Vertical keiretsu” to compete against it’s main
rivals in International market, Ford Automobiles (a) Community cloud (b) Public cloud
and General Motors and to gain a competitive (c) Hybrid cloud (d) Private cloud
advantages over them. To communicate and 15. Public cloud service providers often can host the
share data, documents, files, databases and other cloud services for multiple users within the same
computing resources with privacy and in a secured infrastructure. Which of the following features does
manner, these companies have formed a computer the above line signify?
network as a collection of similar computers running (a) Pay per use (b) On-demand service
on the same operating system or as complex as inter-
(c) Multi Tenancy (d) Elasticity and Scalability
networked systems comprised of every computer
platform we can think of.
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(c) (c) (c) (d) (d) (d) (c) (c) (d) (a) (b) (c) (a) (c) (c)

1. Consider the following statements about the (c) Logical DFD (d) None of the above
segregation of duties: 3. A ________________ shows how the system will
(i) Segregation of duty plays an important role in the be implemented. The physical model depicts the © Carvinowledge Press (CNP), 2022
internal control system. system.
(ii) Having the split custody of high-value assets has (a) Physical DFD (b) Context DFD
no role in SOD. (c) Logical DFD (d) None of the above
(iii) Transaction authorization is an important 4. OTC Ltd. Is a sports company. During pandemic,
segregation of duty control. it accepts risk as part of value creation and
(iv) When segregation of duties issue arises in the preservation, and expects return commensurate
company, management can introduce a new with the risk. ERM provides an enhanced ability to
mitigating control. identify and assess risks, and establish acceptable
Which of the above statements are correct? levels of risk relative to growth and return
(a) (i), (ii) & (iii) Only (b) (i), (iii) & (iv) Only objectives. Which of the following ERM benefits is
(c) (ii) & (iv) Only (d) (i) & (iii) Only availed by OTC Ltd.?
2. A ________________ shows how the system will (a) Align risk appetite and strategy
be implemented. The physical model depicts the (b) Link growth, risk and return
system. (c) Enhance risk response decisions
(a) Physical DFD (b) Context DFD (d) Rationalize capital
5. An amount of ` 5,000 is written off as same has not (a) Anti-virus (b) Firewall
been recovered from Miranda Distributors Pvt. (c) Malwares (d) Bomb
Ltd. since last 4 years. Which type of the voucher is 11. What is the primary objective of SPDI?
created for this? (a) Protecting computer software
(a) Sales (b) Journal (b) Securing critical information
(c) Purchase (d) Contra (c) Securing Personal Information
6. System failure in one of the major risks that can be (d) Identifying Sensitive Information
seen in case of integrated systems like ERP. What 12. ______________defines ‘money laundering’ as:
controls would you suggest for addressing the above “whosoever directly or indirectly attempts to
type of risk? indulge or knowingly assists or knowingly is a
(a) With help of proper staff training system having party or is actually involved in any process or
help manuals, having backup plans for staff activity connected with the proceeds of crime and
turnover projecting it as untainted property shall be guilty of
(b) By having proper and updating backup of data the offence of money-laundering”.
as well as alternate hardware and internet (a) Section 2, FEMA Act, 1999
arrangements. In case of failure of primary (b) Section 3, PML Act, 2002
system, secondary system may be used. (c) Section 12, RBI Act, 1934
(c) All the processes must be document carefully in (d) Section 12, PML Act, 2002
the beginning of implementation itself so as to 13. Cloud computing gives us the ability to expand and
avoid any discomfort in future. reduce resources according to the specific service
(d) This can be controlled by removing redundant requirement. Which of the following features does
data, using techniques like data warehousing and the above line signify?
updating hardware on a continuous basis. (a) Elasticity and Scalability
7. _______________ are placed to ensure that the (b) Pay per use
database always corresponds and comply with its (c) On-demand service
definition standards. (d) Resiliency
(a) Existence/Backup Controls 14. ___________________________ refers to the
(b) Definition Controls components and subcomponents that typically
(c) Access Controls consist of a front end platform
(d) Update Controls (fat client, thin client, mobile device), back end
8. Ms. Prathama Trivedi, data analyst of Kumar platforms
enterprises notices that inventory code “SQC1066” (servers, storage), a cloud based delivery, and a
is recorded as “SQC106”. network
(a) Transposition Error (Internet, Intranet, Inter-cloud).
(b) Truncation errors (a) System design
(c) Addition errors (b) Cloud computing architecture
(d) Substitution errors (c) Cloud Deployments
9. Mr. Raj Trivedi, the data entry operator of Prathama (d) Instruction design architecture (ISA)
Ltd. While recording the inventory code, records 15. To optimize the use of various information system
Inventory Code “SQC1066” as “SQC1076”. This is an resources (machine time, peripherals, system
example of which of the following errors? software and labour) along with the impact on its
(a) Transposition Error computing environment. Which of the following
(b) Addition errors control objective is being highlighted in the above
(c) Truncation errors statement?
(d) Substitution errors (a) Safeguard assets from un-authorized access
10. To protect the web server from unauthorized use (b) System Effectiveness Objectives
and abuse, the traffic is necessarily to go past a (c) Ensure data integrity
____________. (d) System Efficiency Objectives
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (a) (b) (b) (b) (b) (b) (d) (b) (c) (b) (a) (b) (d)

1. _________________________ might arise from making (c) System Control Audit Review File (SCARF)
poor business decisions, from the substandard (d) Audit Hooks
execution of decisions, from inadequate resource
7. ________________ is responsible for all aspects
allocation, or from a failure to respond well to
of data-related security. This position usually
changes in the business environment.
includes incident management, disaster recovery,
(a) Operational risk (b) Strategic risk vulnerability management, and compliance.
(c) Regulatory risk (d) Credit risk (a) CIO (Chief Information Officer)
2. _____________________ is a risk that could result in (b) CTO (Chief Technical Officer)
a negative financial impact to the organization in (c) CSO (Chief Security Officer)
terms of waste or loss of assets.
(a) Operational risk (b) Regulatory risk
8. The _______________ software is built into the system
(c) Credit risk (d) Financial risk
at those points where material processing occurs
3. A large proportion of RIYA Ltd.’s revenue comes which takes images of the flow of any transaction as
from a single large client, and it extends 60 days it moves through the application.
credit to that client. If that customer is unable to (a) Snapshot
pay, or delays payment for whatever reason, then
(b) Integrated Test Facility (ITF)
firm’s business is in big trouble. What kind of risk is
this? (c) System Control Audit Review File (SCARF)
(a) Operational risk (b) Regulatory risk (d) Audit Hooks
(c) Financial risk (d) Credit risk 9. In many ways, the SCARF technique is like the
_____________ technique along with other data
4. RSC Ltd. is implementing ERP to run its business
collection capabilities.
effectively and efficiently. They believe that there
could be a possibility of an information gap between (a) Snapshot
day-to-day program management activities and (b) Integrated Test Facility (ITF)
ERP-enabled functions like MM , PP, QM, PM, SCM (c) System Control Audit Review File (SCARF)
and CRM. Which type of ERP Implementation (d) Continuous and Intermittent Simulation (CIS)
Related Risks is involved in this case?
10. ______________consist of several banks to bank
(a) People Related transfers or wire transfers between different
(b) Implementation Related accounts in different names in different countries
(c) Process Related making deposit and withdrawals to continually vary
(d) Technology Related the amount of money in the accounts changing the
money’s currency purchasing high value items to
5. Which of the following type of check field is checked
change the form of money-making it hard to trace.
by the program against predefined limits to ensure
that no input/ output error has occurred or at least (a) Layering (b) Integration
no input error exceeding certain pre-established (c) Placement (d) Cyber Crime
limits has occurred? 11. A comprehensive set of reform measures, developed
(a) Picture check (b) Valid code check by the Basel Committee on Banking Supervision,
(c) Limit check (d) Check digits to strengthen the regulation, supervision and risk
management of the banking sector with aim to
6. __________________ technique involves embedding
improve the banking sector’s ability to absorb
audit software modules within a host application
shocks arising from financial and economic
system to provide continuous monitoring of the
stress, whatever the source and to improve risk
system’s transactions.
management and governance is?
(a) Snapshot
(a) Basel I (b) Basel II
(b) Integrated Test Facility (ITF)
(c) Basel III (d) RBI Act
12. We invoke cloud services only when we need (d) It is a computer network in which each computer’s
them, they are not permanent parts of the IT resources are shared with every other computer
infrastructure: this is a significant advantage for in the system.
cloud use as opposed to internal IT services. 14. _________________________ is a method of combining
Which of the following features does the above line the available resources in a network by splitting
signify? up the available bandwidth into channels, each of
(a) Pay per use which is independent from the others, and each
(b) Elasticity and Scalability of which can be assigned (or reassigned) to a
particular server or device in real time.
(c) Resiliency
(a) Hardware Virtualization
(b) Network virtualization
13. Which of the following statement is not true about
(c) Platform Virtualization
virtualization?
(d) Storage Virtualization
(a) It means to create a virtual version of a device or
resource. 15. __________________________ are needed when
(b) It refers to technologies designed to provide a running an application from a removable drive,
layer of abstraction between computer hardware without installing it on the system’s main disk drive.
systems and the software, running on them. (a) Server consolidation
(c) It is the process of creating logical computing (b) Portable applications
resources from available physical resources. (c) Disaster recovery
(d) Portable workspace
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (d) (c) (a) (c) (c) (d) (a) (a) (a) (c) (d) (d) (b) (b)

1. Shovik Ltd. has a strategy to launch a new line of analysing, assessing, responding to, monitoring and
ice cream. Initial plans are to use ingredients that communicating risk issues that may have an impact
are controversial and therefore may face future on an organization successfully achieving their
regulations due to studies that suggest they are business objectives is called:
unhealthy. Such regulations might essentially ban (a) Business process management
the product, resulting in a costly disruption in sales. (b) Enterprise risk management
The company decides to avoid the risk by choosing (c) Business process automation
ingredients that are recognized as healthy. Which of (d) Risk Assessment Procedure
the following risk is avoided? 4. __________ is the degree of risk, on a broad- based
(a) Compliance risk (b) Strategic risk level that an enterprise is willing to accept in pursuit
(c) Reputation risk (d) Financial risk of its goals.
2. Chakravorty Enterprises was involved in a major (a) Risk appetite (b) Risk analysis
controversy, ban and lawsuit in 2020. With an (c) Risk response (d) Risk assessment
embarrassing product recall, negative publicity 5. ERM provides the rigor to identify and select
about Chakravorty Enterprises or high-profile among alternative risk responses – risk avoidance,
criticism of its products or services, it had to face a reduction, sharing and acceptance. This ERM
situation of: Benefit is known as-
(a) Operational risk (b) Credit risk (a) Allign Risk Appetite and Strategy
(c) Financial risk (d) Regulatory risk (b) Enhance Risk and Response Decisions
3. A systematic approach to setting the best course (c) Link Growth, Risk and Returns
of action to manage uncertainty by identifying, (d) Provide integrated responses to multiple risks
6. ________________ is the creation of a dummy entity of the following constraint of security on grid is
in the application system files and the processing highlighted in the above phrases?
of audit test data against the entity as a means of (a) Single Sign-on (b) Exportability
verifying processing authenticity, accuracy, and (c) Protection of Credentials
completeness. (d) Interoperability with local security solutions
(a) Snapshot 12. The concept of green computing was launched by
(b) Integrated Test Facility (ITF) the U.S. environmental protection agency in 1992
(c) System Control Audit Review File (SCARF) through the ___________ program.
(d) Audit Hooks (a) Green Sustainability
7. Resource usage from log-on to log-out time and log (b) Energy Star
of resource consumption is a ___________________ (c) Recyclability Super Star
audit trail. (d) Biodegradability
(a) Operational (b) Accounting 13. Platform fragmentation and lack of technical
(c) Both ‘A’ and ‘B’ (d) None of the above standards are situations where the variety of IOT
8. Comprehensive log on hardware consumption – devices, in terms of both hardware variations and
CPU time used, secondary storage space used, and differences in the software running on them, makes
communication facilities used and comprehensive the task of developing applications tough.
log on software consumption – compilers used, This is ____________________ Risk.
subroutine libraries used, file management (a) Manufacture’s (b) User’s
facilities used, and communication software used (c) Technology (d) Environmental
are _____________________ audit trail. 14. Which of the following Green Computing Best
(a) Operational (b) Accounting Practices involve stakeholders to include checklists,
(c) Both ‘A’ and ‘B’ (d) None of the above recycling policies, recommendations for disposal
9. Physical Component Controls, Line Error Controls, of used equipment, government guidelines and
Flow Controls, Link Controls, Topological Controls, recommendations for purchasing green computer
Channel Access Controls, Internet working Controls equipment in organizational policies.
are ____________________ Controls. (a) Conserve Energy
(a) Boundary (b) Communication (b) Make environmentally sound purchase decisions
(c) Database (d) Process (c) Develop a sustainable Green Computing plan
10. ___________________ performs tasks that are junior (d) Reduce Paper Consumption
to the database administrator, carrying out routine 15. Which of the following Green Computing Best
data maintenance and monitoring tasks. Practices Recognizes manufacturer’s efforts to
(a) Database Architect reduce the environmental impact of products by
(b) Database Administrator reducing or eliminating environmentally sensitive
(c) Database Analyst materials, designing for longevity and reducing
(d) All of the above packaging materials.
11. In a grid computing system, large amount of (a) Conserve Energy
encryption shall not be used at a time. There should (b) Make environmentally sound purchase decisions
be a minimum communication at a time. Which (c) Develop a sustainable Green Computing plan © Carvinowledge Press (CNP), 2022
(d) Reduce Paper Consumption
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (b) (b) (a) (b) (b) (a) (a) (b) (c) (b) (b) (c) (c) (b)

1. _______________ is a mechanism that is put in place to (b) Abuse of authority
satisfy the requirement for a security measure that (c) Human error
is deemed too difficult or impractical to implement (d) Cost considerations
at the present time.
7. _____________ is the process by which the employee
(a) Preventive controls (b) Perfective controls
becomes a member of the company’s work force
(c) Corrective controls (d) Detective controls through learning their new job duties, establishing
2. Monitoring and analysis to uncover activities or relationships with co-workers and supervisors and
events that exceed authorized limits or violate developing a niche.
known patterns in data that may indicate improper (a) Recruiting (b) Career development
manipulation is known as - (c) Orientation (d) Career planning
(a) Detective control (b) Corrective control
8. __________________________ are designed to ensure
(c) Perfective control (d) Preventive control
ww Completeness. ww Authorization.
3. Mr. Raj, the Production Officer of Prathama ww Accuracy. ww Validity.
Enterprises uses few of the products for his own
of Data Capture and Transaction Processing.
personal use and shows it as free sample, given for
advertisement of the product, in the accounts. The (a) Managerial Controls
Internal Control System (b) Detective Controls
(ICS) is unable to detect or prevent this. This (c) Logical Access Controls
weakness of the ICS is an instance of - (d) Application Controls
(a) Collusion (b) Abuse of authority 9. ______________ include controls over ________
(c) Human error (d) Cost considerations
ww IT management.
4. The production manager, Sales manager and IT infrastructure.
ww
Accounts manager sold the good assets of the
company as scrap. The Internal Control System ww Security Management.
(ICS) is unable to detect or prevent this. This ww Software Acquisition.
weakness of the IC S is an instance of _____________. ww Development and Maintenance.
(a) Collusion (b) Abuse of authority (a) General Control
(c) Human error (d) Cost considerations (b) Detective Control
5. Mr. Pankaj Kumar, the accountant of Aditya (c) Logical Access Control
Enterprises recorded the credit sales made to Mr. (d) Application Control
Manish Arora in the account of Mr. Munish Thakur.
10. Framing high level IT policies, procedures and
The Internal Control System

standards on a holistic view and in establishing
(ICS) is unable to detect or prevent this. This weakness
a sound internal controls framework within the
of the ICS is an instance of ______________________.
organization is a ______________ control.
(a) Collusion
(a) System Development Management
(b) Abuse of authority
(b) Programming Management
(c) Potential for human error
(c) Top Management and IS Management
(d) Cost considerations
(d) Quality Assurance Management
6. Cipla Enterprise wants to install 30 CCTV cameras
11. The _________________ committee shall comprise of
in its premises to monitor its employees. However,
representatives from all areas of the business, and
it is able to install only 15 CCTVs because of lack of
IT personnel and it would be responsible for the
funds. The above case demonstrates which of the
overall direction of IT and would assume overall
following weakness of the ICS?
responsibility for the activities of the information
(a) Collusion systems function.
(a) System Development (a) Operations Manager

(b) Programming Management (b) Controls Analyst
(c) Steering (c) Operations Analyst
(d) Review (d) Systems Operator
12. Definition Controls, Existence/Backup Controls, 15. As everybody is connected to a single system and
Access Controls. Update Controls. Concurrency central database, in case of failure of system, the
Controls and Quality Controls are the activities whole business may come to stand still and may get
under ___________________ Control. affected.” Suggest the control required to address
(a) Security Management the concerns raised in above statement.
(b) Programming Management (a) This can be controlled by removing redundant
(c) Data Resources Management data, using techniques like data warehousing and
updating hardware on a continuous basis.
(d) Quality Assurance Management
(b) This can be controlled and monitored by having
13. __________comprises of an Emergency Plan, a proper and updated backup of data as well as
Backup Plan, a Recovery Plan and a Test Plan. alternate hardware arrangements.
(a) BCP (b) DRP (c) Access rights need to be defined carefully and
(c) SOD (d) SOP to be given on “Need to know” and “Need to do”
14. __________________ may be responsible for the basis only.
development of operational procedures; examining (d) This can be controlled and minimized with the
the health of networks, systems, and databases; help of proper staff training system, having help
setting and monitoring the operations schedule; manuals, having backup plans for staff turnover etc.
and maintaining operations records.
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (d) (d) (c) (d) (d) (d) (a) (c) (c) (c) (b) (c) (b)

1. An Enterprise Information System (EIS) provides a (d) Deals with measuring, monitoring and control
technology platform that enables organizations to activities
integrate and coordinate their business processes 3. A manufacturing company is facing the issues of not
on a robust foundation. Identify the statement that being able to provide timely supply of its products
does not fall under the list of objectives of EIS. to the customers. Mr. Anil, an IS Auditor of this
(a) Reduce service cycles company identified that the delay is due to the
(b) Identify manual processes manual processing of certain processes involved
(c) Reduce costs in the company. He suggested that the company
(d) Increase operational efficiency should adopt _______ from following options to
2. Depending on the size, nature of work and overcome the problem.
complexity involved in the processes of an (a) Core Banking Systems
organization; business processes are often broken (b) Strategic Level Systems
up into different categories – Primary, Secondary (c) Business Process Automation
and Management processes. Which one of the (d) Expert Systems
following falls under the purview of Primary 4. Gigs and Gigs is the food court in a shopping mall.
Processes? It wants to automate its manual cash counter
(a) Deals with legal compliance into an automated card system. Same card can
(b) Deals with the core business and value chain be used at various food outlets in the food court.
(c) Deals with core processes and functions within This automation optimizes the information flow
an organization in service and billing. Identify from the following
objectives of Business Process Automation that Gigs 10. ABC Corporative bank strictly follows the policy
and Gigs is achieving by using this method. of Sensitive Personal Information. Choose the
(a) Governance & Reliability attribute that is not defined as Sensitive Personal
(b) Reduced Costs Information.
(c) Reduced Turnaround Time (a) Home address (b) Password
(d) Quality and consistency (c) Financial information
5. Mr. X has setup his new business of manufacturing (d) Biometric information
color pens. He is well known about various kinds 11. Mr. Shravan, HR Manager of a Multinational
of risks involved in his business; however, he Company (MNC) asked his subordinate to prepare
unintentionally violated some industry regulations the files of processes involved in Human Resource
while setting up his business. Which category of the Management. Which of the following does not form
risk does this refer to? part of HR Management?
(a) Strategic (b) Financial (a) Training and Development
(c) Compliance (d) Environmental (b) Career Development
6. Mr. Z is fresh MCA and doing internship in an (c) Leadership Management
e-Commerce company. He has been given a task (d) Invoicing
to prepare a flowchart describing the flow of 12. An online store follows a process of intimating about
transactions through various modes of payment whole tracking of the order placed by the customers
through SMS on their registered mobile numbers.
used by customers to pay the bill to company. This activity is a perfect example of ______.
Identify the terminology that is irrelevant to the (a) Supply Chain Management
process of making of flowcharts. (b) Customer Relationship Management
(a) Process (b) Decision (c) Order to Cash Cycle
(c) Document (d) Risk (d) Procure to Pay
13. A huge oil spilled from an oil well run by British
7. Enterprise Risk Management (ERM) framework
Petroleum, one of largest oil companies in world,
consists of interrelated components that are used and resulted in an assessed environmental damage
to identify events that are relevant to organization’s of about USD 20 Billion. The company expanded
objective. Identify which of the following is not a an amount of USD 2 Billion on promotional ads
component of ERM Framework. informing the world that it is an environment
friendly company. The promotional ads were done
(a) Internal environment
to prevent company from which damage?
(b) Organization chart (a) Strategic (b) Operational
(c) Objective setting (c) Financial (d) Reputational
(d) Event identification 14. A bank shares financial data of its borrowers with
8. The objective of Internal Control is to enable an third-party without consent of borrowers. Identify
organization manage its challenges or disruptions the rule of Sensitive Information and Personal Data
Rules, 2011 that bank has violated.
seamlessly. Identify which of the following is not an (a) Rule 3 (b) Rule 4
objective of Internal Control. (c) Rule 5 (d) Rule 6
(a) Compliance with applicable laws and regulations 15. Mr. Ajay as an internal auditor of steel company
(b) Meeting sales targets observed that the vendor supplying the material to
manufacture steel has begun to supply the damaged
(c) Reliability of reporting

material. He reported this issue to the company’s
(d) Effectiveness and efficiency of operations top management. Which of the following risk
9. Which one of the following deals with Section 143 of management strategy would be followed by top
the Companies Act, 2013? management of company, if they decided to seek
(a) Acquisition and Mergers for more capable supplier and leave the current
(b) Powers and duties of Board of Directors supplier?
(a) Turn back
(c) Powers and duties of auditors and auditing
(b) Transfer the risk
standards (c) Terminate/Eliminate the Risk
(d) Penalties due to non-compliance (d) Treat/ mitigate the risk
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b b c c d b b b c a d b d d c

1. In the bi-annual meeting of DEF Hotel Group, (d) Godown
the senior officials are discussing risks that could 6. XYZ Ltd. is an ink manufacturing company that
prevent hotel’s effective working in relation to implemented enterprise-wide information system
customer satisfaction and change integration. to coordinate all resources and activities needed to
Which of the following business risk is being complete various business processes. Choose the
discussed in the meeting? main characteristic of ERP System from following.
(a) Financial risk (b) Data risk (a) Separate data maintenance by each department
(c) Operational risk (d) Infrastructure risk (b) Centralized Database
2. Identify from the following controls that does (c) No direct inter department communication
not belong to Information Technology General (d) No change in cycle time.
Controls.
7. To sustain in today’s competitive world and make the
(a) Management of Systems Acquisition and
business a success, organizations are implementing
Implementation
ERP system and getting many benefits from the
(b) Change Management same. From the following, which is not a benefit of
(c) Exception Reporting ERP?
(d) User Training and qualification of Operations (a) Information integration
personnel (b) Reduction of lead-time
3. A&B Financial Ltd. company provides loans against (c) Reduction in Cycle Time
gold. The company has created policy to ensure each (d) Enhanced Quality Costs
loan given has been properly documented, gold
accepted as security has been properly valued and 8. Mr. Rajesh has developed Accounting software
same is kept in secured vaults. ___________ would for a private firm. While explaining the benefits of
ensure management’s directives to mitigate risks to software to company’s Management, he made a false
the achievement of objectives are carried out. Fill in statement about the back end of software. Identify
the blank with appropriate from the following. from the following statement which he would have
said about Back End.
(a) Control Activities
(a) Communicates with user directly
(b) Control Environment
(b) Processes the data
(c) Risk Assessment
(c) Communicates with front end directly
(d) Information and Communication
(d) Generates the report
4. K&K son’s Ltd. automated all its business processes
to operate efficiently and effectively. Identify 9. Mr. X works on Financial and Accounting System of a
private firm and maintains different types of master
the factor that is responsible to ensure that no © Carvinowledge Press (CNP), 2022
unauthorized amendments can be made in their data in the system. Which of the following master
data after BPA. data are not controlled by the user and depends
on the changes recommended by the government
(a) Availability
time-to-time?
(b) Integrity
(a) Payroll Master data
(c) Timeliness
(b) Statutory Master data
(d) Confidentiality
(c) Inventory Master data
5. Mr. X is responsible to maintain the inventory of (d) Accounting Master data
newly opened showroom of electronic goods in
Delhi. From the following, identify the item which 10. All of the following represents the attributes of
does not form part of Inventory Master Data. information provided by Management Information
System except one. Identify the odd one which does
(a) Stock Item
not belong to this category.
(b) Stock Group
(a) Relevant (b) Timely
(c) Salary Structure of stores in-charge
(c) Accurate (d) Scalable
11. Mr. Rajiv, a software developer installed application acronym of various Data analytics tools which were
software for attendance system of employees in Raj non-understandable by many members. One of the
and sons Ltd. During the briefing session about it, he terms that he referred often was OLAP. Help the
made certain statements mentioned below. Out of members in solving confusion and finding the full
these, choose the statement that is true for Installed form of OLAP.
software application. (a) Offline Application Processing
(a) It is installed on the hard disc of the computer of (b) Online Analytical Processing
the user. (c) Online Analytical Product
(b) The access of the application is dependent on the (d) Offline Application Product
speed of the internet.
14. Sales and distribution module is one of an important
(c) The user has full physical control over the data.
modules of ERP Package. Which of the following
(d) Installed applications cannot be used from any activity does not belong to Sales and Distribution
other stand-alone computer. Process?
12. The implementation of _________ involves (a) Pre-sales Activities
Extract, Transform and Load (ETL) procedures in (b) Payment
coordination with a data warehouse and then using
(c) Delivery of product to customer
one or more reporting tools.
(d) Production Planning
(a) Business Reporting
(b) Inventory Accounting 15. If an organization does not want to install Financial
Application on its own System to avoid the hassles of
(c) Financial Accounting
its implementation and maintenance, they can use
(d) Payroll Accounting _______ Applications as an alternative of the same.
13. While presenting data analytics report to the (a) Cloud-based (b) Software
members of top management of his firm, Mr. X used (c) Installed (d) Mobile
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
c c a b c b d a b d a a b d a

1. Mr. B, who works for private firm ABC Ltd., is 3. Mr. R is accountant of an engineering college,
required to make an entry in the Accounting system works on an accounting system of the college. He is
for maintaining a record of physical receipts of responsible to record all types of payments - salaries
goods purchased from one of the firm’s vendor. and incentives, made to teaching and non-teaching
Which type of voucher shall he use to do the same? staff through any mode. Identify the type of voucher
(a) Delivery note (b) Receipt note of accounting module used for this purpose.
(c) Sales (d) Purchase (a) Receipt (b) Contra
2. In Accounting System, various types of vouchers (c) Journal (d) Payment
are required to maintain the transaction within 4. Mr. Anil is a clerk in accounts department of GBS
organization. Which of the following transactions public school who works on an Accounting system
are not recorded in the voucher type “Contra” of the well implemented in the school. He is supposed to
Accounting System? record the details of purchase/sale of fixed assets on
(a) Cash deposit in bank credit. Identify the voucher from following which is
(b) Cash withdrawal in bank being used by him during this work.
(c) Cash transfer from one location to another (a) Contra (b) Receipt
(d) Recording of all types of trading sales by any (c) Journal (d) Payment
mode 5. JKM Pvt. Ltd. is an apparel manufacturing company
well equipped with ERP. MM group approached
JKM Pvt. Ltd. with a requisition of 1000 pieces of (d) The Network Layer
female black formal suits. Mr. Y, a senior manager 10. Information Systems not only establish
of JKM Pvt. Ltd. wants to evaluate the current stock communication but also support decision making
position and purchase order pending position of his within an organization. Below mentioned are many
company before accepting the requisition. Which of components that comprise an Information system
the following module of ERP will help Mr. Y in this? except one. Identify that odd one out.
(a) Sales and Distribution Module (a) People (b) Data
(b) Material Management Module (c) Network (d) Transaction
(c) Production Planning Module 11. Communication controls responsible to handle
(d) Supply Chain Management Module exposures caused during the internetwork
6. VV Enterprises is a publication house that publishes communication are categorized further based on
kids’ newspaper, reading and activity books. The the specific functions performed. Which of the
management of VV from its R&D department following communication control incorporates
demanded an analysis on consumer behaviour features that mitigate the possible effects of
on purchase of its publications during summer exposure?
break and exam time. Which of the following Data (a) Line Error Control
Analytical tool would be helpful to R&D department? (b) Flow Control
(a) Machine Learning (c) Channel Access Control
(b) Predictive Analytics (d) Physical Component Control
(c) Data Mining 12. A ______ memory which is volatile in nature and
(d) Qualitative Data Analysis can read and modify the information is referred as
7. Identify the false statement from the following ______.
statements on various modules of ERP. (a) Primary, Random Access Memory
(a) Controlling Module evaluates the profit or loss of (b) Secondary, Random Access Memory
individuals. (c) Secondary, Cache Memory
(b) Sales and Distribution Module includes product (d) Primary, Virtual Memory
enquiries, placing order and scheduling activities. 13. In DBMS, Relational Database Model allows the
(c) Plant Maintenance Module involves the process data and its related operations like storage, retrieval
of planning the production activities. and integrity in a Table structure. All the terms
(d) Human Resource Module deals with financial mentioned below are associated with Relational
entries like advances or loan to employees. Database Model except one. Pick that odd one out.
8. Organizations implementing ERP should be abreast (a) Relations (b) Attributes
of latest technological development. The control (c) Objects (d) Domains
where care must be taken while selecting the 14. Corrective controls are designed to reduce the
vendor and upgrade contracts should be signed to impact or correct an error once it has been
minimize the risks, it belongs to ________ aspect of detected. Which of the following is not an example
technological risks. of Corrective Control?
(a) Technological Obsolescence (a) Backup Procedure (b) Rerun Procedure
(b) Application Portfolio Management (c) Contingency Planning
(c) Enhancement and Upgrades (d) Hash Total
(d) Software Functionality 15. Mr. Y, a senior network administrator of HKL Pvt
9. ABC Company started using SAP as application Ltd., sent a confidential data of the company to
software for its HR and Accounting department. its Chief Financial Officer. For transmission in
Which of the following layer of the software carries networking, __________ technique that converts
the instruction and processes them using data data into a secret code for storage in databases and
stored in database? ensures that the transmission is secure.
(a) The Database Layer (a) Encapsulation (b) Encryption
(b) The Application Layer (c) Decryption (d) Logging
(c) The Operating System Layer
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b d d c b b c c c d d a c d b

1. The data entry operator of GC College is responsible Model. Which of the following example does not
to enter the amount of fees paid by the students. belong to Relational Database?
Accidentally, while making the entry, the fee (a) Microsoft Access (b) MySQL
amount of Ms. X of the amount ` 9854 was entered as (c) Java (d) Oracle
` 8954 in the software, leading to the reverse of two
digits in the amount. Under Data Coding Control, 7. Nice Collection is women apparel store with many
which of the following error is made by data entry branches in various cities of India. The management
operator in this case? of store uses data mining technique to make analysis
to determine the sale on weekends of festive month
(a) Transposition Error(b) Substitution Error
in cities with population less than 70,000. Which of
(c) Addition Error (d) Truncation Error the following is not involved in the technique used?
2. As a system administrator of a newly established (a) Data Integration
start-up KJL Ltd., Mr. Kamal sets up its computer (b) Data Selection
network in such a way that enables the network
(c) Data Transformation
to recover from any kind of error like connection
failure, loss of data etc. In computer network, which (d) Data Distribution
of the following term’s definition takes care of the 8. An IS Auditor is using an audit tool that involves
said activities? embedding audit software modules within a
(a) Routing (b) Resilience host application system to provide continuous
(c) Contention (d) Bandwidth monitoring of the system’s transactions. Which
audit tool does it refer to?
3. Under Application Controls, __________ maintains
(a) Audit hooks
the chronology of events that occur either to the
database definition or the database itself. (b) System Control Audit Review File (SCARF)
(a) Output Controls (b) Input Controls (c) Integrated Test Facility (ITF)
(c) Database Controls (d) Processing Controls (d) Continuous and Intermittent Simulation (CIS)
4. Every time when a user attempts to gain access to 9. Mr. Ashu works in a Network Service provider
and employs system resources in an application, the Company where his job responsibility includes
chronology of each such event is maintained. Which performing routine tasks in the network such
control under Application Controls is responsible to as making minor configuration changes and
do so? monitoring event logs. Which of the following role
he performs in the company?
(a) Boundary Controls
(a) Network Administrator
(b) Input Controls
(b) Network Architect
(c) Communication Controls

(c) Network Engineer
(d) Processing Controls
(d) System Analyst
5. Big Data has captured the attention of Businesses
for its processing power to analyse the data for many 10. Mr. Y used duplicate keys to enter in prohibited area
benefits that it provides. Below are mentioned some zone of JKH Ltd. company and stole some important
of its benefits, except one. Identify it. documents of the company. Which of the following
control you think has been compromised to make
(a) Access to social data from search Engine.
such an incident happen?
(b) Early Identification of risk to the services.
(a) Environmental Control
(c) Big data can be used to read and evaluate
(b) Physical Access Control
consumers’ response.
(c) Network Access Control
(d) Increases computational power of application
software. (d) Logical Access Control
6. Ms. Shilpi is a final year student of B.Tech who is 11. Below mentioned are the steps that are involved in
required to submit her project report on Library the Data Mining process. Select the step at which
Management System based on Relational Database
the data is collected from all the different sources to (b) Used by manufacturers to store the data.
initiate the process. (c) Used to store small amount of information for
(a) Data Selection quick reference by CPU.
(b) Data Integration (d) It is a secondary memory.
(c) Data Transformation 14. Operating System Software provides Application
(d) Data Cleaning Program Interfaces (API) which can be used
12. Output Controls are responsible to ensure that the by application developers to create application
data delivered to users will be presented, formatted software. This is referred to as ______.
and delivered in a consistent and secured manner. (a) Memory Management
Which of the following activity does not belong (b) Hardware Independence
under the purview of Output Control? (c) Task Management
(a) Spooling (d) File Management
(b) Storage and Logging of sensitive, critical forms 15. Operating system acts as an interface between
(c) Asset Safeguarding hardware and user be it a Smartphone, tablet or PC.
(d) Control over printing Which of the following is not an Operating system?
13. Which of following statement does not belong to (a) Android (b) Blackberry OS
Read Only Memory? (c) Apple OS (d) Chrome
(a) Non-volatile in nature.
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a b b a d c d b a b b c d b d

1. In two-tier network architecture, ______________ (c) Application Risk
is an interface that allows user to interact with the (d) Device Risk
e-commerce / m-commerce vendor. 4. Mr. X is buying clothes for his kids at Royal’s
(a) Presentation Tier (b) Database Tier Showroom. He makes payment using BHIM (Bharat
(c) Physical Tier (d) Application Tier Interface for Money) App which is an example of
2. Ms. Komal a technology product developer at _________.
FEGO Ltd. suggested the company to manufacture (a) UPI App (b) Mobile Hardware
a model of self-driving car based on image and text (c) Digital Library (d) Mobile Wallet © Carvinowledge Press (CNP), 2022
recognition. This is the good example of ______. 5. Which of the following is not a best practice under
(a) Machine Learning Green Computing?
(b) Expert System (a) Dispose e-waste according to central, state and
(c) Cloud Computing local regulations
(d) Mobile Computing (b) Purchase of desktop computers, notebooks and
3. ABC Company as its business policy allows monitors based on environmental attributes
employees of managerial level to use their (c) Power-down the CPU and all peripherals during
preferred computing devices for business purpose. extended periods of inactivity
While working, Mr. Suraj connected his laptop (d) Use Cathode Ray Tube (CRT) monitors rather
to company’s network and an application virus than Liquid Crystal Display (LCD) monitors
infected the company’s database. Which of the 6. Choose the incorrect statement from following
following risks best describe the above situation? statements on traditional commerce and
(a) Implementation Risk e-commerce.
(b) Network Risk
(a) Traditional commerce works on manual accessories. Identify from the following, which type
processing and e-commerce works on electronic of e-market has he setup?
mode. (a) Buyer Aggregator (b) e-Mall
(b) Resource focus of Traditional commerce is on (c) e- Shop (d) Portal
demand side whereas e-commerce focuses on 11. Ms. Radha started her business through a website
Supply side. www.tastyfood.com wherein few food vendors and
(c) Traditional commerce is limited to particular restaurants are associated with her as the partner.
area whereas e-commerce has worldwide reach. The customers can place order for the food of his/
(d) Unlike traditional commerce, e-commerce her choice of vendor through the website. This is a
provides a uniform platform for information good example of_______________
exchange. (a) e-Auction (b) Buyer Aggregators
7. The following steps are involved in the working of (c) e-Mall (d) e-shops
mobile Computing. 12. Taste and tasty, an online tiffin service vendor has
(i) The user enters or access data using the started a new policy wherein they provide certain
application on handheld computing device. credit points to customers whose bills are above `
(ii) Now both systems (handheld and site’s computer) 1000 per order. Customers can avail these credit
have the same information and are in sync. points in the next order they place. Which of the
(iii) The process works the same way starting from the following is taken care by taste and tasty tiffin
other direction. service as an e-commerce vendor?
(iv) Using one of several connecting technologies, the (a) Privacy Policy
new data are transmitted from handheld to site’s (b) Marketing and Loyalty program
information system where files are updated and (c) Different Ordering Method
the new data are accessible to other system user. (d) Supply Chain Management
Identify from following the correct sequence. 13. PMP Ltd. is a network service provider company
(a) (i), (ii), (iii), (iv) (b) (iv), (iii), (ii), (i) has consolidated many physical servers into one
(c) (i), (ii), (iv), (iii) (d) (i), (iv), (ii), (iii) large physical server to make the effective use of its
8. If an organization wants to start its e-business in processor. Which of the following concept does this
India, which of the following law will regulate its refer to?
practices that it does not engage in any predatory (a) Network Virtualization
practices? (b) Grid Computing
(a) Indian Contract Act, 1872 (c) Storage Virtualization
(b) The Customs Act, 1962 (d) Hardware Virtualization
(c) The Competition Act, 2002 14. Which of the following statement does not belong to
(d) The Competition Act, 2004 security constraints of Grid Computing?
9. In Cloud Computing, which instance of Software as a (a) The coordination between processors must be
Service (SaaS) allows users to explore functionality secure and for this there is no such policy.
of Web services such as Google Maps, Payroll (b) User password and private keys should be
processing and Credit Card processing services protected.
etc.? (c) User once authenticated, should be able to

(a) Testing as a Service (TaaS) acquire resources.
(b) Communication as a Service (CaaS) (d) The code can use large number of encryptions at
(c) Data as a Service (DaaS) a time.
(d) API as a Service (APIaaS) 15. Which of the following is not an advantage of Cloud
10. Mr. Jayesh sets up an online start-up which is Computing?
like conglomeration of different shops situated (a) Improved flexibility
in a convenient location of e-commerce where (b) Streamline business processes
customers can buy apparels, footwear and fitness (c) Interoperability
(d) Reduce Capital Costs
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a a c a d b d c b b b b d d c

1. Amazon Web Service (AWS) gives its users ability to control has got applied resulting on the display of
access database service without the need to install error message.
and maintain it on the pay per use basis. Which of (a) Credit Line setup is unauthorized and not in line
the following instance of Cloud Computing is being with the bank’s policy.
used by AWS? (b) Masters defined for the customer are not
(a) Database as a Service in accordance with the Pre-Disbursement
(b) Storage as a Service Certificate.
(c) Network as a Service (c) Credit Line setup can be breached.
(d) Software as a Service (d) Inaccurate reconciliations performed.
2. Which of the following is not an instance of 7. VV enterprises opened its IPO in 2017. After two
Infrastructure as a Service (IaaS) model of Cloud years in 2019, the company earned a huge profit. In
Computing? March 2019, the company distributed the dividend
(a) Backend as a Service (BaaS) to all its customers. Which of the following service is
(b) Storage as a Service (STaaS) used by the company?
(c) Network as a Service (NaaS) (a) Electronic Clearing Services (ECS) Debit
(d) Email as a Service (EaaS) (b) Electronic Clearing Services (ECS) Credit
(c) Advances
3. Which layer of e-Commerce architecture allows
the consumers to check the products available on (d) Remittances
merchant’s website? 8. CBS has added many features to service delivery of
(a) Network Layer a bank. Identify the activity from the following that
(b) Application Layer falls under its purview.
(c) Database Layer (a) On-line real-time processing
(d) Client/User Interface (b) Transactions are posted in batches
(c) Databases are maintained at branch level
4. Which model of e-commerce supports the activities
within the customer chain that generally focuses on (d) Loan processing is done at branch
sell-side activities? 9. ABC Ltd. is a financial company using the control
(a) Business to Business model (B2B) ‘Logging the access to sensitive data and regularly
(b) Consumer to Consumer model (C2C) being reviewed by the management’ for information
security. Identify from the following risk for which
(c) Consumer to Business model (C2B)
this control is being used by company.
(d) Business to Consumer model (B2C)
(a) Unauthorized data access due to Trojans.
5. Small BV, a newly established bank in Karnal © Carvinowledge Press (CNP), 2022
(b) Lack of Management direction.
city is providing core banking services only to its
(c) User accountability is not established.
customers seamlessly. From the following, identify
the service which is not provided by the bank. (d) Security breaches may go undetected.
(a) Advances (b) Letters of Credit 10. The deployment and implementation of CBS
(c) Querying (d) Deposits is controlled at various stages. In which of the
following stage, bank should choose the right
6. Mr. X selected some groceries in a retail store. solution considering various parameters to meet
When he tried making the payment using his credit business objectives?
card, an error message displayed stating that
(a) Approval (b) Support
the aggregate limit of outstanding amount has
exceeded his assigned credit card limit. Identify the (c) Selection (d) Planning
risk related to credit card process for which this key 11. Which of the statement best describes the concept
of Money Laundering?
(a) Converting proceeds of crime and projecting it as (c) Software piracy

untainted property (d) Altering name in demand draft
(b) Tax Planning as per provision of IT Act 14. The key provisions of IT related offences are for the
(c) Gifting immoveable property to relatives smooth working of bank. In purview of same, what
(d) Transferring fixed deposit to employees is the primary objective of SPDI?
12. IT Act, 2000 provides the legal recognition for (a) Protecting computer software
transaction through any means of electronic (b) Securing critical information
communication. Which of the following is not (c) Securing Personal Information
computer related offence as per IT Act, 2000? (d) Identifying sensitive information
(a) Identify theft
15. In the Core Banking Systems, ________ is a service
(b) Removal, concealment, transfer, or delivery of which is defined as an undertaking by a bank to
property to prevent tax recovery the payee to pay to him on behalf of the applicant
(c) Stealing computer resource and communication any amount up to the limit/terms and conditions
device specified.
(d) Violation of privacy (a) Guarantees
13. Which of the following activity risks the banking (b) Letter of Credit
sector of India? (c) Granting of Advances
(a) Breaking into ATM (d) Acceptance of deposit
(b) Physical theft at branch
Answer Keys - MCQs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a b d b c c a a d c a b c c b
c h a p APPENDIX
t e r - II

Integrated Case Study - 1 (Ind Milk Dairy)
CA Ind Milk Dairy is an India based Asia’s largest dairy product company in year 2014-15 that targeted
a turnover of ` 50,000/- Crores by 2020-21. By the Financial year 2018-19, the company had
SE
achieved a turnover of ` 33,150/- Crores.

The Company procures milk through various collection centers created at the level of different villages
S TU D Y
state-wise. Each collection center is run by co-operatives created in each district of the state. The total
members of these co-operatives are more than 1.5 Crores as on April 2020.
Other than retail sales, a few other major revenue sources of the company are as follows:
§§ Department of Defence, Government of India
§§ Corporate Customers
§§ Export Customers
To achieve the target company’s turnover of ` 50,000/- Crores by 2020-21; Board of Directors of
the company decides a two-prong strategy - Business Strategy and System Strategy which are as
follows.
The Business Strategy includes the following:
§§ Launch new products.
§§ Get into new markets for existing products.
§§ Increase per capita consumption of products in existing market.
The System Strategy includes the following:
§§ Company needs to create infrastructure that could cater to ever changing needs of business.
This includes robust network infrastructure as well as database configuration.
There are two things in business
§§ Innovation &
§§ Strategy,
§§ Rest are cost and Details.
ww The proposed database structure needs to cater to needs of business and to store complex
data like identification of animals through their images, health-card system etc.
ww Creates a system to keep track of target on monthly basis.
ww At village level, Company shall install a computer system at each milk collection center.
These systems shall be connected to main server of the company. There are 50,000 villages
to be covered.
Based on the above case scenario, answer the following MCQs:
1. The company Ind Milk Dairy decides to have a database structure where each member of
the district level cooperative society shall be part of database defined as “OWNER”. Each
Owner record shall have images of their milk giving animals with its health cards. Identify
the best database structure the company may use to store such complex data.
a. Hierarchical Database Model
b. Network Database Model
c. Object Oriented Database Model
d. Relational Database Model
2. The company Ind Milk Dairy decides to have a system to track its target on monthly basis.
This can be achieved using _____________.
a. Big Data
b. Artificial Intelligence
c. Management Information System
d. Knowledge Management System
3. The company Ind Milk Dairy decides to have systems in the collection centres at village
level that requires updating of data into central server in online / real time basis. This will
improve ____________business cycle of the company.
a. Order to Cash (O2C)
b. Procure to Pay (P2P)
c. Raw Material to Finished Goods
d. Debtors Management
4. The Ind Milk Dairy company’s decision to increase its turnover to ` 50,000/- crores by
2020-21 is a strategic decision. Which ERP functional module supports this type of decision
making?
a. Project Management
b. Sales and Distribution
c. Financial Accounting
d. Materials Management
5. In purview of above case scenario, the company’s central server shall keep the data of each
milk collection center and shall also perform the task of backup, archiving and recovery.
Which of the following technology can be useful in this case?
a. Storage Virtualization
b. Network Virtualization
c. Hardware Virtualization
d. Software Virtualization
Integrated Case Study - 2 (M/S. XY and Co.)

M/s. XY & Co, the IS auditors of Mahadevi Bank, a multi-state scheduled bank operating in Mumbai
have issued a comprehensive systems and control audit report, of which points of special interest to
CA the audit committee are extracted and put forth as hereunder:
§§ M/s. BA Child Welfare Association is an NGO that is operating from Bangalore since last three
SE
years. It had opened a current account with the bank’s Panjim branch on 12th December 2017.
§§ The auditors noted that several small value cash deposits have been made from NGO’s Bank
S TU D Y
account to a current account over the past one year, the ledger summation being ` 29.49 Lakhs
for the year.
§§ There have been two instances of high value RTGS (Real-Time Gross Settlement) transfers
from this account to another account of a nationalized bank’s branch located at Delhi, the first
executed for ` 12 Lakhs on 07th March 2018 and the second for ` 10 Lakhs on 29th March
2018.
§§ The bank manager initiated an email on 29th March 2018 to NGO’s email-id available with
the branch, requesting for the details of the parties to whom the transactions were initiated and
the reason for the same.
§§ The NGO’s Bangalore office replied that though it cannot share specific party details, the
transactions were initiated for fund remittances to another Delhi based NGO having similar
philanthropic purposes. The auditors suspect this as case of money laundering.
§§ The auditors recommended that the bank should initiate integration to BHIM (Bharat Interface
for Money) application to provide better services to its account holders.
§§ The auditors suggested that a separate automated control report to be generated in bank for
each day-end closure which will total all the centralized printed cheque book count and cross-
check the printed cheque book dispatch register.
§§ Letter of Credits (LCs) are currently set in the bank to auto renew on expiry date.
§§ The auditor found that there are five thumb impression based biometric units that are connected
to terminals but are not working.
Ap p endi x - II: Case St udi es and S cenar i o s 237

1. For monitoring of suspected money laundering within a banking environment, the bank
will be required to maintain records of which type of following nature and time frame?
a. All transaction details of the NGO for five years starting from 12th December 2017.
b. All transaction details of the NGO for five years starting from 29th March 2018.
c. All transaction details of the NGO for five years starting from 07th March 2018.
d. All transaction details of the NGO and other beneficiaries for eight years starting from
07th March 2018.
2. Which of the following legal implications will be entailed on the denial by the NGO for not
sharing third party specific information?
a. It will be treated as a case of proven money laundering, and the bank can immediately
suspend the operations of the account.
b. Invoking of Section 13 of the PMLA that states of penalty in the form of fine ranging
from ten thousand to one lakh per failure to report on the bank.
c. Know Your Customer non-compliance.
d. The NGO is right not to share information as it is private information. It has explained
the nature of the transactions being a philanthropic entity and that ensures compliance
with AML guidelines from RBI.
3. The IS auditors of the Mahadevi bank recommended that the bank should initiate its
integration with BHIM application to provide better services to its account holders. Which of
the following option, in the context of BHIM application, is not correct?
a. BHIM application requires the account holder to create a VPA (Virtual Payment Address)
or UPI (Unified Payment Interface) ID.
b. BHIM application can be used for bank transfers even with non-UPI based platform.
c. BHIM application is built on the immediate payment infrastructure, and hence any
person can transfer funds between two bank accounts instantly.
d. BHIM application can be used by both United Payment Interface (UPI) users as well as
non-UPI users.
4. The auditor’s suggestion of a separate control report is generated in Banking System for
each day-end closure that will provide the total of all the centralized printed cheque book
counts. Which of the following control will solve the purpose as suggested by auditors?
a. Input Validation control
b. Batch control
c. Data coding control
d. Data Validation control
5. Identify the appropriate risk management from the following on the finding of the auditor
on ‘The Letter of Credits (LCs) getting auto renewed on the expiry date’.
a. Eliminate the risk by purging these LC records.
b. Mitigate the risk by transferring the LCs back to the suppliers.
c. Tolerate the risk by ignoring the risk as these LCs will get expired.
d. Accept the risk and make adequate provision in the books of accounts till the expiry
date.
Integrated Case Study - 3 (Kartikeyan LLP (KKLP)

Kartikeyan LLP (KKLP) is an online start-up registered in 2018 under the URL www.onlinescrap.com
with the intention of bringing together small entrepreneurs engaged in scrap sale of core metals.
CA It has garnered tremendous response with almost five thousand small vendors registered on its site. The
management wants to now monetize the platform and roll out a partnership model where premium
vendors can buy and later also sell core scrap metals under the brand name of KKLP on the website
SE
www.onlinescrap.com to external parties as well as registered vendors.

S TU D Y
The management defined following parameters for the growth of company:

i. An Order to Cash (O2C) process implementation which will start with the tracking of
availability of required scrap to receiving payments on tender basis.
ii. Decision to either go for an own ERP or to sign an SLA (Services Level Agreement) with
a cloud service provider who will be required to host the entire portal on its cloud
servers.
iii. Hiring of an IT manager who will help to create and maintain various control aspects.
iv. Defining proper IT related policies.
1. In purview of above case scenario, which of the following e-market business model is
implemented by the management of KKLP?
a. E-auction
b. Buyer Aggregator
c. Virtual Community
d. E-Shop
2. KKLP is in the process of implementing ‘Order to Cash (O2C)’cycle that involves following
sub-processes:
i. Order enquiry
ii. Order booking
iii. Order fulfilment
iv. Invoice generation
v. Delivery GRN
vi. General Ledger Accounting
vii Collections
Which of the following represents the correct sequence flow of sub-processes for O2C,
in your opinion, for the present scenario?
a. i – ii – iii- iv – v–vi – vii
b. ii – iii – iv – v – vii—vi-i
c. ii – iii – v – iv – vii – vi
d. ii – iii – v – iv – vi – viii—i
3. Which of the following clause will not be a part of the KKLP’s Service Level Agreement
(SLA) in case SaaS (Software as a Service) model is provided to them by the cloud service
provider?
a. The responsibility of the service provider to maintain data connectivity 24x7.
b. The responsibility of the service provider for providing alternative data recovery plan.
c. The rights and responsibilities of both KKLP and service provider towards the SLA.
d. The responsibility of the service provider for storage of data and data security.
4. The management of KKLP requires its IT manager to generate an exception report on daily
basis for those vendors who have placed orders in excess to their permissible account limits
and to trigger a lock on their accounts from further operations, which can be unlocked only
by remitting funds to the extent of the excess in limit. This activity can be done by the IT
Manager by_______________.
a. introducing a detective control for monitoring limits versus order balances at account
level for each vendor.
b. introducing a preventive control for past due accounts report on each day end basis at
account level for each vendor.
c. introducing a detective control for variance reporting and auto emailing system to all
exception flagged vendors.
d. introducing a preventive control based on hash totals between permissible account limits
and order placed values where the excess will be reported for hash total violation
rules.
5. The IT manager is responsible to ensure that a premium registered vendor does not
download, copy or extract any information from its website. If someone does this, he shall
be liable to penalty. Which of following section of IT Act, 2000 would be helpful for this?
a. Section 66D
b. Section 43A
c. Section 43
d. Section 65
Integrated Case Study - 4 (XYZ Ltd.)

XYZ Ltd. started as a small business company that in its early years; sold homemade organic soaps,
serums, face washes and creams. With time, the company added more beauty products in its list and
CA grew as a big brand in the market.
All the business processes of the company are automated, therefore all the related data is stored
in various database tables are managed at the backend in database. The company hired more
SE
employees to promote and to sell its products across the country and initiated selling its products
S TU D Y
through online mode to reach customers worldwide. Hence, the company started e-Business through
website and started receiving orders from worldwide customers.
To make optimal use and quick sharing of data, the company started keeping all its data on Google
cloud. Now the marketing employees and salespersons of the company have readily available data
related to inventory and online orders anywhere, anytime. Also, they can update their status and
targets achieved on company’s website instantly. Initially the company got 15GB free space on cloud,
but in due course of time, the demand for the data storage increased so, it subscribed for more space
on cloud. The company is satisfied with the cloud service as it isolates the company completely from
server failures and needs to pay for only amount of storage it uses.
The company uses digital mode of payment for both the customers and suppliers and also uses
modules of Enterprise Resource Planning system. The organization has some controls in the system that
restricts unauthorized entry into the premises. Some controls also have been designed to detect errors,
omissions and malicious act occurrence and report that occurrence. The company also appointed an IS
auditor to ensure the completeness, accuracy and validity of data.
i. One day, IT Manager of the company observed that while accessing the home page of © Carvinowledge Press (CNP), 2022
company’s website; some pornographic content was displayed on its home page.
ii. The manager informed the management of the company which in turn reported about this
to cyber security cell.
iii. On investigation, it was found that Mr. A, a team member of IT Department, intentionally
hosted the objectionable content on the company’s website and also concealed some
important information.

1. Google Cloud frees XYZ Ltd. completely from the issues related to server in terms of
its maintenance, failure, storage capacity etc. Which of the following feature of cloud
computing does it represent?
a. Virtualization b. Reliability
c. Resiliency d. Scalability
2. In purview of above case scenario, identify the kind of cyber-attack faced by XYZ Ltd.
a. Web defacement b. Denial of service
c. Cyber Pornography d. Virus
3. According to the case scenario, what could be the main objective for which an IS auditor
has been appointed by XYZ Ltd.?
a. Asset Safeguarding b. Data Integrity
c. System Efficiency d. System Effectiveness
4. XYZ Ltd. uses Enterprise Resource Planning system which integrates all the modules with
Financial and Accounting System of the organization. Which of following point is not valid
with the integration of modules?
a. Master data across all the modules must be same and must be shared with other
modules whenever required.
b. Common transactions must be shared with other modules whenever required.
c. There is no need of separate voucher types to be used for each module.
d. Figures and transaction may flow across the department.
5. In purview of above case scenario, under which section of Information Technology Act
2000, is Mr. A punishable?
a. Section 65 b. Section 66B
c. Section 66C d. Section 66D
Integrated Case Study - 5 (PQR Ltd.)

PQR Ltd. is a grocery store that has multiple outlets in various cities across the country. It has automated
all its data processing activities and maintains its entire data in an integrated data center.
CA All data processing activities, servers, backup and recovery is managed by IT department of PQR Ltd.
All the devices are connected to company’s network and communicate with each other using Unique
Identification Number.
SE
The regular customers of grocery store have been provided a membership number and a membership
S TU D Y
card. When a purchase is made by a customer; all the details related to purchase are recorded in
database against that membership number.
As a part of promotional campaign activity, the PQR Ltd. offers various discounts and schemes to draw
attention of new customers and provide satisfactory services to its existing customers. These schemes
are developed by top management based on purchase patterns, market trends and association of
purchases done by customers. The company is using software, which provides the details that enable
the top management in efficient decision making.
PQR Ltd. maintains all the data in database.

The setting of parameters and menu options to be displayed in the software is done first time when the
software is installed. A specific menu option can be viewed/activated by authorized employees only.
These access restrictions are applied in software so that no user of software can access data which he
is not authorized to use. This is done to maintain the security of the system.
The IS auditor appointed by the management, reviews the information system and recommends using
real time audit which may help the company to close the gap between occurrence of transaction and
review of transaction.
This real time audit will also help in timely, comprehensive and cost-effective audit of the transactions.
Based IS auditor recommendations, the company implements the concurrent audit technique which
tends to review all the updates in database and replica in the system. It also traps exceptions in the
database management system.
Management of PQR Ltd. establishes the formal mechanisms to monitor the working of software
on regular basis. The company finds some issues in processing and connectivity in the software. To
resolve these problems, the company modifies the programs according to various reliable processing
requirements.
Latest changes made in the software are according to up gradation of Operating system from
Windows 7 to Windows 10 in all its systems because some of the modules of software were not
compatible with windows 7.

1. Which type of maintenance is done by the PQR Ltd. while upgrading the Operating System
from Windows 7 to Windows 10?
a. Perfective Maintenance
b. Corrective Maintenance
c. Adaptive Maintenance
d. Preventive Maintenance
2. To remain competitive in the market; PQR Ltd. needs to extract the relevant information
regarding the purchase patterns and market trends from the huge data that is available
from its competitors. It also helps PQR Ltd. to offer various discounts and schemes. Which
of the following methodology of data analysis can be used to identify such a trend?
a. Exploratory Data Analysis
b. Quantitative Data Analysis
c. Qualitative Data Analysis
d. Confirmatory Data Analysis
3. Assume that you are appointed as an IS auditor of PQR Ltd. to review the security
mechanism of its system. While performing your duty, at which level of Information System
will you review the controls to ensure that users can see only particular menu options
according to job assigned to them?
a. Master
b. Transaction
c. Risk
d. Configuration
4. In PQR Ltd., the customers have been provided a membership number and a membership
card and all purchase details of customer are recorded in database against that membership
number. Identify the incorrect statement from following that does not support the above
comment.
a. Membership number is unique.
b. In company’s database, Membership number represents a primary key in the member
table.
c. Membership number can be same for two customers.
d. Membership number can be used to see all the purchases done by the customer.
5. According to the case scenario, which audit tool has been implemented by company to trap
exceptions in its Database Management System?
a. Audit Hook
b. Continuous and Intermittent Simulation
c. Audit trail
d. Integrated Test Facility
Integrated Case Study - 6 (XYZ Life Insurance Co.)

XYZ is a life insurance company which offers various innovative products keeping in mind the different
needs of the people. It has more than 300 branches in India and all branches are computerized.
CA The company has a wide variety of insurance plans like protection, retirement, health, saving and
investment, child education and travel insurance plans etc., which cater to the risk management and
insurance requirements of individuals as well as groups.
SE
Each plan offers adequate risk coverage at low rates through a simple application process. It offers
S TU D Y
rewards for healthy life style at relatively low premium and certain tax benefits as per the applicable
Tax Laws.
With the goal to grow, the company has given the facility to buyers to purchase its plans online. All the
data related to investors, claims, policies and marketing agents are stored in a database which can
be accessed online. All data and website of the company are hosted on a cloud.
The performance of the XYZ insurance company about planning, implementation and monitoring of
computerization process was reviewed by IS auditor since last 5 years. The audit of Data Centre
and Information System department was conducted with a view to obtain a reasonable assurance on
accuracy and consistency of data. Existence and adequacy of IT controls and network controls are
also reviewed. The audit was conducted at 12 various branches selected on random basis.
The audit was performed against various frameworks, standards, laws, guidelines and policies relevant
to insurance business as well as IT.
Audit findings and recommendations to Management were as follows:
i. All computers should be provided indirect network connections with other networking
services or servers.
ii. There is a need to make huge volumes of data availability from cloud at peak time.
iii. The controls that ensure the availability of system in case of data loss due to unauthorized
access and equipment failure etc. are not adequate.
iv. There is a need to establish a mechanism to transfer the data in an encrypted form so that
it would be safe and other users who are not authenticated cannot access that data.
v. Mr. A dishonestly used electronic signature of the branch manager of Z branch of Company
and passed the false claim of one of the buyers and allowed him to withdraw the funds.
The legal action must be taken against him.
vi. Special audit routines are advised to highlight and notify suspicious records with frequent
change in name and address so that policyholder system becomes less vulnerable to frauds
like funds withdrawal because of false claims.
1. According to IS Auditor, some controls need improvement to ensure the availability of
system in case of data loss due to unauthorized access and equipment failure etc. so that
the company can retrieve the files. Which of the following strategies should be adopted by
XYZ Company for this purpose?
a. Grouping the similar transactions b. Logging input transactions
c. Dual recording of data d. Periodic dumping of data
2. The IS auditor has found that Mr. A dishonestly made use of electronic signature of the
branch manager of Z branch of the company and passed the false claim of one of the
buyers. Under which section of IT Act, 2000 is Mr. A punishable?
a. Section 66B b. Section 66C
c. Section 66D d. Section 43
3. What kind of server has been recommended by IS auditor to provide networking services to
all computers of XYZ company?
a. Proxy Server b. Web Server
c. Database Server d. Application Server
4. In purview of above case scenario, which type of audit routines can be recommended by IS
auditor to avoid withdrawal of funds due to false claims?
a. Continuous and Intermittent Simulation
b. Snapshot
c. System Control and Review File
d. Audit Hook
5. The company started using wearable smart watches and bands that provide the medical
condition of individual who wishes to buy life insurance. This initiative of the company is
a part of their risk management strategy. Identify it.
a. Tolerate the risk b. Terminate the risk
c. Transfer the risk d. Treat the risk
Integrated Case Study - 7 (ABC Car Rental Co.)

ABC is a car rental company running its business through m-commerce. Its mobile app is very popular
amongst the people who can book a car online through it and the company is earning a good profit.
CA
It collects the information of large number of taxi providers, makes them its partner and sells their
rental services to large number of buyers under its name. The company follows its employees’ health
SE
and safety regulations and pays all the taxes on time.

S TU D Y
Because of the growing competition in the market, the ABC Company wants to use some technology
on sustainable position in comparison to others, and to reveal its capabilities and market conditions so
that it can take good strategic and tactical decisions to maintain its repute in the market.
The company uses controls to protect its data and information on its private network from the outside
network by filtering the information, thus allowing only authorized traffic to pass through the network.
Despite of all its functioning and care, a case has been reported where two drivers of the company
had transported the cash of `12 lakhs from Delhi to Jaipur without any bill or proof while taking the
passengers in the company’s cab without the notification of the company’s higher authority.
There is a need of legal action against them.
1. Under which section of Prevention of Money Laundering Act, the two reported drivers of
the ABC Company are liable?
a. Punishment of cheating by personation
b. Punishment to give false information
c. Offence of money laundering
d. Punishment of theft
2. some technologies to be on sustainable position. Which technology can help the company
to make well-informed business decision and be the source of competitive advantage?
a. Artificial Intelligence
b. eXtensible Business Reporting Language (XBRL)
c. Internet of Things
d. Business Intelligence
3. According to case scenario, what kind of business risk ABC Company tries to avoid by
giving health safety facilities to employees?
a. Regulatory risks b. Financial risks
c. Hazard risks d. Technology risks
4. In purview of above case scenario, what kind of business market model is being followed © Carvinowledge Press (CNP), 2022
by ABC Company?
a. E-shop b. Buyer Aggregator
c. Virtual community d. E-market
5. What kind of network access controls are being used by the ABC Company to ensure
network security?
a. Firewall
b. Call back device
c. Encryption
d. Enforced Path
Integrated Case Study - 8 (ABC multispecialty hospital)

ABC is a multispecialty hospital that provides best known healthcare facilities to large number of
patients. The hospital has three more branches at 3 different states.
CA
However, all the branches record their related data including personal data about the patient and
other comprehensive medical data; medical services provided to the patient such as investigations,
SE
diagnoses, treatments, follow up reports and important medical decisions.

S TU D Y
These branches have been managing all the operations related to administrative, financial, clinical
aspects and health care facilities manually. But, now the management of the hospital wants to
streamline and optimize all its business operations in its branches.
After consulting the experts, the hospital decides a strategy to implement a comprehensive, integrated
and specialized system which is designed to manage the administrative, financial and clinical aspects of
hospital and healthcare facilities of all its departments in single software and maintains a centralized
database for all the relevant data.
§§ This proposed system is planned to be developed in-house during which an IS Auditor Mr.
Kamal is responsible to provide his valuable inputs and supervise the development and working
of the system from auditor’s aspects.
§§ The proposed software or system would make available up-to-date data that bring workflow
efficiency in hospital management.
§§ All its branches would be interconnected with each other through intranet and share data with
each other.
§§ Also, the administrative staff could track the status of funds, patients, doctors and facilities etc.
very easily just on the click of a button.
§§ Each employee shall have a unique login Id and certain access privileges depending on his/her
job profile and designation.
§§ The proposed software has facility of Electronic funds transfer for its various stakeholders like
vendors, doctors and patients in order to provide them more satisfaction.
§§ With the implementation of the new system, the security of the confidential data of its patients
that is being stored, processed and maintained in the centralised database is a serious concern
for the top management of the hospital.
Recently, the hospital is also facing many connectivity and security issues in its intranet due to which the
data transmission between its branches has become unreliable.
Hospital management considers various risks associated with this, including cyber risks and infringe
of various IT laws and also puts controls in place in response to these risks. It puts controls in place
to ensure that either failures do not impact or have a minimum impact on hospital operations and
services. It also keeps a check that no unlawful activity can take place.
1. Which strategy is used by ABC hospital that streamlined and optimized its operations?
a. Database Management System b. Business Process Reengineering
c. Business Process Automation d. Bring Your Own Device
2. Which type of control mechanism is implemented by ABC hospital to restrict its system
access to authorized users only?

a. Segregation of Duties b. Rule Based Access Control
c. Privacy policy d. Role Based Access Control
3. ABC hospital considers various laws related to system automation with the main objective
of securing the confidential data of its patients. Which of the following is not included in
Sensitive Personal Data Information for ABC hospital?
a. Patient history b. Doctor’s Experience
c. Medical reports d. Staff details
4. In purview of above case scenario, identify the type of audit which Mr. Kamal is/can be
involved in.
a. Post Implementation Audit b. Concurrent Audit
c. General Audit d. Control Audit
5. In your opinion, which of the following is a secondary process of ABC hospital?
a. Recruitment and staffing b. Management of infrastructure
c. Accounting d. Budgeting
Integrated Case Study - 9 (HAK Systems Pvt.Ltd.)

HAK Systems Private Limited (abbreviated hereafter as ‘HAKPL’) has two distinct business lines – viz.
engineering Services and Cloud-based server solutions.
CA
The Chief Operating Officer (COO) has observed that the company is facing many problems by
keeping data on disparate systems which now needs to be centralized. As a preliminary exercise, the
SE
IT Manager has written the operational rules as follows:

S TU D Y
1. Central database for the engineering business line to be modelled on a relational database
model deploying RDB - Oracle. This software can be installed on each system to maintain
the database.
2. The rules pertaining to a sale invoice is written as:
ww Invoice Amount: Primary Key
ww Invoice Date: Attribute
ww Product Name in Invoice: Relation
3. Access controls to be based on user preference basis.
4. Running a backup procedure each day at 22:00 hours.
5. Internally created ERP software to be deployed, which will be efficient in terms of cost and
performance.
6. Accounts Payable Module will be code written auto-rules for payment cheque creation.
7. The COO wants to implement a VOIP (Voice over IP) system for efficient time management
8. The COO also wants to have a penalty enforced for any employee who misuses company
data stored in the company servers and computers.
1. In context with the case scenario, the statement ‘Access controls to be based on user
preference basis’; in your opinion is_____________.
a. False, as access controls are defined on need-to-know basis.
b. False, as access controls are defined on need to know and need to do basis.
c. False, as access controls are defined on need to know and compliance basis.
d. True, as access controls are defined on user preference and utility basis.
2. Which control is adopted in the case of HAK Systems Private Limited running a backup
procedure each day at 22:00 hours?
a. Preventive control
b. Corrective control
c. Detective control
d. Application and Monitoring system access control
3. One of the business lines of HAK Systems Private Limited is that of Cloud-based server
solutions. In this context identify, which of the following statement is correct for an installed
application software?
a. Installed application software will be more efficient than a cloud-based application © Carvinowledge Press (CNP), 2022
based on performance parameter.
b. The CAPEX (Capital Expenditure) spent for an internal software application will be
higher to the CAPEX for a cloud-based application, but OPEX spend will be lower than
the cloud-based application.
c. Definite service agreement is recommended in installed software application.
d. Maintenance will be the defined liability of the installed application service provider.
4. In purview of above case scenario, Accounts Payable Module is suggested to be used.
Which of the following is one of the fundamental rules adopted in an Accounts Payable
automation set up for payment to vendor?
a. Vendor Invoice, PO and GRN to be matched to PO terms and rates, and vendor master
table for payment cheques preparation.
b. Vendor PO, Invoice to be matched to the GRN for terms and rates for payment cheque
preparation.
c. Vendor Master Table to be checked with the PO and supply terms to be matched to the
GRN for payment cheque preparation.
d. Vendor Invoice to be matched to Vendor master table, and if validated, the ledger
table to be matched to invoice value and then the GRN to be validated for payment
cheque preparation.
5. HAKPL has Cloud based server solution business line. As per suggestion of the COO, which
of the following Service Model of cloud computing will be used in e-VoIP?
a. Platform as a Service (PAAS)
b. API as a Service (APIaaS)
c. Software as a Service (SaaS)
d. Communication as a Service (CaaS)
6. Referring to the IT Act 2000, the COO suggested the penalty for a person who extracts or
copies any data from the computer system of the company without prior approval. What is
the penalty defined under which section of IT Act, 2000 for such an offence?
a. Imprisonment for a term up to 3 years and penalty up to ` 5 lakh or with both under
Section 66.
b. Imprisonment for a term upto 5 years and penalty upto ` 5lakh under Section 43A.
c. Imprisonment for a term upto 3 years and penalty upto ` 10 lakh under Section 66.
d. Imprisonment for a term upto 5 years and penalty upto ` 3 lakh under Section 43A.
Integrated Case Study - 10 (Small Bank Limited (SBL)

Small Bank Limited (SBL), Bhopal (MP) is registered as a Small Finance Bank (SFB) with RBI. SBL has
been provided license under the Govt. of India’s initiative to promote financial inclusion.
CA
SBL has started operations in the April 2018 and has 100 branches spread across three states
including MP, Rajasthan and Tamilnadu. SBL balance sheet as on 31/03/2019 shows following key
SE
performance parameters.
S TU D Y
1. Advances: ` 550/- Crores: 75% in category of agricultural Advances

2. Gross NPA (In % ): 2.5%
3. Net NPA (In %): 0.5 %
4. Deposits under Current & Savings
Account (CASA) ` 1,000/- Crores
5. No. of CASA account holders ` 2,50,000 Lakhs
6. Employees 450
ISSUE
SBL started their business operations immediately after getting the RBI License. They started using a
banking ERP by the name SmlCBS (Small Core Bank Solution System), launched by a company named
V Bank Limited (VBL), Pune (Maharashtra). VBL has been selling it products to various co-operative
banks across India since 2005.
The software was purchased by bank without going through the formal process of benchmarking the
software to bank’s strategic and future business needs. SBL had launched its operations with lot of
publicity and fanfare.

Few systems related issues came up when an article in a national daily newspaper got published. The
article claimed that the SBL systems were not correctly crediting the interest to all the account holders’
saving bank accounts.
The article highlighted the details of few account holders of bank and published a detailed report.
The key facts published were as follows:
Example 1:
1. Name of Customer: Mr. X, Satna (MP)
2. Account details: The newspaper published the account statement for month of June 2018.
3. Interest credited by bank: ` 150.70
4. Interest as per calculation: ` 150.75
Example 2:
1. Name of Customer:Mr. J, Salem (Tamilnadu)
2. Account details: The newspaper published account Statement for the month of July 2018.
3. Interest credited by bank: ` 3,825.20
4. Interest as per calculation: ` 3,825.25
The newspaper article ended by stating that bank has 2,50,000 account holders. If each customer
loses ` 0.05 (Five Paisa) each month, that means bank is gaining ` 12,500/- per month meaning `
1,50,000/- per year.
MANAGEMENT ACTION ON ISSUE
As soon as the matter came in public domain, the management of SBL realized that some swift action
is needed on urgent basis.
SBL board called for a high-profile meeting and discussed the matter. At the end of the meeting, the
management took a decision to get the bank’s system audited by a system expert.
Subsequently, Mr. A was hired to conduct the audit which he completed and submitted a report
stating that:
i. Many important reports like Asset - Liability Management (ALM) Report, Cash Reserve
Ratio (CRR), Statutory Liquidity Ratio (SLR) reports are not being provided by the CBS.
SmlCBS does have capability to add a new report that may be needed in future, if RBI
mandates the same.
ii. SmlCBS does not have any backup facility in case of any disaster or natural calamity.
iii. SmlCBS does not have it’s m-banking facility.
iv. Finally, the system auditor suggested that SBL needs to go for a new CBS.
v. SBL board immediately decided to change the software.
vi. SBL this time went through the due process of software selection and implemented new
software.
vii. Having done this, SBL Board had organized a public launch function for the new
software by inviting ministers of technology from all three states where bank has its
operation.
1. CBS Implementation needs to be controlled and monitored. SBL board’s decision to
implement CBS lacks which critical aspect of CBS deployment?
a. Approval b. Selection
c. Planning d. Testing
2. ALM, CRR and SLR are not being generated from SmlCBS. These reports are important for
management decision making. All these reports shall be classified as__________.
a. Daily Reports b. MIS reports
c. Exception Reports d. Balance Sheet Report
3. In purview of above case scenario, the published key facts in the newspaper represented a
fraudulent way of interest calculation which was due to inherent weakness in system. This
would be classified as a ____________.
a. Risk
b. Vulnerability
c. Threat
d. Impact
4. The newspaper national daily pointed the error in interest calculation where each customer © Carvinowledge Press (CNP), 2022
loses `0.05 (Five Paisa) each month. It is most likely to be classified as_______________.
a. Spoofing
b. Bomb
c. Piggybacking
d. Rounding Down
5. System Auditor’s report highlighted that SmlCBS does not have a live back up. In case of
disaster, the bank may be subject to grave risk. These types of risk are addressed through
having ________.
a. Data Management Control
b. Programming Management Control
c. System Development Control
d. Security Management Control
Integrated Case Study - 11 (Ridonix, Pune)

Ridonix, a Pune based data analytics firm specializing in finance and costing analytics with a workforce
of fifteen data scientists and fifty analysts. It has served all major hotel chains of the country and has
CA been successful since its inception.
SE
S TU D Y
A client of Ridonix, Ghoomo Hotels was going through a huge cash crunch and on the verge of closure.
They approached Ridonix to find solutions to reduce costs and implement effective pricing models to
lure customers. The objective given to Ridonix is to bring the hotel chain at break-even point in next
two years.
The analysts’ team from Ridonix gathered relevant information from Ghoomo’s operations team, and
found many genuine loop holes in their systems. Followings are the observations of Ridonix:
1. There were multiple online booking partners to book rooms to whom high commissions
were being paid, and no proper checks on payouts to these booking partners were in place.
2. Further, there were three banking gateway partners associated. They charged higher than
industry standards as their convenience fees.
3. The booking system was also internally flawed as it could not manage cancellations,
wherein the system reported rooms as booked, while they had actually been cancelled
online.
4. A major confidentiality breach was also reported, where two employees had access to
confidential data of customers and their preferences, and they were selling that data to
Ghoomo’s competitors.
5. The entire internal reporting system was redundant and needed a corrective update.
The system advisory report from Ridonix suggested Ghoomo:
a. to setup a new information system, i.e. to call in change management of the existing
reporting software.
b. to implement a strong ERP system to keep a track of room inventory.
c. to save costs in banking transactions, Ghoomo was advised to go for an integrated
payments system rather than relying on multiple gateways of multiple banks.
d. to reflect timely and accurate cancellation of rooms in the system, Ridonix advised
putting an audit tool in place and executing it frequently to keep a check on errors.
To safeguard the business from data privacy litigations in future, Ridonix also advised Ghoomo to get
legal contracts drafted by legal experts and put them up on their website and application.
1. Which of the following could be cheapest and most effective in implementing integrated
payments channel for Ghoomo’s payments?

a. Aadhar Enabled Payment Services (AEPS)
b. UPI based application integration
c. Crypto Currency
d. Mobile Wallets
2. RIDONIX advised its client to focus on change management as the first and foremost step
by strengthening its Information System. What kind of an IT control have they advised
Ghoomo to focus on here?
a. Information Technology General Control
b. Application Control
c. Residual Risk Control
d. Data Privacy Control
3. One of the biggest challenges for Ghoomo is auto-cancellation of rooms and no

corresponding update in the system, which leads to huge loss of revenue. Which of the
following would be best suited for Ridonix’s suggested advice to keep a check in new
system?
a. SCARF (System Control Audit Review File)
b. Audit Hooks
c. Audit Trail
d. Integrated Test Facility (ITF)
4. With a strong ERP System in place as suggested by Ridonix, which of the following controls
would best curb the confidential data misuse by its employees?
a. Server Back Up Arrangement
b. Firewall to restrict access to online portals
c. Role Based Access Controls
d. Physical Access Controls
5. Mr. Rajesh who is an employee of Ghoomo misused the data of customers. Under which
section of IT Act 2000 can he be punished for misusing and selling confidential data he had
access to?
a. Section 66 of IT Act, 2000
b. Section 66C of IT Act, 2000
c. Section 66D of IT Act, 2000
d. Section 66E of IT Act, 2000
Integrated Case Study - 12 (1K Pvt. Ltd.)

1K Pvt. Ltd. is a new generation sports drink manufacturer company. It recently took a loan of ` 1.50
crores from Dhan Bank, its banking partner for the e-commerce portal to double-up their manufacturing
CA unit in Aurangabad.
SE
S TU D Y
The business is focused on a niche target market with immense potential in India. The owners are quite
satisfied with the results so far, but also face a few challenges as they plan to scale up.
Kumari G., the founder of the 1k Pvt. Ltd., hired a market research firm to ratify her gut feeling, that the
teenage segment in India is increasingly focused on sports and fitness, and has available disposable
income to spend on themselves. The market firm did an in-depth data analysis and reported that it
was indeed a potential market with 10X growth visibility in coming 5 years.
The Company has been quite adamant in finding internal flaws and with recent plans of scaling up © Carvinowledge Press (CNP), 2022
operations; a special meeting was called on to find solid solutions of identified concerns. The major
concern of the management was regarding the Purchase Department.
Firstly, delays in posting accurate raw material inventory position were creating undue pressure on the
production line. Proper reporting mechanism was suggested to be put in place.
Second, major concern was cash leakage from the system. Internal Audit experts were notified to
put in strong audit trails to mark red flag transactions and further, block those transaction owners
temporarily.
1k Pvt. Ltd.’s core essence of being of new age company focused on teenagers is also mandated
in its office campus. The employees are encouraged to bring their own devices at work and are
even reimbursed the cost of internet if they use their personal hotspots. It creates an environment of
individuality and freedom amongst workers.
It has also helped the company in saving good amount of money in IT infrastructure and network
provider costs.
The company reported revenue of ` 3.00 crores last year, and with scale up of operations, it is
projected that numbers would cross ` 10.00 crores in the coming year.

1. Which of the following methodology of Data Analysis, the market research firm adopted
to validate using statistical techniques on whether the teenage segment was indeed a
potential for 1k Pvt. Ltd.?
a. Exploratory Data Analysis
b. Confirmatory Data Analysis
c. Qualitative Data Analysis
d. Quantitative Data Analysis
2. To save on IT infrastructure costs, 1K Pvt. Ltd. encouraged some modern practices for its
employees. Which of the following would not be a risk associated with those practices?
a. Network Security Risk
b. Loss of Device Risk
c. Reduced IT Support Risk
d. Application Malware Risk
3. Which of the following Phase in Inventory Management is the pressure point for 1K Pvt.
Ltd.?
a. Production Phase
b. Ordering Phase
c. Delivery Phase
d. Sales Return Phase
4. The flow of transactions between the Dhan bank’s server and 1k Pvt. Ltd.’s server, when a
customer initiates a purchase on the company’s website include the following steps.
i. Customer Places Order on Website
ii. Request flows to Payment Gateway
iii. Request for Bank’s confirmation
iv. Request flows to Merchant’s Server
v. Updated status on Merchant’s Server
vi. Confirmation sent to Payment Gateway
vii. Request accepted and approved
viii. User is notified about payment and order is placed
What would be the correct sequence of the aforementioned steps?
a. (i), (iv), (iii), (ii), (v), (vii), (vi), (viii)
b. (i), (v), (iii), (ii), (vii), (iv), (vi), (viii)
c. (i), (iv), (ii), (iii), (vii), (vi), (v), (viii)
d. (i), (ii), (iii), (iv), (v), (vi), (vii), (viii)
5. The tool to be used to protect 1k Pvt. Ltd. from cash leakage in the system would not be
able to ensure which of the following?
a. Detect Unauthorised Access
b. Block Cash Outflow Ledgers

c. Reconstruct flow of Events
d. Monitor unauthorised /authorised user activity
Integrated Case Study - 13 (ABC Ltd)

ABC Ltd. a leading manufacturer of the Water Purifiers all over the country having ERP System
decided to launch a new Wi-Fi enabled water purifier “Purity” with UltraViolet Filters and advance
CA technology.
Purity can be connected with the home Wi-Fi and when the purifying agents deplete, may inform
SE
the service agents of the company. The management decided to outsource the service agent work to
S TU D Y
different local agencies. The company was facing financial difficulties in launching the product. For
this, they had taken a bank guarantee from the Amy Bank, for making the payment of raw material
purchased from the supplier.
The company also changed the collection of payment policy for debtors and giving more payment
options as well as introducing the discount policies on bulk purchases and timing of the payments.
Additionally, the company adopted online marketing rather than paper-based marketing and online
invoicing to cut down the paper wastage as well as to make an addition to the cost-saving.
To increase the awareness of Purity and ease to its customers to use Purity, the company decided to
register itself on famous shopping applications to deliver the product to customers at their doorsteps.
Now, the customer can purchase Purity online as well as offline. They also decided to open cash on
delivery option for its customers.

1. In the purview of the above case, the advertisement and sale of product can be made using
either online or offline means. The order will be fulfilled, invoice created, payment received
and then accounting will be done. These multiple sub-processes are part of which business
process?
a. Customer Order Fulfilment
b. Order to Cash
c. Purchase to Pay
d. Fixed Assets
2. As the Bank Guarantee is taken by the company, ABC Ltd., it is required to pay certain
amount to the Amy Bank which is the income for the Bank. The amount which the Bank
receives from the ABC Ltd., can be termed as-
a. Interest Income
b. Discounting Income
c. Commission Income
d. Guarantee Charges
3. Since ABC Ltd. decided to outsource the working of the service agents, the company is
required to establish the controls. Under which Managerial Control, the monitoring of the
outsource contracts can be done?
a. Data Resource Management Controls
b. Quality Assurance Management Controls
c. Security Management Controls
d. Operations Management Controls
4. As ABC Ltd. is having ERP system, which among the following department may help ABC
Ltd. in forecasting sales and production plans of the product “Purity”?
a. Master Data
b. Material Requirements Planning (MRP)
c. Distribution Resource Planning (DRP)
d. Sales and Operations Planning (SOP)
5. ABC Ltd. had adopted online marketing rather than paper-based marketing and online
invoicing to their customers. Which one of the following works on this practice?
a. Grid Computing
b. BYOD
c. Mobile Computing
d. Green Computing
Integrated Case Study - 14 (KPL Bank)

KPL Bank the new entrant in the banking sector, established in 2019, after getting approval from the
Reserve Bank of India for setting up a universal bank.
CA The directors decided to change the regular banking style by adopting some of the new ideas which
will assist in catering to the market and gain competitive advantage over other banks.
SE
§§ The bank decided to adopt the Core Banking System that will help in assessing the same bank
data by all the branches and ATMs.
S TU D Y
§§ The management of KPL Bank decided to introduce “tab banking” wherein the bank officials
would go to the customer’s place and open the bank account at their premise by clicking the
customer’s photographs and scanning the required documents using tab.
§§ They decided to provide doorstep banking services to senior citizens and differently-abled
customers, wherein the, the bank may help these people in deposit and withdrawal of the cash,
and other banking services at their doorstep.
§§ A google application named “mKPL” would be created that may allow the customers to make
financial transactions, check balance, transfer money, and perform other banking operations
using their smart phones or tablets.
§§ Banks being the backbone of the economy, KPL Bank decided to be better equipped with
technology to minimize fraud and control exposure risks.
§§ Hence, the management also aimed to strengthen its Information Technology department with
proper segregation of duties among personnel.
§§ This step will help in establishing proper controls with risk management.
§§ They worked towards the establishment of branches in rural areas all over the country and
providing the farmers with different loans and savings options.
§§ Now, the bank is ready to adhere with all the regulatory and compliance requirements
applicable to them.
§§ Their focus is on using IT in the best possible ways and achieves higher customer satisfaction by
rendering them all the products and services.
1. The Reserve Bank of India has given approval to “KPL Bank” to start operations as
universal bank. Which among the following Act gives the power to the Reserve Bank of
India to license new banks to start operations?
a. Reserve Bank of India Act, 1934
b. Banking Regulation Act, 1949
c. Negotiable Instrument Act, 1881
d. Information Technology Act, 2000
2. As a part of risk management, the KPL Bank is deploying a separate Information Technology
organization structure with proper segregation. This type of risk management comes under
which control?
a. Application Control b. Internal Control
c. Semi-Automated Control d. Infrastructure Control

3. In the purview of the above case, KPL Bank wants to be better equipped to minimize frauds
and control exposure risks. Which technology will help in examining those data sets?
a. XBRL b. MIS Report
c. Data Analytics d. Grid Computing
4. As per the above, the Google application of KPL Bank named “mKPL” is created to help
the customers to perform the transactions at their convenience. Identify the emerging
technology on which “mKPL” works?
a. Cloud Computing b. Grid Computing
c. Mobile Computing d. Green Computing
5. KPL Bank is using the Core Banking System, in this system the bank data can be accessed
from a server by all the branches as well as the ATMs. In which part of the system, bank
data is stored?
a. Proxy Server b. Central Server
c. Local Server d. Back end Application
Integrated Case Study - 15 (New India Global Healthcare Pvt. Ltd.

(NIGHPL) )
New India Global Healthcare Private Limited (NIGHPL) is a medical insurance service provider
company in India.
CA Presently, the company is working on its software called “Nirogaya” to maintain all records such as
detail of all policyholder, premium collection, outstanding premium, and various reports that may
require further customization on manual basis.
SE
However, due to system vulnerability and lack in appropriate controls, recently an incident took place
S TU D Y
wherein an employee Mr. R was caught sharing confidential records of Mr. Z (who was insured under
Mediclaim Policy) to Satyam Cell Marketing Global Private Limited.
Mr. S, appointed as an IS auditor of NIGHPL, conducted it’s IS audit and highlighted some key control
weakness issues and comments on company’s password policy that was prepared but not implemented
by the Information Technology (IT) Dept. He submitted his audit report to Board of Directors and
recommended an immediate attention of Management of the NIGPL to address the issues as specified
in the report.
After considering the recent incident of Mr. R and recommendations of IS auditor Mr. S; Board of
Directors of NIGHPL held a meeting with its’ senior members of the management including Chief
Information Officer, Chief Financial Officer and Chief Executive Officer.
The decisions of the meeting were as follows:
ww Company will approach Big 4 System Development & Service Provider to develop ERP
system and its implementation at various locations across the country with in-built effective
and efficient IT Controls in place.
ww Company also decided to implement Balance Scorecard, a strategy performance
management tool to identify and improve various internal business functions and their
resulting external outcomes.
ww None of the employee can access detail of customer without prior permission of IT head.
Mr. SK an employee of Big 4 system development and service provider was assigned the job to
understand the requirements for the proposed system of NIGHPL. For that, he frequently visited the
company and interacted with users of the computer system.
The Company also approached to AWS to provide them access to Virtual Machines for data
processing. The company went-live with new ERP system. Company had also prepared the backup
strategy whereby the data is taken from the live environment to backup drive.
1. In the light of IT Act, 2000; who will be responsible for paying compensation to Mr. Z for
failure to protect his data?
a. Directors of Satyam Cell Marketing Global Private Limited
b. Directors of New India Global Healthcare Private Limited
c. Shareholders of New India Global Healthcare Private Limited
d. Directors of Big 4 system development and service provider
2. IS auditor has observed that the NIGHPL has not implemented password policy properly
and allowed users to keep short-length login passwords for system access and not aware
for frequently changing it. This refers to ____ in purview of Information System Concepts.
a. Exposure b. Threat © Carvinowledge Press (CNP), 2022
c. Vulnerability d. Attack
3. NIGHPL approached to Amazon Web Services to provide them access to Virtual Machines
for data processing. Which of the following Cloud Computing Service Model will be useful
for this?
a. Network as a Service (NaaS)
b. Infrastructure as a Service (IaaS)
c. Platform as a Service (PaaS)
d. Software as a Service (SaaS)
4. If you were requested to advice NIGHPL’s management on its Password Policy to be
followed by its users to protect its data, which of the following feature will you recommend
to make the password control strong?
a. Password length should at least be of 4 characters.
b. Password should be changed once in a year.
c. Password should always be in numeric form.
d. Password of user should be blocked after three unsuccessful login attempts.
Integrated Case Study - 16 (CBZ Singapore)

CBZ Singapore Global Insurance Limited is a reputed Insurance Company with its Head Office located
in Singapore.
CA
With an aim to expand its business, the company started a subsidiary company in India in the year
2019 and obtained the license from Insurance Regulatory and Development Authority (IRDA).
SE
In India, IRDA is an autonomous statutory body tasked with regulating and promoting the insurance
S TU D Y
and re-insurance industries in India. It protects the interest of policy holders, regulates, promotes and
ensures orderly growth of the insurance in India.
Information Systems Audit has a significant role in the emerging insurance sector.
CBZ Singapore Global Insurance Limited has framed and setup a committee of ten personnel for
implementation of ERP to automate all business processes in their company and also responsible for
the compliance of various rules and regulations of IRDA and other applicable laws.
The Company adopts Mobile Computing to sell its insurance products online.
Also, the company establishes 50 branches throughout India to appoint agents to promote the selling
of their insurance products.
Company uses a Wide Area Network to allow its agents away from home office to obtain current rates
and client information and to submit approved claim using notebook computers and dial in modems.
1. In the given case scenario, the technology Mobile Computing adopted by CBZ Singapore
Global Insurance Limited will has its own limitation. Which of the following however will
fall under the list of limitations of Mobile Computing?
a. Ensuring reduced travel time for employees.
b. Ensuring mobile workforce with remote access to work order details.
c. Increased information flow enables in improving management effectiveness.
d. The users’ disrupted access of information due to insufficient bandwidth
2. In the given scenario, suppose if there is a leakage of sensitive/confidential data of a
policy holder; under IT Act, 2000, who will be held liable to pay compensation for failure
to protect policyholder’s data?
a. Directors of CBZ Singapore Global Insurance Limited
b. Shareholders of CBZ Singapore Global Insurance Limited
c. Officer of Telecom Regulatory Authority of India
d. Agents of CBZ Singapore Global Insurance Limited
3. Suppose you are appointed as an IS auditor of CBZ Singapore Global Insurance Limited.
When you are going to audit the physical access controls, which of the following activity is
not undertaken by you?
a. You must check that the risk assessment procedure adequately covers periodic and
timely assessment of all physical access threats.
b. You must check whether the physical access controls are adequately in place.
c. You must examine the relevant documents such as security policies and procedures are
prepared.
d. You must develop and document an overall audit plan describing the expected scope
and conduct of the audit.
Integrated Case Study - 17 (M/s XTC LTD)

M/s XTC LTD., a FMCG company dealing home care, human care, health care and stomach care
products. The company has been seeing drop in sales over past few years.
CA Company has traditional distribution channels which include wholesale dealers, retailers and agents.
Company has been using a legacy integrated system since 2004. To get better understanding for
the reasons for such decline in sales, XTC decides to appoint a consultant. XTC appoints Ms. Venus
SE
Andromida (Ms.VA) as business consultant.

S TU D Y
Ms.VA has more than a decade of experience and is a MBA from IIMA plus qualified CISA, CISM
expert. Ms.VA has been given in six months to submit the report. Ms.VA, submits her reports in two
parts.
ww Part one deals with identification of key reasons for business decline.
ww Part two is solutions to identified problems.
Ms.VA found that, Customer order execution (turnaround time: TAT) is twice the market norms. In the
present system retailers’ orders are accepted by sales representatives, who send the same to HO on
email. Sales head at HO takes gives the necessary instructions. This process is having many human
interfaces leading to delay in supply of material once email has been sent for orders, and many times
the received goods and ordered goods do not match.
Ms. VA applied the principles of risk management and suggested following solutions:
ww XTC needs to implement a new system. The proposed system shall integrate all departments
of the company including key departments; Sales and Distribution & Material Management
& Financial Management & Production, Planning and Costing and Human Resources. This
shall help XTC optimize resource utilization and increase profitability.
ww The proposed system shall have an online mobile APP enabled system of order acceptance
from retailers and wholesalers. Mobile APP to be installed on all sales representative
systems.
ww In the new system, XTC limited plans to preload reorders levels for various products for
each wholesaler individually. This will help better inventory management. As soon inventory
level of a product will reach reorder level, system will send a purchase order for Re-order
Quantity/Economic Order Quantity to vendor. This shall significantly reduce the Turnaround
Time.
1. Expert used risk management principles to suggest a solution. Risk management
terminologies include all except……….
a. Vulnerability Assessment
b. Threat Assessment
c. Risk Sharing
d. Exposure
2. Use of Mobile APP by employee is convergence of two emerging technologies referred
to as Mobile Computing and BYOD. The common risk associated with both technologies
include
a. Security Risk © Carvinowledge Press (CNP), 2022
b. Bandwidth
c. Application Risk
d. Health Hazard
3. Ms. VA proposed a system that shall integrate all key departments of the company. Identify
from the following which type of system she is proposing?
a. Business Process Reengineering
b. Enterprise Resource Planning
c. Business Research Automation
d. Business Continuity Planning
Integrated Case Study - 18 (VK Textile Cotton)

VK Textile Cotton Fabrics Private Limited is an export-oriented unit established in the year 2016.
Company manufactures Cotton Fabrics in India and exports it to some foreign countries also.
CA
In December, 2019; Company acquired a manufacturing unit of Dubai (UAE).
Presently, Company is going in the process of listing in Bombay Stock Exchange and National Stock
SE
Exchange for listing its securities. Mr. Sameer Jain joined the Company as Chief Executive Officer
S TU D Y
(CEO) with effect from 01st January, 2020. After taking his duty charge; he held various meetings
with the company’s management and stakeholders and presented a unified proposal on future of the
company in meeting which are as given below:
i. Expansion of the company business in other foreign countries includes European Countries
and Gulf Countries and Asia-Pacific Countries.
ii. With best quality product under reasonable price i.e., called value for money for its
customers worldwide.
iii. Spreading out e-commerce business activities and online presence worldwide.
iv. Development & Implementation of IS security policy.
v. Adoption of new and emerging IT technologies includes Cloud Computing, Mobile
Computing, Green Computing etc. for the company.
vi. Upgrading to all business processes through latest technology & trends & keeping all
records and documents in electronic digitalized form.
vii. Reciprocal agreement for disaster recovery with another company called G.K. Global
Textile and Cotton Fabrics Limited (already a listed entity in Bombay Stock Exchange)
w.e.f. 5th January, 2020.
1. VK Textile Cotton Fabrics Private Limited has entered into a reciprocal agreement as one
of the strategies of Disaster Recovery Planning. Which of the following risk treatment
approach does it indicate?
a. Risk Transfer
b. Risk Avoidance
c. Risk Mitigation
d. Risk Acceptance
2. Which of the following is a practice of using computers and IT resources in a more efficient
environmentally friendly and responsible way?
a. Grid Computing
b. Cloud Computing
c. Virtualization
d. Green Computing
3. Under which sub process of Information Security, the company can implement security at
various aspects of application of any transaction?
a. Database Security
b. Network Security
c. Application Security
d. Operating System Security
Integrated Case Study - 19 (KD Health and Medical)

KD Health and Medical Care Limited provides a medical health check and other medical outsource
services to its various its clients/customers that includes pharmacists, physicians, patients, educational
CA institutions, day care establishments, government agencies and insurance companies. The company is
located in Agra with all its 100 employees living on the private land space situated at Agra.
The Company has a policy of allocating the super-user password to General Manager in Finance
SE
Department. The same is defined in the Job Profile of GM (Finance) who is responsible to supervise
S TU D Y
the allocation, deletion, modification and suspension of user rights based on approvals made by HR
Department. On 26th September 2018; the General Manager (Finance) resigned from the Company
and on 1st October 2018; a new joinee who joined the company as GM was given another super-user
password.
In due course of time, the Company hired Mr. J as its internal auditor in the month of March 2019.
After the due procedure, he submitted his Draft IS Audit Report to Chief Executive Officer (CEO) and
Managing Director highlighting following key control issues:
ww All employees of Accounts Departments have been using the Super-User Password of the
previous General Manager (Finance). For past six months, after the new joinee has joined,
the audit logs of some dates are missing and not available.
ww There is no basic configuration in the accounting system to restrict cash payment in excess
of ` 10,000/- that result in the expense being disallowed as a business expense. That shall
lead to increase in the tax liability of the company.
ww There is no effective internal control system regarding user management, creation and
modification of accounting voucher.
ww Company has no emergency plan with an outdated list of names to contact in case there is
some type of emergency within the company
ww There are unused computer systems lying idle.
ww There is no antivirus or security mechanism existing in the computer systems of the employees
carrying out day to day transactions.
ww There are versions of unauthorized software installed on numerous computer systems.
ww There is no physical and environmental control policy for safeguarding of company assets.
IS auditor recommended a proposed solution to overcome the afore-mentioned issues. To implement
the same, he recommended a strategy to adopt new accounting system with the old and new systems
both being used alongside each other, both being able to operate independently. If all goes well, the
old system is stopped and new system carries on as only system.
1. An accountant has rights to create as well as modify accounting vouchers. Which of the
following principle has not been followed by the company in the given scenario?
a. Confidentiality
b. Availability
c. Integrity
d. Segregation of Duties
2. In the given case scenario, IS auditor using concurrent audit technique to check whether the © Carvinowledge Press (CNP), 2022
accounting system restricting the cash payment in excess of ` 10000/- or not. Identify from
the following concurrent audit techniques which will be useful in above case.
a. Use of System Control Audit Review File (SCARF)
b. Use of Integrated Test Facility (ITF)
c. Use of Continuous and Intermittent Simulation (CIS)
d. Use of Snapshot
3. In the given case scenario, if a junior employee Mr. AB from finance department sends
email to banker for request for money transfer and pertained to be as GM (Finance) of
Company. Under which of the following section of Information Technology Act, 2000 Mr.
AB will be punished?
a. Section 66A
b. Section 66B
c. Section 66C
d. Section 66D
Integrated Case Study - 20 (SMS Limited)

SMS Limited is a multinational company engaged in providing financial services in all over India.
Most of the transactions are done online. Presently, SMS Limited has Centralized Data Server which is
CA accessed by users from various geographical locations anywhere.
However, it’s current system is unable to cope up with the growing volume of transactions. Frequent
SE
connectivity problems, slow processing and a few instances of phishing attacks and virus attacks
S TU D Y
were also reported. Hence the Company has decided to develop more comprehensive robust in-
house software for providing good governance and sufficient use of computer and IT resources with
implementation of effective and efficient controls provided in the system to ensure the data integrity,
confidentiality and availability.
Also, an updated backup plan is to be prepared for SMS Limited in order to specify the type of
backup to be kept, frequency with which backup is to be undertaken, procedures for making a
backup, location of backup resources, site where these resources can be assembled and operations
restarted, personnel who are responsible for gathering backup resources and restarting operations,
priorities to be assigned to recover various systems and a time frame for the recovery of each system.
SMS Limited is also planning to take various types of insurance coverage for safeguarding of their
assets and to avoid unexpected future liabilities due to uninterrupted event or disaster.
1. A few instances of phishing attacks were also reported in SMS Limited. Which of the
following section of Information Technology Act, 2000 fixes liability on SMS Limited to
secure data of their customers?
a. Section 43A
b. Section 46
c. Section 66D
d. Section 75
2. Suppose you are appointed as an IS auditor of SMS Limited for auditing the Information
System. You are determining what controls are exercised to maintain data integrity. You
might also interview database users to determine their level of awareness of these controls.
Which of the following Control are you working on?
a. Data Resource Management Control
b. Security Management Control
c. Operation Management Control
d. Quality Assurance Control
3. SMS Limited is also planning to take various types of insurance coverage for safeguarding
of their assets and to avoid unexpected future liabilities due to uninterrupted event or
disaster. These Insurance Coverage falls under which type of a specific risk mitigation
strategy?
a. Terminate/Eliminate the Risk
b. Treat/Mitigate the Risk
c. Tolerate/Accept the Risk
d. Transfer/Share the Risk

4. Due to virus attack and phishing attack on Information System of SMS Limited, in order to
protect its critical data from virus attack; it is decided that in future the access to the social
networking site by its employees need to be limited. What type of risk response has the
SMS Limited exercised?
a. Terminate/Eliminate the Risk
b. Treat/Mitigate the Risk
c. Tolerate/Accept the Risk
d. Transfer/Share the Risk
Integrated Case Study - 21 (Ms. Queen)

Ms. Queen was appointed as Manager – Operational Risk and Compliance in ABC Company. HR of
ABC Company had completed all the formalities for her appointment.
CA Mr. Maharana, the Head of Human Resource (HR) Department had signed her joining letter through
black ink pen and delivered the same to her. On her joining, she was handed over a well written
document by the HR Department that provided instructions to its employees briefing upon what kind
SE
of behavior or resource usage is required and acceptable in the Company.

S TU D Y
It also contained detailed information on how to protect company’s information asset and instruction
regarding acceptable practices and behavior. In a week’s time, she got to meet Mr. Raja, Chief
Executive Officer (CEO) of the ABC Company.
Mr. Raja instructed her to conduct broad review of Human Resource Department Process to determine
the probable risks and to analyze the effectiveness and efficiency of existing controls in HR process.
Based on that, Ms. Queen started to review HR processes and controls implemented in the
company and highlighted following key matters in her report submitted to CEO:
ww Absence of rotation of duties control
ww Absence of Segregation of duties control
ww Lack of maker and checker concept
ww Manual authorization procedure exists
ww Key Man policies not implemented
ww Manual attendance registers and leaves record.
ww Invalid data in Human Resource Computer System.
ww Using of Social Networking Website like Facebook, Twitter etc. in office timings using
computer resources of HR Department.
ww Plan & Budget approved for development of Robust & Fully Automated Payroll Software
but not implemented till date.
ww Suggested to implementation of BYOD concept.
The CEO Mr. Raja appreciated the detailed report of Ms. Queen and started taking corrective steps
for improvement.
1. Which of the following would BEST provide assurance of the integrity of Ms. Queen (new
staff) that will be treated as preventive control measure for ABC Company?
a. Employing qualifies personnel
b. References
c. Bonding
d. Qualifications listed on a resume
2. During review, Ms. Queen found that an employee Mr. X is using social networking
websites like Facebook and Twitter after Office hours. Under which of the following section
of Information Technology Act, 2000; shall he be punishable?
a. Under section 43
b. Under Section 66A
c. Unser Section 66D
d. Not be punishable unless they come under the provisions of the Indian Penal Code,
1860
3. In the given case scenario, implementation of Bring Your Device (BYOD) policy makes the
ABC Company’s systems vulnerable to related threats. Any lost or stolen device could result
in an enormous financial and reputational embarrassment to the company. Which of the
risk does this refer to?
a. Device Risk
b. Implementation Risk
c. Confidentiality Risk
d. Application Risk
Integrated Case Study - 22 (GSWIL)

Gold Silver Watch India Limited (GSWIL) is a company domiciled in India, with its registered
office situated at Mumbai. The Company has been incorporated under the provisions of the Indian
CA Companies Act and its equity shares are listed on the National Stock Exchange (NSE) and Bombay
Stock Exchange (BSE) in India. The Company is primarily involved in manufacturing and sale of Gold
and Silver Watches, Jewelry, The Company has been incorporated under the provisions of the Indian
SE
Companies Act and its equity shares are listed on the National Stock Exchange (NSE) and Bombay
S TU D Y
Stock Exchange (BSE) in India. The Company is primarily involved in manufacturing and sale of Gold
and Silver Watches, Jewelry, Eyewear and other related accessories and products. Company located
200 retail stores all over India and launched Loyalty Card for its customers in which the customer data
for the loyalty card issued by a retail store is picked from a form filed by the customer. The data from
the form is entered into the software by data entry operators who report to a manager.
In order to protect customer data, Segregation of Duties are built in the software in such a way that
the operators have permission only to enter data. Any editing or modification can be done only by
the manager.
The retail store across India collecting customer data for loyalty programs consolidated into one
database and accessible in from centralized IT server anytime anywhere and also Company
maintained a separate fully equipped facility where the company can move immediately after
disaster and resume business.
Company Data Centre Housing about 350 employees are involved in handling business processes of
the Company and for security reasons, Management decides to shift its network server and mail server
to a secluded room with restricted entry.
On the recommendation of Chief Information Officer of the Company, existing system of the company
is being extensively enhanced by extracting and reusing design and program components.
1. Gold Silver Watch India Limited (GSWIL) decides to control the access to a software
application by segregating entry level and updating level duties. What type of Internal
Control does this amount to?
a. Physical Implementation of a Control
b. Corrective Control
c. Detective Control
d. Preventive Control
2. Gold Silver Watch India Limited (GSWIL) has a data centre housing about 350 employees
involved in handling businesses processes of company. For security reasons, it decides to
shift its network server and mail server to a secluded room with restricted entry. What kind
of internal control is applied by the Company in this situation?
a. Manual Preventive Control
b. Manual Detective Control
c. Computerized Preventive Control
d. Computerized Corrective Control
3. In Gold Silver Watch India Limited (GSWIL), an IS auditor wants to collect evidences based
on system user profiles. Which of the following can be used by the IS auditor to achieve this
objective?
a. Continuous and intermittent Solution (CIS)
b. Audit Hooks
c. System Control Audit Review File (SCARF)
d. Integrated Test Facility (ITF)
4. If Gold Silver Watch India Limited (GSWIL) has been found negligent in handling personal
information of customers then company’s liability to damages is covered under __________.
a. Information Technology Act, 2000, Section 67
b. Right to Information Act, 2006, Section 43A
c. Information Technology Act, 2000, Section 43A
d. Information Technology Act, 2000, Section 66B
Integrated Case Study - 23 (ABC Capital Finance Limited)

ABC Capital Finance Limited (‘the Company or ‘ACFL’) was inaugurated on 21st July 2019. The
Company is registered with the Reserve Bank of India (RBI) as a Non-Banking Financial Company vide.
CA Certificate No. N-13.14.2019, Head Office/Corporate Office of the Company situated at Mumbai.
The Company is primarily engaged in Lending Business. There are 10 Regional offices and 255
branches located all over the country that use various types of remote access information systems
SE
for smooth and fast processing of different types of loan applications all over branches & regional
S TU D Y
offices.
Company has adopted an internal control work in line with section 134(5) (e) of the Companies Act,
2013 and as per Clause 49 V (C) and (D) of SEBI, Equity Listing Agreement ensuring the orderly and
efficient conduct of its business, including adherence to the Company’s policies, safeguarding of its
assets and prevention and detection of frauds and errors, accuracy and completeness of Information
to various stakeholders.
Company is hosted on a robust Data Centre (DR) and Disaster Recovery Centre has designed on
fundamental principles – data security, data integrity, data availability and data scalability and has
strict information security procedures.
Company also entered into a reciprocal agreement with TBJ Capital Finance Limited (i.e., Internal
Business Group Company) as one of its strategists in Disaster Recovery Planning.
The Management of Company appointed a reputed Mumbai-based Chartered Accountancy Firm
called as DKT specialized in IS audit for conducting Information System Audit of the Company.
Further, the Company is now gearing up to enhance its technology capabilities across other areas such
as mobile computing, cloud computing, and BYOD.
1. IS auditor requires to check whether the Application System is calculating correct interest
on loan provided by ABC Capital Finance Limited using creation of a dummy entity in
the application system. Identify which of the following auditing technique is this process
referring to so that authenticity and accuracy of the processes can be verified?
a. Snapshot
b. Integrated Test Facility (ITF)
c. Audit Hooks
d. Audit Trail
2. ABC Capital Finance Limited entered into a reciprocal agreement with TBJ Capital Finance
Limited (i.e., Internal Business Group Company) as one of strategy of Disaster Recovery
Planning. Identify which of the following risk treatment approach does it indicate?
a. Transfer/Share the risk or Risk Transfer
b. Terminate/Eliminate the risk or Risk Avoidance
c. Treat/Mitigate the risk or Risk Mitigation
d. Tolerate/Accept the Risk or Risk Acceptance
3. XYZ Limited is engaged in providing Data Processing Service. It received a big contract
from ABC Capital Finance Limited (Non-Banking Financial Company) for its various
loan processing activities. XYZ Limited has limited Personal Computers at its office, so
it approached Amazon Web Service to provide them access to Virtual Machines for data © Carvinowledge Press (CNP), 2022
processing. XYZ Limited is using which Cloud Computing Service Model?
a. Software as a Service (SaaS)
b. Platform as a Service (PaaS)
c. Infrastructure as a Service (IaaS)
d. Network as a Service (NaaS)
4. ABC Capital Finance Limited has effective internal control system that includes Segregation
of Duties. Is Segregation of duties useful for Company? Why?
a. Yes, it reduces employee cost.
b. No, it complicates the role of the manager who has to manage more employees.
c. Yes, it reduces fraud risk & facilitates accuracy check of one person’s work by another.
d. No, it is not an advantage; it increases employee cost.
Integrated Case Study - 24 (Great India Gramin Co-Operative Society

Bank Limited)
Great India Gramin Co-Operative Society Bank Limited established in the year 2000. It is a single
state scheduled rural cooperative bank that provides banking facility to some villages of Rajasthan
CA only.
In 2001, an internal review was conducted by a team of inspection and supervision department of
National Bank for Agriculture & Rural Development (NABARD) that highlighted certain key controls
SE
issues that are as follows:

S TU D Y
ww The password policies were prescribed but not implemented by the bank.
ww Branches use out dated security manual or documentation of security procedures.
ww There was only one ATM machine near Bank Premises which had deposits as well as withdrawal
facility. Its maintenance was outsourced through at third party. The service level agreement was
not renewed since last three years and also there is no security guard since last six month.
ww During the inspection, it was observed that while refilling cash in ATM machine, the presence
of security guard was not mandatory.
ww Illegal and unauthorized software were installed on few computer systems of the Bank.
ww Antivirus software was not updated on few computers of the bank’s branches.
ww Disaster Recovery Plan existed but was not tested by the employees.
ww During inspection, Inspection and Supervision team observed a fraud where an employee
Mr. X had transferred a small amount of money from various account holders to his own
account while rounding off in computerized banking system. That fraud turned around to be
of ` 2,49,587/-.
After review report, the NABARD instructed the Great India Gramin Co-Operative Society Bank
Limited to sort out the security control weakness and demanded a reasonable assurance for better
security control in future in effective and efficient manner.
Subsequently, Bank worked on all the observation made by NABARD and established the
following controls:
ww Highly qualified IT personnel were appointed in every branch.
ww Strict follow up and compliance of Information Security and Password Policy for all users.
ww Fulfilled the mandatory requirement of two personnel for accessing and refilling cash in the
ATM machine.
ww Predefined role and responsibility of each employee.
ww Regular training on risk awareness was to be given to every employee on periodically basis.
ww Updated Antivirus software, Intrusion Detection System and firewall on all computers.
ww CCTV cameras were installed in every branch of the Bank.
ww Bio-metric attendance system was made compulsory for every employee of the Bank.
ww New service level agreement with ATM Caretaker Company was renewed to provide ATM
security guard.

1. Inspection team observed a fraud of ` 2,49,587/- of Mr. X. Identify the appropriate example
of Rounding down Technique from given below which might have been used by Mr. X.
a. Turning ` 102.02 to ` 102.00
b. Turning ` 102.02 to ` 102.10
c. Turning ` 102.02 to ` 102.50
d. Turning ` 102.02 to ` 102.05
2. In the given case scenario, cashier had also the right to authorize the withdrawal cheque of
account holder. Which type of issue related to Operational control in bank is covered under this?
a. Lack of appropriate segregation of duties
b. Lack of password control policy
c. Lack of supervision of branch manager
d. Lack of detection control over operation
3. From the given case scenario, it is observed that proper division of work and responsibility
are necessary to ensure that one person cannot single-handedly commit a fraud. This can
be achieved by using the concept of __________.
a. Access Control b. Segregation of Duties
c. Need to know d. Least privilege
4. Great India Gramin Co-Operative Society Bank Limited has password policy but not
implemented properly, therefore, users were able to keep short length passwords for their
convenience to access the banking system. It refers to ___________under Information
System concepts.
a. Threat b. Exposure
c. Vulnerability d. Attack
5. Great India Gramin Co-Operative Society Bank Limited implemented a new and strict
password policy where users have to keep minimum 8 characters alpha-numeric login
password and that password must be reset after 30 days to get access in the Banking System.
As per classification of the Information System controls, which type of control is this?
a. Preventive Control b. Detective Control
c. Corrective Control d. Compensatory Control
Integrated Case Study - 25 (SciLabs)

SciLabs, is an upcoming robotics company in India providing innovative solutions for different verticals.
The company has adopted the concept of Cloud Computing using the cloud type which is small, most
CA secure, controlled, maintained internally and used to perform critical activities of the company.
For every new project undertaken by them; the functional requirement documents are prepared, and
the initial design requirements are communicated to programmers via algorithms and flowcharts. All
SE
the customer requirements are tracked, assembling materials are ordered and the details regarding
S TU D Y
entire cost incurred for training, research and full-fledged development of the product are managed © Carvinowledge Press (CNP), 2022
through the implemented SAP ERP system.
Furthermore, different versions of all the documents and white papers related to the ongoing
research are stored in the Relational Database Management Systems (RDBMS) Teradata warehouse
periodically to maintain record of all the changes a said project undergoes during its entire life cycle.
Such methodology enables SciLabs to maintain and compare the data between different time periods
based on the time stamps the data is stored in the data warehouse.
SciLabs has also implemented stringent controls so that the high-level architectural diagrams of the
new project are kept with utmost confidentiality.

1. Flowcharts are used by SciLabs to communicate the requirements to the programmers.
Which among the following would be the initial step in developing flowcharts?
a. Identifying the activities in each process step.
b. Preparing an initial rough diagram.
c. Identifying the business processes to be documented.
d. Identifying the starting point of the process.
2. SciLabs uses a module of SAP ERP system that enables to create detailed scheduling,
material requirement planning, and refine production integration. Which of the following
module of SAP ERP support all these features?
a. Material Management b. Supply Chain
c. Production Planning d. Sales and Distribution
3. The documents and white papers related to the research carried on by the SciLabs analysts
are loaded in Teradata data warehouse so as to have comparisons of the different version
files. Which feature of a Teradata tool is referred here?
a. Standardized b. Time Variant
c. Non-operational data d. Consistency
4. SciLabs initially has adopted the concept of Cloud Computing using the cloud which is
small, most secure, controlled and maintained internally. However, with the expansion in
the SciLabs business, the management decided to deploy another cloud named _____ for its
non-critical activities and usage of additional resources. Identify the deployed cloud.
a. Private Cloud b. Public Cloud
c. Hybrid Cloud d. Community Cloud
5. Though stringent controls are implemented by SciLabs, one of its development team
member Mr. Atul accesses the confidential architectural diagrams of the new project and
download them on his personal computer for wrongful reasons. Under which Section of the
Information Technology Act, 2000; is Mr. Atul punishable?
a. Section 65 b. Section 43
c. Section 66 d. Section 66D
Integrated Case Study - 26 (M/s TAS & Sons)

M/s TAS & Sons is an automobile manufacturer of spare parts of four wheelers in India. The company
has four manufacturing units in various locations across the country. It also has two branch offices
CA located in Pune and Hyderabad to handle activities like orders, delivery, complaints and stock
SE
operations. The company maintains its account with ABC Bank from where it also has taken various
loans and advances.
S TU D Y
Sometime ago, the company’s business processes like accounting, purchase, sales and inventory were
maintained in manual mode. The management of the company observed that the manual processing
of these activities hinder the overall working of the business related daily operations. This resulted
in huge gap in the flow of information, pending orders, delayed deliveries, and delayed decision
making due to lack of business reports and therefore overall non-performance. Thus, the management
committee decides to adopt the process of automation for its various business operations so that
information flow would be timely and consolidated within its branches and manufacturing units. To
attain this objective, the service models of Cloud Computing are proposed to be adopted so that the
branches and manufacturing units are interconnected with centralized mechanism of data sharing and
storage. The proposed system with well-implemented access controls will provide robust data security
among its systems of branches and manufacturing units. Not only the record keeping, but also data
maintenance and reports generation would become simpler after the implementation of proposed
system. The management is also looking for better prospects of adhering to the legal compliances of
the country and also to initiate its business operations through online mode.
Subsequently, the company hires a consultant Mr. Sumit to carry out the feasibility study of its proposed
system who prepares a feasibility report and submits to the management. Based on the go ahead
report of Mr. Sumit’s report, a project team is scheduled to be constituted who will work under him to
execute the project and ensure its delivery on time.

1. The Management committee of M/s TAS & Sons decides to automate its entire business
processes anticipating reaping better benefits for the company. Which of the following does
not come under the category of benefits of Automation?
a. Consistency of automated processes
b. Automating Redundant processes
c. Reduction of turnaround time
d. Better utilization of employees’ time
2. In purview of above case scenario, the management of M/s TAS & Sons decides to adopt
the process of automation for its various business processes so that information flow within
its units and branches would be timely and consolidated. The data is centralized and in
case of loss of any set of data from this location, whole business may come to stand still.
Identify from the following controls that may be useful to overcome the aforementioned risk.
a. It can be controlled by removing redundant data.
b. Back up arrangement needs to be strong.
c. To allocate some funds in case of contingencies.
d. Overhauling of organizational structure is required.
3. If the company hires XYZ Ltd. as its Cloud Computing service provider, which of the
following model of Cloud Computing would be useful for M/s TAS & Sons if XYZ Ltd.
proposes to host company’s application at its data center over the internet to make it
accessible to the customers of M/s TAS & Sons?
a. Infrastructure as a Service b. Platform as a Service
c. Software as a Service d. Database as a Service
4. In purview of the above case scenario, the company decides to install various internetwork
processors like routers and firewalls etc. for its business application through online mode in
order to make its whole network secure. Which type of control the company is planning to
work on?
a. Corrective Control b. Preventive Control
c. Network Control d. Detective Control
5. M/s TAS & Sons maintains its account in ABC Bank which faces the application risk of
incorrect classification and provisioning of Non Performing Asset (NPA) resulting in
financial mismanagement, of company’s account. Which control would be best suggested to
take care of this?
a. Access for changes made to the configuration, parameter settings should be restricted
to authorized user.
b. Unique Id should be created for each asset.
c. The system parameters need to be set up as per business process rules of the bank.
d. To ensure existence of configuration/customization in the application to perform NPA
classification as per relevant RBI guidelines. © Carvinowledge Press (CNP), 2022
Integrated Case Study - 27 (Sweet & Sour)

Sweet & Sour is an established food chain with five branches at different locations within Delhi. In
2018, the management decided to start a tiffin services with 24x7 availability on regular basis. To do
CA so, they decided to acquire a software which would be an online assistant to its customers by providing
them a complete detail about their services. The Management asked its manager to present them a
report mentioning the benefits, risks, control objectives and above all highlighting any changes that
SE
are required in the working of food chain.

S TU D Y
The management settled on a plan to benefit all its customers by providing them discounted coupons
in case they recommend their services to others and customer ensuring to provide the food chain of
three new customers. Also, the management decided for a centralized billing system that mandatorily
requires customer’s name and phone number to be filled for each bill that system generates. To maintain
these necessary details of its customers, the data management team of Sweet & Sour implemented
major changes in the database design of its billing software. Subsequently, the security and database
maintenance has become essential to protect the system against any unlawful activity as the database
now contains the personal details of its customers.

1. The software which food chain decided to buy, to help their customer and provide them
online help, falls under which of the following technology?
a. Artificial Intelligence b. Data Mining
c. Cloud Computing d. Mobile Computing
2. The Manager of the food chain prepared a document wherein he depicted various business
processes of the food chain in diagrammatic form. Which of the following diagram will he
use to present pre-defined process?
a. b.
c. d.
3. The data management team of Sweet & Sour food chain was working to implement changes
in database design of its billing software. Which of the following person will carry out
routine data maintenance and monitor this task?
a. Database Administrator b. Database Architect
c. Database Analyst d. Database Advisor
4. The management of Sweet & Sour has shown its concern what would happen if any of
its employees dishonestly make use of personal information of customer. Which of the
following IT Act, 2000 will help Sweet & Sour to deal with this situation?
a. Section 43A b. Section 43
c. Section 66E d. Section 66B
5. The Management Information System of SVE Ltd. enterprise develops MIS reports only
when required. It does not generate MIS reports for each and every day. Identify from
following the type of MIS report generated by SVE Ltd.
a. Off Demand MIS Reports b. Demand MIS Reports
c. Required MIS Reports d. On-Demand MIS Reports
Integrated Case Study - 28 (GoCart)

GoCart is one amongst the popular e-commerce shopping portals delivering the products in India and
SAARC nations with its head office in New Delhi. It recently entered into a Service Level Agreement
CA (SLA) with Google, wherein Google would provide the necessary application framework, testing tools
to GoCart to develop and deploy its application online. On successful deployment of i ts application
and in order to get a competitive advantage over other e-Commerce providers, GoCart launched
SE
a multi-saver sale wherein huge discount on the best brands are available, complimentary gifts for
S TU D Y
purchases above a certain amount and express free delivery are also provided. All the revenue
generated through the multi saver sale will be routed through a separate current account maintained
with CSC Bank, from where GoCart has already taken a loan.
With the increase in the cybercrimes and misuse of customer data, GoCart has implemented stringent
controls to prevent any unauthorized access to data and has opened up new job roles exclusively with
objective of ensuring security at network and operating system levels. GoCart has also implemented
certain controls to avoid the risk that prevent it from losses due to failure of internal processes, any
criminal activity by an employee and product/service failure. Further to comply with the regulatory
requirements, GoCart books of accounts are well maintained and subjected to annual statutory audit
and the business reporting is done through XBRL.

1. GoCart has implemented certain controls to avoid the risk for prevention of losses due to
failure of internal processes, any criminal activity by an employee and product/service
failure. Which among the following risk would GoCart be subjected to in this case?
a. Strategic Risk
b. Operational Risk
c. Financial Risk
d. Residual Risk
2. For GoCart, the business reporting is done using XBRL. Identify the feature of XBRL which
stops poor quality information being sent to a regulator, when the draft report is being run
by one of its staff who had prepared the same?
a. Clear Definition
b. Multilingual support
c. Strong Software Support
d. Testable Business Rules.
3. With the objective of maintaining utmost security, GoCart recruited Mr. Y to examine logs
from firewalls, intrusion detection system and to issue security advisories to other members
in IT depar tment. Which of the following job roles best fits into job profile of Mr. Y?
a. Operations Manager
b. Network Architect
c. Security Analyst
d. Database Administrator.
4. With the recently entered Service Level Agreement (SLA) with Google, GoCart successfully
developed and deployed its new application. Identify the type of cloud service utilized by
GoCart in the application which is developed online?
a. Infrastructure as a Service
b. Platform as a Service
c. Software as a Service
d. Network as a Service
5. In addition to routing the revenue in accounts maintained with CSC Bank, GoCart also
has taken various loans and advances from CSC Bank. If CSC Bank faces the information
security risk of non - establishment of user accountability for the accounts created for
GoCart, which control would be best suggested for this?
a. The identity of users is authenticated to system through password.
b. System validations have been implemented to restrict set up of duplicate customer
master records.
c. All users are required to have a unique user id.
d. Access for changes made to the configuration, parameter settings is restricted to
authorized user.

Answer Keys
Integrated Cases 1
Topics Covered 1. EIS Fundamentals 2. Ansoff Matrix (SM)

3. EIS Sub-systems 4. DBMS
5. Data Analytics 6. Business Processes
7. FAS-ERP Modules 8. Computing Technologies
MCQs Key 1 2 3 4 5
c c b c a
Integrated Cases 2
Topics Covered 1. CBS – Risks and Controls 2. PMLA
3. FAS – ERP Modules 4. Digital Payment Systems
5. ISCA
MCQs Key 1 2 3 4 5
a c b b c
Integrated Cases 3
Topics Covered 1. CBS – Risks and Controls 2. PMLA
3. FAS – ERP Modules 4. Digital Payment Systems
5. ISCA
MCQs Key 1 2 3 4 5
b c a a c
Integrated Cases 4
MCQs Key 1 2 3 4 5
c a b c a
Integrated Cases 5
MCQs Key 1 2 3 4 5
c b d c b
Integrated Cases 6
MCQs Key 1 2 3 4 5
d b a d b
Integrated Cases 7
MCQs Key 1 2 3 4 5
c b a b a
Integrated Cases 8
Topics Covered 1. BPA 2. DBMS
3. FAS – ERP Modules 4. ISCA
5. Regulatory Compliances
MCQs Key 1 2 3 4 5
c d b b a
Integrated Cases 9
Topics Covered 1. IT Act, 2000 2. FAS
3. ERM 4. Cloud Computing
5. ISCA
MCQs Key 1 2 3 4 5 6
b b a b d a
Integrated Cases 10
Topics Covered 1. BPA 2. DBMS
3. FAS – ERP Modules 4. ISCA
5. Regulatory Compliances
MCQs Key 1 2 3 4 5
c b b d d
Integrated Cases 11
Topics Covered 1. IT Act, 2000 2. Digital Payment Syatems
3. ERM 4. Concurrent Audit Tools
5. ISCA
MCQs Key 1 2 3 4 5
b a d c d
Integrated Cases 12
Topics Covered 1. Emerging Computing Technologies 2. E-Commerce
3. ERM 4. Concurrent Audit Tools
5. ISCA © Carvinowledge Press (CNP), 2022
MCQs Key 1 2 3 4 5
b c b c b
Integrated Cases 13
Topics Covered 1. Emerging Computing Technologies 2. Green Computing
3. ERP Modules 4. ISCA
5. BPA 6. CBS
MCQs Key 1 2 3 4 5
b c d d d
Integrated Cases 14
Topics Covered 1. Cloud Computing 2. ISCA
3. CBS 4. Regulatory Compliances
5. FAS
MCQs Key 1 2 3 4 5
b d c a b
Integrated Cases 15
Topics Covered 1. Cloud Computing 2. IT Act, 2000
3. ERM 4. ISCA
MCQs Key 1 2 3 4
b c b d
Integrated Cases 16
Topics Covered 1. Cloud Computing 2. IT Act, 2000
3. ERM 4. ISCA
MCQs Key 1 2 3
d a d
Integrated Cases 17
Topics Covered 1. FAS-ERP 2. Mobile Computing
3. BYOD 4. ERM
MCQs Key 1 2 3
c a b
Integrated Cases 18
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3
c d c
Integrated Cases 19
Topics Covered 1. IT Act, 2000 2. ISCA
MCQs Key 1 2 3
d b d
Integrated Cases 20
Topics Covered 1. IT Act, 2000 2. ISCA 3. FAS
MCQs Key 1 2 3 4
a a d b
Integrated Cases 21
MCQs Key 1 2 3
a d a
Integrated Cases 22
MCQs Key 1 2 3 4
d a c c
Integrated Cases 23
MCQs Key 1 2 3 4
c c c c
Integrated Cases 24
MCQs Key 1 2 3 4 5
a a b c a
Integrated Cases 25
MCQs Key 1 2 3 4 5
c b b b b
Integrated Cases 26
MCQs Key 1 2 3 4 5
b b c b d
Integrated Cases 27
MCQs Key 1 2 3 4 5
a c c a b
Integrated Cases 28
MCQs Key 1 2 3 4 5
b d c b c
Appendix - III
Glossary
A
ww Access Control defines allowing / disallowing facilities and features in a software to a particular person or group of
persons.
ww Accounting Master Data is master data relating to financial accounting, e.g.
ww ledger, Group, Cost Centre, etc.
ww Application Controls are the controls which are implemented in an application to prevent or detect and correct
errors. These controls -in-built in the application software ensure accurate and reliable processing.
ww Application Server performs necessary operations and this updates the account of the customer
ww Artificial Intelligence is defined as the capability of humans analyzing situations, create rules and ensure compliance
with the rules is defined as intelligence. The same being done by system is called as Artificial Intelligence.
B
ww Back End is a part of overall software system which does not interact with user directly and used to store data.
ww BHIM (Bharat Interface for Money) is a Mobile App developed by National Payments Corporation of India (NPCI)
based on UPI. It facilitates e-payments directly through banks and supports all Indian banks which use that platform.
ww Business Intelligence provides tools for using data about yesterday and today to make better decisions about
tomorrow.
ww Business Process Automation (BPA) is the technology-enabled automation of activities or services that accomplish
a specific function and can be implemented for many different functions of company activities.
ww Business Process is an activity or set of activities that will accomplish a specific organizational goal.
C
ww Central Database is a common database used by all the departments and business functions.
ww Computerized Accounting is an accounting done using a computer software system.
ww Control refers to the policies, procedures, practices and organization structures that are designed to provide
reasonable assurance that business objectives are achieved and undesired events are prevented or detected and
corrected.
ww Core Banking Solution (CBS) refers to a common IT solution wherein a central shared database supports the entire
banking application. Business processes in all the branches of a bank update a common database in a central server
located at a Data center, which gives a consolidated view of the bank’s operations.
ww Corporate Governance is the framework of rules and practices by which a board of directors ensures accountability,
fairness, and transparency in a company’s relationship with its all stakeholders (financiers, customers, management,
employees, government, and the community).
ww Corrective Control is designed to correct errors or irregularities that have been detected.
ww Cybercrimes are the offences that are committed against individuals or groups of individuals with a criminal motive
to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly
or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and
groups) and mobile phones.
D
ww Data Analysis is defined as the science of examining raw data with the purpose of drawing conclusions about that
information.
ww Data Flow Diagrams (DFD) show the flow of data or information from one place to another. DFDs describe the
processes showing how these processes link together through data stores and how the processes relate to the users
and the outside world.
ww Data is defined as a raw or unprocessed information.
ww Database is the place where data is stored in a systematic and logical format, generally in tables and in rows and
columns.
ww Detective Control is designed to detect errors or irregularities that may have occurred.
Ap p endi x - III: Glo ssar y 273
E
ww E-commerce refers to the products / Services being purchased and sold through electronic mode by using internet
on desktops / laptops etc.
ww Electronic Safety is making data safe using electronic methods like password protection.
ww Emerging Technology are technology frontiers which are changing the way humans work and use technology.
ww Enterprise Information Systems provide a technology platform that enables organizations to integrate and
coordinate their business processes on a robust foundation.
ww ERP (Enterprise Resource Planning) is a type of software system which take care of all the departments and
functions.
ww E-wallets are like normal wallet holding cash of owner, the only difference is that cash is not physical by e-form.
F
ww Financial Risk is a risk that could result in a negative financial impact to the organization (waste or loss of assets).
ww Flowcharts are used in designing and documenting simple processes or programs.
ww Front End is defined as a part of overall software system which interacts with users directly and sends and receives
data from database.
G
ww General Controls also, known as infrastructure controls are applied to all systems components, processes, and data
for a given organization or systems environment.
H
ww Hand held Devices can be carried comfortably by user from one location to other like mobiles, IPAD etc. and are
internet ready.
ww Human Resource refers to the human being working in an organization, and are considered as resource for
generating income.
I
ww Immediate Payment Service (IMPS) is an instant interbank electronic fund transfer service through mobile phones.
It is also being extended through other channels such as ATM, Internet Banking, etc.
ww Information is the processed data.
ww Information Technology Act provides the legal framework for electronic governance by giving recognition to
electronic records and digital signatures. It also deals with cybercrime and facilitates electronic commerce.
ww Installed Application are software application installed on the hard disc of computer of a user.
ww Integrated Systems are the systems taking care of communication and data needs of all the departments and
business functions.
ww Internal Control is a process, effected by an entity’s board of directors, management, and other personnel, designed
to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of
operations, reliability of reporting and compliance with applicable laws and regulations.
ww Internet of Things refers to the capability of household devices to communicate through internet.
ww Interoperability is an ability of two or more applications that are required to support a business need to work
together by sharing data and other business- related resources.
ww Inventory is defined as a list of stock items intended for sale or consumption in normal course of business.
ww Inventory Master Data is the master data relating to inventory accounting, e.g. Stock Items, Stock Groups, Godowns,
Units of Measures, etc.
ww IT Control objectives are a statement of the desired result or purpose to be achieved by implementing control
procedures within a particular IT activity.
K
ww Knowledge is defined as processed information derived from the raw data after processing. It is the inference out of
information.
M
ww Machine Learning refers to the application of Artificial Intelligence principles to help system improve their decision-
making capabilities is Machine learning.
ww Management processes measure, monitor and control activities related to business procedures and systems.
ww Master Data is standing or relatively permanent data, not expected to change frequently.
ww M-commerce refers to the Products / Services being purchased and sold through electronic mode with the help of
accessing internet on hand held devices.
ww Mobile – App is an application creating interface for user and vendors to interact.
ww Money Laundering refers to Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly
is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as
untainted property shall be guilty of the offence of money-laundering’
N
ww Non-Integrated Systems are the systems where separate database is maintained by each department.
ww Non-Master Data is the Transaction data or data which is expected to change frequently.
O
ww Operational Processes deal with the core business and value chain.
ww Operational Risk is a risk that could prevent the organization from operating in the most effective and efficient
manner or be disruptive to other operations.
P
ww Payment Gateway is a way user / customers makes payment for an e-commerce/ m-commerce transaction.
ww Payroll Master Data is the master data relating to payroll, i.e. Employee Names, Pay Heads, Salary Structure, Leave
Types, etc.
ww Personal Information is provided by customer such as name, address, phone number, and email, etc.
ww Physical Safety ensures the safety of assets physically, e.g. locking the server room, controlling physical access to
data.
ww Preventive Control is designed to keep errors or irregularities from happening.
ww Process is defined as the sequence of events or steps that uses inputs to produce outputs
R
ww Regulatory (Compliance) Risk is a risk that could expose the organization to fines and penalties from a regulatory
agency due to non-compliance with laws and regulations.
ww Report is the information presented in a proper format.
ww Reputational Risk is a risk that could expose the organization to negative publicity.
ww Risk Analysis is the process of identifying security risks and determining their magnitude and impact on an
organization. Information systems can generate many direct and indirect risks.
ww Risk is any event that may result in a significant deviation from a planned objective resulting in an unwanted negative
consequence. It is the potential harm caused if a threat exploits a vulnerability to cause damage to an asset.
S
ww Server is a sophisticated computer that accepts service requests from different machines called clients.
ww Software Application is a computer program designed to perform a group of coordinated functions, tasks, or
activities for the benefit of the user.
ww Statutory is related to statute or law.
ww Statutory Master Data is master data relating to statute or law, e.g. Rates of taxes, forms, nature of payments, tax
heads.
ww Strategic Risk is a risk that would prevent an organization from accomplishing its objectives (meeting its goals).
ww Supporting processes back core processes and functions within an organization.
ww System is defined as a set of things working together as parts of a mechanism or an interconnecting network; a
complex whole.
T
ww Transaction is a give and take, exchange of benefits.
U
ww Unified Payment Interface (UPI) is a system that powers multiple bank accounts (of participating banks), several
banking services features like fund transfer, and merchant payments in a single mobile application.
ww User is a person using a software programme.
V
ww Validation is the checking of data input by the user for correctness, e.g. Mobile number must contain 10 digits.
ww Voucher is a documentary evidence of transaction. A format of data entry for a transaction.
ww Voucher Type are the types of voucher, e.g. Sales, Purchase, Receipt, Payment, Contra, Journal.
W
ww Web Application are the software application installed on a website and access through a browser application.
c h a p APPENDIX
t e r - IV
Additional Case Studies

Integrated Case Study - 29 (Sure Success Trainers)
SureSuccess Trainers is one of the most popular training institutions nationwide. During their start
in 2007, they provided physical sessions in selected cities on career counselling, mock interviews,
CA competitive exams, and group discussions to prepare under-graduate and post- graduate students for
their job placements. Due to high success placement rate of its trained students, they revamped their
business model and launched their mobile app in the year 2017. To meet out the expenses associated
SE
with new requirement of using mobile technology, SureSuccess Trainers had taken loan of ` 20 Lakh
S TU D Y
from BNC Bank. Since then, the SureSuccess mobile app is catering to the needs of many aspirants
all over India by providing them online classes through virtual mode. The app further provides
various features like registering for new course, notifications, preparatory material, audios, videos
etc. During registration into a particular course, the students need to make online payments of the
course through various modes - Net banking, Debit Card and Credit Card. After making payment,
every student is allotted a unique user id and password to access their course through mobile app. The
mobile app allows the registered students to login into the SureSuccess Trainers App from their unique
user-ids and join the live sessions they are enrolled in. Since the launch of its mobile app, the
SureSuccess Trainers has been utilizing specialized tools for analyzing the future trend and scope for
online coaching and their current position in the coaching industry on the regular basis. They have been
performing well and has lately been awarded nation-wide second rank by Corecourse Magazine. The
Corecourse Magazine has awarded the rank based on the performance analysis report of
various nationwide training institutions on different parameters.
Based on the facts of the case scenario given above, choose the most appropriate answer to Q.
Nos 29.1. to 29.5.
1. The SureSuccess Trainers App provides the facility to request for the change in his/her course
even after registration in case a student wishes to. A registered student can generate the
course change request through the app which subsequently is restricted to be approved by
only authorized administrative personnel of SureSuccess Trainers. Such restriction refers to
which factors of Business Process Automation?
(a) Confidentiality (b) Integrity
(c) Availability (d) Timeliness
2. Corecourse Magazine analyzed the performance of various training institutions on
different parameters based on which nation-wide second ranking was awarded to
SureSuccess Trainers. Which among the following technologies is utilized by Corecourse
Magazine for collecting data of various institutions from internal systems and external
sources, prepare the data for analyses, develop, and run queries against the query and to
create a report based on the evaluated data?
(a) Data warehouse (b) Business Intelligence
(c) Machine Learning (d) Data Mining
3. SureSuccess Trainers App has controls implemented at the operating system level such that
each registered student has access to only his/her registered course and its relevant
content. Identify which type of Operating system controls is being implemented here?
(a) Automatic terminal identification (b) User identification and Authentication
(c) Terminal time out (d) Access token
4. The mode of digital payment allowed in SureSuccess Trainers App through which a student
can register in any course are Net banking, Debit Card and Credit Card. Which of the
following statement does not hold true for these modes of payment?
(a) Through Debit Card of BNJ bank, Mr. Bhola successfully paid ` 3,000 online for his
desired course through SureSuccess Trainers App which led to the deduction of said
amount from his bank account immediately.
(b) If Ms. Rita has successfully paid ` 5,000 online for registration in a new course through
SureSuccess Mobile App using her Credit Card of ABC Bank, this implies that there
should have been sufficient balance in her bank account for the transaction to get
completed.
(c) Using the Credit Card of KLU Bank, Ms. Doly paid `4,800 for the desired course
in SureSuccess Mobile App and the transaction got over with charge of some fixed
amount as transaction fees by the Credit Card issuer KLU bank.
(d) If the payment for the course has been done by Mr. Ram using his Debit Card of DLF
bank, that indicates that he must be having a bank account in the DLF bank.
5. SureSuccess Trainers has approached BNC Bank for the loan of ` 20 Lakh. To do so, the
BNC bank will undergo the process of creating a master for the institution in its Loan
Disbursement System. After filling the loan application form, following steps are involved
in the creation of masters in Loan Disbursement System.
i. BNC bank seeks for KYC and other relevant documents from SureSuccess Trainers.
ii. BNC Bank issues Sanction letter to SureSuccess Trainers mentioning the terms of facilities
and loan amount.
iii. The credit team of BNC Bank verifies the documents of SureSuccess Trainers in terms of
its financial and credit worthiness.
iv. The SureSuccess Trainers’ account and master gets created in the BNC Bank’s Loan
Disbursement System.
v. Disbursement team prepares Pre-Disbursement certificate containing the details
of all the facilities and limit of ` 20 Lakh approved for SureSuccess Trainer.
What would be the correct sequence of the process?
(a) i,iii,ii,v,iv (b) iii,ii,i,iv,v
(c) v,iv,i,ii,iii (d) i,ii,iii,iv,v
Answer Key
MCQs Key 1 2 3 4 5
b b d b a
Integrated Case Study - 30 (HEALTHY MAASALA Ltd.)

HEALTHY MAASALA Ltd., a FMCG company is dealing in homemade and organic spices. Considering
the expansion of company, the company planned to start online sales for its products through online
CA merchants like Amazon, Flipkart, and BigBasket. To start the new line of business, company decides
to get a detailed study done for the proposed system; for which the company hires the services of JS
Developers. The detailed study performed by JS developers listed few critical issues that are required
SE
to be taken care to achieve goals and success which the company intends to achieve. On the basis
S TU D Y
of its analysis of present system, JS developers prepared a report and submitted it to management
of HEALTHY MAASALA Ltd. In annual board meeting, the management considers the report of JS
developers on various issues and submits its response on the same. The issues raised by JS developers
and action plan of HEALTHY MAASALA Ltd. are listed below.
Ap p endi x - IV: Addi t io nal Case St udi es and S cenar i o s 277
S.No. Critical Issues (as mentioned in report of Management Response of HEALTHY

JS developers) MAASALA Ltd.
1. Company needs to streamline, upgrade its Management agrees to expand resources,
processes of order and supply for its time, and guidance to start new line of
new line of business. online business and also showed its concern
on authentication of customer.
Management decides to engage an auditor

as a part of development team to ensure that
the developed system would be as per the
need of new line of business.
2. The success of online business depends on Management considers this point as an
the timely supply of products to customer. important factor and feels that same should
Therefore, the company should work on be taken care by streamlining and upgrading
Turn-Around-Time the processes as the standard of online
(TAT). industry for TAT is changed to 24 hours.
3. The business managers need to be provided Management highlights this as an essential
MIS reports on demand. feature of being able to generate relevant
MIS reports through proposed system.
Apart from above issues, the company extracts the relevant data on market trend of homemade
and organic spices and purchase pattern of customer of these products. Also, the cybercrimes
and their counter provisions under IT Act, 2000 governing e-commerce transactions are to be
considered while developing the new system.
Based on the facts of the case scenario given above, choose the most appropriate answer
to Q. Nos 30.1. to 30.5.
1. TAT represents the time gap between receipt of order and dispatch of order and
considered to be an important factor in Order to Cash process flow. The phases of
Order to Cash business process are as follows:
(i) Customer Order (ii) Order fulfilment
(iii) Collections (iv) Accounting
(v) Invoice (vi) Delivery Note
Choose the correct set of phases of order to cash business process flow
wherein the TAT can be applicable.
(a) (i), (ii),(vi),(v),(iii),(iv) (b) (i),(ii),(v), (vi),(iii),(iv)
(c) (ii),(iv),(v),(vi),(i), (iii) (d) (ii),(iii),(iv),(v),(i),(vi)

2. In the proposed system, the business managers shall have the facility to generate
relevant MIS reports. Identify the incorrect about Management Information System (MIS).
(a) Business mangers rely on reports to evaluate businesses’ daily activities and
make decision.
(b) The warehouse mangers require MIS reports to gain information about product
inventory and shipping information.
(c) Finance and accounting managers would require information about sales
revenue and business expenses.
(d) Different MIS reports automatically suggest the best solution to its stakeholders.
3. The company does not have its own website and hence the management of HEALTHY
MAASALA Ltd. decides to sell its products through online intermediary merchants like
Amazon and BigBasket etc. Identify the business model of e-Commerce being used by
the company in this case.
(a) Business to Consumer e-Commerce (b) Business to Business e-Commerce
(c) Consumer to Business e-Commerce (d) Consumer to Consumer e-Commerce
4. In purview of above case scenario, the management of HEALTHY MAASALA
Ltd. observes that the company must follow IT Act, 2000 that provides the legal
recognition for all transactions that are made electronically. As per IT Act 2000; which of
the following activity does not fall under the purview of computer related offences?
(a) Violation of Privacy
(b) Stealing Computer resource and computer source document
(c) Theft of Identity
(d) Removal, transfer of property to prevent tax recovery
5. In purview of case scenario, the decision of management to engage an auditor as a
part of system development team is to ensure that the developed system is as per the
need of new line of online business. This engagement of Auditor is classified as ______
audit.
(a) Post Implementation (b) Internal
(c) Concurrent (d) General
Answer Key
MCQs Key 1 2 3 4 5
a d a d c
Integrated Case Study - 31 (GK Sports Ltd.)

GK Sports Ltd. is one of the largest manufacturers of various sports equipment with its head office
at Delhi. The company sells its products in both offline as well as online mode through its website.
CA Analysing the good response of customers in India, the company decides to sell its products across the
countries- Australia, New Zealand, Canada, US and Germany through online mode. The company
offers various payment modes to its customers for their ease like credit card, debit card and UPI.
SE
During expansion Mr. Ajay has been recruited as an internal auditor to review the business process.
S TU D Y
The company uses proper automation for its various business processes and practicing the regular
auditing. During assessment, he observes that there exist technical difficulties in integrating the sales
amounts received through various payment gateways available on its website across the
countries. In order to scrutinize the potential fraud involved, the management of company hires ABC
Ltd. to identify the gaps in various payment gateways. ABC Ltd. prepares an inspection summary
report mentioning the names of Mr. Ajay and Mr Ravi, managers of the company who used to
slice a small amount of money from every computerized transaction made through the portal.
The management decides to book the fraudsters for dishonesty and fraud under the provisions of
Information Technology Act, 2000. Learning lesson from the untoward event, the management
also finds it necessary to adopt stringent security measures in its information system.
to Q. Nos 31.1. to 31.4.
1. Which kind of business risk does the management of GK sports Ltd. experiences when
Mr. Ajay and Mr. Ravi were found involved in fraud of online transactions?
(a) Strategic risk (b) Financial risk
(c) Regulatory risk (d) Operational risk
2. In purview of above case scenario, identify the technique used by the fraudster
employees and also identify the section under the Information Technology Act, 2000 for
they can be booked?
(a) Data Diddling, Section 66 (b) Salami Technique, Section 66
(c) Data Diddling, Section 70 (d) Salami Technique, Section 70
3. The management of GK Sports Ltd. wishes to implement some type of access control
approach to restrict system access to authorized users, wherein employees having
access rights can only access the information they need to do their jobs and prevent
them from accessing information which doesn’t pertain to them. What type of security
measure is being adopted by GK Sports Ltd. in its information system?
(a) General controls (b) Role-based access controls
(c) Security Management controls (d) Application controls
4. GK Sports Ltd. decides to sell its products across some countries through online
mode. Which of the following e- commerce commercial law would it need to follow
as a regulation for augmenting exports from India?
(a) Companies Act, 2013
(b) Foreign Trade (Development and Regulation) Act, 1992
(c) Foreign Trade (Development and Regulation) Act, 1994
(d) Companies Act, 2002
Answer Key
MCQs Key 1 2 3 4
d b b b
Integrated Case Study - 32 (Sweet & Sour)

Sweet & Sour is a well-established food chain with five branches at different locations within
Delhi. In 2018, the management decided to start a tiffin service with 24x7 facility on regular basis.
CA To do so, they decided to acquire software which would be an online assistant to its customers
by providing them complete detail about their services. The Management asked its manager
to present them a report mentioning the benefits, risks and control objectives and above all
SE
highlighting any changes that are required in the working of food chain. The
S TU D Y
management settled on a plan to benefit all its customers by providing them discounted coupons in
case they recommend their services to others and customer ensuring to provide the food chain of
three new customers to avail the discounted coupons.
To maintain the list of its customers, the data management team of Sweet & Sour implemented certain
changes in its database design of their billing software. Now, the billing system is centralized, and
it is mandatory to add customer’s name and phone number for each bill that systems generate.
Subsequently, the security and maintenance of the database has become essential to protect the
system against any unlawful activity as the database now contains the personal details of its
customers.
Nos 32.1. to 32.4.
1. The software which food chain decided to buy, to help their customer and provide
them online help falls under which of the following technology?
(a) Artificial Intelligence
(b) Data Mining
(c) Cloud Computing
(d) Mobile Computing
2. The Manager prepared a document wherein he needs to define the business process of
the food chain in diagrammatic form. Which of the following diagram will he use
to present predefined process?
(a)
(b)
(c)
(d)
3. The data management team of Sweet & Sour food chain was working to implement
changes in database as per the requirement of management. Which of the
following person will carry out routine data maintenance and monitor the task?
(a) Database Administrator
(b) Database Architect
(c) Database Analyst
(d) Database Advisor
4. The management of Sweet & Sour has shown its concern what would happen if any of
its employees dishonestly make use of personal information of customer. Which of
the following IT Act, 2000 will help Sweet & Sour to deal with this situation?
(a) Section 43A
(b) Section 43
(c) Section 66E
(d) Section 66B
Answer Key
Integrated Cases 32
Topics Covered
MCQs Key 1 2 3 4
a c c a
Integrated Case Study - 33 (GoCart)

GoCart is one amongst the popular e-commerce shopping portals. It recently entered into
a Service Level Agreement (SLA) with Google, wherein Google would provide the necessary
CA application framework and testing tools to GoCart to develop and deploy its application
online. On successful deployment of its application and in order to get a competitive advantage
over other e-Commerce providers, GoCart launches a multi-saver sale wherein huge discount
SE
on the best brands are available, complimentary gifts for purchases above a certain amount
S TU D Y
and express free delivery are also provided. All the revenue generated through the multi-saver
sale will be routed through a separate current account maintained with CSC Bank, from
where GoCart has already taken a loan.
With the increase in the cybercrimes and misuse of customer data, GoCart has implemented
stringent controls to prevent any unauthorized access to data and has opened up new job
roles exclusively with objective of ensuring security at network and operating system levels.
Further to comply with the regulatory requirements, GoCart books of accounts are well maintained
and subjected to annual statutory audit and the business reporting is done through XBRL.
to Q. Nos. 33.1. to 33.5.
1. The multi-saver sale launched by GoCart was initially a success.
However, a week after the sale was on, various feedbacks were received by GoCart
regarding products, their packaging and delivery. The feedback analysis concluded
that the customer satisfaction was just average. Which among the following risk would
GoCart be subjected to in this case?
(a) Hazard Risk (b) Operational Risk
(c) Financial Risk (d) Residual Risk
2. For GoCart, the business reporting is done using XBRL. Identify the feature of XBRL
which stops poor quality information being sent to a regulator, when the draft report
is being run by one of its staff who had prepared the same?
(a) Clear Definition (b) Multilingual support
(c) Strong Software Support (d) Testable Business Rules
3. With the objective of maintaining utmost security, GoCart recruited Mr. Yash to
examine logs from firewalls, intrusion detection system and to issue security advisories
to other members in IT department. Which of the following job role best fits into job
profile of Mr. Yash?
(a) Operations Manager (b) Network Architect
(c) Security Analyst (d) Database Administrator
4. With the recently entered Service Level Agreement (SLA) with Google, GoCart
successfully developed and deployed its new application. Identify the type of Cloud
service utilized by GoCart in the application which is developed online?
(a) Infrastructure as a Service (b) Platform as a Service
(c) Software as a Service (d) Network as a Service
5. In addition to routing the revenue in accounts maintained with CSC Bank, GoCart
also has taken various loans and advances from CSC Bank. If CSC Bank faces the
application risk of duplicate asset accounts created for GoCart, which control
would be best suggested for this?
(a) The system parameters are set up as per business process rules of the bank.
(b) System validations have been implemented to restrict set up of duplicate customer
master records.
(c) Unique Id is created for each asset.
(d) Access for changes made to the configuration, parameter settings are restricted to
authorized user.
Answer Key
MCQs Key 1 2 3 4 5

b d c b c
Integrated Case Study - 34 (XYZ Pvt. Ltd.)

XYZ Pvt. Ltd. is an e-commerce marketplace connecting businesses desiring to outsource digital
services to willing freelancers wherein businesses can find the quality freelancers by browsing their
CA samples of previous work and reading their profile reviews. The freelancers can bid for projects on
the basis of title, description and area of expertise. The company makes money primarily through
transaction fees and service fees from both businesses and freelancers for offering set of services in
SE
many categories. The company’s aim is to provide fast, accurate, and timely services to its customers.
S TU D Y
The necessary control policies of company are being in place for early detection and prevention of
unlawful events that arise from inaccurate, incomplete and redundant inputs that enter into the system.
The company intends to enter into market as Data Analytics Service Provider by offering services
at maximum level of computer optimization. The company would arrange the data to help the
businesses identify market gaps, marketing strategy, and product development. Seeking the huge
investment in this expansion, the company decides to hire JJ Services for various resources like
network, servers, development platforms, storage and software.
to Q. Nos. 34.1. to 34.4.
1. XYZ Pvt. Ltd. hires JJ Services for various resources like network, server, storage and
deploying applications to be used in Data Analytic services. Which of the following
cloud computing service models has been adopted by JJ Services to cater to the requirements
of XYZ Pvt. Ltd.?
(a) Software as a Service (b) Platform as a Service
(c) Infrastructure as a Service (d) Server as a Service
2. In purview of above case scenario, XYZ Pvt. Ltd. hinges on Business Process Automation
(BPA) whose success depends on following factors except one. Identify it.
(a) Availability (b) Integration
(c) Timeliness (d) Substitution
3. Which type of business model is being followed by XYZ Pvt. Ltd. through its e-commerce
marketplace?
(a) Business-to-Business (B2B) e-Commerce (b) Business-to-Consumer (B2C) e-Commerce
(c) Consumer-to-Business (C2B) e-Commerce (d) Consumer-to-Consumer (C2C) e-Commerce
4. XYZ Pvt. Ltd. uses a feedback system before hiring JJ Services for various resources’
requirement. Which of the following would not be the criteria of Information System
used by XYZ Pvt. Ltd. to capture and analyze the feedback data?
(a) Structured (b) Timely
(c) Operation (d) Accurate
Answer Key
MCQs Key 1 2 3 4
b d c c
Integrated Case Study - 35 (M/s TAS & Sons)

M/s TAS & Sons is an automobile manufacturer of spare parts of four wheelers in India. The company
does the business in both offline and online mode. The company has four manufacturing units in various
CA locations across the country. It also has two branch offices located in Pune and Hyderabad to handle
activities like orders, delivery, complaints, and stock operations. Sometime ago, the company’s business
processes like accounting, purchase, sales, and inventory were maintained in manual mode. The
SE
management of the company observed that the manual processing of these activities hinders the
S TU D Y
overall working of the business-related daily operations. This resulted in a huge gap in the flow of
information, pending orders, delayed deliveries, and delayed decision making due to lack of business
reports and therefore overall non- performance.
Therefore, the management committee decides to adopt the process of automation of its various
processes so that information flow would be timely and consolidated within its branches and
manufacturing units. To attain this objective, the service models of Cloud Computing are proposed
to be adopted so that the branches and manufacturing units are interconnected with centralized
mechanism of data sharing and storage. The proposed system with well-implemented access controls
will provide robust data security among its systems of branches and manufacturing units. Not only
the record keeping, but also data maintenance and reports generation would become simpler
after the implementation of proposed system. The management is looking for better prospects of
adhering to the legal compliances of the country and also to initiate its business operations through
online mode.
The company hires a consultant Mr. Sumit to carry out the Feasibility study of its proposed system
who prepares a feasibility report and submitted the same to the management. Based on the go
ahead report of Mr. Sumit’s report, a project team is constituted who will work under him to execute
the project and ensure its delivery on time.
to Q. Nos. 35.1. to 35.5.
1. The Management committee of M/s TAS & Sons decides to automate its entire
business processes anticipating to reap better benefits for the company. Which of
the following does not come under the category of benefits of Automation?
(a) Consistency of automated processes
(b) Automating redundant processes
(c) Reduction of turnaround time
(d) Better utilization of employees’ time
2. In purview of above case scenario, the management decides to adopt the process of
automation for its various business processes so that information flow would be timely
and consolidated. The data is centralized and in case of loss of any set of data from
this location, whole business may come to stand still. Identify from the following
controls that may be useful to overcome the aforementioned risk.
(a) It can be controlled by removing redundant data.
(b) Back up arrangement needs to be strong.
(c) To allocate some funds in case of contingencies.
(d) Overhauling of organizational structure is required.
3. If the company hires XYZ Ltd. as Cloud Computing service provider, which of the
following model of Cloud Computing would be useful for M/s TAS & Sons if XYZ Ltd.
hosts and manages the company’s application at its data center over the internet to make
it accessible to the customers of M/s TAS & Sons?
(a) Infrastructure as a Service
(b) Platform as a Service
(c) Software as a Service
(d) Database as a Service
4. In purview of the above case scenario, the company decides to install firewall for its
business application through online mode in order to make the network secure. Which
type of control the company is planning to work on?
(a) Corrective Control
(b) Preventive Control
(c) Network Control
(d) Detective Control
5. In purview of above case, if ABC Bank faces the application risk of incorrect
classification and provisioning of Non-Performing Asset (NPA) resulting in financial
mismanagement, which control would be best suggested for this?
(a) Access for changes made to the configuration, parameter settings should
be restricted to authorized user.
(b) Unique Id should be created for each asset. © Carvinowledge Press (CNP), 2023
(c) The system parameters need to be set up as per business process rules of the
bank.
(d) Existence of configuration/customization in the application to perform NPA
classification as per relevant RBI guidelines.
Answer Key
Integrated Cases 35
Topics Covered
MCQs Key 1 2 3 4 5
b b c b d
Integrated Case Study - 36 (Fit&Fine Gym)

Established in 2016, Fit&Fine is one of the renowned gymnasium in South Delhi. The gym
is very famous for its health tips, latest equipment, cordial environment, and trainers for
CA guidance. The Fit&Fine gym management has excellent arrangement for its customers
as well as employees. A Dietician and a physician are also associated with gym during the gym
timings of 5:00 am to 10:00 pm all days.
SE
On the occasion of Diwali in 2019, the gym also launched an online Fit&Fine Gym Aggregator
S TU D Y
service application to reach out to more customers through various gyms located in West Delhi
and North Delhi. For its e-business as online gym aggregator, Fit&Fine entered into various
electronic agreements with many other gyms in West Delhi and North Delhi prescribing
the specific terms and conditions of the agreement. All these gyms associated with Fit&Fine are
required to provide fitness related best services to its customers.
The services of various associated gyms can be availed by the customers either through the Gym
Aggregator service application or through physical visit at the registered gyms in the app by paying
annual membership fees of ` 3000 to get unique membership-id and PIN number to avail the facilities
at the gym centre. The member can either book for his physical visit or online session with any of these
registered gyms associated with Fit&Fine using their unique membership id.
to Q. Nos. 34.1. to 34.5.
1. Though Fit&Fine Gym and other registered gyms have excellent arrangements for health
and safety of its employees; yet the management of the gym remains concerned about any
negligence that may occur and the risks that can expose it to various penalties posed by
any regulatory agency. Which type of business risk is the management here referring to?
(a) Strategic Risk (b) Compliance Risk
(c) Hazard Risk (d) Operational Risk
2. The IT team managing the Fit&Fine Gym Aggregator application manages the MIS Report
on various parameters like number of bookings for online sessions/physical meetings
done each day, joining of new members per month etc. The information so extracted
through these MIS reports fulfill following criterions except one. Identify it.
(a) Relevant (b) Accurate
(c) Timely (d) Confidential
3. Fit&Fine gym provides unique membership-id and PIN number as an access control
mechanism to its customers to avail the facilities provided through Gym aggregator
service app. From the following controls, identify the Application control under
which this specific access control mechanism falls.
(a) Physical Control (b) Boundary Control
(c) Communication Control (d) Management Control
4. In purview of above case scenario, there can be a possibility that any registered
gym with Fit&Fine Gym aggregator online service may deny the terms and conditions
of the agreement done between the two. Which type of risk is associated with this
e-Commerce transaction?
(a) Lack of authenticity of transaction (b) Problem of anonymity

(c) Repudiation of Contract (d) Privacy and security
5. In purview of above case scenario, customer can pay his/her membership fees online
through credit card to Fit&Fine. Which risk is taken care in case the Banking system key
control is established that transaction cannot be made if the aggregate limit of out-
standing amount exceeds the credit limit assigned to customer?
(a) Credit Line setup is unauthorized and not in line with the bank’s policy.
(b) Credit Line setup can be breached.
(c) Masters defined for the customer are not in accordance with the Pre-Disbursement
Certificate.
(d) Inaccurate reconciliations performed.
Answer Key
MCQs Key 1 2 3 4 5
b d b c b
Integrated Case Study - 37 (XYZ food chain)

XYZ is a well - established food chain with ten branches at different locations within Delhi. The
company wants to come out with an IPO (Initial Public Offering). The Management asked the Financial
CA Manager to present a report pertaining the benefits, risks, and control objective and above all if there
is any change required in the working of food chain.
XYZ has decided to buy software which will be an online assistant to customers and will provide them
SE
complete detail about the IPO and solve their queries. In order to avoid any delay in its operation,
S TU D Y
XYZ has bought the digital signatures for its authorized members of management. Furthermore,
XYZ decides to give benefits/preference to its regular customers who had visits to any of its food
chain regularly since last six months. Therefore, the company decides to get the personal details of
such customers like phone number, date of birth and date of wedding anniversary etc.
To attain a safe and secure working environment for its customers as well as its employees, XYZ takes
a firm decision to implement certain controls to avoid any unlawful activity defined under provisions of
IT Act, 2000. XYZ follows Customer Relationship Management (CRM) practices; hence, it is famous
to take care of its customers and provides them good services.
Nos. 37.1. to 37.3.
1. In purview of case scenario, XYZ food chain follows CRM practices to manage
its relationship with its customers. Which of the following is not the key benefit of CRM
module?
(a) Helps to take actions needed to measure quality.
(b) Gives an idea to company about customer wants, needs and patterns of purchase.
(c) Sharing of customer data between different departments will enable them to work
as a team.
(d) Enables the company to identify the correct time to market its product to
customers.
2. The management of XYZ food chain has shown its concern over the condition in case any
of its employees dishonestly make use of electronic signature of authorized Committee
member of the management. Identify the section from IT Act, 2000 that will help XYZ
to deal with this situation.
(a) Section 43 (b) Section 66C
(c) Section 66E (d) Section 66B
3. The management of XYZ food chain collects the information about various small
restaurants, makes them its partners, and sells their food-items under the name of
his own start up. Under which category of e-market, the XYZ food chain model comes?
(a) Virtual Community (b) Buyer Aggregator
(c) e-Shops (d) e-Auctions
Answer Key
MCQs Key 1 2 3
a b b
Integrated Case Study - 38 (XYZ food chain)

The Printage Ltd. is the printing press that deals with printing of the notepad s and calendars and
supplying it to various vendors, schools, and offices. With an aim of expansion of their business and
CA to enter into the competitive market with variety of high-designed products, they purchased several
SE
state-of-art printing equipment in the year 2019 costing approximately ` 5 lakhs. The distinguishing
feature of these printing equipment , if used optimally, enables the users to prepare any customized
S TU D Y
designs as per customers’ choice on various daily use products like Mugs, T-shirts, and pillows etc.
However, due to lack of proper training, the employees in the factory of the company were not able
to operate the equipment properly thereby causing the delay in supply of the products against
the orders placed by the customers. Few instances were registered where customers returned the
products due to defects in designing and misprinting and also due to delay in the delivery of their
ordered products.
The company being aware about enormous benefits of E -Commerce environment has its own online
platform where the customers can place their orders. To place the orders for their customized products,
the new customers are required to fill an online registration form that captures the payment related
information like Account details or Credit Card details etc. and upload the design and photograph of
their choice at the time of placing the order.
Though Printage Ltd. has made huge Capital investment in the new equipment, however there was
a regular fall in sales and market share due to unsatisfied customers. On Management’s request,
an expert Mr. Amit was assigned to assess the reasons for steady fall in sales, market share and
furthermore to suggest the improvements for overall business processes to increase the productivity
and quality of the end-products. He prepared a pictorial representation of operations
and processing of these equipment to understand their working. After completion of his assignment,
he suggested the following:
Based on the above case scenario, answer the Question N o(s) 1 to 5.
1. In purview of case scenario, the new customers are required to fill an online form that
captures the information of their credit cards for payment at the time of placing any order,
whereas the details like Credit Card get prefilled in the form of already registered customers.
From which category of data of Financial and Accounting systems, does the prefilled data
for registered customers get fetched in the online form?
(a) Master data (b) Non-Master data
(c) Accounting data (d) Customer’s data
2. Mr. Amit used flowchart for diagrammatic representation to describe various business
processes and operations. Identify the flowchart symbol used by him to represent the
internal storage.
(a) (c)
(b) (d)
3. In purview of above case scenario, the customers may pay for his/her order using
Credit Card. The following are the controls applied by Credit Card Issuing Authority
except one. Choose the odd statement regarding Credit Cards.
(a) Batch processing of the reconciliations for the balances received from the credit
card network with the transactions updated in the credit card system or card
network level.
(b) Interest on fund-based credit cards is automatically calculated in credit card system.
(c) Access rights to authorize credit limit should be restricted to authorized personnel.
(d) No transaction can happen if the aggregate limit of outstanding amount exceeds
the assigned credit limit.
4. The Printage Ltd. has its own online platform to promote and avail the benefits of e-
Commerce transactions. However, many risks are also associated with online business.
Which of the following does not fall under the category of risk of online business?
(a) Denial of Service (b) Problem of piracy
(c) Repudiation of Contract (d) Elimination of time delays
5. In purview of above case scenario, a control is well implemented in the payment
gateway of Prinatge Ltd. that checks for the authorized limit of the Credit Card of any
customer when s/he places any online order. Identify the control from the following that
has been executed in this case.
(a) Detective Control (b) Preventive Control
(c) Corrective Control (d) Environmental Control
Answer Key
MCQs Key 1 2 3 4 5
a a a d a

288 E N T E R PRISE IN FO RMAT IO N SYSTE MS ( EIS) – M CQs
Revisions Test Paper (RTP) - May 2022
Question 1.
The Printage Ltd. is the printing press that deals with printing of the note pads and calendars and supplying it to
various vendors, schools, and offices. With an aim of expansion of their business and to enter into the competitive
market with variety of high-designed products, they purchased several state-of-art printing equipment in the year
2019 costing approximately ` 5 lakhs. The distinguishing feature of these printing equipment , if used optimally,
enables the users to prepare any customized designs as per customers’ choice on various daily use products
like Mugs, T-shirts, and pillows etc. However, due to lack of proper training, the employees in the factory of the
company were not able to operate the equipment properly thereby causing the delay in supply of the products
against the orders placed by the customers. Few instances were registered where customers returned the
products due to defects in designing and misprinting and also due to delay in the delivery of their ordered products.
The company being aware about enormous benefits of E -Commerce environment has its own online
platform where the customers can place their orders. To place the orders for their customized products, the new
customers are required to fill an online registration form that captures the payment related information like
Account details or Credit Card details etc. and upload the design and photograph of their choice at the time of
placing the order.
Though Printage Ltd. has made huge Capital investment in the new equipment, however there was a regular
fall in sales and market share due to unsatisfied customers. On Management’s request, an expert Mr. Amit
was assigned to assess the reasons for steady fall in sales, market share and furthermore to suggest the
improvements for overall business processes to increase the productivity and quality of the end-products.
He prepared a pictorial representation of operations and processing of these equipment to understand their
working. After completion of his assignment, he suggested the following:
wwTo enhance the output and reduce the costs and generat e a positive Return on Investment (RoI), he
suggested the management to begin regular periodic training sessions for its employees to operate and
handle the equipment efficiently and use them optimally.
wwHe recommended to have dedicated Inspection Officer( s) for regular review of products before packing and
delivery of products to customer, against the present process of clearing the products by the Production In
-charge itself for packing and delivery.
Based on the above case scenario, answer the Question N o(s) 1 to 5.
1. In purview of case scenario, the new customers are required to fill an online form that captures the
information of their credit cards for payment at the time of placing any order, whereas the details like
Credit Card get prefilled in the form of already registered customers. From which category of data of
Financial and Accounting systems, does the prefilled data for registered customers get fetched in the
online form?
(a) Master data (b) Non-Master data
(c) Accounting data (d) Customer’s data
2. Mr. Amit used flowchart for diagrammatic representation to describe various business processes and
operations. Identify the flowchart symbol used by him to represent the internal storage.
R evisi o ns Test Pap er ( R TP) - M ay 2022 289
(a) (c)
(b) (d)
3. In purview of above case scenario, the customers may pay for his/her order using Credit Card.
The following are the controls applied by Credit Card Issuing Authority except one. Choose the odd
statement regarding Credit Cards.
(a) Batch processing of the reconciliations for the balances received from the credit card network
with the transactions updated in the credit card system or card network level.
(b) Interest on fund-based credit cards is automatically calculated in credit card system. (c) Access
rights to authorize credit limit should be restricted to authorized personnel.
(d) No transaction can happen if the aggregate limit of outstanding amount exceeds the assigned credit
limit.
4. The Printage Ltd. has its own online platform to promote and avail the benefits of e- Commerce
transactions. However, many risks are also associated with online business. Which of the following
does not fall under the category of risk of online business?
(a) Denial of Service (b) Problem of piracy
(c) Repudiation of Contract (d) Elimination of time delays
5. In purview of above case scenario, a control is well implemented in the payment gateway of Prinatge
Ltd. that checks for the authorized limit of the Credit Card of any customer when s/he places any
online order. Identify the control from the following that has been executed in this case.
(a) Detective Control (b) Preventive Control
(c) Corrective Control (d) Environmental Control
Descriptive Questions
Chapter 1: Automated Business Process

6. Mr. Rajesh and his team have been given the task to develop Internal controls policies and procedures
for ABC Ltd. to safeguard the company’s assets and to ensure the reliability of internal and external
financial reporting. Elaborate the components of Internal Control System that Mr. Rajesh and his
team must take care to make the system effective.
7. Information Technology has touched every sector of business and has been instrumental in accelerating
their growth. However, many crimes are also associated with computers henceforth Information
Technology Act, 2000 came into existence. Explain few computer - related offences prescribed in IT Act,
2000.
Chapter 2: Financial and Accounting Systems

8. Unlike non-integrated systems in an organization, where all the departments work independent
to each other and use their own set of data; ERP systems use single database and contains
data for various software modules. This distinct feature of ERP Systems enables them to provide
enormous benefits to an organization. Discuss these benefits.
9. XBRL (eXtensible Business Reporting Language) is a freely available and global standard for
digital business reporting. Discuss key features of XBRL that makes it an international standard way
to communicate and exchange of business information.
Chapter 3: Information Systems and its Components

10. Information System’s Control affects the working environment of an organization and are classified
based on various factors like the objective of controls, the physical and logical security of resources etc.
Describe the category of IS controls based on their objectives with examples.
11. In an organization, the Database Controls are used within an application software to maintain the
integrity of data and prevent any data integrity violations. Discuss various controls under Database
Controls to achieve this objective.
Chapter 4: E-Commerce, M-Commerce and Emerging Technologies

12. The businesses with the vision to anticipate change generally grab the trend before their competitors
does and certainly opt for online mode for their business es, therefore e- commerce is a happening
trend in businesses nowadays. Briefly explain the forces underpinning the revolution of e-commerce.
13. Ms. Swati has been directed by her Reporting officer to prepare a short report on Blockchain
technology and several risks associated with it. Elaborate in brief the factors that would form part of her
report.
Chapter 5: Core Banking Systems

14. In Core Banking Systems, Information security has become critical to mitigate the risks associated with
Information Technology. Elaborate the sub-processes that comprise Information security in this case.
15. BNC Financial is a well renowned Mortgage Broke r company that is engaged in providing mortgage
loans to potential businessmen for expansion/establishing their businesses. Write down various risks
and their associated controls around the Mortgage Process.
Answer to Scenario based MCQs
1. (a)
2. (a)
3. (a)
4. (d)
5. (a)
APPENDIX - I
Past Year Question Paper - Dec 2021

Question No. 1 is compulsory.
Answer any three questions from the rest.
Question 1:
(a) Business managers use MIS reports in the decision-making process. MIS reports need to ensure
that it meets certain criteria to make information most useful. Explain any three such criteria.
(3 Marks)
(b) Distinguish between Connection Oriented and Connection less Networks. (2 Marks)
Answer
(a) MIS Reports need to ensure that it meets the following criteria to make the information most
useful:
§§Relevant: MIS reports need to be specific to the business area they address. This is important
because a report that includes unnecessary information might be ignored.
§§Timely: Managers need to know what’s happening now or in the recent past to make decisions
about the future. Be careful not to include information that is old. An example of timely information
might be customer phone calls and emails going back 12 months from the current date.
§§Accurate: Managers and others who rely on MIS reports can’t make sound dec isions with
information that is wrong. It’s critical that numbers add up and that dates and times are correct.
Financial information is often required to be accurate to the dollar. In other cases, it may be OK to
round off numbers.
§§Structured: Information in an MIS report can be complicated. Making that information easy
to follow helps management understand what the report is saying. Try to break long passages of
information into more readable blocks or chunks and give these chunks meaningful headings.
(b) Difference between Connection Oriented Networks and Connection less Networks are as follows:

Connection Oriented Networks Connection less Networks
It refers to the computer network wherein a connection is It refers to the computer network where no prior connec-
first established between the sender and the receiver and tion is made before data exchanges. Data which is being
then data is exchanged. exchanged in fact has a complete contact information
of recipient and at each intermediate destination, it is
For example - telephone networks. decided how to proceed further.
For example - postal networks.
Question 2:
(a) Data is a critical resource that must be organized, controlled and managed properly. In order
to achieve the same purpose, XYZ Ltd. decided to transform all its data into digitized form. As a
Database Administrator of the company, you are required to suggest major advantages of Database
Management Systems (DBMS) to the top management. (6 Marks)
(b) Briefly explain the advantages of business policy “Bring Your Own Device ” (BYOD). (4 Marks)
Answer:
(a) Major advantages of Database Management System s (DBMS) are as follows:
§§Permitting Data Sharing: One of the principle advantages of a DBMS is that the same information
can be made available to different users.
§§Minimizing Data Redundancy: In a DBMS, duplication of information or redundancy is, if not

eliminated, carefully controlled or reduced i.e. there is no need to re peat the same data repeatedly.
Minimizing redundancy significantly reduce the cost of storing information on storage devices.
§§Integrity can be maintained: Data integrity is maintained by having accurate, consistent,
and up-to-date data. Updates and changes to the data only must be made in one place in DBMS
ensuring Integrity.
§§Program and File consistency: Using a DBMS, file formats and programs are standardized. The
level of consistency across files and programs makes it easier to manage data when multiple
programmers are involved as the same rules and guidelines apply across all types of data.
§§User-friendly: DBMS makes the data access and manipulation easier for the user.
§§DBMS also reduces the reliance of users on computer experts to meet their data needs.
§§Improved security: DBMS allows multiple users to access the same data resources in a controlled
manner by defining the security constraints. Some sources of information should be protected or
secured and only viewed by select individuals. Using passwords, DBMS can be used to restrict data
access to only those who should see it. Security will only be improved in a database when
appropriate access privileges are allotted to prohibit unauthorized modification of data.
§§Achieving program/data independence: In a DBMS, data does not reside in applications, but
databases program and data are independent of each other.
§§Faster Application Development: In the case of deployment of DBMS, application development
becomes fast. The data is already therein databases, application developer must think of only the
logic required to retrieve the data in the way a user needs.
(b) The advantages of Bring Your Own Device (BYOD) are as follows:
§§Happy Employees: Employees love to use their own devices when at work. This also reduces the
number of devices an employee has to carry; otherwise , s/he would be carrying his/her personal as
well as organization provided devices.
§§Lower IT budgets: Could involve financial savings to the organization since employees would
be using the devices, they already possess thus reducing the outlay of the organization in providing
devices to employees.
§§IT reduces support requirement: IT department does not have to provide end user support and
maintenance for all these devices resulting in cost savi ngs.
§§Early adoption of new Technologies: Employees are generally proactive in adoption of
new technologies that results in enhanced productivity of employees leading to overall growth of
business.
§§Increased employee efficiency: The efficiency of employees is more when an employee works
on his/her own device. In an organization provided devices, employees have to learn and there is a
learning curve involved in it.
Question 3
(a) Human Resource Management (HRM) plays an important role in the effective and efficient management
of the human resources in any enterprise. As an HR Manager of XYZ Ltd., which typical stages of HR life
cycle will you implement in the company? (6 Marks)
(b) Categorize the different kinds of business risks that any enterprise faces. (4 Marks)
Answer
(a) The stages of Human Resource (HR) Cycle are as follows:
§§Recruiting and On-boarding: Recruiting is the process of hiring a new employee.
The role of the human resources department in this stage is to assist in hiring. This might include placing
the job ads, selecting candidates whose resumes look promising, conducting employment interviews
and administering assessments such as personality profiles to choose the best applicant for the
position. In a small business where the owner performs these duties personally, the HR person would
assist in a support role. In some organizations, the recru iting stage is referred to as “hiring support.” On-
boarding is the process of getting the successful applicant set up in the system as a new employee.
Past Year Q uest i o n Pap er - D ec 2021 293
§§Orientation and Career Planning: Orientation is the process by which an employee becomes
a member of the company’s work force through learning his/her new job duties, establishing
relationships with co -workers and supervisors and developing a niche. Career planning is the
stage at which the employee and his/her supervisors work out her long-term career goals
with the company. The human resource department may make additional use of personality
profile testing at this stage to help the employee determine his/her best career options with the
company.
§§Career Development: Career development opportunities are ess ential to keep an employee
engaged with the company over time. After an employee has established himself/herself at the
company and determined his long -term career objectives, the human resources department
should try to help him/her meet his/her goals, if they are realistic. This can include professional
growth and training to prepare the employee for more responsible positions with the company.
The company also assesses the employee’s work history and performance at this stage to determine
whether he has been a successful hire.
§§Termination or Transition: Some employees will leave a company through retirement after
a long and successful career. Others will choose to move on to other opportunities or be laid off.
Whatever the reason, all employees will even tually leave the company. The role of HR in this process
is to manage the transition by ensuring that all policies and procedures are followed, carrying out
an exit interview if that is company policy and removing the employee from the system. These
stages can be handled internally or with the help of enterprises that provide services to manage the
employee life cycle.
(b) Different kinds of Business Risks are as follows:
§§Strategic Risks: These are the risks that would prevent an organization from accomplishing
its objectives (meeting its goals). Examples include risks related to strategy, political, economic
relationship issues with suppliers and global market conditions; also could include reputation
risk, leadership risk, brand risk, and changing customer needs.
§§Financial Risks: Financial risks are those risks that could result in a negative financial impact
to the organization (waste or loss of assets). Examples include risks from volatility in foreign
currencies, interest rates, and commodities, credit risk, liquidity risk, and market risk.
§§Regulatory (Compliance) Risks: This includes risks that could expose the organization to fines
and penalties from a regulatory agency due to non -compliance with laws and regulations. The
examples include violation of laws or regulations governing areas such as environmental, employee
health and safety, lack of due diligence, protection of personal data in accordance with global data
protection requirements and local tax or statutory laws. New and emerging regulations can have a
wide-ranging impact on management’s strategic direction, business model and compliance system.
It is, therefore, important to consider regulatory requirements while evaluating business risks.
§§Operational Risks: Operational risks include those risks that could prevent the organization from
operating in the most effective and efficient manner or be disruptive to other operations due to
inefficiencies or breakdown in internal processes, people , and systems. Examples include risk
of loss resulting f rom inadequate or failed internal processes, fraud or any criminal activity by an
employee, business continuity, channel effectiveness, customer satisfaction and product/service
failure, efficiency, capacity, and change integration.
§§Hazard Risks: Hazard risks include risks that are insurable such as natural disasters; various
insurable liabilities; impairment of physical assets; terrorism etc.
§§Residual Risks: This includes any risk remaining even after the counter measures are analyzed
and implemented. An organization’s management of risk should consider these two areas:
Acceptance of residual risk and Selection of safeguards. Even when safeguards are applied, there is
probably going to be some residual risk. The risk can be minimized, but it can seldom be eliminated.
Residual risk must be kept at a minimal, acceptable level. As long as it is kept at an acceptable level,
(i.e. the likelihood of the event occurring or the severity of the consequence is sufficiently reduced)
the risk can be managed.
Question 4:
(a) Controlling Module is one of the business process modules of the Enterprise Resources Planning (ERP)
systems. It facilitates coordinating, monitoring and optimizing all the processes in an organization.
In the light of these statements, describe any six ke y features of Controlling Module of ERP system.
(6 Marks)
(b) Briefly explain the Web Server and Proxy Server. (2 + 2 = 4 Marks)
Answer:
(a) The key features of Controlling Module of Enterprise Resource Planning (ERP) Systems are as
under:
§§Cost Element Accounting: This component provides overview of the costs and revenues that occur
in an organization. The cost elements are the basis for cost accounting and enable the user the ability
to display costs for each of the accounts that have been assigned to the cost element. Examples of
accounts that can be assigned are Cost Centres, Internal Orders, WBS (Work Breakdown Structures).
§§Cost Centre Accounting: This provides information on the costs incurred by the business. Cost
Centres can be created for such functional areas as Marketing, Purchasing, Human Resources,
Finance, Facilities, Information Systems, Administrative Support, Legal, Shipping/Receivi ng,
or even Quality. Some of the benefits of Cost Centre Accounting are that the managers can set
budget / cost Centre targets; Planning; Availability of Cost allocation methods; and Assessments /
Distribution of costs to other cost objects.
§§Activity-Based-Accounting: This analyses cross-departmental business processes and allows for a
process-oriented and cross-functional view of the cost centres.
§§Internal Orders: Internal Orders provide a means of tracking costs of a specific job, service, or task.
These are used as a method to collect those costs and business transactions related to the task. This
level of monitoring can be very detailed but allows management the ability to review Internal Order
activity for better -decision making purposes.
§§Product Cost Controlling: This calculates the costs that occur during the manufacture of a
product or provision of a service and allows the management the ability to analyse their product
costs and to make decisions on the optimal price(s) to market their products.
§§Profitability Analysis: This allows the management to review information with respect to the
company’s profit or contribution margin by individual market segment.
§§Profit Centre Accounting: This evaluates the profit or loss of individual, independent areas within
an organization.
(b) Web Server
§§The Web Server is used to host all web services and internet related software. All the online requests
and websites are hosted and serviced through the web server.
§§A Web server is a program that uses Hypertext Tran sfer Protocol (HTTP) to serve the files that form
Web pages to users, in response to their requests, which are forwarded by their computers’ HTTP
clients.
§§Dedicated computers and appliances may be referred to as Web servers as well. All computers that
host websites must have Web server programs.
Proxy Server
§§A Proxy Server is a computer that offers a computer network service to allow clients to make indirect
network connections to other network services.
§§A client connects to the proxy server, and then re quests a connection, file, or other resource
available on a different server.
§§The proxy server provides the resource either by connecting to the specified server or by serving it
from a cache and hence is often used to increase the speed and managing network bandwidth.
§§In some cases, the proxy may alter the client’s request or the server’s response for various purposes.
It serves as an intermediary between the users and the websites they browse for.
Past Year Q uest i o n Pap er - D ec 2021 295
Question 5:
(a) Core Banking System/Solution (CBS) has become a mandatory requirement in the banking system.
CBS are usually running 24 x 7 to support Internet banking, Mobile banking, ATM services, etc. with
the help of its various modules. Most of the key modules of CBS are connected to a Central Server. As
an IT expert, discuss any three Back End Applications/ Modules and any three Front End Applications/
Modules of CBS. (3 + 3 = 6 Marks)
(b) What is Mobile Computing? Explain the key components of Mobile Computing. (1 + 3 = 4 Marks)
OR
Describe any four characteristics of Infrastructure as a Service (IaaS). (4 Marks)
Answer:
(a) The Back End Applications of Core Banking Systems (CBS) are as follows:
§§Back Office: The Back Office is the portion of a company made up of administration and support
personnel, who are not client -facing. Backoffice functions include settlements, clearances,
record maintenance, regulatory compliance, accounting and IT services. Back Office professionals
may also work in areas like monitoring employees’ conversations and making sure they are not
trading forbidden securities on their own accounts.
§§Data Warehouse: Banking professionals use data warehouses to simplify and standardize the
way they gather data - and finally get to one clear version of the truth. Data warehouses take care
of the difficult data management - digesting large quantities of data and ensuring accuracy - and
make it easier for professionals to analyze data.
§§Credit-Card System: Credit card system provides customer management, credit card management,
account management, customer information management and general ledger functions; provides
the online transaction authorization and service of the bank card in each transaction channel of the
issuing bank; support in the payment application; and at the same time, the system has a flexible
parameter system, complex organization support mechanism and product factory based design
concept to speed up product time to market.
§§Automated Teller Machines (ATM): An ATM is an electronic banking outlet that allows customers
to complete basic transactions without the aid of a branch representative or teller. Anyone with a
credit card or debit card can access most ATMs. ATMs are convenient, allowing consumers to
perform quick, self -serve transactions from everyday banking like deposits and withdrawals to
more complex transactions like bill payments and transfers.
The Front-End Applications of Core Banking Systems (CBS) are as follows:
§§Internet Banking also known as Online Banking, is an electronic payment system that enables
customers of a bank or other financial institution to conduct a range of financial transactions
through the financial institution’s website accessed through any browser. The online banking
system offers over 250+ services and facilities that give us real-time access to our bank account. We
can make and receive payments to our bank accounts, open Fixed and Recurring Deposits, view
account details, request a cheque book and a lot more, while you are online.
§§Mobile Banking is a service provided by a bank or other financial institution that allows its
customers to conduct financial transactions remotely using a mobile device such as a smartphone
or tablet. Unlike the related internet ba nking, it uses software, usually called an app, provided by
the financial institution for the purpose. The app needs to be downloaded to utilize this facility.
Mobile banking is usually available on a 24-hour basis.
§§Phone Banking is a functionality through which customers can execute many of the banking
transactional services through Contact Centre of a bank over phone, without the need to visit a
bank branch or ATM. Registration of Mobile number in account is one of the basic perquisites to
avail Phone Banking. Account related information, Cheque Book issue request, stop payment of
cheque, Opening of Fixed deposit etc. are some of the services that can be availed under Phone
Banking.
§§Branch Banking: CBS are the bank’s centralized systems that are responsi ble for ensuring seamless
workflow by automating the frontend and backend processes within a bank. CBS enables single view
of customer data across all branches in a bank and thus facilitate information across the delivery
channels. The branch confines itself to various key functions such as creating manual documents
capturing data required for input into software; internal authorization; initiating Beginning -Of-
Day (BOD) operations; End-Of-Day (EOD) operations; and reviewing reports for control and error
correction.
(b) Mobile Computing refers to the technology that allows transmission of data via a computer without
having to be connected to a fixed physical link. Mobile data communication has become a very
important and rapidly evolving technology as it al lows users to transmit data from remote
locations to other remote or fixed locations even when they are on move i.e. mobility. In general,
Mobile Computing is a versatile and strategic technology that increases information quality and
accessibility, enhanc es operational efficiency, and improves management effectiveness.
The key components of Mobile Computing are as follows:
§§Mobile Communication: The Mobile Communication refers to the infrastructure put in place to
ensure that seamless and reliable communication goes on. This would include communication
properties, protocols, data formats and concrete technologies.
§§Mobile Hardware: Mobile Hardware includes mobile devices or device components that receive
or access the service of mobility. They would range from Portable laptops, Smart Phones,
Tablet PCs, and Personal Digital Assistants (PDA) that use an existing and established network to
operate on . At the back end, there are various servers like Application Servers, Database Servers
and Servers with wireless support, WAP gateway, a Communications Server and/or MCSS (Mobile
Communications Server Switch) or a wireless gateway embedded in wireless car rier’s network.
The characteristics of mobile computing hardware are defined by the size and form factor, weight,
microprocessor, primary storage, secondary storage, screen size and type, means of input, means of
output, battery life, communications capabilities, expandability and durability of the device.
§§Mobile Software: Mobile Software is the actual program that runs on the mobile hardware and
deals with the characteristics and requirements of mobile applications. It is the operating system
of that appliance and is the essential component that makes the mobile device operates. Mobile
applications popularly called Apps are being developed by organizations for use by customers, but
these apps could represent risks, in terms of flow of data as well as perso nal identification risks,
introduction of malware and access to personal information of mobile owner.
OR
Characteristics of Infrastructure as a Service (IaaS) are as follows:
§§Web access to the resources: The IaaS model enables the IT users to access infrastructure resources
over the Internet. When accessing a huge computing power, the IT user need not get physical access
to the servers.
§§Centralized Management: The resources distributed across different parts are controlled
from any management console that ensures effective resource management and effective resource
utilization.
§§Elasticity and Dynamic Scaling: Depending on the load, IaaS services can provide the resources
and elastic services where the usage of resources can be increased or decreased according to the
requirements.
§§Shared infrastructure: IaaS follows a one-to-many delivery model and allows multiple IT
users to share the same physical infrastructure and thus ensures high resource utilization.
§§Metered Services: IaaS allows the IT users to rent the computing resources instead of buying it.
The services consumed by the IT user will be measured, and the users will be charged by the IaaS
providers based on the amount of usage.
Champions’ Love for OM Sir
❤️Your Comments are really

inspiring and means a lot
to me.
I am really blessed to have
champs like you in our
study-group and batch!
Best wishes!
“Don’t be afraid to start over! 🔥It’s a chance to build something better this time.”
सफ़र में धूप तो होगी जो चल सको तो चलो, सभी हैं भीड़ में तुम भी निकल सको तो चलो !
ककसी के वास्ते राहें कहााँ बदलती हैं , तम
ु अपिे आप को खुद ही बदल सको तो चलो !
“Dreams cost nothing 💗, they are FREE. COST is Incurred to accomplish them 👍✌️”
Champions’ Love for OM Sir

EIS Mentor N23

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EIS Mentor N23

Uploaded by

Copyright:

Available Formats

Easy Interesting Scoring

Enterprise Information Systems (EIS) MENTOR

Published by Prathama Trivedi for Carvinowledge Press

The book has been divided into 6 Parts.

Good luck for a challenging and successful learning experience!

Scan to Connect and Learn with Om Sir

Pass in First Excel Excel Excel Excel

Pass in First Excel Excel Excel Excel

EIS Mentor Planner

(Applicable for May 2022 Onwards)

Risk Management Strategies

Multiple Choice Questions (MCQs)

EIS Mentor covers Chapter-wise and Topic-wise BUSINESS VS ENTERPRISE

(Self Evaluation Tests)

Self-Evaluation Test (SET) - 1

This Section covers all ICAI Case Studies,

Scenarios based MCQs and Original

Cases Developed by Om Trivedi Sir for the

application in the exams. Activities of the Value Chain , in case of a hotel,

§ His student scored “Highest - 87 Marks” in this subject and more

§ Author of books on Enterprise Information Systems, Strategic Management, Information Technology,

EIS Hotness Grid

Chapter 1: Automated Business Processes Chapter 2: Financial and Accounting Systems

Chapter 4: E-Commerce, M-Commerce and

Chapter 5: Core Banking Systems

(Applicable for May 2022 Onwards)

© Carvinowledge Press (CNP), 2022

Case Studies and Scenarios

CA Case Study I: Automation of employee attendance

Step 1: Define why we plan to go for a BPA?

Case Based Scenario 2 (Study Material 2021)

Step 1: Define why we plan to go for a BPA?

© Carvinowledge Press (CNP), 2022

Step 8: Testing the BPA

Case Based Scenario 3 (Study Material 2021)

© Carvinowledge Press (CNP), 2022

Case Based Scenario 4 (Study Material 2021)

Case Based Scenario 5

one of the sports cars or sports utility vehicles made in

per cent of big Asian and North Indian companies outsource

A. CONVERT CURRENT MANUAL BILLING TO AN AUTOMATED PROCESS

© Carvinowledge Press (CNP), 2022

© Carvinowledge Press (CNP), 2022

Descriptive Questions for Practice

© Carvinowledge Press (CNP), 2022

ww User activation and deactivation

© Carvinowledge Press (CNP), 2022

© Carvinowledge Press (CNP), 2022

An Internal Control System:

Limitations of Internal Control System are as follows:

© Carvinowledge Press (CNP), 2022

Multiple Choice Questions (MCQs)

BUSINESS VS ENTERPRISE (a) Profit function oriented

© Carvinowledge Press (CNP), 2022

(d) All of the above (d) Performance Appraisal

(b) Accounting cycle (b) Staying ahead in competition

© Carvinowledge Press (CNP), 2022

© Carvinowledge Press (CNP), 2022

Answer Keys - MCQs

© Carvinowledge Press (CNP), 2022

Answer Keys - MCQs

© Carvinowledge Press (CNP), 2022

ENTERPRISE RISK MANAGEMENT (b) Committee of Sponsoring Operations

If I ≤ 500 P1=C1100/500 P2=C2100/500