Full IT Audit Workbook 2015

Institute of Cost and Management
Accountants of Pakistan
Constituted under Cost and Management Accountants Act, 1966
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

SEMESTER-3
PAST PAPERS
Institute of Cost and Management
Accountants of Pakistan
Constituted under Cost and Management Accountants Act, 1966
Past Papers Included

Syllabus
1. Model Paper
2. 2015 Spring (August) Examination
3. 2014 Fall Examination
5. 2014 May Extra Attempt Examination
6. 2013 Fall (February 2014) Examination
7. 2013 Extra Attempt, November Examination
9. 2012 Fall (February 2013) Examination
11. New Fall (E) 2011, April 2012 Examination
12. 2011 Winter (November) Examination
13. 2011 Summer (May) Examination
14. 2010 Fall (Winter) Examination
15. 2010 Spring (Summer) Examination
18. 2008 Fall(Winter) Examination
23. 2006 Spring (Summer) Examintion
Institute of Cost & Management Accountants of Pakistan
Education Department
ICMAP/HO/Edu/056/2015
August 10, 2015
CIRCULAR
Re-aligned Syllabus 2012
It is notified for all concerned that the syllabus of CMA qualification has
been re-aligned, which will be effective from Fall-2015.
Students are advised to visit ICMA Pakistan website at

https://www.icmap.com.pk/syllabus.aspx to check detailed outlines of re-
aligned courses.
Regards,
Rehana Ali
Acting Director Education
SEMESTER - 3
INFORMATION SYSTEMS AND IT AUDIT [BML-303]
INTRODUCTION OUTCOMES
This course deals with m anagement of security of the systems, On com pletion of this course, students should be able to:
and is designed to focus on tools and techniques of  understand E-Business and E-Comm erce.
inform ation systems and application of knowledge to I.T.  learn m anagem ent of IS operations.
Audit.  learn basic data managem ent skill.
 understand management of auditing information
OBJECTIVE system.
To provide the students with a detailed knowledge of  dem onstrate an understanding of the com plexity of
Information System and I.T. Audit to enabling them to: managing security in electronic systems,
 design and develop information system to improve the  identify and assess the critical threats to information
performance of organisations, and systems,
 apply conceptual approach of information systems to I.T.  perform prelim inary security audit of information
Audit. systems and apply skills to a security incident, and
 apply the m ost effective inform ation systems audit,
control and security practices.
INDICATIVE GRID
PART SYLLABUS CONTENT AREA WEIGHTAGE
INFORMATION SYSTEMS
1. Emerging Technology in E-Business
A 2. Infrastructure and Operations 50%
3. Information and Databases
4. Systems Acquisition / Development Process
IT A UD IT
5. The Process of Auditing Information System
6. Governance and Management of IT
B 7. Auditing Infrastructure and Operations 50%
8. Auditing Systems Acquisition / Development Process
9. Information Security Managem ent
10. Business Continuity and Disaster Recovery
TO TA L 100%
Note: The weightage shown against each section indicates, study time required for the topics in that section. This weightage does not
necessarily specify the number of m arks to be allocated to that section in the examination.
CONTENTS 3. Information and Databases

 What is a data-base
PART – A
 Data modelling
INFORMATION SYSTEMS
 Types of data-bases
1. Emerging Technology in E-Business  The roles of a data-base m anagem ent system
 E-Business and E-Commerce;  Data as a resource
 E-Business Models (B2B, B2C, B2E, B2G, G2C &  Importance of models& ERD
C2C,E2E)  Database access techniques
 E-Comm erce Architecture, and Risks  Inform ation systems categories
 Advantages and disadvantages of E-Comm erce for  Office autom ation systems
Businesses  Communication systems
 EDI (definition, com ponent ,advantages and  Transaction processing systems
disadvantage)  Decision support system
 E-Business Software (SCM, ERP & CRM) (definition,  Management information system
component, advantages and disadvantage)  Executive Information system
 Enterprise systems
2. Infrastructure and Operations  Lim itation
 Management of IS Operations  Uses of information systems Categories
 IT Service Management  DSS categories
 Change Managem ent Process
 Com puter Hardware Components and Architectures 4. System Acquisition / Development Process
 Capacity Managem ent  Approach(Waterfall, spiral, interactive, prototyping)
 Problem management  Phase of SDLC (Investigation and feasibility study)
 Operating Systems  Requirem ent Analysis and initial Design
 Network Architecture (LAN, WAN & Wireless)  Detailed design specification / documentation
 LAN , WAN & wireless devices  System installation / implementation &
 OSI layers maintenance
 Network Media  Project M anagement
 Data managem ent and m onitoring  Project Planning
 Project Control Methods and Standards
Re-align Syllabus 2012 1 ICMA Pakistan

PART – B 8. Auditing Systems Acquisition / Development process
I.T. AUDIT  Risk of inadequate system developm ent life cycle
(SDLC) and review of developm ent procedures and
5. The Process of Auditing Information Systems
methodologies
 Audit M ission and Planning
 Review of acquisition process for outsourcing
 Role and responsibilities of Internal, external and IT
 information system m aintenance practices
Auditors,
 Change management
 Risk Assessm ent and Analysis
 library control software
 Risk based Audit Approach
 Review of the practice of project m anagement tools
 Com pliance and substantive testing
and techniques.
 Internal Controls and their types, objectives and
procedures.
9. Information Security Management
 Performing an IT audit
 Importance of Inform ation Security M anagement
 CAATs
 Understanding of Facilities (Data centres,
 Control self assessm ent.
outsourced facilities, Storage, m edia libraries,
backup vaults, UPS & Disaster recovery sites)
6. Governance and Management of I.T
 Antivirus Software Im plem entation Strategies
 Corporate and IT Governance
 Program and Data security techniques,
 IT Governance Frameworks
 Monitoring and surveillance techniques
 Roles and Responsibilities of Senior Management,
 Environment Controls
Steering Comm ittee & Chief Information Officer
 Sm oke detectors
 Policies and Procedures
 FIRE Suppression Access management controls
 Human Resource Managem ent
 Physical design and access controls
 Sourcing Practices
 Logical Access controls (user authorization matrix &
 Change Managem ent
Password managements / password change
 IS Roles and Responsibilities
procedures)
 Segregation of duties and Controls within IS.
 Network security (encryption, firewalls), (,and
 Auditing IT Governance, Structure and
Humidity / Temperature)
Implementations.
 Media Sanitization
 Auditing Information Security Managem ent
7. Auditing Infrastructure and Operations
 Hardware review
10. Business Continuity and Disaster Recovery
 Operating Systems Reviews
 Defining a Disaster
 Database, local area network, network operating,
 BCP and DRP
control and inform ation system operations reviews
 BCP Process
 Lights-Out Operations
 Business Continuity Policy and Planning
 Application controls and their objectives
 Incident Managem ent
 File creation;
 Business Impact Analysis
 Data Conversion
 Developm ent of BCP
 Input and output
 I ns ur a nc e
 Problem management reporting reviews
 Plan Testing
 Hardware availability
 Auditing Business Continuity.
 Utilizing reporting and scheduling reviews.
TEACHING METHODOLOGY: The faculty is advised to teach the topics in the mode of case studies based on knowledge and
application with practical approach.
RECOMMENDED BOOKS
CORE READINGS
TITL E A UTH O R PUBLISHER
Information Systems: The Foundation of E-
Steven Alter Prentice Hall / Pearson / Financial Times
Business
Decision M odelling with Microsoft Excel Jeffrey H. Moore / Larry R. Weatherford Prentice Hall / Pearson / Financial Times
Inform ation Systems Audit and Control
CISA Review Manual C IS A
Associations, Inc.
ADDITIONAL READINGS
Introduction to Information System James O’ Brien McGraw-Hill
Practical IT Auditing Jack Cham plain Warren Gorham & Lamont RIA Group
Re-align Syllabus 2012 2 ICMA Pakistan

MODEL PAPER
ICMA. INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

SEMESTER- 3
Pakistan
Time Allowed: 02 Hours 40 Minutes Maximum Marks: 80 Roll No.:
(i) Attempt all questions.

(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(vii) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.1 First question (MCQs Part) comprises 20 MCQs of one (1) mark each to be attempted in
20 minutes.
Q.2 Read the following CASE carefully and answer the questions given below:
CASE
Megaton Corporation is a large industrial concern that has a complex network infrastructure
with multiple local area and wide area networks that connects Megaton headquarter with its
national and international offices. There is an Intranet site that is accessed only by
employees to share work-related information. An Internet EDI site is also available that is
accessed by customers and suppliers to place orders and check status of the orders. Both
sites have both open areas and sections containing private information that requires an ID
and password to access. User IDs and passwords are assigned by the central security
administrator. The wide area networks are based on a variety of WAN technologies
including frame relay, ATM, ISDN, and T1/T3. These network carry unencrypted, non-
sensitive information that are sent to international offices of Megaton but do not include any
customer identifiable information. Traffic over the network involves a mixture of protocols, as
a number of legacy systems are still in use. All sensitive network traffic traversing the
Internet is first encrypted prior to being sent. A number of devices also utilize Bluetooth to
transmit data between PDAs and laptop computers. A new firewall has been installed and
patch management is now controlled by a centralized mechanism for pushing patches out to
all servers. Firewall policy did not allow any external access to the internal systems. Various
database-driven Internet applications are in use and many have been upgraded to take
advantage of newer technologies. Additionally, an intrusion detection system has been
added, and reports produced by this system are monitored on a daily basis. Megaton
headquarter also maintains a data center consists of 15,000 square feet (1,395 square
meters). The access to data centre is controlled by a card reader and cameras monitoring
the entrance. Recently, Megaton has actively started supporting the use of notebook
computers by its staff so they can use them when travelling and when working from home.
In this regard Megaton desires that they can access the company databases and provide
online information to customers. A large organization-wide ERP software implementation
project is also under consideration. Megaton decided to buy a commercial off-the-shelf ERP
package and then customize it to fit their needs. Though Megaton was not in a hurry to
implement the project but sizeable customizations of ERP were anticipated. The last IS
audit was performed more than five years ago. The current business continuity and disaster
recovery plans have not been updated in more than eight years. During this time Megaton
has grown by over 300 percent. At the headquarters alone, there are approximately 750
employees. The IS auditor has been asked to evaluate the current environment and make
recommendations for improvement.
PTO
1 of 2 ISITA/Model-Paper
MARKS
Questions:
a. What possible risks can be involved with the use of EDI system at Megaton? 08
b. What would be the most serious concerns regarding the wide area networks at 06
Megaton?
c. Many issues are involved when a company stores and exchanges the confidential 05
customer information over the network. What could some of the significant issues to
address if the information exchange between Megaton headquarter and its
international offices include personally identifiable customer information?
d. What role top management of Megaton can play for better IT governance? 05
e. Suggest some controls to strengthen the security of Data Centre at Megaton. 03
f. Based on the information given in the case, what would you recommend to Megaton 03
for preparing their disaster recovery plan?
Q.3 (a) ‘Capacity management’ is the planning and monitoring of computing and network 08
resources to ensure that the available resources are used efficiently and effectively. The
capacity plan should be developed based on input from both user and IS management
to ensure that business goals are achieved in the most efficient and effective way.
Discuss some types of information required for successful capacity planning.
(b) A database is a collection of information that is organized so that it can easily be 06

accessed, managed, and updated. List properties of three major types of database
structure: hierarchical, network and relational.
Q.4 (a) To develop an information system, the organization can either outsource the system 06
development or rely on its people. What are some of the risk involved when system
development is done by the end-users of an information system?
(b) E-commerce is a positive development for both business and individuals as it has made 06
transactions more convenient and efficient. E-commerce involves no physical interaction
between buyers and sellers and such virtual transactions have many associated risks.
Explain some of these risks and their mitigation strategies.
Q.5 (a) The acquisition of right hardware and software resources for organization is a complex 06
issue that requires careful planning. What are some of the issues involved in acquiring
hardware and software for an information system and the steps involved in the selection
of a computer system?
(b) An important objective of the IS auditor is to ensure that organization provides adequate 06
segregation of duties within the information system management structure. What are
some of the duties and responsibilities of the IS auditor to achieve this objective?
Q.6 (a) While performing IS audit of an organization, IS auditor needs to carefully examine 06
various IS controls implemented by the organization. What are some techniques IS
auditor can use to evaluate the application controls implemented in an information
system.
(b) An organization can hold a variety of sensitive information such as financial results, and 06
business plans for the year ahead. As more and more of this information is stored and
processed electronically and transmitted across company networks or the internet, the
risk of unauthorized access increases. What are some basic types of Information
Protection that an organization can use to minimize this risk?
THE END
2 of 2 ISITA/Model-Paper
INFORMATION SYSTEMS AND I.T. AUDIT (BML-303)
ICMA. SEMESTER-3
FALL 2014 EXAMINATIONS
Pakistan Thursday, the 5th March 2015

(iii) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(iv) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
(v) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(vi) Question No. 1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
MARKS
Q. 2 (a) Xeon Limited is a large multinational Bank. It has recently received license to operate 08
banking business in Pakistan. The management of the bank has decided to develop its
own banking software and recently they have awarded a software development contract
to a local software consulting company. While project kicked off, the project manager
who had been assigned on this project; applied his own software development
methodology instead of internationally recognized Software Development Life Cycle
(SDLC).
The bank has deputed you on this project as IS auditor. As job responsibility, you are
required to identify risks associated with non-compliance of international standards for
software development methodology that has not been adopted by project manager.
List down at least four potential risks and suggested controls that may expose due to
incorporation of non-standard software development methodology.
(b) Audit risk is the risk of information or financial report that may contain material error or 08
IS auditor may not detect an error that has occurred. Explain in brief how would you
categorize audit risks?
Q. 3 (a) You are an IS auditor of Glorious (Private) Limited, a large accounting firm. As part of 13
human resource development plan, Glorious recently arranged overseas training of
Computer-Assisted- Audit-Techniques (CAATs) for its IS audit team. You were one of
the team members who travelled for CAATs training. When you resumed office after
successful completion of training, the senior management of Glorious asked you to
transfer CAATs knowledge to its IS Audit team members.
In order to conduct knowledge transfer session, you are required to develop a
presentation that should include:
i) Applications of CAATs (At least five)
ii) four advantages and four disadvantages of CAATs (At least four of each)
Describe the important points in brief.
(b) Lincoin Limited is a group of companies has branch offices in all major cities of 05
Pakistan. Lincoin Limited has good IT infrastructure all over its branches. Its data
processing facilities are highly sophisticated and running number of software
applications. A few months ago Lincoin’s IT facilities had shutdown for two weeks due
to unforeseen application server’s disaster that caused significant losses in business
since timely information was not available for decision making. The IT business
continuity plan (BCP) was in place but it did not recover the business applications
successfully as expected while applied in disaster recovery events. Due to
ineffectiveness of BCP, the management of Lincoin has decided to get it reviewed by an
external IS auditor.
State at least ten basic elements that should be verified by IS auditor while reviewing
BCP.
ISITA-Mar.2015 1 of 2 PTO
MARKS
Q. 4 (a) There are various project management techniques and tools available to assist project 12
manager in software development process. In current revolutionary age of information
technology, Agile project management process is considered highly successful.
Describe in brief the Agile project management method with at-least 10 Agile principles
that support project teams in implementing Agile project management method.
(b) Wolex Enterprises is a large distribution company dealing in life saving drugs. Currently 08
they have very small distribution network, however, the management intends to launch
its operation in all major cities of the country. Wolex operation’s feasibility team is in
consultation with various firms engaged in developing the infrastructure facilities and
recruiting the work force. However, outsourcing option for IT support services is also
under consideration.
You as a senior member of Wolex feasibility team; required to come-up with four
benefits and four limitations that support outsourcing proposal.
Q. 5 (a) A database is a collection of information of structured data organized in rows and 08

columns. The usage of database has various significant strengths such as:
 reduced data redundancy
 improved data integrity
 allows data sharing
 reduced development time
Explain each of the strengths as indicated above.
(b) Symbol Electronics Limited is a medium sized manufacturing company involved in 08

assembling and exporting domestic electronic goods. During last year, SEL had incurred
significant losses on several large export consignments due to three weeks over
scheduled shipments. Upon investigation by the internal IS Audit team, the production
manager of SEL held the suppliers responsible for not delivering the raw material on
time, while the suppliers were of the view that the delivery lead time was not considered
by SEL procurement department when raw material orders were placed. In order to
overcome the issue of delayed acquisition of raw material, the management of SEL has
decided to adopt Business-to-Business (B2B) model.
You, as a head of Information Technology of SEL, briefly explain B2B model and specify
its key characteristics. State advantages and disadvantages of B2B model.
THE END
ISITA-Mar.2015 2 of 2
ICMA. SEMESTER- 3
SPRING (AUGUST) 2014 EXAMINATIONS
Pakistan Thursday, the 21st August 2014

(iii) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(v) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
(vi) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.2 (a) Enterprise Resource Planning (ERP) is an industry term for integrated, multi-mode 09
application software packages that are designed and support multiple business
functions. Due to importance and effective operational needs, an automobile
manufacturing industry management plans to implement ERP system in order to
integrate its different departmental functions. Briefly explain different implementation
phases of ERP system. Discuss benefits achieved to the company by effectively
implementing ERP system in organization.
(b) Recent research shows that most of the time approx 80% CPU of computer system 05
remains in idle state. Operating system is a resource manager and optimize the CPU
resources. Discuss different classes of operating system.
Q.3 (a) A Decision Support System (DSS) is an interactive information system that provides 10
information, models and data manipulation tools to help make decisions in semi-
structured and unstructured situations. Discuss eight important techniques used in
decision making in Decision Support System (DSS).
(b) MIS system has been deployed in an organization and has advertised Data Base 06
Administrator (DBA), Project manager and application developer jobs in leading
newspaper to fulfil its vacant positions. Discuss role and job description of each post to
effectively implement and manage MIS system in organization.
Q.4 (a) A multinational bank has established a data center in its head office. 50 Terabyte 10
capacity Storage Area Network (SAN), Blade server, CISCO router and PIX firewalls
have been deployed in network infrastructure of data center. Proper environment and
physical controls can ensure equipment reliability as per manufacturer like IBM &
CISCO recommendations in equipments data sheets, which can reduce risk of any
downtime. The management of the bank has engaged an IT auditor for LAN and
Network operating review. Consider yourself as an IT Auditor, highlight the minimum six
requirements related to organization LAN and Network operating review.
(b) Due to revolution in networks technology, wireless security provide prevention of 06

unauthorized access or damage to computers using wireless networks. Discuss three
principal ways to secure wireless networks.
PTO
1 of 2 ISITA/August-2014
MARKS
Q.5 (a) Students of XYZ University have developed mobile applications and have advertised on 09
university web site. To promote this product through e-commerce activity they need a
merchant account. Discuss need and requirement of merchant account in our country
to promote e-commerce business activities. Elaborate six different payment methods
used in e-commerce business?
(b) For all customers, partners, resellers, and distributors who hold valid Cisco service 07
contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical
assistance. The Cisco Technical Support Website provides online documents and tools
for troubleshooting and resolving technical issues with Cisco products and technologies.
M/s UNICOM network manager has decided to upgrade its CISCO12000 series router
as per CISCO TAC (Technical assistant support center) recommendation. Change
management procedure is used when changing hardware, upgrading operating system
and configuring various network devices. Discuss effects of proper procedures/ SOPs
followed and deployed during this migration process.
Q.6 (a) Most business continuity tests fall short of a full-scale test to all operational portion of 09
the corporation. The test should address all critical components and simulate actual
prime-time processing conditions. Discuss different tasks to be accomplished by
‘Continuity Plan Testing’? Explain five test phases that should be completed to perform
full testing.
(b) Software development practitioners have developed alternative development strategies 09

to reduce development time, maintenance costs or to improve the quality of software.
Compare advantages and disadvantages of waterfall model, spiral model and
prototyping models used in software development methodologies.
THE END
2 of 2 ISITA/August-2014
EXTRA ATTEMPT, MAY 2014 EXAMINATIONS
ICMA. Saturday, the 24th May 2014

Pakistan SEMESTER- 3

MARKS
Q.2 (a) A traditional system development life cycle (SDLC) approach is made up of a number of 12
distinct phases, each with a defined set of activities and outcomes. Identify the phases
and discuss in detail the purpose of each phase and the general activities performed by
each phase.
(b) Assume that you are helping an IT manager of a supermarket in managing databases. 06
What different methods of accessing data you will use for their databases?
Q.3 (a) Discuss the various types of E-commerce models. E-commerce highly depends on the 09
existence of a level of trust between two parties to avoid risk factor. State the most
important elements of risk in E-commerce.
(b) Wireless transmission does not need a fixed physical connection because it sends 06
signals through air or space. Discuss the four common types of wireless transmissions
with their applications’ differences in scale and complexity.
Q.4 (a) Outsourcing is one of the business practices and strategies of organizations to reduce 08
operational cost and concentrate on its core business areas. Cloud computing is one of
the techniques of outsourcing. Elaborate different cloud computing service models.
Discuss the advantages, disadvantages and business risks related to outsourcing.
(b) Adequate planning is necessary in performing effective IS audit. Discuss the various 08
types of audits, internally or externally, and the audit procedures associated with each
audit that an IS auditor should understand.
Q.5 (a) Disaster recovery planning “DRP” is a continuous process. When the normal production 10
facilities become unavailable, the business may utilize alternate facilities to sustain
critical processing until the primary facilities can be restored. Discuss the most common
recovery alternatives in detail.
(b) You have been assigned to audit a multinational company having its offices around the 09
globe. Discus the areas of IS auditing which should be kept in mind while performing
audit of any global presence company.
PTO
1 of 2 ISITA/May-2014
MARKS
Q.6 The most critical factor in protecting information assets and privacy is laying the 12
foundation for effective information security management. Identify and discuss at least
six key elements of information security management system.
THE END
2 of 2 ISITA/May-2014
FALL 2013 (FEBRUARY 2014) EXAMINATIONS
ICMA. Saturday, the 22nd February 2014


MARKS
Q.2 (a) Most of the business information systems are based on databases. In fact web is not a 09
database, however, it illustrates the capabilities of hypermedia databases. Discuss
features of hypermedia database. Also write difference between searching required
information using a traditional database and using World Wide Web metaphor.
(b) The expert system makes sure that important factors of event have not been ignored 08
and provide information that helps the person make a good decision. Differentiate with
the help of an appropriate example between forward chaining and backward chaining
logics used by expert system.
Q.3 (a) PeopleSoft ERP system of XYZ Courier Company has been crashed. Data backup is 09
key preventative measures .It ensures that the critical activities of an organization are
not interrupted in the event of disaster. Discuss different types of disk-based back up
system and criteria for choosing different types of back up devices and media for early
restoration of data.
(b) One of the most interesting market mechanism in e-commerce is electronic auction 08
which used B2C,B2B, C2B, G2B and G2C business models. Differentiate between
forward and reversed e-auction with examples. Also discuss the role of broker and
barter in e-marketplace.
Q.4 (a) To ensure high level of computer hardware and network availability, XYZ Company has 09
signed service maintenance contract including spare parts with IBM local vendor for
Information system support and maintenance work. The hardware maintenance
program is designed to document the performance of hardware maintenance. Discuss
mandatory information, which should be maintained in hardware maintenance program.
Also elaborate typical procedures and reports for monitoring the effective and efficient
use of hardware.
(b) A project team with participation by technical support staff and key users should be 07
created to write a request for proposal (RFP). Elaborate seven different areas which
should be included in this or any RFP document contents.
PTO
1 of 2 ISITA/Feb-2014
MARKS
Q.5 (a) An IT audit firm is planning for its critical data migration from old FOXPRO database 10
system to new Oracle 9i database system. This large-scale data conversion becomes a
project within a project. Discuss necessary steps for a successful data conversion
process.
(b) Remote access is a common technique to monitor and configure network devices using 08
Telnet and others utility software’s. Discuss different remote access connectivity’s
methods. How can an organization implement remote access security to avoid any
chances of access to company’s intranet by any intruder, cracker, or hacker?
Q.6 Why organizations need Transaction Processing System (TPS), Management 12

Information System (MIS) and Executive Information System (EIS)? How management
Information system (MIS) emerged partly as a response to the shortcoming of the first
computerized transaction processing system? Similarly Executive Information system
(EIS) attempts to take over the short falls of traditional MIS approach. Elaborate this
revolution in Information system. Do MIS and EIS really solve manager’s problem?
THE END
2 of 2 ISITA/Feb-2014
EXTRA ATTEMPT, NOVEMBER 2013 EXAMINATIONS
Tuesday, the 26th November 2013
ICMA. INFORMATION SYSTEMS AND
I.T. AUDIT – (ML-303)

MARKS
SECTION – “A”
Q.2 (a) Modern E-commerce architectures consist of a variety of complex integrated 06
components. Explain four significant components of e-commerce architecture.
(b) E-businesses use a variety of computer hardware architectures. These computers are 09
used both at client and service provider end. Explain any three types of computers
based on their processing power, size, and architecture.
Q.3 (a) There are three major forms of organizational alignment for project management 06
within a business organization. Discuss each.
(b) Problem management is one of the key functions of information system operations. 09
Discuss three important duties of IS manager with respect to the problem
management function.
Q.4 (a) Information system development may involve developing a new system or modifying 05
the existing one. In either case, IS management is required to prepare various types of
feasibility studies. What are the five important functions of IS auditor while analyzing
these feasibility studies?
(b) There exists a variety of models of databases used in information systems today. 10
Explain any five key features of network database model and relational database
model.
SECTION – “B”
Q.5 (a) A risk-based audit approach is usually adopted to develop and improve the continuous 10
IS audit process. Explain five stages of risk-based audit approach.
(b) Steering Committees play a strategic role in information systems management and 05
ensure that IS department is in harmony with the corporate mission and objectives.
List five primary functions performed by the Steering Committee.
PTO
1 of 2 ISITA/E-Attempt.2013
MARKS
Q.6 (a) Data conversion is a significant activity in information system development life cycle. 05
Explain five significant points to be considered in a data conversion project.
(b) System development life cycle (SDLC) approach doesn’t guarantee successful 06
completion of IS development project. This involves a magnitude of risk that needs to
be controlled. Explain six responsibilities of IS auditor to control risks of inadequate
system development life cycle.
Q.7 (a) Firewalls generally act as a first line of defence in securing corporate internal networks 09
from external threats. List six general features of firewalls. Also list three problems
faced by organizations after implementing firewalls.
(b) The IS processing insurance policy is usually a multi-tiered policy designed to provide 10
various types of IS risk coverage. Explain five types of coverage provided in IS
processing insurance policy.
THE END
2 of 2 ISITA/E-Attempt.2013
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Fall 2012 (February 2013) Examinations

Saturday, the 23rd February 2013
INFORMATION SYSTEMS & I.T. AUDIT – (ML-303)

SEMESTER - 3
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 90 Roll No.:
(i) Attempt ALL questions.

presentation and language.
(vii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What do you understand by ‘Data Integrity Testing’? A multinational stock exchange 07
company uses online multi-user transaction processing system controlled by Oracle
DBMS. Discuss properties of ACID principle used in this online Oracle based transaction
processing system.
(b) Discuss importance of Customer Relationship Management (CRM) to meet expectations 08

of customers. Distinguish between Operational and Analytical CRM.
Q. 3 (a) ‘Modern operating system provides virtualization features’. Elaborate the statement. ABC 06
Company is planning to reduce its operational cost by implementing virtualization
solution. Compare advantages and disadvantages of this solution.
(b) Moving data in a batch transmission process through the traditional Electronic Data 09
Interchange (EDI) process involves three functions within each trading partner’s computer
system. Enlist and briefly explain these functions used in traditional EDI process.
Q. 4 (a) Software development organizations implement process methodologies. Discuss 07

features of waterfall and spiral models. How spiral model is supportive in risk
management?
(b) A multinational bank is establishing its different branches all over the country. These will 08
be integrated through WAN. Discuss different WAN technologies alongwith their features
to provide point to point secure connectivity of all its branches to bank’s Head Office.
(any eight)
PTO
1 of 2 ISITA/February.2013
MARKS
SECTION – “B”
Q. 5 (a) ‘Encryption’ is the need of today’s e-business. Discuss why Symmetric Encryption is 08
used for Data Encryption and Asymmetric Encryption is used in Key exchange
mechanism. If an individual wants to send messages using a public key cryptographic
system, how does s/he distribute the public key in secure way?
(b) The changing technological infrastructure requires specific reviews of hardware, 06

operating systems, IS operations, databases and networks. As an IS auditor, discuss
main areas which need to be reviewed related to hardware.
Q. 6 (a) ‘Policies and procedures’ reflect management guidance in developing controls over 06
information systems. IS auditors should use policy as a benchmark for compliance.
Discuss main features of information security policy document. How IS auditor can
ensure Acceptable Internet Usage Policy?
(b) How CAAT helps IS auditor in gathering information from hardware and software 09
environment. Generalized audit software (GAS) is a main tool used in CAAT. Discuss
different functions supported by GAS.
Q. 7 (a) There are various reasons to create Access Control Lists (ACLs). Discuss. How can 08
network administrator secure network by implementing extended ACL’s on company
router interface?
(b) Discuss the process of developing and maintaining an appropriate ‘Business Continuity 08
Plan’. Explain what are the major tasks involved when an IS auditor is evaluating the
suitability of business continuity plan.
THE END
2 of 2 ISITA/February.2013
Spring (August) 2012 Examinations

Thursday, the 30th August 2012
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

STAGE-6

(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(viii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What are five major components of an idealized expert system? Expert system logic 10
combines forward chaining and backward chaining. Explain
(b) Distinguish between data base and data modeling. Give an example through illustrating 05
basic entity-relationship diagram tool for data modeling.
Q. 3 (a) The systems in organisations are built and maintained in terms of four phases. Illustrate 08
these phases. Also list out the common reasons of project failure for each phase.
(b) Define ‘Business Intelligence (BI)’. Identify its area of application. Three main factors 06
have been responsible for increasing use of BI as a distinct field of IT. Explain these
factors.
SECTION – “B”
Q.4 (a) ‘Testing’ is an essential part of the development process. Discuss testing and the 08
elements of a software testing process. Enlist various types of testing.
(b) A large-scale data conversion requires considerable analysis, design and planning. 06
Discuss the necessary steps for a successful data conversion.
PTO
ISITA/August.2012 1 of 2
MARKS
Q.5 (a) A recovery strategy indentifies the best way to recover a system (one or many) in case of 07
interruption including disaster, and provides guidance for developing recovery
alternatives. There are different strategies and recovery alternatives available. Explain
the most common recovery alternatives.
(b) General controls apply to all areas of the organization including IT infrastructure and 06
support services. Discuss.
THE END
ISITA/August.2012 2 of 2
New Fall (E) 2011, April 2012 Examinations

Thursday, the 19th April 2012

STAGE-6

MARKS
SECTION – “A”
Q. 2 (a) Information technology and information systems are powerful and valuable tools for 06
individuals, and organizations. Identify and briefly discuss the obstacles and real world
limitations that have slowed the pace of implementation for IT-based innovation.
(b) The Principle-Based Systems Analysis (PBSA) method is an approach to improve a work 06
system. PBSA converts the four steps of systems analysis into three steps that can be
pursued in a situation. Briefly discuss these three steps.
Q. 3 (a) There are four system approaches of system life cycles, each involving different 04
processes and helps in deciding what method is appropriate for a particular situation.
Discuss four system life cycles approaches.
(b) The four main factors related to information usefulness are information quality, 08
accessibility, presentation and security. Briefly discuss them.
(c) Briefly discuss the four aspects of the convergence of computing and communications. 04
SECTION – “B”
Q. 4 (a) An IS department can be structured in different ways and IS auditor should determine 06
whether the job description and structure are adequate. Briefly discuss the IS roles and
responsibilities reviewed by an IS auditor related to the following:
i) Media Management
ii) System Administration
iii) Security Administration
iv) Quality Assurance
v) Database Administration
vi) Network Administrators
PTO
1 of 2 ISITA/April.2012
MARKS
(b) Discuss the policies and procedures that reflect management guidance and direction in 08
developing controls over information system. Explain the key points contained by the
information security policy document.
Q. 5 (a) The IS auditor should be familiar with the different types of sampling techniques and its 08
usage. Briefly touch upon two general approaches to audit sampling. Identify the
statistical sampling terms need to be understood while performing variable sampling.
(b) Discuss the various roles and responsibilities of groups/individuals that may be involved 06
in the development process of a project management structure.
THE END
2 of 2 ISITA/April.2012
Winter (November) 2011 Examinations

Monday, the 21st November 2011

STAGE-6

(viii) Appearing in Project, Presentation and Practical parts of the paper is compulsory.
(ix) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What is an information system plan? 04
(b) Why do users and managers have to participate in information system planning and 04
development?
(c) Modern electronic communication systems capabilities help people work together by 06
exchanging or sharing information in many different forms. Discuss six main tools of
modern electronic communication systems being used in present environment.
Q. 3 (a) Identify and explain five product performance variables used to evaluate any stage in the 05
customer experience.
(b) Discuss common roles of information systems in improving the product of a work system. 04
(c) What is the difference between efficiency and effectiveness, and how is this related to 05
the work system framework?
SECTION – “B”
Q.4 (a) Explain the term ‘Risk Management’ and the prerequisite of developing a risk 05
management program.
(b) Discuss the three methods used for ‘risk analysis’. 03
(c) ‘Changeover technique’ refers to shift users from existing (old) system to the new 06
system. This technique can be achieved in three different ways. Discuss these in detail.
PTO
1 of 2
MARKS
Q.5 (a) The IS audit process must continually change to keep pace with innovation in 08
technology. Explain the three evoking changes in IS audit process including automated
work papers, integrated auditing and continuous auditing.
(b) Discuss the impact of laws and regulations on IS audit planning. 06
THE END
2 of 2
Summer (May) 2011 Examinations

Thursday, the 26th May 2011

STAGE-6

MARKS
SECTION – “A”
Q. 2 (a) Information systems are the tools for decision-making. Each type of information system 6
supports both communication and decision-making in a number of ways. Explain in detail
system types and its impact on communication and decision-making.
(b) (i) Define each of the process performance variables. Describe how an information 5
system can improve performance related to each of these variables?
(ii) What are the phases of building and maintaining a system? 5
Q. 3 (a) A computer system finds stored data either by knowing its exact location or by searching 6
for the data. Different DBMSs contain different internal methods for storing and retrieving
data. Explain sequential access, direct access, and indexed access methods for
accessing data in a computer system.
(b) Define each of the five levels of integration. What kinds of problems sometimes result 6
from tight integration?
SECTION – “B”
Q. 4 (a) IS auditors’ conclusions must be based on sufficient, relevant and competent evidence. 5
Explain. Enumerate the determinants for evaluating the reliability of audit evidence.
(b) What are the project phases of physical architecture analysis? Explain. Different project 6
phases are involved in planning the implementation of infrastructure. Discuss each
phase.
PTO
1 of 2
MARKS
Q. 5 (a) Control self assessment (CSA) is a management technique. Illustrate. What are the 6
objectives of CSA? Highlight benefits and disadvantages of CSA.
(b) (i) Testing is an essential part of the development process. An IS auditor plays a 6
preventive role in the testing process. Enumerate the elements of a software testing
process. Also explain the classifications of testing.
(ii) Contrast corporate governance and I.T Governance. Explain the role of audit in IT 5
Governance.
THE END
2 of 2
Fall (Winter) 2010 Examinations

Sunday, the 28th November 2010

STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56

MARKS
SECTION – “A”
Q. 2 (a) (i) “Computer hardware owned and managed within a corporation can exist at any or 04
all of the following levels: corporate headquarters, regional processing centers,
workgroup processors and individual work stations.” Briefly elaborate.
(ii) What is the difference between centralized and decentralized approaches? How an 05
intermediate situation can be different from them, the two extreme modes?
(b) How can Principle-based system analysis (PBSA) be applied to work systems, 05
information systems and projects?
Q. 3 (a) An experienced manager who worked for the last 30 years, and gradually moved from
management trainee to the top executive position, is about to retire from his position. The
company has a greater reliance on the expertise of this senior executive and considers
him as the hub of tacit knowledge. An information technology expert of the company
suggested that the core knowledge of the experienced manager along with the tacit
knowledge related to vast and diverse experience can be captured and utilized efficiently
through “expert system”. The CEO asked the IT specialist to justify his idea and
elaborate it to the board.
Required:
What is an Expert System? Discuss the building blocks of an Expert System. 09
(b) Intellectual property is different from other forms of property therefore requires a different 05
form of protection laws. Define intellectual property and differentiate it from other
copyright laws.
SECTION – “B”
Q. 4 (a) Describe the phases involved in System Development Life Cycle (SDLC). 06
(b) There are three elements or dimensions of a project that should always be taken into 03
account. Explain.
PTO
1 of 2
MARKS
(c) The IS auditor should understand the various types of audits that can be performed, 07
internally or externally, and the audit procedures. Explain classification of audits.
Q. 5 (a) An IS auditor plays a vital role in ascertaining the appropriateness of Business Continuity 04
Planning (BCP) and Disaster Recovery Planning (DRP). Explain what are the tasks
involved when IS auditor evaluating the suitability of business continuity?
(b) What crucial factors are to be considered when reviewing the BCP? 04
(c) How emergency procedures can be ensured during the evaluation of DRP? 04
THE END
2 of 2
Spring (Summer) 2010 Examinations

Thursday, the 20th May 2010

STAGE-6

SECTION – “A” MARKS

Q.2 (a) Customers think about product performance in terms of variety of performance 07
variables. Identify product performance variables that can be used to evaluate any stage
in customer experience. Also illustrate typical performance measures for each variable
and common ways information systems are used to improve the product.
(b) Neural network is an offshoot of artificial Intelligence. It is an attempt to model human

brain.
(i) Explain the term ‘neural network’. 02
(ii) How does it operate? Explain the procedure. 03
(iii) Give any two real-life examples where neural network is applied. 02
Q.3 (a) ABC Corporation has its office in a multistoried building. Its various departments are 07
spread over different floors in the same building. The physical security of the IT
infrastructure like computers, peripherals, and network devices is up to the mark;
however, the CTO is concerned about “controlling access to data.” Assume that CTO of
the company has hired you to address this issue. Prepare an account of ‘control
techniques’ including manual data handling, access privilege, and data flow through
networks and other media.
(b) Electronic commerce (e-commerce), is one of the most popular e-business 07

implementations. What do you understand by e-commerce models? Discuss.
SECTION – “B”
Q.4 (a) After developing an audit program and gathering audit evidence, the next step is the
evaluation of the information gathered in order to develop an audit opinion. This
requires the IS auditor to consider a series of strengths and weaknesses and then
develop audit recommendations.
(i) How can an IS auditor assess the strengths and weaknesses of the evidence 03
gathered?
(ii) How can a control matrix be employed in this regard? 03
PTO
1 of 2
MARKS
(iii) What critical role the concept of materiality can play in shifting relevant 03
information for audit report?
(b) Today, telecommunication networks are the key to business processes in both large 05
and small organizations. However, organizations often do not give due priority to them
as data centers. What are the telecommunication network disaster recovery methods
and how can we protect a network by using these methods?
Q.5 (a) Generally, each IT platform that runs an application, supporting a critical business 07
function needs a recovery strategy. Discuss different alternative strategies in terms of
cost and relevant level of risk.
(b) “System maintenance practices refer primarily to the process of managing change to
application systems while maintaining the integrity of both the production source and
executable code.” In the light of this statement answer the following questions:
(i) Describe change management process. 03
(ii) How changes are deployed? 02
(iii) Why system documentation is important in change management process? 02
THE END
2 of 2

Thursday, the 19th November 2009

STAGE-6

(iv) Read the instructions printed on the top cover of answer script CAREFULLY before attempting the paper.
SECTION – “A” MARKS
Q.2 (a) Information systems are designed to support decision-making and management 08
performance in one way or another. Identify and explain each step involved in
decision-making process with the help of process flow diagram.
(b) How are social context and nonverbal communication important when 06
communication technologies are used?
Q.3 (a) Describe the main uses of high-level, fourth-generation, object-oriented, and web- 08
oriented programming languages and tools.
(b) Define the elements of a work system framework with the help of a diagram. 06
SECTION – “B”
Q.4 (a) IS auditors appreciate a well-managed IS department to achieve the organization’s 08

objectives. An effective IS department includes information systems management
practices such as personal management, sourcing and IT change management.
Explain these in detail.
(b) What are the typical physical access controls employed by different organizations 06
having sufficient IT assets and specific budgets allocated for their protection?
Q.5 (a) A medium-sized company is operating in a client-server environment to establish a link 06

with its several branches to the head office located in the same city. How can an IS
auditor ensure security of this client-server environment? Enumerate.
(b) Control Self-Assessment (CSA) can be defined as a management technique. 08

Explain. What are the benefits and disadvantages of CSA? Define IS auditor’s role in
implementation of CSA.
THE END
1 of 1
Spring (Summer) 2009 Examinations

Wednesday, the 20th May 2009
Stage-6

(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of
arguments, presentation and language.
(iv) Read the instructions printed on the top cover of answer script CAREFULLY before
attempting the paper.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a
project of 20 marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this
question paper.
MARKS
SECTION –“A”
Q.2 (a) The data communication provides the underpinning of network and electronic 07
commerce. Explain how the data transmits from one computer to another with
reference to OSI model?
(b) Information systems depend on software resources to help end-users use 07

computer hardware to transform data into information products. What are the
different types of such software resources? Explain each by illustrating various
examples.
Q.3 (a) Illustrate some benefits of using expert systems by different organizations. What 05
are the problems faced during the development and usage of an expert system?
(b) A software development life cycle (SDLC) is a logical process that ‘System 05
Analysts’ and ‘System Developers’ use to develop software packages. What is the
purpose of using SDLC? Explain different phases of SDLC.
(c) One of the tools of software development is prototyping. How does prototyping 04
help the software engineers in software development?
PTO
1 of 2
MARKS
SECTION –“B”
Q.4 (a) What are the typical categories of authentication? What is two-factor 07
authentication? Give an example. What are TOKEN based authentication devices?
Briefly describe their working. Which category of authentication they belong to and
how?
(b) Describe the significance for IS auditor to ensure that hiring and termination 07
procedures are clear and comprehensive. How an IS auditor can ensure whether
these procedures are being practiced?
Q.5 (a) Briefly describe how laws and regulations affect IS audit? How IS auditors would 05
perform to determine an organization’s level of compliance with external
requirements?
(b) How unnecessary system outages resulting from system configuration can be 05
controlled? How IS auditors can ensure that the appropriate controls are present in
this regard? How media controls address the media transportation, storage, reuse,
and disposal activities? Give media control example for each type of activity.
(c) What is contracting? Define different elements of a contract? What is the purpose 04
of these contracts besides third-party outsourcing?
THE END
2 of 2

Wednesday, the 19th November 2008
Stage-6

question paper.
MARKS
SECTION –“A”
Q.2 (a) With technology being getting advanced, purchasing over the internet has 10
become a norm. A successful e-commerce system must address many
stages consumers experience in the sales life cycle. Discuss the multi-stage
model for purchasing over the internet in detail with the help of illustration.
(b) There are number of challenges that must be overcome for a company to 4
convert its business processes from the traditional form to e-commerce
processes. Elaborate the challenges with examples.
Q.3 (a) How does enterprise software work? Name some business processes 4
supported by enterprise software. Why are enterprise systems difficult to
implement and use effectively? Name at least three (03) commonly known
popular ERP solution platforms.
(b) How have the value chain and competitive forces models changed as a 4
result of the internet and the emergence of digital firms? Briefly discuss.
PTO
1 of 2
MARKS
(c) There were few actions by major hardware and software vendors in the past 6
that initiated discussion about the need for consumers to be on guard to
protect their privacy. Describe and discuss at least two most important
cases in this regard.
SECTION –“B”
Q.4 (a) Why the test of Disaster Recovery and Business Continuity Planning is so 7
important? What are the important elements to be considered and what
tasks should be accomplished by such test?
(b) Why are digital signatures and digital certificates important for electronic 4
commerce? What are three major issues when a certificate is needed to be
revoked? Also describe a CRL.
(c) What are controls? Distinguish between general controls and application 3
controls.
Q.5 (a) It is a general belief that an IS auditor’s conclusions must be based on 5

sufficient, relevant and competent evidence. Elaborate the techniques for
gathering evidence.
(b) What is Artificial Intelligence System (AIS) and what are the major branches 9
of (AIS)? Discuss expert systems along with their capabilities and
characteristics limiting their current usefulness.
THE END
2 of 2
SPRING (SUMMER) 2008 EXAMINATIONS

Sunday, the 25th May, 2008
Stage-6

question paper.
Marks
SECTION –“A”
Q.2 (a) It is a fact that the majority of enterprises could not succeed without the 4
possession of data concerning their external environment and their internal
operations. How can the use of data flow diagrams aid enterprises through
the provision of better quality decision – making information?
(b) A system must pass the ACID test to be considered as a true transaction 5
processing system. What are the properties of ACID test?
(c) Fuzzy logic system deals with “approximate reasoning”. Does it make sense 5
to apply it to control systems? Why or why not?
Q.3 (a) The accuracy of the outcome of a cost-benefit analysis is dependent on how 6
accurately costs and benefits have been estimated. Inaccurate cost-benefit
analysis may be argued to be a substantial risk in planning, because
inaccuracies of the size documented are likely to lead to inefficient decisions.
What are the causes of inaccuracies in cost and benefit estimations?
PTO
1 of 2
Marks
(b) ABC Software Company has to develop a software automation system for a 4
local textile company with a very basic IT infrastructure. Is it a good idea to
develop prototype of the system before developing full – fledged system?
Discuss.
(c) The biggest concern with the biometric security is the fact that once a 4
fingerprint or any other biometric source has been compromised it is
compromised for life, because user can never change their fingerprints. Is this
concern valid? Discuss with reasoning.
SECTION –“B”
Q.4 (a) Describe automated evaluation techniques along with their complexity levels 7
applicable to continues online auditing. Also mention the circumstances under
which each type can be used.
(b) What are the physical and logical access points that need to be checked for 7
unauthorized exposures of critical IT assets?
Q.5 (a) Give details of active and passive attacks with two examples of each type? 4
(b) Why a proper configuration for firewalls is essential? 3
(c) Describe the purpose of library control software. 7
The End
2 of 2

Full IT Audit Workbook 2015

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Full IT Audit Workbook 2015

Uploaded by

Copyright:

Available Formats

Institute of Cost and Management

INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

Past Papers Included

Re-aligned Syllabus 2012

Students are advised to visit ICMA Pakistan website at

CONTENTS 3. Information and Databases

Re-align Syllabus 2012 1 ICMA Pakistan

Re-align Syllabus 2012 2 ICMA Pakistan

ICMA. INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

(i) Attempt all questions.

(b) A database is a collection of information that is organized so that it can easily be 06

Time Allowed: 02 Hours 30 Minutes Maximum Marks: 70 Roll No.:

(i) Attempt all questions.

Q. 5 (a) A database is a collection of information of structured data organized in rows and 08

(b) Symbol Electronics Limited is a medium sized manufacturing company involved in 08

Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:

(i) Attempt all questions.

(b) Due to revolution in networks technology, wireless security provide prevention of 06

(b) Software development practitioners have developed alternative development strategies 09

ICMA. Saturday, the 24th May 2014

INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:

(i) Attempt all questions.

ICMA. Saturday, the 22nd February 2014

INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)

Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:

(i) Attempt all questions.

Q.6 Why organizations need Transaction Processing System (TPS), Management 12

Time Allowed: 02 Hours 45 Minutes Maximum Marks: 90 Roll No.:

(i) Attempt all questions.

Fall 2012 (February 2013) Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (ML-303)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 90 Roll No.:

(i) Attempt ALL questions.

(b) Discuss importance of Customer Relationship Management (CRM) to meet expectations 08

Q. 4 (a) Software development organizations implement process methodologies. Discuss 07

(b) The changing technological infrastructure requires specific reviews of hardware, 06

Spring (August) 2012 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:

(i) Attempt ALL questions.

New Fall (E) 2011, April 2012 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:

(i) Attempt ALL questions.

Winter (November) 2011 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:

(i) Attempt ALL questions.

(b) Discuss the three methods used for ‘risk analysis’. 03

(b) Discuss the impact of laws and regulations on IS audit planning. 06

Summer (May) 2011 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:

(i) Attempt ALL questions.

(ii) What are the phases of building and maintaining a system? 5

Fall (Winter) 2010 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56

Spring (Summer) 2010 Examinations

INFORMATION SYSTEMS & I.T. AUDIT – (S-602)

Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56

SECTION – “A” MARKS

(b) Neural network is an offshoot of artificial Intelligence. It is an attempt to model human