Sunday, 29 December 2013

ISCA November - 2014 Amendments ( Major)


Hello Dear  ,

Please click on the below mentioned link to download the copy for Nov-14 Amendments :

https://drive.google.com/file/d/0B8VHj6UrN66vclJCNFJ4M2k0bFE/edit?usp=sharing

Password to open the file : praveenjain


Happy learning .
Yours - PJ :-) 

Wednesday, 13 November 2013

Tuesday, 22 October 2013

ISCA Nov 2013 - CA Final Model paper - 2

FINAL COURSE: GROUP II

PAPER 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.

 

1.       ABC Ltd. is a leading company engaged in the manufacturing of various automobile parts having its sales offices in various major cities of India. The company is facing the problems relating to its data management on real time basis in spite of having various stand-alone computerized systems. To overcome these problems, the company engaged a Technical Consultant to prepare a detailed report regarding the issues and their possible solutions. The consultant called a meeting of all the stakeholders and deliberated in-depth for various issues. Afterwards, he prepared a detailed report and submitted to the top management of the company. The key recommendation was to implement a real time ERP package, which equips the enterprise with necessary capabilities to integrate and synchronize the isolated functions into streamlined business processes in order to gain a competitive edge in the volatile business environment. In addition, the other major suggestion was to consider information security related issues on top priority while going to implement ERP package. He further suggested that the best practices of information security should be implemented right from the inception of the system, which will in turn provide a more secure system having capabilities like resistance, tolerance and recovery against any malicious event.

       Read the above carefully and answer the following:

a)     ‘Discuss ‘Big Bang’ and ‘Phased’ implementation techniques of ERP packages in brief.

b)     ‘What are various backup techniques? Which backup technique you will recommend and why?

c)      Moving forward how can ABC ltd, establish better information protection ?

d)     As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)

Question 2:

a)     COBIT 5  Enablers  (7 Marks)
b)     Limitations of MIS?  (5 Marks )
c)      Discuss various Boundary control techniques? (4 Marks)

 

Question 3

a)     Revocation of Digital signature certificates (6 Marks)

b)     Contents of SRS (System requirement specification)?  (6 Marks)
c)      Threats to computerized environment? (6 Marks)
Question 4
a)     Myths of ERP System? ( 3 Marks)

b)     ITIL as an IS Standard?  ( 5 Marks )

c)      Discuss various technical exposures wrt various issues relating to logical access control  ( 8 Marks)

Question 5
(a)   Discuss Alternate Processing facility arrangements? (5 Marks)
(b)   Discuss RAD approach along with its Strength and Weaknesses?  (7 Marks)
(c) Snap shot?   (4 Marks)

Question 6
(a)   Responsibility Allocation wrt Information Security Policy? (5 Marks)
(b)   Define the following:
·         Asset
·         Vulnerability
·         Countermeasure                ( 5 Marks)
(c)   What are the factors on which Information requirement depends? (6 Marks)

Question 7
Write short notes on any four of the following:  (4 x 4 = 16 M)
(a)  Business Modeling (4 Marks)
(b)   What is meant by PIR? How it is done? (4 Marks)
(c)   Objectives of Information security (4 Marks)
(d)   Protected System (Section 70 – ITAA 2008) ( 4 Marks)

(e)  4 Phases of ISMS (4 Marks)

ISCA Nov 2013 - CA Final Modelpaper - 1

FINAL COURSE: GROUP II

PAPER 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.

                                                                


1.       ABC Udyog, a leading automobile company is having several manufacturing units, located in   different parts of the world and manufacturing several types of automobiles. The units are   working on legacy systems using an internet and collating information, but using different    software and varied platforms (Operating Systems) which do not allow communication with   each other. This results in huge inflow of duplicate data. The company wishes to centralize and consolidate the information flowing from its manufacturing units in a uniform manner across various levels of the organizations, so that the necessary data required for preparing MIS reports, budget, and profit/loss accounts etc. could be available timely.   The company decided to engage XYZ consultancy Services for the development of new system. Being a Senior Project Leader of the Consultancy Services, you are entrusted with the responsibilities of handling this project.

       Read the above carefully and answer the following:

a)     ‘What areas are required to be studied in order to know about the present system?
b)     ‘What are various backup techniques? Which backup technique you will recommend and why?

c)      Which Information system would meet the exact requirement of ABC Udyog? Discuss its Characteristics.

d)     As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)

Question 2 :

a)     COBIT 5  Enablers  (7 Marks)
b)     Discuss major misconceptions about MIS in brief?  (3 Marks )
c)      Discuss major threats due to cyber crimes? (6 Marks)

 

Question 3

a)     Discuss major advantages of continuous auditing techniques.. (4 Marks)

b)     Discuss the ‘Acceptance of Digital Signature Certificate’ under Section 41 of Information Technology (Amendment) Act, 2008  (6 Marks)
c)      What are the major points that are required to be taken into consideration for the proper implementation of Physical and Environmental Security with reference to Information  Security Policy (6 Marks)

Question 4
a)     On what factors does Information requirement depends ? ( 6 Marks)

b)     Discuss the phases of ISMS ?  ( 5 Marks )

c)      Discuss the categories under which various strategies are made to manage the risk  ( 5 Marks)

Question 5
(a)   Discuss the effect of computer on Internal control? (5 Marks )
(b)   Discuss RAD approach along with its Strength and Weaknesses?  (8 Marks)
(c) State the significance of Single point failure analysis?   (3 Marks )

Question 6
(a)   Role of IS Auditor in Physical access control? (5 Marks)
(b)   What are the components of Decision Support System? (5 Marks)
(c)   Discuss Section 77A of ITAA 2008 - Compounding of Offences (6 Marks)

Question 7
Write short notes on any four of the following:  ( 4 x 4 = 16 M)
(a)   CMM  (4 Marks)
(b)   Objective of Information Security  (4 Marks)
(c)   Compensatory control (4 Marks)
(d)   Business engineering ( 4 Marks)
(e)  Snapshot (4 Marks)


Friday, 6 September 2013

Probable Question Paper

PAPER 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.

                                                                          
1.          XYZ Ltd. is a leading company in FMCG sector and has a large number of coffee chains across India. The company uses ERP system for all its business operations and for recording sales at each outlet. The company has customized ERP, which is connected to a central server. The company’s new business models and new methods presume that the information required by the business managers is available all the time; it is accurate, it is reliable and no unauthorized disclosure of the same is made. Further, it is also presumed that the virtual business organization is up and running all the time on 24×7 basis. However, in reality, the technology-enabled and  technology-dependent organizations are more vulnerable to security threats in this highly connected world.

         Read the above carefully and answer the following:

a)     ‘What are the tasks that are required to be performed by XYZ ltd after implementation of ERP Package?
b)     ‘Access Control plays a key role in the implementation of information security policies’. What are the points to be taken into consideration while implementing such controls?

c)      What are the duties of certifying authorities as per Section 30 of Information Technology (Amendment) Act, 2008.

d)     What are the fundamental factors that must be considered while deciding type of storage backup media.  (5 × 4 = 20 Marks)


Question 2 :

a)     A Company is offering a wide range of products and services to its customers. It relies heavily on its existing information system to provide up-to-date information. The company wishes to enhance its existing system. You being an  information system auditor, suggest how the investigation of the present information system should be conducted so that it can be further improved upon.                       (8 Marks)

b)     State different categories of IS Audits?  (4 Marks )

c)      What is Digital Signature? How does the Information Technology (Amendment) Act 2008 enable the authentication of records using digital signatures? (4 Marks)

 


Question 3

a)     What are the major issues that should be addressed by an Information Security Policy. (4 Marks)
b)     Discuss the major strengths of agile methodologies. (4 Marks)
c)      What is Scarf ? What types of information is collected by using Scarf by the auditors ? (8  Marks)

Question 4
a)     Explain the term Systrust & Web trust along with the criteria’s specified by AICPA for practitioners engaged in such certifications ? ( 6 Marks)

b)     State the charters tics of Computer based information systems?  ( 5 Marks )

c)      Discuss the categories under which various strategies are made to manage the risk  ( 5 Marks)

Question 5
(a)   What is hacking? How does Hackers hack ? (6 Marks )
(b)   Discuss Final acceptance testing? (6 Marks)
(c) What does Single point failure mean? State the significance of Single point failure analysis?   (4 Marks )

Question 6
(a)   State the fundamental concepts related to CMM Model? (5 Marks)
(b)   What are the components of Expert System? (5 Marks)
(c)   What is meant by Asynchronous attacks? State different forms of Asynchronous attacks?    (6 Marks)

Question 7
Write short notes on any four of the following:  ( 4 x 4 = 16 M)
(a)   Objectives of BCP (4 Marks)
(b)   Powers of CAT        (4 Marks)
(c)   Compensatory control (4 Marks)
(d)   Delphi Technique ( 4 Marks)
(e)   HIPPA (4 Marks)