Tuesday, 22 October 2013

ISCA Nov 2013 - CA Final Model paper - 2

FINAL COURSE: GROUP II

PAPER 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.

 

1.       ABC Ltd. is a leading company engaged in the manufacturing of various automobile parts having its sales offices in various major cities of India. The company is facing the problems relating to its data management on real time basis in spite of having various stand-alone computerized systems. To overcome these problems, the company engaged a Technical Consultant to prepare a detailed report regarding the issues and their possible solutions. The consultant called a meeting of all the stakeholders and deliberated in-depth for various issues. Afterwards, he prepared a detailed report and submitted to the top management of the company. The key recommendation was to implement a real time ERP package, which equips the enterprise with necessary capabilities to integrate and synchronize the isolated functions into streamlined business processes in order to gain a competitive edge in the volatile business environment. In addition, the other major suggestion was to consider information security related issues on top priority while going to implement ERP package. He further suggested that the best practices of information security should be implemented right from the inception of the system, which will in turn provide a more secure system having capabilities like resistance, tolerance and recovery against any malicious event.

       Read the above carefully and answer the following:

a)     ‘Discuss ‘Big Bang’ and ‘Phased’ implementation techniques of ERP packages in brief.

b)     ‘What are various backup techniques? Which backup technique you will recommend and why?

c)      Moving forward how can ABC ltd, establish better information protection ?

d)     As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)

Question 2:

a)     COBIT 5  Enablers  (7 Marks)
b)     Limitations of MIS?  (5 Marks )
c)      Discuss various Boundary control techniques? (4 Marks)

 

Question 3

a)     Revocation of Digital signature certificates (6 Marks)

b)     Contents of SRS (System requirement specification)?  (6 Marks)
c)      Threats to computerized environment? (6 Marks)
Question 4
a)     Myths of ERP System? ( 3 Marks)

b)     ITIL as an IS Standard?  ( 5 Marks )

c)      Discuss various technical exposures wrt various issues relating to logical access control  ( 8 Marks)

Question 5
(a)   Discuss Alternate Processing facility arrangements? (5 Marks)
(b)   Discuss RAD approach along with its Strength and Weaknesses?  (7 Marks)
(c) Snap shot?   (4 Marks)

Question 6
(a)   Responsibility Allocation wrt Information Security Policy? (5 Marks)
(b)   Define the following:
·         Asset
·         Vulnerability
·         Countermeasure                ( 5 Marks)
(c)   What are the factors on which Information requirement depends? (6 Marks)

Question 7
Write short notes on any four of the following:  (4 x 4 = 16 M)
(a)  Business Modeling (4 Marks)
(b)   What is meant by PIR? How it is done? (4 Marks)
(c)   Objectives of Information security (4 Marks)
(d)   Protected System (Section 70 – ITAA 2008) ( 4 Marks)

(e)  4 Phases of ISMS (4 Marks)

ISCA Nov 2013 - CA Final Modelpaper - 1

FINAL COURSE: GROUP II

PAPER 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.

                                                                


1.       ABC Udyog, a leading automobile company is having several manufacturing units, located in   different parts of the world and manufacturing several types of automobiles. The units are   working on legacy systems using an internet and collating information, but using different    software and varied platforms (Operating Systems) which do not allow communication with   each other. This results in huge inflow of duplicate data. The company wishes to centralize and consolidate the information flowing from its manufacturing units in a uniform manner across various levels of the organizations, so that the necessary data required for preparing MIS reports, budget, and profit/loss accounts etc. could be available timely.   The company decided to engage XYZ consultancy Services for the development of new system. Being a Senior Project Leader of the Consultancy Services, you are entrusted with the responsibilities of handling this project.

       Read the above carefully and answer the following:

a)     ‘What areas are required to be studied in order to know about the present system?
b)     ‘What are various backup techniques? Which backup technique you will recommend and why?

c)      Which Information system would meet the exact requirement of ABC Udyog? Discuss its Characteristics.

d)     As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)

Question 2 :

a)     COBIT 5  Enablers  (7 Marks)
b)     Discuss major misconceptions about MIS in brief?  (3 Marks )
c)      Discuss major threats due to cyber crimes? (6 Marks)

 

Question 3

a)     Discuss major advantages of continuous auditing techniques.. (4 Marks)

b)     Discuss the ‘Acceptance of Digital Signature Certificate’ under Section 41 of Information Technology (Amendment) Act, 2008  (6 Marks)
c)      What are the major points that are required to be taken into consideration for the proper implementation of Physical and Environmental Security with reference to Information  Security Policy (6 Marks)

Question 4
a)     On what factors does Information requirement depends ? ( 6 Marks)

b)     Discuss the phases of ISMS ?  ( 5 Marks )

c)      Discuss the categories under which various strategies are made to manage the risk  ( 5 Marks)

Question 5
(a)   Discuss the effect of computer on Internal control? (5 Marks )
(b)   Discuss RAD approach along with its Strength and Weaknesses?  (8 Marks)
(c) State the significance of Single point failure analysis?   (3 Marks )

Question 6
(a)   Role of IS Auditor in Physical access control? (5 Marks)
(b)   What are the components of Decision Support System? (5 Marks)
(c)   Discuss Section 77A of ITAA 2008 - Compounding of Offences (6 Marks)

Question 7
Write short notes on any four of the following:  ( 4 x 4 = 16 M)
(a)   CMM  (4 Marks)
(b)   Objective of Information Security  (4 Marks)
(c)   Compensatory control (4 Marks)
(d)   Business engineering ( 4 Marks)
(e)  Snapshot (4 Marks)