Information Systems Audit Question Paper

Information Systems Audit 

Course:Bachelor Of Science In Information Technology

Institution: Kca University question papers

Exam Year:2011



UNIVERSITY EXAMINATIONS: 2010/2011
THIRD YEAR EXAMINATION FOR THE DEGREE OF BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3201: INFORMATION SYSTEMS AUDIT
DATE: APRIL 2011 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
QUESTION ONE
a) Distinguish between financial audit and IS audit. [2 Marks]
b) Describe why a banking organization should employ a skilled IS auditor. [2 Marks]
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [2 Marks]
d) Describe the following types of illegal activities which an IS auditor may be interested in
unearthing.
i. Suppression
ii. Racketeering [2 Marks]
e) Explain the following in relation to audit risks.
i. Detection risk
ii. Operational ris k [2 Marks]
f) Distinguish between circumstantial and direct types of evidence.
i Direct evidence
ii Indirect evidence [2 Marks]
g) Discuss the concept of IT governance and explain any two of its functions. [3 Marks]
2
h) Explain two main data collection methods popular with the auditors. Show their strengths when
used in the audit discipline. [4 Marks]
i) As an IT auditor, discuss the main interests you would have in the following phases of systems
development.
i. Analysis
ii. Development phase [2 Marks]
j) Explain the following types of controls indicating the technical, administrative and physical
mechanisms which would be used to realize them in server platforms.
i. Preventative
ii. Detective
iii. Corrective [9 Marks]
QUESTION TWO
a) Discuss the following in relation to audit sampling.
Attribute sampling
Discovery sampling
Variable sampling [3 Marks]
b) Distinguish the terms Computer forensics and information forensics. [2 Marks]
c) With the aid of a suitable diagram discuss the general IT audit evidence life cycle which may
be adopted when auditing systems. [8 Marks]
d) Explain the importance of ISACA in IT auditing [1 Mark]
e) Briefly describe the structure of the COBIT framework. [6 Marks]
QUESTION THREE
a) Explain the term Computer Assisted Auditing Techniques (CAATs). [1 Mark]
b) Explain the main software tools and techniques available in most CAATs. [5 Marks]
c) Discuss any three main types of CAATs used in IS auditing procedures. [6 Marks]
d) You have been given the task of evaluating the evidence collected by a peer auditor. Discuss
the main principle characteristics you would consider when grading the objectivity of the
evidence. [4 Marks]
e) Briefly explain the functions of the following online CAATTs.
3
i. SCARF/EAM
ii. Online event monitor
iii. CIS audit
iv. Embedded audit module [4 Marks]
QUESTION FOUR
a) Distinguish between dead and live analysis. [2 Marks]
b) Discuss the following terms used in statistical sampling when selecting an audit sample.
i. Confidence coefficient
ii. Precision
iii. Sample mean. [3 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Outline what an IT auditor should focus on especially when examining information systems
processes. [5 Marks]
e) Explain the term work papers and state their relevance in IS auditing. [2 Marks]
f) Discuss four indicators which may prompt an auditor attention towards irregular/illegal activity in
an organization. [6 Marks]
QUESTION FIVE
a) Describe and give an example of each of the following: Contingency planning, Incident response,
Disaster Recovery and Business Continuity [1 Mark each]
With a well labeled diagram, relate the three given above [4 Marks]
b) Discuss in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the course of his
work. Discus two common scenarios in the field [2 Marks]






More Question Papers


Exams With Marking Schemes

Popular Exams


Mid Term Exams

End Term 1 Exams

End Term 3 Exams

Opener Exams

Full Set Exams



Return to Question Papers