FINAL COURSE: GROUP – II
PAPER – 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.
1. ABC Udyog, a leading automobile company is having several manufacturing units, located in different parts of the world and manufacturing several types of automobiles. The units are working on legacy systems using an internet and collating information, but using different software and varied platforms (Operating Systems) which do not allow communication with each other. This results in huge inflow of duplicate data. The company wishes to centralize and consolidate the information flowing from its manufacturing units in a uniform manner across various levels of the organizations, so that the necessary data required for preparing MIS reports, budget, and profit/loss accounts etc. could be available timely. The company decided to engage XYZ consultancy Services for the development of new system. Being a Senior Project Leader of the Consultancy Services, you are entrusted with the responsibilities of handling this project.
Read the above carefully and answer the following:
a) ‘What areas are required to be studied in order to know about the present system?
b) ‘What are various backup techniques? Which backup technique you will recommend and why?
c) Which Information system would meet the exact requirement of ABC Udyog? Discuss its Characteristics.
d) As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)
Question 2 :
a) COBIT 5 Enablers (7 Marks)
b) Discuss major misconceptions about MIS in brief? (3 Marks )
c) Discuss major threats due to cyber crimes? (6 Marks)
a) Discuss major advantages of continuous auditing techniques.. (4 Marks)
b) Discuss the ‘Acceptance of Digital Signature Certificate’ under Section 41 of Information Technology (Amendment) Act, 2008 (6 Marks)
c) What are the major points that are required to be taken into consideration for the proper implementation of Physical and Environmental Security with reference to Information Security Policy (6 Marks)
a) On what factors does Information requirement depends ? ( 6 Marks)
b) Discuss the phases of ISMS ? ( 5 Marks )
c) Discuss the categories under which various strategies are made to manage the risk ( 5 Marks)
(a) Discuss the effect of computer on Internal control? (5 Marks )
(b) Discuss RAD approach along with its Strength and Weaknesses? (8 Marks)
(c) State the significance of Single point failure analysis? (3 Marks )
(a) Role of IS Auditor in Physical access control? (5 Marks)
(b) What are the components of Decision Support System? (5 Marks)
(c) Discuss Section 77A of ITAA 2008 - Compounding of Offences (6 Marks)
Write short notes on any four of the following: ( 4 x 4 = 16 M)
(a) CMM (4 Marks)
(b) Objective of Information Security (4 Marks)
(c) Compensatory control (4 Marks)
(d) Business engineering ( 4 Marks)
(e) Snapshot (4 Marks)