BBIT 307  INFORMATION SYSTEMS MANAGEMENT AND AUDITING.

UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF BUSINESS
INFORMATION TECHNOLOGY
BBIT 307 INFORMATION SYSTEMS MANAGEMENT AND AUDITING
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: AUGUST, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and Any other TWO Questions

QUESTION ONE
a) ISACA standards require that the IS auditor to plan the IS audit work to address the audit
objectives and comply with applicable professional auditing standards.
Required;
Outline key steps that an IS Auditor will take in order to gain in-depth understanding of a
business organization. [10 Marks]
Briefly discuss the effects of law and regulation on IS-Audit planning [10 Marks]
b) Code of ethics refers to some agreed upon document that outlines the mission and values of
the business or organization, how professionals are supposed to approach problems, the
ethical principles based on the organization’s core values and the standards to which the
professional is held.
Require;
State and explain FIVE Code of Professional Ethics that guides professional and personal
conduct of members of ISACA and/or its certification holders [10 Marks]
QUESTION TWO
a) Risk analysisispart of audit planning –It helpsto identify risks and vulnerabilities and controls needed to
mitigate them. Briefly discuss the risk analysis process with regards to IS-audit. [9 Marks]
b) State and explain FOUR purpose of risk analysis [8 Marks]
c) List and explain the THREEclassifications of internal controls [3Marks]
QUESTION THREE
a) List and briefly explain the FOUR types of audit evidence [8 Marks]
b) As an IS-Auditor, describe SIX evidence gathering techniques that you can use to gather
quality evidence. [12 Marks]
QUESTION FOUR
a) Define threat with regards to Information System and give one example of a computer
threat [2 Marks]
b) Outline the THREE components of contingency planning [3 Marks]
c) What are the possible incident indicators and what are the possible response for each
[6 Marks]
d) When incident violates civil or criminal law, it is organization’s responsibility to notify
proper authorities. Selecting appropriate law enforcement agency depends on the type of
crime committed: Discuss the legal challenges faced in Kenya for crimes committed using
IS. [9 Marks]
QUESTION FIVE
a) Briefly discuss how the FIVE phases of Business Continuity Planning (BCP) can be
implemented in a business. [10 Marks]
Using examples, outline security attacks that can target the following information systems in the
organization. Show how those attacks can be prevented. [10 Marks]
i. TPS
ii. MIS
iii. DSS
iv. ESS
v. EIS

(Visited 110 times, 1 visits today)
Share this:

Written by