UNIVERSITY EXAMINATIONS
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BBIT 307 INFORMATION SYSTEMS MANAGEMENT &
AUDITING
FULLTIME/PART TIME/ DISTANCE LEARNING
AUGUST 2017 TIME: 2 Hours
Instructions
o Answer question ONE and any other TWO.
o Question One carry 30 marks, others 20 marks each.
QUESTION ONE
a) Distinguish between financial audit and IS audit. [2 Marks]
b) Describe why a banking organization should employ a skilled IS auditor.
[2 Marks]
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [2 Marks]
d) Describe the following types of illegal activities which an IS auditor may be
interested in unearthing.
i. Phishing
ii. Packet sniffers [2 Marks]
e) Explain the following in relation to audit risks.
i. Detection risk
ii. Operational risk [2 Marks]
f) Distinguish between circumstantial and direct types of evidence.
i Direct evidence
ii Indirect evidence [2 Marks]
g) Discuss the concept of IT governance and explain any two of its functions.
[3 Marks]
h) Explain two main data collection methods popular with the auditors. Show their
strengths when used in the audit discipline. [4 Marks]
i) As an IT auditor discuss the main interests you would have in the following
phases of systems development.
i. Analysis
ii. Development phase [2 Marks]
j) Explain the following types of controls indicating the technical, administrative
and physical mechanisms which would be used to realize them in server
platforms.
i. Preventative
ii. Detective
iii. Corrective [9 Marks]
QUESTION TWO
a) Discuss the following in relation to audit sampling.
Attribute sampling
Discovery sampling
Variable sampling [3 Marks]
b) Distinguish the terms Computer forensics and information forensics.
[2 Marks]
c) With the aid of a suitable diagram discuss the general IT audit evidence life cycle
which may be adopted when auditing systems. [8 marks]
d) Explain the importance of ISACA in IT auditing [1 Mark]
e) Briefly describe the structure of the COBIT framework. [6 Marks]
QUESTION THREE
a) Explain the term Computer Assisted Auditing Techniques (CAATs). [1 Mark]
b) Explain the main software tools and techniques available in most CAATs. [5 marks]
c) Discuss any three main types of CAATs used in IS auditing procedures. [6 Marks]
d) You have been given the task of evaluating the evidence collected by a peer
auditor. Discuss the main principle characteristics you would consider when
grading the objectivity of the evidence.
e) [4 Marks]
f) Briefly explain the functions of the following online CAATTs.
i. SCARF
ii. BEAST [4 Marks]
QUESTION FOUR
a) Distinguish between dead and live data analysis. [2 Marks]
b) Discuss the following terms used in business criterion in COBIT.
i. Compliance
ii. Integrity
iii. Efficiency [3 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Outline what an IT auditor should focus on especially when examining information systems
processes. [5 Marks]
e) Explain the term work papers and state their relevance in IS auditing. [2 Marks]
f) Discuss four indicators which may prompt an auditor attention towards irregular/illegal
activity in an organization. [6 Marks]
QUESTION FIVE
(a) Describe and give an example of each of the following: Contingency planning,
Incident response, Disaster Recovery and Business Continuity
[4 marks]
With a well labeled diagram, relate the three given above [4 marks]
b). Discuss in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the
course of his work. Discus two common scenarios in the field [2 marks]