UNIVERSITY EXAMINATIONS: 2020/2021
EXAMINATION FOR THE DEGREES OF BACHELOR OF SCIENCE IN
APPLIED COMPUTING/ BACHELOR OF BUSINESS INFORMATION
TECHNOLOGY
BAC 3116/BBIT 3116: INFORMATION SYSTEMS AUDIT AND
MANAGEMENT/CONTROL
FULLTIME/ PART TIME/DISTANCE LEARNING
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: QUESTION ONE IS COMPULSORY, CHOOSE TWO OTHER
QUESTIONS
QUESTION ONE (20 Marks) Compulsory
(a) Differentiate between the following set of terms
i. Continuous Auditing and continuous monitoring
ii. Risk assessment and risk management
iii. Compliance test and Substantive test (6 Marks)
(b) Define the following terms as used in auditing
i. Confidentiality
ii. Integrity
iii. Availability
iv. Vulnerability
v. Internal controls (5 Marks)
(c) What do you understand by the code of professional ethics that bids auditors to their daily
work? Mention any two of these. (3 Marks)
(d) What do you understand by the term IT governance in an organization (2 Marks)
(e) What do you understand by the term computer forensics? Give three common scenarios that
might happen within this area. (4 Marks)
QUESTION TWO (15 Marks)
(a) Define the following types of risk that are encountered when conducting an audit assignment.
Inherent risk, Control risk, Detection risk, Overall audit risk (6Marks)
(b) Discuss the term materiality concept in systems auditing. (2 Marks)
(c) Define control self-assessment as the term is used in this field if information system
auditing (2 Marks)
(d) Any organization that has employed control self-assessment in its operation enjoys a lot
of benefits. Discuss four major advantages among many others. (5 Marks)
QESTION THREE (15 Marks)
(a) What are the main objectives of CAATs? Describe any four functional capabilities of
CAATs (5 Marks)
(b) Describe the COBIT structure describing each stage of its domain. (3 Marks)
(c) IT Audit Process has five basic steps. Describe each with details (5 Marks)
(d) Describe on main two characteristics of an auditor. (2 Marks)
QUESTION FOUR (15 Marks)
(a) Discuss four major areas that you consider while Controlling for active threats to information
systems assets (4 Marks)
(b) There are numerous factors that a system auditor ought to put into consideration when
undertaking there duties. Discuss any three. [3 Marks]
(c). Define Forensics. Discuss five steps a data forensics firm goes through while reviewing a
case [5 Marks]
d). Discuss three functions and facilities built-in to well designed computer systems to make the
systems auditors job easier. [3 Marks]