UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE
IN INFORMATION TECHNOLOGY
BBIT307 INFORMATION SYSTEMS AUDITING &
APRIL 2019 TIME: 2 HOURS
o Answer question ONE and any other TWO.
o Question One carry 30 Marks, others 20 Marks each.
a) Distinguish between financial audit and IS audit. [4 Marks]
b) Describe why a banking organization should employ a skilled IS auditor.
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [4 Marks]
d) Describe the Code of Ethics from ISACA and explain two that you know.
e) Explain the Standards and give two that you know. [6 Marks]
f) Explain two main data collection methods popular with the auditors. Show their
strengths when used in the audit discipline. [8 Marks]
a) Discuss IT audit process explaining each step mentioned. [10 Marks]
b) Distinguish the terms Computer forensics and information forensics.
c) With the aid of a suitable diagram discuss the general IT audit evidence life cycle
which may be adopted when auditing systems. [6 Marks]
a) (i) Define the COBIT framework. [2 Marks]
(ii) Explain how COBIT is structured [8 Marks]
b) (i) Explain the term Computer Assisted Auditing Techniques (CAATs).
(ii) Discuss any three main types of CAATs used in IS auditing procedures.
c) Briefly explain BEAST as used in auditing [2 Marks]
a) Distinguish between dead and live data analysis. [2 Marks]
b) Discuss the following terms used in business criterion in COBIT.
iii. Efficiency [6 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Outline what an IT auditor should focus on especially when examining information
systems processes. [5 Marks]
e) Explain the term work papers and state their relevance in IS auditing. [5 Marks]
(a) (i) Describe and give an example of each of the following: Contingency planning,
Incident response, Disaster Recovery and Business Continuity
(ii) With a well labeled diagram, relate the three given above [4 Marks]
b) Discuss in IT Governance. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the
course of his work. Discus two common scenarios in the field [2 Marks]