UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF BUSINESS IN
INFORMATION TECHNOLOGY
FULLTIME/PARTTIME/DISTANCE LEARNING
BBIT 307: INFORMATION SYSTEMS MANAGEMENT & AUDITING
DATE: AUGUST 2019 TIME: 2 HOURS
Instructions
o Answer question ONE and any other TWO.
o Question One carry 30 Marks, others 20 Marks each.
QUESTION ONE
a) Distinguish between financial audit and IS audit. [4 Marks]
b) Describe Standards, Procedures and Guidelines in ISACA.
[6 Marks]
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [4 Marks]
d) Explain the following in relation to audit risks.
i. Detection risk
ii. Operational risk [4 Marks]
e) Distinguish between circumstantial and direct types of evidence.
i Direct evidence
ii Indirect evidence [4 Marks]
f) Discuss the concept of IT governance and explain any two of its functions.
[4 Marks]
g) As an IT auditor discuss the main interests you would have in the following phases of systems
development.
i. Analysis
ii. Development phase [4 Marks]
QUESTION TWO
a) Distinguish the terms Computer forensics and information forensics.
[2 Marks]
b) With the aid of a suitable diagram discuss the general IT audit evidence life cycle which may
be adopted when auditing systems. [8 Marks]
c) Explain the importance of ISACA in IT auditing [4 Mark]
d) Briefly describe the structure of the COBIT framework. [6 Marks]
QUESTION THREE
a) Explain the term Computer Assisted Auditing Techniques (CAATs). [2 Marks]
b) Explain the main software tools and techniques available in most CAATs. [4 Marks]
c) Discuss any three main types of CAATs used in IS auditing procedures. [6 Marks]
d) Briefly explain the functions of the following online CAATTs.
i. SCARF
ii. BEAST [4 Marks]
e) Discuss any two code of ethics provided by ISACA [4 Marks]
QUESTION FOUR
a) Distinguish between dead and live data analysis. [4 Marks]
b) Discuss the following terms used in business criterion in COBIT.
i. Compliance
ii. Integrity
iii. Efficiency [6 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Explain the term work papers and state their relevance in IS auditing. [2 Marks]
e) Explain the following types of controls indicating the technical, administrative and physical
mechanisms which would be used to realize them in server platforms.
i. Preventative
ii. Detective
iii. Corrective [6 Marks]
QUESTION FIVE
(a) Describe and give an example of each of the following: Contingency planning, Incident response,
Disaster Recovery and Business Continuity [4 Marks]
With a well labeled diagram, relate the three given above [4 Marks]
b). Discuss in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the course of his
work. Discus two common scenarios in the field [2 Marks]