UNIVERSITY EXAMINATIONS: 2018/2019
EXAMINATION FOR THE DEGREE OF BACHELOR OF
BUSINESS IN INFORMATION TECHNOLOGY
BBIT307 INFORMATION SYSTEMS MANAGEMENT &
FULLTIME/PART TIME/DISTANCE LEARNING
DATE: DECEMBER 2018 TIME: 2 HOURS
o Answer question ONE and any other TWO.
o Question One carry 30 Marks, others 20 Marks each.
a) Distinguish between financial audit and IS audit. [4 Marks]
b) Describe Standards, Procedures and Guidelines in ISACA.
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [4 Marks]
d) Explain the following in relation to audit risks.
i. Detection risk
ii. Operational risk [4 Marks]
e) Distinguish between circumstantial and direct types of evidence.
i Direct evidence
ii Indirect evidence [4 Marks]
f) Discuss the concept of IT governance and explain any two of its functions.
g) As an IT auditor discuss the main interests you would have in the following
phases of systems development.
ii. Development phase [4 Marks]
a) Distinguish the terms Computer forensics and information forensics.
b) With the aid of a suitable diagram discuss the general IT audit evidence life cycle
which may be adopted when auditing systems. [8 Marks]
c) Explain the importance of ISACA in IT auditing [4 Mark]
d) Briefly describe the structure of the COBIT framework. [6 Marks]
a) Explain the term Computer Assisted Auditing Techniques (CAATs). [2 Marks]
b) Explain the main software tools and techniques available in most CAATs. [4 Marks]
c) Discuss any three main types of CAATs used in IS auditing procedures. [6 Marks]
d) Briefly explain the functions of the following online CAATTs.
ii. BEAST [4 Marks]
e) Discuss any two code of ethics provided by ISACA [4 Marks]
a) Distinguish between dead and live data analysis. [4 Marks]
b) Discuss the following terms used in business criterion in COBIT.
iii. Efficiency [6 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Explain the term work papers and state their relevance in IS auditing. [2 Marks]
e) Explain the following types of controls indicating the technical, administrative and
physical mechanisms which would be used to realize them in server platforms.
iii. Corrective [6 Marks]
(a) Describe and give an example of each of the following: Contingency planning,
Incident response, Disaster Recovery and Business Continuity
With a well labeled diagram, relate the three given above [4 Marks]
b). Discuss in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the
course of his work. Discus two common scenarios in the field [2 Marks]