UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF BUSINESS
INFORMATION TECHNOLOGY
BBIT307 INFORMATION SYSTEMS MANAGEMENT&AUDITING
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: APRIL, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE
a) Distinguish between financial audit and IS audit. [2 Marks]
b) Describe why a banking organization should employ a skilled IS auditor.
[2 Marks]
c) Discuss the following types of IT audit.
i. Integrated Audit
ii. Compliance Audit [2 Marks]
d) Describe the following types of illegal activities which an IS auditor may be interested in
unearthing.
i. Phishing
ii. Packet sniffers [2 Marks]
e) Explain the following in relation to audit risks.
i. Detection risk
ii. Operational risk [2 Marks]
f) Distinguish between circumstantial and direct types of evidence.
i Direct evidence
ii Indirect evidence [2 Marks]
g) Discuss the concept of IT governance and explain any two of its functions.
[3 Marks]
h) Explain two main data collection methods popular with the auditors. Show their strengths
when used in the audit discipline. [4 Marks]
i) As an IT auditor discuss the main interests you would have in the following phases of systems
development.
i. Analysis
ii. Development phase [2 Marks]
j) Explain the following types of controls indicating the technical, administrative and physical
mechanisms which would be used to realize them in server platforms.
i. Preventative
ii. Detective
iii. Corrective [9 Marks]
QUESTION TWO
a) Discuss the following in relation to audit sampling.
Attribute sampling
Discovery sampling
Variable sampling [3 Marks]
b) Distinguish the terms Computer forensics and information forensics.
[2 Marks]
c) With the aid of a suitable diagram discuss the general IT audit evidence life cycle which may
be adopted when auditing systems. [8 Marks]
d) Explain the importance of ISACA in IT auditing [1 Mark]
e) Briefly describe the structure of the COBIT framework. [6 Marks]
QUESTION THREE
a) Explain the term Computer Assisted Auditing Techniques (CAATs). [1 Mark]
b) Explain the main software tools and techniques available in most CAATs. [5 Marks]
c) Discuss any three main types of CAATs used in IS auditing procedures. [6 Marks]
d) You have been given the task of evaluating the evidence collected by a peer auditor. Discuss
the main principle characteristics you would consider when grading the objectivity of the
evidence. [4 Marks]
e) Briefly explain the functions of the following online CAATTs.
i. SCARF
ii. BEAST [4 Marks]
QUESTION FOUR
a) Distinguish between dead and live data analysis. [2 Marks]
b) Discuss the following terms used in business criterion in COBIT.
i. Compliance
ii. Integrity
iii. Efficiency [3 Marks]
c) Explain the concept of CSA. [2 Marks]
d) Outline what an IT auditor should focus on especially when examining information systems processes.
[5 Marks]
e) Explain the term work papers and state their relevance in IS auditing. [2 Marks]
f) Discuss four indicators which may prompt an auditor attention towards irregular/illegal activity in an
organization. [6 Marks]
QUESTION FIVE
(a) Describe and give an example of each of the following: Contingency planning, Incident response,
Disaster Recovery and Business Continuity
[4 Marks]
With a well labeled diagram, relate the Four given above [4 Marks]
b). Discuss in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the course of his
work. Discus two common scenarios in the field [2 Marks]
