BIT 320 INFORMATION SYSTEMS AUDIT KCA Past Paper

UNIVERSITY EXAMINATIONS: 2011/2012
YEAR III EXAMINATION FOR THE BACHELOR OF SCIENCE IN INFORMATION
TECHNOLOGY
BIT 320: INFORMATION SYSTEMS AUDIT
DATE: APRIL 2012 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One and Any other Two Question

QUESTION ONE
a) i Why do you think is it important to have a code of ethics for computer Professionals?
ii Name three other bodies apart from ISACA those have similar code of ethics
iii What do you understand by the term ‘integrity’?
b) Define the following terms as used in information system auditing:
i. Protection of Information Assets
ii. Disaster Recovery [2 Marks]
iii. Business Process Evaluation [6 Marks]
c) Define the term ‘computer crime’. [2 Marks]
d) Discuss the following three common forms of ownership for intellectual property listed below:-
i. Copyright
ii. Patents
iii. Trade Secrets [6 Marks]
e) While designing the business continuity plan (BCP) for a university airline reservation system, there some
appropriate method of data transfer/backup at an offsite location would be:
i. Electronic vaulting.
ii. Hard-disk mirroring.
iii. Hot-site provisioning.
f) Discuss each and give examples where possible. [9 Marks]
QUESTION TWO
a) Discuss three functions and facilities built-in to well designed computer systems to make the
systems auditors job easier. [3 Marks]
b) What do you understand by the term IT governance? Discuss five principles of IT governance.[6 Marks]
c) Failing to prevent or detect a material error would represent the type of risk as follows:
i) Overall audit risk
ii) Detection risk
iii) Inherent risk
iv) Control risk
d) Discuss each and give an example to each. [4 Mark]
QUESTION THREE
a) Briefly state clearly the difference between Risk analysis and Risk Management [4 Marks]
b) What do you understand by the term COBIT? COBIT has four domains. Describe each domain giving relevant
examples [5 Marks]
c) Describe Risk-based Audit approach. Show all the steps that are necessary. [6 Marks]
d) Outline all the five steps for performing an IT audit [5 Marks]
QUESTION FOUR
a) Briefly state three characteristics of an information system auditor [3 Marks]
b) What do you understand by the term ISACA? [2 Marks]
c) What are internal controls? Name three objectives of internal controls. [5 Marks]
d) Discuss the steps used undergo Risk-based Audit approach [4 Marks]
e) Outline any five features of an audit report [6 Marks]
QUESTION FIVE
a) i) What is biometrics? [2 Marks]
ii) Biometric systems are broadly classified under two categories: physiological
characteristics and the other based on behavioral characteristics. Discuss any three of each and explain how
they apply in IT environment. [9 Marks]
b) Discuss relationship between BPR and ERP. [4 Marks]
c) Discuss any two Risk and control challenges in ERP implementation?. [2 Marks]
d) What do you understand by the term Computer forensics? What are the common scenarios? [3 Marks]

(Visited 186 times, 1 visits today)
Share this:

Written by