UNIVERSITY EXAMINATIONS: 2011/2012
THIRD YEAR EXAMINATION FOR THE BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3201 INFORMATION SYSTEMS AUDIT
DATE: JULY, 2012 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
QUESTION ONE
(a) What are some of the characteristics of a system auditor? [2 marks]
(b) Describe what you understand by data forensics in system auditing [2 marks]
(c) ISACA code of ethics is very common to IT auditors.
i. Discuss any TWO that you find very helpful to you as an auditor. [4 marks]
ii. Discus other two bodies that embrace the code of ethics including their roles
[2 marks]
(d) Overview of the Risk-based Approach Consists of several steps. Describe them as
they follow one another and elaborate each step. [4 marks]
(e) What is ‘audit charter’ in relationship to system auditing? [2 marks]
(f) Audit planning consists of both short- and long-term planning.
(i) Describe each type mentioned above [2 marks]
(ii) There are four major factors that affect planning. Describe them. [4 marks]
(g) (i) What is ‘fraud triangle’? [2 marks]
(ii) Discuss ways of controlling or preventing each in g (i) above. [3 marks]
(h) Discuss ‘classification’ of internal controls [3 marks]
QUESTION TWO
(a) Discuss ‘control objectives’ as they apply in any enterprise. [4 marks]
(b) Identify any four benefits of an organization having an information auditor.
[4 Marks]
(c) Discuss giving relevant examples of any three facilities built-in to well designed
computer systems to make the systems auditors job easier. [6 Marks]
(d) Discuss five domains of Risk management and state clearly how the organization’s
benefit once it is applied. [6 marks]
QUESTION THREE
(a) Discuss and with well labeled diagram, show contingency planning hierarchies.
[8 marks]
(b) (i) Define biometrics [2 marks]
(ii) Discuss any three functions of biometric systems [6 marks]
(c) Discuss COBIT domains as used in systems auditing [4 marks]
QUESTION FOUR
(a) Discuss the role of a system auditor in the system development cycle, clearly
indicating stages where and where not, the auditor is required and why. [10 marks]
(b) (i) Define ISACA standards. [1 Mark]
(ii) Discuss any two standards applicable in system Auditing. [4 Marks]
(c) (i) Discuss internal controls as used in an organization. [1 Mark]
(ii) Explain any two classification of internal controls. [4 Marks]
QUESTION FIVE
(a) Briefly discuss Control Self Assessment in an organization setup . [6 Marks]
(b) There are numerous factors that a system auditor ought to put into consideration when
undertaking their duties. Discuss any two. [4 Marks]
(c) Discuss any five benefits of providing an analysis on a duplicate computer image over
a traditional approach of reading through paper documents. [5 Marks]
(d) Describe any five information audit tools available for the system auditors. [5 Marks]