UNIVERSITY EXAMINATIONS: 2012/2013
THIRD YEAR EXAMINATION FOR THE BACHELOR OF
SCIENCE IN INFORMATION TECHNOLOGY
BIT 3201 INFORMATION SYSTEMS AUDIT
DATE: DECEMBER, 2012 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO
QUESTION ONE
a) Discuss any two characteristics of a system auditor? [2 Marks]
b) The framework for the ISACA IS Auditing Standards provides for multiple levels,
as follows:
i. Standards
ii. Guidelines
iii. Procedures
Describe each of the above and give one example of each. [6 Marks]
c) Audit planning consists of both short- and long-term planning.
i. Describe each type mentioned above [2 Marks]
ii. There are four major factors that affect planning. Describe them. [8 Marks]
d) Overview of the Risk-based Approach Consists of several steps. Describe them as
they follow one another and elaborate each step. [5 Marks]
e) i. What are internal controls in relationship to system auditing? [2 Marks]
ii. Discuss any two internal controls in your organization relating to a
corresponding business risk [2 Marks]
f) Discuss any three functions of a data forensics in system auditing [3 Marks]
QUESTION TWO
a) Controls are generally categorized into three major classifications. Mention these
three and give an example of each in relation to information systems environment.
[6 Marks]
b) i. What do you understand by COBIT? [2 Marks]
ii. CobiT is grouped into four major domains. Name them and give an
example of each. [8 Marks]
c) Identify any four benefits of an organization having an information auditor.
[4 Marks]
QUESTION THREE
a) Describe the fraud triangle. Show the caused and possible controls for each to
reduce risks in organizations. [8 Marks]
b) Discus in details the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in
the course of his work. Discus two common scenarios in the field [2 Marks]
QUESTION FOUR
a) Describe any six steps that guide an auditor while undertaking the audit tasks.
[6 Marks]
b) Outline four procedures for testing and evaluating information System controls
[4 Marks]
c) Describe three guidelines that assist system auditors detect and deter fraud
occurrences in an organization [6 Marks]
d) Discuss when and how an information system firm should retain a data forensic
expert. [4 Marks]
QUESTION FIVE
a) Briefly state three characteristics of a biometric system [3 Marks]
b) There are numerous factors that a system auditor ought to put into consideration
when undertaking their duties. Discuss any three. [3 Marks]
c) Discuss five steps a data forensics firm goes through while reviewing a case
[5 Marks]
d) Discuss three functions and facilities built-in to well designed computer systems
to make the systems auditors job easier. [9 Marks]