UNIVERSITY EXAMINATIONS: 2010/2011
THIRD YEAR STAGE EXAMINATION FOR THE DEGREE OF BACHELOR
OF SCIENCE IN INFORMATION TECHNOLOGY
BIT 3201: INFORMATION SYSTEMS AUDIT
DATE: AUGUST 2011 TIME: 2 HOURS
INSTRUCTIONS: Answer question ONE and any other TWO questions
Question One
a) What are some of the characteristics of a system auditor? [2 Marks]
b) Audit planning consists of both short- and long-term planning.
i. Describe each type mentioned above [2 Marks]
ii. There are four major factors that affect planning. Describe them. [8 Marks]
c) Overview of the Risk-based Approach Consists of several steps. Describe them as they follow on
another and elaborate each step. [5 Marks]
d) What is ‘concept of materiality’ in relationship to system auditing? [3 Marks]
e) Describe what you understand by data forensics in system auditing [4 Marks]
(f) The framework for the ISACA IS Auditing Standards provides for multiple levels, as follows:
i. Standards
ii. Guidelines
iii. Procedures
f) Describe each of the above and give one example of each. [6 Marks]
Question Two
a) Controls are generally categorized into three major classifications. Mention these three and give an
example of each in relation to information systems environment. [6 Marks]
b) i) What do you understand by COBIT? [2
Marks]
ii) CobiT is grouped into four major domains. Name them and give an example of each. [8 Marks]
c) Identify any four benefits of an organization having an information auditor. [4
Marks]
Question Three
a) Describe and give an example of each term and if possible show the relationship in a well
labeled diagram. [8 Marks]
i. Contingency planning
ii. Incident response
iii. Disaster recovery
iv. Business continuity
b) Discus in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the course of
his work. Discus two common scenarios in the field [2 Marks]
Question Four
a) Describe any six steps that guide an auditor while undertaking the audit tasks. [6 Marks]
b) Outline four procedures for testing and evaluating information System controls [4 Marks]
c) Describe three guidelines that assist system auditors detect and deter fraud occurrences in an
organization [6 Marks]
d) Discuss when and how an information system firm should retain a data forensic expert [4 Marks]
Question Five
a) Briefly state three characteristics of a data forensic expert. [3 Marks]
b) There are numerous factors that a system auditor ought to put into consideration when
undertaking their duties. Discuss any three. [3 Marks]
c) Discuss five steps a data forensics firm goes through while reviewing a case [5 Marks]
d) Discuss three functions and facilities built-in to well designed computer systems to make the
systems auditors job easier. [9 Marks]
