UNIVERSITY EXAMINATIONS: 2012/2013
EXAMINATION FOR THE BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT 3201 INFORMATION SYSTEMS AUDIT
DATE: AUGUST, 2013 TIME: 2 HOURS
INSTRUCTIONS: Answer Question ONE and any other TWO Questions
QUESTION ONE. (COMPULSORY)
(a) What are some of the characteristics of a system auditor? [2 marks]
(b) Audit planning consists of both short- and long-term planning.
(i) Describe each type mentioned above [2 marks]
(ii) There are four major factors that affect planning. Describe them. [8 marks]
(c) Overview of the Risk-based Approach Consists of several steps. Describe them as
they follow on another and elaborate each step. [5 marks]
(d) What is ‘concept of materiality’ in relationship to system auditing? [3 marks]
(e) Describe what you understand by data forensics in system auditing [4marks]
(f) The framework for the ISACA IS Auditing Standards provides for multiple levels,
as follows:
(i) Standards
(ii) Guidelines
(iii) Procedures
Describe each of the above and give one example of each. [6 marks]
QUESTION TWO
(a) Controls are generally categorized into three major classifications. Mention these
three and give an example of each in relation to information systems environment.
[6 marks]
(b) (i) What do you understand by COBIT? [2 marks]
(ii) CobiT is grouped into four major domains. Name them and give an example
of each. [8 marks]
(c). Identify any four benefits of an organization having an information auditor.
[4 Marks]
QUESTION THREE
a) Describe and give an example of each term and if possible show the relationship in a
well labeled diagram.
i. Contingency planning
ii. Incident response
iii. Disaster recovery
iv. Business continuity [8 marks]
b). Discus in detail the information system audit process. [10 Marks]
c) An Information system auditor encounters several computer forensic scenarios in the
course of his work. Discus two common scenarios in the field [2 marks]
QUESTION FOUR
a). Describe any six steps that guide an auditor while undertaking the audit tasks.
[6 Marks]
b). Outline four procedures for testing and evaluating information System controls
[4 Marks]
c). Describe three guidelines that assist system auditors detect and deter fraud
occurrences in an organization [6 Marks]
d). Discuss when and how an information system firm should retain a data forensic
expert. [4 Marks]
QUESTION FIVE
a). Briefly state three characteristics of a data forensic expert. [3 Marks]
b). There are numerous factors that a system auditor ought to put into consideration when
undertaking their duties. Discuss any three. [3 Marks]
c). Discuss five steps a data forensics firm goes through while reviewing a case
[5 Marks]
d). Discuss three functions and facilities built-in to well designed computer systems to
make the systems auditors job easier. [9 Marks]