INFORMATION SYSTEMS AND I.T.

AUDIT (BML-303)

ICMA.

SEMESTER-3

FALL 2014 EXAMINATIONS

Thursday, the 5th March 2015

Pakistan
Time Allowed:

02 Hours 30 Minutes

Maximum Marks: 70

Roll No.:

(i)

Attempt all questions.

(ii)

Answers must be neat, relevant and brief.

(iii)

Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.

(iv)

In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.

(v)

DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.

(vi)

Question No. 1 Multiple Choice Question printed separately, is an integral part of this question paper.

(vii)

Question Paper must be returned to invigilator before leaving the examination hall.
MARKS

Q. 2 (a) Xeon Limited is a large multinational Bank. It has recently received license to operate
banking business in Pakistan. The management of the bank has decided to develop its
own banking software and recently they have awarded a software development contract
to a local software consulting company. While project kicked off, the project manager
who had been assigned on this project; applied his own software development
methodology instead of internationally recognized Software Development Life Cycle
(SDLC).
The bank has deputed you on this project as IS auditor. As job responsibility, you are
required to identify risks associated with non-compliance of international standards for
software development methodology that has not been adopted by project manager.
List down at least four potential risks and suggested controls that may expose due to
incorporation of non-standard software development methodology.

08

(b) Audit risk is the risk of information or financial report that may contain material error or
IS auditor may not detect an error that has occurred. Explain in brief how would you
categorize audit risks?

08

Q. 3 (a) You are an IS auditor of Glorious (Private) Limited, a large accounting firm. As part of
human resource development plan, Glorious recently arranged overseas training of
Computer-Assisted- Audit-Techniques (CAATs) for its IS audit team. You were one of
the team members who travelled for CAATs training. When you resumed office after
successful completion of training, the senior management of Glorious asked you to
transfer CAATs knowledge to its IS Audit team members.
In order to conduct knowledge transfer session, you are required to develop a
presentation that should include:
i)
Applications of CAATs (At least five)
ii)
four advantages and four disadvantages of CAATs (At least four of each)
Describe the important points in brief.

13

(b) Lincoin Limited is a group of companies has branch offices in all major cities of
Pakistan. Lincoin Limited has good IT infrastructure all over its branches. Its data
processing facilities are highly sophisticated and running number of software
applications. A few months ago Lincoins IT facilities had shutdown for two weeks due
to unforeseen application servers disaster that caused significant losses in business
since timely information was not available for decision making. The IT business
continuity plan (BCP) was in place but it did not recover the business applications
successfully as expected while applied in disaster recovery events. Due to
ineffectiveness of BCP, the management of Lincoin has decided to get it reviewed by an
external IS auditor.
State at least ten basic elements that should be verified by IS auditor while reviewing
BCP.
ISITA-Mar.2015
1 of 2

05

PTO

MARKS

Q. 4 (a) There are various project management techniques and tools available to assist project
manager in software development process. In current revolutionary age of information
technology, Agile project management process is considered highly successful.
Describe in brief the Agile project management method with at-least 10 Agile principles
that support project teams in implementing Agile project management method.

12

(b) Wolex Enterprises is a large distribution company dealing in life saving drugs. Currently
they have very small distribution network, however, the management intends to launch
its operation in all major cities of the country. Wolex operations feasibility team is in
consultation with various firms engaged in developing the infrastructure facilities and
recruiting the work force. However, outsourcing option for IT support services is also
under consideration.
You as a senior member of Wolex feasibility team; required to come-up with four
benefits and four limitations that support outsourcing proposal.

08

Q. 5 (a) A database is a collection of information of structured data organized in rows and

columns. The usage of database has various significant strengths such as:

08

reduced data redundancy

improved data integrity
allows data sharing
reduced development time
Explain each of the strengths as indicated above.
(b) Symbol Electronics Limited is a medium sized manufacturing company involved in
assembling and exporting domestic electronic goods. During last year, SEL had incurred
significant losses on several large export consignments due to three weeks over
scheduled shipments. Upon investigation by the internal IS Audit team, the production
manager of SEL held the suppliers responsible for not delivering the raw material on
time, while the suppliers were of the view that the delivery lead time was not considered
by SEL procurement department when raw material orders were placed. In order to
overcome the issue of delayed acquisition of raw material, the management of SEL has
decided to adopt Business-to-Business (B2B) model.
You, as a head of Information Technology of SEL, briefly explain B2B model and specify
its key characteristics. State advantages and disadvantages of B2B model.
THE END

ISITA-Mar.2015

2 of 2

08