W1-2-60-1-6

JOMO KENYATTA UNIVERSITY OF AGRICULTURE AND TECHNOLOGY

UNIVERSITY EXAMINATIONS 2016/2017
YEAR IV SEMESTER II EXAMINATION FOR THE DEGREE OF BACHELOR OF
INFORMATION TECHNOLOGY
BIT 2318: INFORMATION SYSTEM AUDIT
DATE: JULY 2017 TIME: 2 HOURS
INSTRUCTIONS: Answer question one (compulsory) and any other two questions.

QUESTION ONE (30 MARKS)

a. State any two basic operations that can be supported by information systems.
(2 marks)

b. List any two professional requirements that is auditors need to observe when conducting
an audit. (2 marks)

c. Describe what is meant by IS audit. (2 marks)

d. Explain what is meant by IS controls. (2 marks)

e. Differentiate between compliance and substantive testing. (2 marks)

f. Differentiate between audit effectiveness and audit efficiency. (2 marks)

g. Describe two key areas of IS audit, that is of interest in project management.

(2 marks)

h. State any two reasons why it is important to perform an audit on live applications.
(2 marks)

i. State any two risk categories whose materiality may go undetected during auditing.
(2 marks)

j. Differentiate between IS audit standards and guidelines. (2 marks)

k. Explain the need or an IT framework in a business. (2 marks)

l. List four advantages that LaaTs bring to IS business environment. (2 marks)

m. Explain the role of computer forensics to IS audit. (2 marks)

n. Describe two techniques that can be used to gather evidence in an audit exercise.
(2 marks)

o. List any four items that should be addressed during disaster recovery audit.
(2 marks)

QUESTION TWO (20 MARKS)

a. Discuss any four functions of IS service support in an IT business environment.

(4 marks)

b. Describe any four important considerations that need to be taken into account during IS
audit planning. (4 marks)

c. Explain any four general areas that an internal auditor can review in its infrastructure.
(4 marks)

d. Explain any four IS standards that Auditors have to observe in their profession.
(4 marks)

e. What is a work paper. Explain two qualities of a good work paper. (4marks)

QUESTION THREE (20 MARKS)

a. Describe any two scopes of auditing that can be conducted in an IT business, in each
state an example of an audit that can be carried out. (4 marks)

b. Describe the basic procedures that are followed during a system audit process.
(4 marks)

c. State what is meant by IS control procedures, and list any three of such procedures.
(4 marks)

d. Explain four areas where CaaTs can be applied in a business environment.

(4 marks)

e. Describe the basic process that an internal Auditor can follow when responding to a
security incident. (4 marks)

QUESTION FOUR (20 MARKS)

a. Describe the procedures that you as a IS Auditor would require when performing Audit
testing and evaluation activities. (4 marks)

b. Explain any four guiding tools that can be used during audit planning. (4 marks)

c. Discuss the standard components of an effective Auditing methodology. (4 marks)

d. Describe the basic types that are followed during computer forensics exercise.
(4 marks)

e. State any four activities that an auditor can consider when auditing a business continuity
plan of an IT department. (4 marks)

QUESTION FIVE (20 MARKS)

a. Giving real case examples, explain two IT control categories. (4 marks)

b. Describe any four tools that can be used to perform an effective audit. (4 marks)

c. Describe the major processes of managing risks during IS Audit process. (4 marks)

d. State the basic criteria that IS auditors consider when administering evidence in their
audit reports. (4 marks)

e. Discuss any four roles of IS auditors when auditing a disaster recovery plan.
(4 marks)