Professional Documents
Culture Documents
EIS Mentor 2022
EIS Mentor 2022
com
CA INTERMEDIATE
Enterprise Information
Systems
MENTOR
QUESTION BANK
2022
Om S Trivedi Edited by
Prof. (CS) Amit Rajpurohit Prof. (CS) Amit Rajpurohit
IIM-C Alumnus,
Visiting FacultyGuest Faculty of
of WIRC, Eesha Narang
Visiting Faculty of WIRC,
LVC and External Subject Expert at Assistant Professor, DAV College,
NIRC and CIRC of ICAI
the BOS of ICAI, Visiting Faculty
NIRC and CIRC of ICAI
Abohar, MA (English), M.Phil., Delhi
Member of NIRC and WIRC of ICAI University
www.eissmpendrive.in
Carvinowledge
P R E S S
© Om Trivedi, 2022
All rights reserved. No part of this publication may be reproduced or transmitted, in any form or by any means, without permission. Any per-
son who commits any unauthorised act in relation to this publication may be liable to criminal prosecution and civil claims for damages.
Carvinowledge Press
B-8/GM-4, DLF Colony, Dilshad Extn.-II
Bhopura, Ghaziabad-201005
Mobile: +91-9953922272
E-mail: carvinowledge@gmail.com
www.carvinowledge.in
Composition Services:
Babra Design
Vijay Babra
House No. 43, Rajeev Garden,
Loni, Ghaziabad - 201102
Mobile: +91-9015729698
E-mail: babradesign@gmail.com
This book is meant for educational and learning purposes. The author(s) of the book has/have taken all reasonable care to ensure that the contents of the book do not
violate any existing copyright or other intellectual property rights of any person in any manner whatsoever. In the event the author(s) has/have been unable to track any
source and if any copyright has been inadvertently infringed, please notify the publisher in writing for corrective action.
Pre face
Welcome to this new edition of ‘Enterprise Information Systems (EIS) Mentor: Question Bank, 2022!
As an author, I am sensitive to your learning as well as examination needs. I believe that citation of the right
content with right answers to questions and their presentation in the examination is an effective tool that
determines the success of a student. For this very reason, I have taken your point of view into consideration. In
writing each chapter, I have taken every care to make the content informative as well as easy and interesting
to read, write and present in examination.
The aim of ‘Enterprise Information Systems (EIS): Question Bank, is to help CA Intermediate
(New Course) students by clearly explaining, analyzing, and evaluating important Enterprise Information
Systems (EIS) concepts. My approach in writing this book was essentially twofold: to write an accessible
textbook that students feel comfortable with but without compromising on the academic rigour.
The case-studies, scenarios and MCQs herein, have been taken from contemporary world, ICAI literatures
and leading brands around us. These help to bridge the gap between theory to practice; aiming not only at
a comprehensive learning experience but also offering an interesting reading. To supplement this, I have
tried to adopt a user-friendly writing style that gives clear and concise explanations to help students engage
readily with the content and grasp complex strategic concepts easily.
I would be happy to get your feedback, comments and queries. You can get in touch with me at omtrivedi@
ymail.com or call me at 9958300572 (between 8 pm – 10 pm).
A Gateway to Success
Repeat 1
Repeat 2
Repeat 3
Repeat 4
Practice
Chapter
Learn
Read
Table of Contents Page. No.
A Gateway to Success
Repeat 1
Repeat 2
Repeat 3
Repeat 4
Chapter
Practice
Learn
Read
Table of Contents Page. No.
Repeat 1
Repeat 2
Repeat 3
Repeat 4
Chapter
Practice
Learn
Read
Multiple Revisions of Syllabus in time Table of Contents Page. No.
1
Business Process Modules and their
integration
Management Information Systems
(MIS)
Data Analytics and Business Intelli-
gence
Automated Business Extensible Business Reporting Language
(XBRL)
Processes 3
INFORMATION SYSTEMS AND ITS
COMPONENTS
99-143
Amendments at a Glance
Data Related Concepts
Information Systems’ Controls
Information Systems’ Auditing
Managerial Controls
(Applicable for May 2022 Onwards)
Application Controls
© Carvinowledge Press (CNP), 2022
18 E N T E R P R I S E I N F O R M AT I O N S Y S T E M S ( E I S ) – M E N TO R ( h’e çfrKk )
quality MCQs for Practice . It also includes SETs customers are willing to pay.
(a) Value
(b) Price
(d) Process Driven
8. Which of the following is a feature of an
entrepreneur?
Appendix - I
idea
the firms to create __________ that increases the
(d) All of the above
worth of goods, services or even a business.
9. Which of the following is a feature of an
(a) Strategy (b) Price
entrepreneur?
(c) Value (d) Demand
(a) Profit and function oriented
BUSINESS or ENTERPRISE SYSTEM (b) Starts business from an existing idea
(c) Conservative and cautious
3. Important aspect of business process (d) Starts business from his own unique business
management from a business management point
one of the sports cars or sports utility vehicles made in needswithof the society, with the purpose of earning DATA
out theVSreasons
INFORMATION
for above-mentioned issues and
Sonipat. The arrangement is not unique to BMW; nearly 80 profits.
S TU D Y
(d) Define why we plan to go for a BPA? submit the report within a week. of facts.
per cent of big Asian and North Indian companies outsource 13. ______________ is a collection
(a) Enterprises
2. ENT Economic is implementing
(b) Non-economic
BPA in employee
Join Us on Telegram http://t.me/canotes_ipcc ERP-enabled functions like MM , PP, QM, PM, SCM
and CRM. Which type of ERP Implementation
Related Risks is involved in this case?
(a) Non-Integrated EIS (b) Integrated EIS
(c) ERP (d) Both B and C
6. In an integrated system, all the data are updated
Downloaded From www.castudynotes.com
§ His students scored AIR 20, 23, 36 and 37 with 100s of exemptions.
§ Taken batches at NIRC and WIRC of ICAI, LVC of the BOS of ICAI,
ETEN CA, Unacademy, IGP Institute, Prime Academy, Rajesh
Makkar Classes & Om Trivedi Classes Delhi.
§ Done researches and projects in areas like competition studies, value creation, and competitive advan-
tages, MIS, and Process Improvement Techniques.
§ Over 17 years of industry experience in Publishing, Content Development and Editing, Instructional
Design, Instructor’s Resource Development, Acquisitions of Businesses, Authors and Imprints, Sales and
Marketing, Publishing solution, and operations. Partner with LexisNexis India (A Reed Elsevier Com-
pany).
§ Worked with Thomson Learning as Regional Head (East India, Nepal, Bangladesh, and Bhutan), with
Tata McGraw-Hills as Acquisition Editor (North, East, and West India), with Macmillan as Commis-
sioning Editor and with Firewall Media as Business Development Manager.
§ Worked as a Consultant business head- HEP of Trinity Press (Formerly Macmillan India’s Higher Edu-
cation Programme) in 2013-14 and played an instrumental role in the acquisition of Macmillan India’s
Higher Education Programme by LPPL under the brand name Trinity Press.
§ Worked as a consultant and business advisor on book publishing, content development, instructional
design, case study development, instructor’s resources, and copyright matters to several companies like
Macmillan, LexisNexis India, Vikas Publishing, Excel Books, Firewall Media, Biztantra and Taxmann.
E I S Hotne s s G ri d
(Based on Examination Pap ers Trend A nalysis)
12 11
10 9
0
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5
16
14 14 13
14 13 13 12
12 12 12
12 10 10
10 10 10 9 9
10
8 8
7 8 7
8
6 6
4 4
2 2
0
0 0
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
Overall
8 6
6 4
4 2
2
0
0
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
Nov-18
Nov-19
Nov-20
Nov-21
Jan-21
Weightage
May-18
May-19
May-21
Overall
0
Jan-21
Weightage
Nov-18
Nov-19
Nov-20
Nov-21
May-18
May-19
May-21
Overall
1
Amendments at a Glance
Automated Business
Processes
The system of recording of attendance being followed is not generating confidence in employees
about the accuracy. There have been complaints that salary payouts are not as per actual attendance.
It has also created friction and differences between employees, as some feels that other employees
have been paid more or their salary has not been deducted for being absent.
Step 2: Understand the rules/regulation which need to complied with?
A number of regulations are applicable to employee attendance including Factories Act 1948,
Payment of Wages Act 1936, State laws, etc. This is a compliance requirement and hence, any BPA
needs to cater to these requirements.
Step 3: Document the process we wish to automate.
The present system includes an attendance register and a register at the security gate.
Employees are expected to put their signatures in attendance registers. The register at the gate
is maintained by security staff, to mark when an employee has entered. There is always a dispute
regarding the time when an employee has entered and what has been marked in the security register.
The company policy specifies that an employee coming late by 30 minutes for two days in a month
shall have a ½ day salary deduction. There is over-writing in attendance register, leading to heated
arguments between human resource department staff and employees. As the time taken to arrive at
the correct attendance is large, there is a delay in preparation of salary statement. The same has
already led to penal action against the company by labour department of the state.
Step 4: Define the objectives/goals to be achieved by implementing BPA
The objective for implementing BPA, being:
a. Correct recording of attendance.
b. Timely compilation of monthly attendance so that salary can be calculated and distributed on a
timely basis.
Step 5: Engage a business process consultant
XYZ Limited a consultant of repute has been engaged for the same. The consultant has prior experience
and also knowledge about entity’s business.
Step 6: Calculate the ROI for project
The BPA may provide Tangible benefits in the form of reduced penalties and intangible benefits which
may include:
a. Better employee motivation and morale, b. Reduced difference between employees,
c. More focus on work rather than salary, and d. Improved productivity.
Step 7: Developing the BPA
Implementing BPA includes would result in the following:
a. All employees would be given electronic identity cards.
b. The cards would contain details about employees.
c. The attendance system would work in the following manner:
i. Software with card reading machine would be installed at the entry gate.
ii. Whenever an employee enters or leaves the company, he/she needs to put the
card in front of machine.
iii. The card reading machine would be linked to the software which would record the
attendance of the employee.
iv. At the end of month the software would print attendance reports, employee-wise.
These reports would also point out how many days an employee has reported late
in the month.
d. Based on this report monthly attendance is put in the system to generate the monthly salary.
The entity has been facing the problem of non-availability of critical raw material items which is
leading to production stoppages and delay in delivery. Delay in delivery has already cost company
in terms of losing customer and sales.
Step 2: Understand the rules/regulations which need to be complied with?
The item is not covered by regulation, regarding quantity to be ordered or stored. To keep cost at
minimum entity has calculated economic order quantity for which orders are placed.
Step 3: Document the process, we wish to automate.
The present process is manual where the orders are received by purchase department from stores
department. Stores department generates the order based on manual stock register, based on item’s
re-order levels. The levels were decided five years back and stores records are not updated timely.
Step 4: Define the objectives/goals to be achieved by implementing BPA.
The objective behind the present exercise is to ensure that there are no production losses due to non-
availability of critical items of inventory. This shall automatically ensure timely delivery of goods to
customers.
Step 5: Engage the business process consultant.
ABC Limited, a consultant of repute, has been engaged for the same. The consultant has prior
experience and knowledge about entity’s business.
Step 6: Calculate the ROI for project
The opportunity loss for the project comes to around `100/ lakhs per year. The cost of implementing
the whole BPA shall be around `50/ lakhs. It is expected that the opportunity loss after BPA shall
reduce to `50 lakhs in year one, `25/ lakhs in later years for the next five years.
Step 7: Developing the BPA
Once the top management says yes, the consultant develops the necessary BPA. The BPA is to generate
purchase orders as soon as an item of inventory reaches its re-order level. To ensure accuracy, all data
in the new system need to be checked and validated before being put into same system:
◘◘ Item’s inventory was physically counted before uploading to new system.
◘◘ Item’s re-order levels were recalculated.
◘◘ All items issued for consumption were updated timely in system.
◘◘ All Purchase orders automatically generated are made available to Purchase manager at the
end of the day for authorizations.
To remain competitive in the market and to overcome the issues faced by its customers, the company
S TU D Y
decided to optimize and streamline its essential business processes using the latest technology to
automate the functions involved in carrying out these essential processes. The management of the
company is very optimistic that with automation of business processes, it will be able to extract
maximum benefit by using the available resources to their best advantage. Moreover, with automation
the company will be able to integrate various processes and serve its customers better and faster.
The management is aware that the automation of business processes will lead to new types of risks in
the company’s business. The failure or malfunction of any critical business process will cause significant
operational disruptions and materially impact its ability to provide timely services to its customers. The
management of ABC Ltd. adopted different Enterprise Risk Management (ERM) strategies to operate
more effectively in environment filled with risks. To reduce the impact of these risks, the company also
decided to implement necessary internal controls.
Read the above illustration carefully and answer the following questions:
i. The processes automated by ABC Ltd. are susceptible to many direct and indirect challenges.
Which of the following factor cannot be considered valid in case the company fails to achieve
the desired results?
a. The business processes are not well thought or executed to align with business objectives.
b. The staff may perceive automated processes as threat to their jobs.
c. The documentation of all the automated business processes is not done properly.
d. The implementation of automated processes in the company may be an expensive
proposition.
ii. The processes automated by ABC Ltd. are technology driven. The dependence on technology
in key business processes exposed the company to various internal as well as external threats.
According to you, external threats leading to cyber-crime in BPA is because:
a. Organizations may have a highly-defined organization structure with clearly defined
roles, authority and responsibility.
b. There may not be one but multiple vendors providing different services.
c. The system environment provides access to customers anytime, anywhere using internet.
d. The dependence on technology is insignificant.
iii. The management of ABC Ltd. adopted a holistic and comprehensive approach of Enterprise Risk
Management (ERM) framework by implementing controls across the company. Identify the false
statement w.r.t components of ERM framework.
a. As a part of event identification, potential events that might have an impact on the
entity should be identified.
b. As a part of risk assessment component, identified risks are analyzed to form a basis
for determining how they should be managed.
c. As a part of monitoring, the entire ERM process should be monitored with no further
modifications in the system.
d. As a part of control activities, policies and procedures are established and executed
to help ensure that the risk responses that management selected are effectively carried
out.
iv. The management of ABC Ltd. implemented different Information Technology General Controls
(ITGCs) across different layers of IT environment with an objective to minimize the impact of
risks associated with automated processes. Which of the following is not an example of ITGC?
a. Information Security Policy
b. Processing Controls
c. Backup, Recovery and Business Continuity
d. Separation of key IT functions
Solution
Question No. Answer
1. (c) The Documentation of all the automated business processes is not done properly.
2. (c) The system environment provides access to customers anytime, anywhere using internet.
in that product. The growing volume of sales transactions started to put a strain on company’s internal
processes. The company employed 300 more employees to ensure that the customers are served better
S TU D Y
and faster. But with the increase in number of monthly transactions to 1.5 million, the manual processes
which were being followed by the company at present, were holding it back. The company was not
able to meet consumer demands even after employing addition 300 employees. The management
consultant Mr. X of DXN Ltd. advised to automate the key business processes of the company to handle
large volume of transactions to meet the expectations of its customers and maintain its competitive
edge in the market.
Mr. X gathered extensive information about the different activities involved in the current processes
followed by DXN Ltd. like - what the processes do, the flow of various processes, the persons who
are in charge of different processes etc. The information so collected helped him in understanding
the existing processes such as flaws, bottlenecks, and other less obvious features within the existing
processes. Based on the information gathered about the current processes, Mr. X prepared various
flowcharts depicting how various processes should be performed after automation and submitted his
report to the management covering the following points:
◘◘ The major benefits of Business Process Automation;
◘◘ The processes that are best suited to automation;
◘◘ Challenges that DXN Ltd. may face while implementing automated processes;
◘◘ Risks involved in Business Process Automation and how the management should manage these
risks
Read the above illustration carefully and answer the following Questions:
1. As the DXN Ltd. was implementing the automated processes for the first time, the consultant
suggested not to automate all the processes at a time and automate only critical processes
which would help the company to handle large volume of transactions. Which of the following
business processes are not best suited to automation:
a. Processes involving repetitive tasks
b. Processes requiring employees to use personal judgment
c. Time sensitive processes
d. Processes having significant impact on other processes and systems
2. While understanding the criticality of various business processes of DXN Ltd., the consultant
Mr. X documented the current processes and identified the processes that needed automation.
However, documentation of existing processes does not help in _______.
a. providing clarity on the process
b. determining the sources of inefficiency, bottlenecks, and problems
c. controlling resistance of employees to the acceptance of automated processes
d. designing the process to focus on the desired result with workflow automation
3. When DXN Ltd. decided to adopt automation to support its critical business processes, it
exposed itself to number of risks. One risk that the automated process could lead to breakdown
in internal processes, people and systems is a type of _____.
a. Operational Risk b. Financial Risk
c. Strategic Risk d. Compliance Risk
4. Mr. X of DXN Ltd. prepared various flowcharts depicting how various processes should be
performed after automation and submitted his report to the management. The flowcharting
symbol that he used to depict processing step is______.
a. Rectangular Box b. Diamond
© Carvinowledge Press (CNP), 2022
c. Oval d. Line
Solution
Question No. Answer
1. (b) Processes requiring employees to use personal judgment
2. (c) Controlling resistance of employees to the acceptance of automated processes
3. (a) Operational Risk
4. (a) Rectangular Box
Question 6: “The trucking company used mileage data to create billing invoices and track when
trucks were used Vs. when they were sitting idle. This process was manual and prone to human errors.
Automation Anywhere created an automated solution to extract information on truck mileage from
the client’s legacy systems and also compute when trucks were in use or sitting idle. Using this data,
© Carvinowledge Press (CNP), 2022
the invoices were generated on time, automatically reducing errors to zero.” Which of the following
benefits of BPA has been expressed in the above scenario?
a. Consistency
b. Governance and reliability
c. Visibility
d. Reduced turnaround time.
Question 7: “Solutions designed by Automation Anywhere and TNT integrated automation across
several processes.” For proper recording of data and information, which type of EIS/ CIS/ Computing
Technology is most suitable for TNT enterprises?
a. FAS with Decentralized database
b. FAS with Centralized database
c. FAS with Parallel Computing
d. FAS with Distributed Computing
Hint 1:
While executing the above operations, TNT Logistics is facing numerous difficulties which are as
following:
i. Inaccurate accounting of truck mileage and contracts for above work.
ii. Inability of immobility of trucks and higher turnaround time.
iii. Manual intervention in processing of data.
iv. Trend tracking and pattern recognition.
v. Inaccurate billing of services.
vi. Huge costs due to lapses in isolating contracts that are breached.
Hint 2:
TNT Logistics is supposed to bear huge costs due to lapses in isolating contracts that are breached.
Hint 3:
The benefit of the above process for user and TNT are:
a. It provides clarity on the process.
b. It helps to determine the sources of inefficiency, bottlenecks, and problems.
c. It allows to re-design the process to focus on the desired result with workflow automation.
Hint 4:
Confidentiality:
ww Authorized Access of the Automated system to the users.
ww Robotic part to reduce human intervention.
Integrity:
ww Ability to accurately account for truck mileage and contracts and ability to track trends that
would allow them to troubleshoot problems. Robotic part to reduce human intervention.
ww Designed an automated process, utilizing the legacy system to track trucks, extract mileage,
stakeholders, including owners, customer, regulators and society overall. Briefly explain all the components of ERM
framework. (RTP Nov 2020)
Answers:
ERM framework consists of eight interrelated components that are derived from the way management runs a business
and are integrated with the management process. These components are as follows:
(i) Internal Environment: The internal environment encompasses the tone of an organization and sets the
basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy
and risk appetite, integrity and ethical values, and the environment in which they operate. Management
sets a philosophy regarding risk and establishes a risk appetite. The internal environment sets the foundation for
how risk and control are viewed and addressed by an entity’s people. The core of any business is its people – their
individual attributes, including integrity, ethical values and competence – and the environment in which they
operate. They are the engine that drives the entity and the foundation on which everything rests.
(ii) Objective Setting: Objectives should be set before management can identify events potentially affecting
their achievement. ERM ensures that management has a process in place to set objectives and that the chosen
objectives support and align with the entity’s mission/vision and are consistent with the entity’s risk appetite.
(iii) Event Identification: Potential events that might have an impact on the entity should be identified: Event
identification includes identifying factors – internal and external – that influence how potential events may affect
strategy implementation and achievement of objectives. It includes distinguishing between potential events that
represent risks, those representing opportunities and those that may be both. Opportunities are channelled back
to management’s strategy or objective-setting processes. Management identifies inter-relationships between
potential events and may categorize events to create and reinforce a common risk language across the entity and
form a basis for considering events from a portfolio perspective.
(iv) Risk Assessment: Identified risks are analyzed to form a basis for determining how they should be managed.
Risks are associated with related objectives that may be affected. Risks are assessed on both an inherent and a
residual basis, and the assessment considers both risk likelihood and impact. A range of possible results may be
associated with a potential event, and management needs to consider them together.
(v) Risk Response: Management selects an approach or set of actions to align assessed risks with the entity’s
risk tolerance and risk appetite, in the context of the strategy and objectives. Personnel identify and evaluate
possible responses to risks, including avoiding, accepting, reducing and sharing risk.
(vi) Control Activities: Policies and procedures are established and executed to help ensure that the risk
responses that management selected, are effectively carried out.
(vii) Information and Communication: Relevant information is identified, captured and communicated in
a form and time frame that enable people to carry out their responsibilities. Information is needed at all
levels of an entity for identifying, assessing and responding to risk. Effective communication also should occur
in a broader sense, flowing down, across and up the entity. Personnel need to receive clear communications
regarding their role and responsibilities.
(viii) Monitoring: The entire ERM process should be monitored, and modifications made as necessary. In this
way, the system can react dynamically, changing as conditions warrant. Monitoring is accomplished through
ongoing management activities, separate evaluations of the ERM processes or a combination of the both.
Question 2: In the present age of Information Technology, Business Process Automation (BPA) is the key technology-
enabled automation of activities or services. As an Information Technology consultant, you are requested to suggest any
three examples of business processes that are best suited to automation and also discuss any three challenges involved
in Business Process Automation. (July 2021, 6 Marks, RTP May-2021)
Answer:
Few examples of processes that are best suited to automation are as follows:
1. Processes involving high-volume of tasks or repetitive tasks: Many business processes such as making
purchase orders involve high-volume of repetitive tasks. Automating these processes results in cost and work-
effort reductions.
2. Processes requiring multiple people to execute tasks: A business process which requires multiple people to
execute tasks often results in waiting time that can lead to increase in costs. For example - Help desk services.
Automating these processes results in reduction of waiting time and in costs.
3. Time-sensitive processes: Business process automation results in streamlined processes and faster turnaround
times. The streamlined processes eliminate wasteful activities and focus on enhancing tasks that add value.
internal processes, fraud or any criminal activity by an employee, business continuity, channel effectiveness,
customer satisfaction and product/service failure, efficiency, capacity, and change integration.
5. Hazard Risks: Hazard risks include risks that are insurable, such as natural disasters; various insurable
liabilities; impairment of physical assets; terrorism etc.
6. Residual Risks: This includes any risk remaining even after the counter measures are analyzed and
© Carvinowledge Press (CNP), 2022
implemented. An organization’s management of risk should consider these two areas: Acceptance of residual
risk and Selection of safeguards. Even when safeguards are applied, there is probably going to be some residual
risk. The risk can be minimized, but it can seldom be eliminated. Residual risk must be kept at a minimal,
acceptable level. As long as it is kept at an acceptable level, (i.e. the likelihood of the event occurring or the
severity of the consequence is sufficiently reduced) the risk can be managed.
Question 4: Organizations should identify controls as per policy, procedures and its structure and configure them within
IT software as used in the organization. Discuss widely the Information Technology controls that can be implemented as
per risk management strategy. (RTP - December 2021)
Answers: Information Technology controls can be classified as General Controls and Application Controls.
General Controls: These are macro in nature and are applicable to all applications and data resources. The Information
Technology General Controls are as follows:
ww Information Security Policy
ww Administration, Access, and Authentication
ww Separation of key IT functions
ww Management of Systems Acquisition and Implementation
ww Change Management
ww Change Management
ww Backup, Recovery and Business Continuity
ww Proper Development and Implementation of Application Software
ww Confidentiality, Integrity and Availability of Software and data files
ww Incident response and management
ww Monitoring of Applications and supporting servers
ww Value Added areas of Service Level Agreements (SLA)
ww User training and qualification of Operations personnel
Application Controls: Application Controls are controls which are specific to the application software to prevent or
detect and correct errors such as payroll, accounts payable, and billing, etc. These controls are in-built in the application
software to ensure accurate and reliable processing. These are designed to ensure completeness, accuracy, authorization
and validity of data capture and transaction processing. Some examples of Application controls are as follows-
ww Data edits (editing of data is allowed only for permissible fields);
ww Separation of business functions (e.g., transaction initiation versus authorization);
ww Balancing of processing totals (debit and credit of all transactions are tallied);
ww Transaction logging (all transactions are identified with unique id and logged);
ww Error reporting (errors in processing are reported); and
ww Exception Reporting (all exceptions are reported).
Question 5: An auditor Mr. Sohan has been given a prime responsibility to assess the suitable implementation and
execution of various controls in his organization XYZ Ltd. To do so, he needs to check the controls at various levels of the
computer systems. Discuss the levels at which Mr. Sohan should check the implementation of controls.
(RTP - December 2021)
Answers: In computer systems, the levels at which the controls shall be checked are as follows:
1. Configuration: Configuration refers to the way a software system is set up. It is the methodical process of defining
options that are provided during system setup. When any software is installed, values for various parameters
should be set up (configured) as per policies and business process work-flow and business process rules of the
enterprise. The various modules of the enterprise such as Purchase, Sales, Inventory, Finance, User Access etc.
must be configured. Configuration will define how software will function and what menu options are displayed.
Some examples of configuration are given below:
ww Mapping of accounts to front end transactions like purchase and sales
ww Control on parameters: Creation of Customer Type, Vendor Type, year -end process
Question 6: Internal control provides an entity with only reasonable assurance and not absolute assurance about
achieving the entity’s operational, financial reporting and compliance objectives. Explain any four inherent limitations
of Internal Control System. (July 2021, 4 Marks)
Answer:
Some inherent limitations of Internal Control System are as follows:
ww Management’s consideration that the cost of an internal control does not exceed the expected benefits to be
derived.
ww The fact that most internal controls do not tend to be directed at transactions of unusual nature, the reasonable
potential for human error such as - due to carelessness, distraction, mistakes of judgment and misunderstanding
of instructions.
ww The possibility of circumvention of internal controls through collusion with employees or with parties outside
the entity.
ww The possibility that a person responsible for exercising an internal control could abuse that responsibility, for
example - a member of management overriding an internal control.
ww Manipulations by management with respect to transactions or estimates and judgments required in the
preparation of financial statements.
Question 7: In an enterprise, explain the difference between various business processes - Operational Processes,
Supporting Processes and Management Processes through an example. (Study Material)
Question 8: What are the benefits of Automating Business Processes? (Study Material, May 2015)
Question 9: BPA is the tactic a business uses to automate processes to operate efficiently and effectively. Explain the
parameters that should be met to conclude that success of any business process automation has been achieved.
(Study Material)
Question 10: Every business process is not a good fit for automation. Explain four examples of business processes that
are not best suited for automation. (Study Material)
Question 11: Automated processes are susceptible to challenges. Explain the major challenges involved in business
process automation. (Study Material)
Question 12: As a part of his project work submission, Mr. X, a student of ABC university needs to prepare and present
a PowerPoint presentation on the topic “Advantages and limitations of Flowcharts” during his practical examination.
What shall be the relevant content? (Study Material)
Question 13: As an entrepreneur, your business may face all kinds of risks related from serious loss of profits to even
bankruptcy. What could be the possible Business Risks? (Study Material)
Question 14: ERM provides a framework for risk management, which typically involves identifying events or
circumstances relevant to the organization’s objectives. Discuss the main components of Enterprise Risk Management
Framework. (Study Material, Nov 2020)
Question 15: Explain the five components of Internal Control, as per SA315. (Study Material)
Question 16: Give two examples each of the Risks and Control Objectives for the following business processes:
(a) Procure to Pay
(b) Order to Cash
(c) Inventory Cycle (Study Material)
© Carvinowledge Press (CNP), 2022
Question 17: Explain the salient features of Section 134 & Section 143 of the Companies Act 2013.
(Study Material)
Question 18: Give five examples of computer related offences that can be prosecuted under the IT Act 2000 (amended
via 2008). (Study Material)
Question 19: “The radical redesign of the business as a collection of activities that take one or more kinds of input and
create an output that is of value to the customer.” In the light of the above statement explain the term ‘business processes.’
Question 20: During a job interview, an interviewer panelist asked Mr. A to elaborate all the sub-processes included in
an Order-To-Cash (O2C) business process. Prepare an appropriate draft reply.
Question 21: Eesha limited wants to know more about and draft a P2C cycle, for this it seeks your help. Prepare an
appropriate draft reply.
Question 22: Define “Supporting Processes” and state their example.
Question 23: The sales of NTR Enterprises have been constantly decreasing. It has appointed you as a consultant.
Explain the need of Business Process Automation (BPA).
Question 24: VTAS group of hotels wishes to implement an automated Grievance Management System at its workplace
to manage and handle the problems with an aim of solving them. Determine the major benefits that will be drawn out of
automating this Grievance related business process.
Question 25: Raj Trivedi, the CEO of RTC Enterprises wants to implement Business process automation in his enterprise.
Determine the steps that he will have to undertake for the automation of the Business processes of the organization.
Question 26: What is Enterprise Risk Management (ERM)? Explain.
Question 27: Risk management is a central part of the strategic management of any organization. What are the benefits
of ERM?
Question 28: Controls are very important for an enterprise. Explain the different types of controls based on
implementation.
Question 29: Controls are designed to provide reasonable assurance that business objectives are achieved. Explain the
different types of controls based on objectives of control or scenario.
Question 30: In Computerized Information Systems (CIS), controls should be checked at three levels. Explain.
Question 31: What are the components of an effective internal control?
Question 32: How the inherent risks involved in BPA can be classified? Discuss any four. (Nov – 2019, 2 Marks)
Hint:
(a) Input and Access
(b) File and Data Transmission
(c) Processing and Output
(d) Database
(e) Infrastructure
Question 33: Explain ‘Data Flow Diagram’. (Nov – 2018, 2 Marks)
Hint: Data flow diagram (DFD) is a graphic representation of the flow of data through an information system.
Question 34: “Enterprise Risk Management (ERM) does not create a risk-free environment; rather it enables management
to operate more effectively in environments filled with risks”. In view of this statement, explain the various benefits, which Board of
Directors and Management of an entity seek to achieve by implementing the ERM process within the entity. (Nov – 2018, 6 Marks)
Hint:
1. Link Risk and Strategy
Question 37: Corporate governance is the framework of rules and practices, by which a board of directors ensures
accountability, fairness and transparency in a company’s relationship with all its stakeholders. List out the rules and procedures
that constitute corporate governance framework. (May – 2019, 3 Marks)
Hint:
a. Corporate Governance is the framework of rules and practices by which a board of directors ensures
accountability, fairness, and transparency in a company’s relationship with its all stakeholders.
b. The corporate governance framework consists of:
c. Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities,
rights, and rewards.
d. Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with their duties,
privileges, and roles, and
e. Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
Question 38: A Business organization is planning to increase the accuracy of information transferred and certifies the
repeatability of the value-added task performed by the automation of business. Being a management consultant, identify any
four major benefits that the organization can achieve through the automation of a business process. (May – 2019, 3 Marks)
Hint:
ww Quality and Consistency
ww Time Saving
ww Visibility
ww Improved Operational Efficiency
ww Governance and Reliability
ww Reduced Turnaround Times
ww Reduced Costs
Question 39: A travel agency ABC wishes to implement an automated Grievance Management System at its workplace
to manage and handle the problems with an aim of solving them. Determine the major benefits that will be drawn out of
automating this Grievance related business process. (RTP May-2018)
Hint: Same as above question.
Question 40: Describe the term “Internal Control System”? State its limitations as well. (RTP May-18)
Hint: Internal Control System: Internal Control System means all the policies and procedures adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention
and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation
of reliable financial information.
Question 41: Internal Control Systems can provide an entity with reasonable assurance about achieving the entity’s
operational, financial reporting and compliance objectives. State the inherent limitations of Internal Control Systems.
Hint: Same as above Question.
Question 42: A bicycle shop in Delhi provides hired bicycles for day(s) at different rates as shown in table:
Season Charges per day
Spring (March – May) ` 8.00
Summer June - August) ` 9.50
Autumn (Sept - Nov.) ` 5.00
Winter (Dec. - Feb.) ` 6.00
To attract his customers, the proprietor also gives a discount on the number of days a bicycle is hired for. If the hire
period is more than 10 days, a reduction of 15% is made. For every bicycle hired, a deposit of ` 20 must be paid.
Develop a flowchart to print out the details for each customer such as name of customer, number of days a bicycle
is hired for, hire-charges and total charges including the deposit. It is also assumed that there are 25 customers and
complete details for each customer such as name of customer, season and number of days the bicycle is required for is
inputted through console. (RTP May-18)
Question 43: During a job interview, an interviewer asked Mr. A to list out all the risks and their controls associated with
Order-To-Cash (O2C) business process. Prepare an appropriate draft reply. (RTP Nov-18)
Question 44: The GST of 50 items is to be calculated as per the following details. With Code No. and Value of Supply as
input, draw a flowchart to calculate the Tax and print the Tax, Code No. of the Item and the Type of Item. (Note: The rates
have been taken hypothetically). (RTP-May-2019)
Code No.(C_No) Types of Items Tax Rate
001 Perishable 15%
002 Textiles 10%
003 Luxury Items 20%
004 Machinery 12%
Question 45: A book publisher offered discount to customers based on their mode of purchase and the number of
copies ordered as shown below:
Mode of Purchase Number of copies ordered Discount %
Online More than 5 20
Less than or equal to 5 15
Offline More than 10 10
Less than or equal to 10 5
If Customer name, Customer type, Date of order placed, Number of copies ordered, and unit price are input; draw a
flowchart to calculate the net amount of the bill and date of purchase for each customer and print it. The above is to be
carried out for 50 customers. (RTP Nov-2019)
Question 46: Discuss all the stages of Human Resource (HR) Life Cycle. (RTP Nov-2019)
Hint: The Human Resources (HR) Life Cycle refers to human resources management and covers all the stages of an
Question 48: In an organization, effective risk management involves identification of high-level risk exposures and their
analysis. Discuss all the risk management strategies out of which Senior Management of an organization may choose to
adopt any of the risk management strategy based on the analysis of risks. (RTP May-2020)
Hint: When risks are identified and analyzed, it is not always appropriate to implement controls to counter them. Some
risks may be minor, and it may not be cost effective to implement expensive control processes for them. Risk management
strategy is explained below:
ww Tolerate/Accept the risk
ww Terminate/Eliminate the risk
ww Transfer/Share the risk
ww Treat/mitigate the risk
ww Turn back
Question 49: Effective risk management begins with a clear understanding of an enterprise’s risk appetite and identifying
high-level risk exposures. Explain the different risk management strategies which the Board or senior management may
take up. (Study Material, Nov.-2020)
Question 50: As a cyber-expert, you have been invited in a seminar to share your thoughts on data protection and privacy
in today’s electronic era. In your PowerPoint presentation on the same, you wish to incorporate the main principles on
data protection and privacy enumerated under the IT Act, 2000. Identify them.
Question 51: General Controls are pervasive controls and apply to all the components of system, processes and data
for a given enterprise or systems environment. As an IT consultant, discuss some of the controls covered under general
controls which you would like to ensure for a given enterprise.
15. _______________ is data that have been processed 23. Which of the following is not an objective of
so that they are meaningful. Enterprise Information Systems?
(a) Knowledge (b) Experience (a) Reduce service cycles
(c) Information (d) Wisdom (b) Identify manual processes
16. Information systems change data into (c) Reduce costs
30. _____________ are the high- level processes that 39. Human Resource Management Cycle does not
are typically specified in textual form. include:
(a) Organizational processes (a) Recruitment and Staffing
(b) Operational processes (b) Goal Setting
(c) Implementation processes (c) Training and Development
© Carvinowledge Press (CNP), 2022
the enterprise to implement BPA in its enterprise. 70. Goals must be achieved within a given time
Which of the following objective does the auditor frame. It means they shall be __________________
seek from the implementation of BPA? (a) Specific (b) Measurable
(a) Integrity (b) Confidentiality (c) Attainable (d) Timely
(c) Availability (d) Timeliness 71. Mr. Vishal Sarangi, the Manager (sales) of OTC ltd.,
© Carvinowledge Press (CNP), 2022
63. VKT enterprises is a market leader in has set a goal of achieving the sales of 1 lakh units
manufacturing silk sarees and has a huge in the quarter of July- September. Its previous
demand because of its high quality of goods and records state that in the current production
after sales services. It receives domestic as well capacity and capital availability the sale cannot
as international orders from across the world. be more than 40,000 units at full utilization of the
As a result, it opened many branches in different company’s resources. So, thereby the above goal
states of the country to meet the growing demand. cannot be achieved with the current production
It was, however, executing its tasks manually capacity and available resources. Which of the
because of this the data was not available when following feature of an optimum goal is lacking in
asked for. The manager of VKT ltd implemented the above case?
BPA in its operations to overcome this limitation. (a) Specific (b) Measurable
Which of the following objective is he trying to (c) Attainable (d) Timely
achieve? 72. The managers of Prathama ltd., desired to
(a) Integrity (b) Confidentiality produce 5 lakh units of ice cream cups and
(c) Availability (d) Timeliness cones and sell it in the month of July. Its current
64. Why is the process of implementing BPA production capacity is of 7 lakh units with
documented? available resources and capital. On 15th July, the
(a) It provides clarity on the process. workers of Prathama ltd. went on strike for five
(b) It helps to determine the sources of inefficiency, days because of this the above budgeted sale level
bottlenecks, and problems. was achieved in the first week of August. Which of
(c) It allows to re-design the process to focus on the following feature lacked in the attainment of
the desired result with workflow automation. the above set goal?
(d) All of the above (a) Specific (b) Measurable
(c) Attainable (d) Timeliness
BPA IMPLEMENTATION 73. The production manager of ENT enterprises
65. VTAS ltd wants to implement BPA in its business. instructed its workers to produce paper cups to
Which of the following benefits justify the the best of their abilities. Which of the following
implementations? feature is lacking in the above objective?
(a) Reducing the cost of audits and lawsuits. (a) Specific (b) Measurable
(b) Taking advantage of early payment discounts (c) Attainable (d) Timeliness
and eliminating duplicate payments. 74. Which of the following consideration is treated as
(c) New revenue generation opportunities. a return on investment (ROI) on BPA?
(d) All of the above (a) Cost Savings, being clearly computed and
66. Goals must be clearly defined. It means they shall demonstrated.
be __________________ (b) Savings in employee salary by not having to
(a) Measurable (b) Attainable replace those due to attrition.
(c) Relevant (d) Specific (c) The cost of space regained from paper, file
67. Goals must be easily quantifiable in monetary cabinets, reduced.
terms. It means they shall be __________________. (d) All of the above
(a) Measurable (b) Specific 75. Which of the following consideration is treated as
(c) Attainable (d) Relevant a return on investment (ROI) on BPA?
68. Goals must be Achievable through best efforts. It (a) Eliminating fines to be paid by the entity with
means they shall be __________________ timely carrying out of process. (Due to delays
(a) Specific (b) Measurable being avoided.)
(c) Attainable (d) Relevant (b) Reducing the cost of audits and lawsuits.
69. Goals shall be set as per the needs of the entity. It (c) Taking advantage of early payment discounts
means they shall be __________________. and eliminating duplicate payments.
(a) Specific (b) Relevant (d) All of the above
(c) Measurable (d) Attainable
76. Which of the following consideration is treated as and reaped numerous benefits. These include
a return on investment (ROI) on BPA? __________________________.
(a) Ensuring complete documentation for all new (a) Inventory management
accounts. (b) Employee Management System
(b) New revenue generation opportunities. (c) Asset tracking systems.
the primary or operational process from the (a) Data is only available to person who have the
following. right to see it.
(a) Workplace safety (b) No unauthorized amendments can be made in
(b) Governance the data
(c) Order to Cash (c) Data is available when asked for
© Carvinowledge Press (CNP), 2022
(d) Strategy Planning (d) Data is made available at the right time.
89. Which of these is not an example of Automation 91. Business Process Automation (BPA) leads to
in everyday life? higher productivity of lower resources, thus
(a) Exam Result declared online leading to better management of
(b) Searching a person’s address using Google (a) Resources (b) Costs
Maps Facility (c) Both ‘a’ and ‘b’ (d) None of the above
(c) Payment of direct & indirect Taxes online
(d) Purchase of Railway platform Tickets at the
Station Counter
90. The success of any business process Automation
(BPA) shall only be achieved when BPA ensure
confidentiality, integrity, availability and
timelines. In this regards, integrity means –
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a c d d a d d d d c d c a d c b d a d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d b c d d b c c a b c b d b d c a b d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
b c b a c a c d a d d d d d d c c b a d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b a c d d d a c b d c d a d d d d d c d
81 82 83 84 85 86 87 88 89 90 91
d c c b b b a c d b c
Unit II
DFDs and Flowcharts
(c) Efficient Program Maintenance: The maintenance 20. _________ are designed to present an overview of
of an operating program becomes easy with the data flow through all parts of a computer.
help of a flowchart. (a) System Flow Charts
(d) Quicker grasp of relationships: Before any (b) System Outline Charts
application can be solved, it must be understood, (c) Program flow charts
© Carvinowledge Press (CNP), 2022
the relationship between various elements of the (d) None of the above
application must be identified. The programmer 21. ________________ represents flow of documents, the
can chart a lengthy procedure more operations or activities performed, the persons or
16. Which of the following is an advantage of using workstations.
flowchart? (a) System Outline Charts
(a) If alterations are to be done, the flowchart may (b) Program flow charts
require complete re-drawing. (c) System Flow Charts
(b) A flowchart acts as a guide or blueprint during (d) None of the above
the systems analysis and program development 22. A _____________________ represents the operations
phase.
(c) As the flowchart symbols cannot be typed, of a system with the help of a logically drawn
reproduction of a flowchart becomes a problem. diagram, data, and illustrates the correct flow of
(d) It becomes difficult to establish the linkage documents.
between various conditions, and the actions to be (a) System Outline Charts
taken thereupon, for a particular condition. (b) System Flow Charts
17. System Outline Charts _____________. (c) Program flow charts
(a) Merely list the inputs, file processed and the (d) None of the above
outputs without considering their sequence. 23. ______________________ provide a complete and
(b) Are designed to present an overview of data flow detailed sequence of logical operations to be
through all parts of a computer. performed in a central processing unit of the
(c) Represent flow of documents, the operations or computer for executing the program.
activities performed, the persons or workstations. (a) System Outline Charts
(d) Represent the operations of a system with the (b) System Flow Charts
help of a logically drawn diagram, data, and (c) Program flow charts
illustrates the correct flow of documents. (d) None of the above
18. In a Computer system, the System Flowchart mainly 24. _____________________ are used to depict the
consists of __________________. scientific, arithmetic and logical operations or steps
(a) Sources from which input data is prepared and which must be accomplished to solve the computer
the medium or devices used application problem. They display specific
(b) The processing steps or sequence of operations operations and decisions and their sequence within
involved, and the program.
(c) The intermediary and final outputs prepared and (a) System Outline Charts
the medium and devices used for their storage. (b) Program flow charts
(d) All of the above (c) System Flow Charts
19. ________________ are diagrammatic representation (d) None of the above
of the data processing steps to be performed within 25. ________________________ are used to translate the
a computer program. elementary steps of a procedure into a program of
(a) System Flow Charts coded instructions.
(b) System Outline Charts (a) System Outline Charts
(c) Program flow charts (b) Program flow charts
(d) None of the above (c) System Flow Charts
(d) None of the above
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a b c b a b d b c a d c b b b a d c a
21 22 23 24 25
c b c b b
Unit III
Enterprise Risk Management and Risks and
34. _____________________________ are designed to 42. __________________ refers to the way a software
detect errors, omissions or malicious acts that occur system is set up.
and report the occurrence. (a) Masters (b) Transactions
(a) Preventive controls (c) Configurations (d) All of the above
(b) Perfective controls 43. ______________ refer to the actual transactions
(c) Corrective controls entered through menus and functions in the
(d) Detective controls application software.
35. _____________________________ is to correct errors, (a) Configurations (b) Transactions
omissions, or incidents once they have been (c) Masters (d) All of the above
detected.
(a) Preventive controls
(b) Organizational structure and assignment of company as scrap. The Internal Control System
authority and responsibility. (ICS) is unable to detect or prevent this. This
(c) Process for attracting, developing, and retaining weakness of the IC S is an instance of _____________.
competent individuals. (a) Collusion (b) Abuse of authority
(d) All of the above (c) Human error (d) Cost considerations
74. ________________ covers all the stages of an 81. Arrange the following stages in fixed assets process
employee’s time within a specific enterprise and in the correct order.
the role the human resources department played at i. Reviewing Transactions
each stage. ii. Generating Financial Reports
(a) HR cycle (b) P2P cycle iii. Approving Transactions 3
© Carvinowledge Press (CNP), 2022
(c) General ledger (d) O2C cycle iv. Entering financial transactions into the system 1
75. ______________ is the process of hiring a new v. Posting of Transactions
employee. (a) iv, i, iii, v, ii (b) iv, v, ii, i, iii
(a) Orientation (b) Career development (c) iv, ii,i, iii, v (d) iv, iii, v, ii, i
(c) Transition (d) Recruiting
Miscellaneous
76. ____________________ is the process by which the
employee becomes a member of the company’s 82. _________________ is the degree of risk that an Entity
work force through learning their new job duties, is willing to accept in pursuit of its goals.
establishing relationships with co-workers and (a) Enterprise Risk Management
supervisors and developing a niche. (b) Risk Management Strategy
(a) Recruiting (b) Career development (c) Risk Mitigation Methodology
(c) Orientation (d) Career planning (d) Risk Appetite
77. _________________ is the stage at which the 83. Which of the following is a Risk Assessment Activity?
employees and their supervisors work out their (a) Risk Identification (b) Risk Prioritization
long-term career goals with the company. (c) Risk Analysis (d) All of the above
(a) Career planning
84. “Insurance Cover” is an example of _____________
(b) Recruiting
strategy.
(c) Career development
(d) Orientation
(a) Risk Transfer (b) Risk Avoidance
(c) Risk Elimination (d) Risk Acceptance
78. _______________ is all about keeping an employee
85. _______________ means not doing an activity that
engaged with the company over time.
involves risk.
(a) Career planning
(b) Recruiting (a) Risk Avoidance (b) Risk Transfer
(c) Career development (c) Risk Elimination (d) Risk Mitigation
(d) Orientation 86. In implementing automated verifications, controls
79. ____________________ refers to the process of should be checked at three levels. These are
recording the transactions in the system to finally (a) ROM, PROM, EPROM
generating the reports from financial transactions (b) Overall, Strategic and Operational
entered in the system. (c) Configuration, Masters and Transaction
(a) General Ledger (b) O2C cycle (d) manual, Automated, Semi Automated
(c) P2P cycle (d) HR cycle 87. _________ is also called standing data.
(a) Configuration (b) Masters
RISKS AND CONTROLS FOR SPECIFIC BUSINESS (c) Parameters (d) Flow Diagrams
CONTROLS
88. A company is setting Masters, i.e., parameters for
80. Arrange the following stages in fixed assets process various types of Modules, i.e., Purchases Sales,
in the correct order. Inventory, Finance, HR, etc. identify which of the
i. Procuring an Asset. following is not a relevant master data for employee
ii. Transferring the Assets. master?
iii. Registering or Adding an Asset. (a) Designation
iv. Adjusting the Assets. (b) Permanent Address
v. Disposing the Assets. (c) Bank Account Details
vi. Depreciating the Assets. (d) GSTIN Details
(a) i, iii, iv, ii, vi, v (b) i, iii, iv, ii, vi, v
89. A company is setting masters, i.e., parameters for
(c) i, iii, iv, ii, vi, v (d) i, iii, iv, ii, vi, v
various types of modules, i.e., Purchases, Sales,
Inventory, Finance, HR etc. Identify which of the
following is not a relevant Master Data for materials (d) Employees are terminated without following
Master? statutory requirements.
(a) Technical Description 91. In an automated General Ledger Process, the
(b) Credit Period possibility that “Non-standard Journal Entries are
(c) Unit of Measurement not tracked and are inappropriate” is a risk at the
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a d b d b d c b a b c a c a c d b d a a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c b d a d d d d c a b c a b c d b c d b
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b a d c b a c d d d d d d b b d d d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
d d d d b a c d b a b d c a d c a c a a
81 82 83 84 85 86 87 88 89 90 91 92
a d d a a c b d b a a c
C h a p t e r
Chapter at a Glance....?
Vi Topic:
HH Quick Bites SCAN
QR Code
su
lizat
io
n
Problem 1: Draw a Flowchart for a program to compute and print the sum, average and product of three
numbers
Solution:
START
Start Input = Numbers X, Y, Z
S = Sum = X + Y + Z
A = Average = Sum / 3
Read X, Y, Z P = Product= X × Y × Z
S=X+Y+Z
A = S/3
P=X*Y*Z
Write S, A, P
End
START
Start START
Start
F=0
Read Days C=0
Year
Year==Days / 365
days/365 Read C
Write F
END
End
END
End
Problem 4: Draw a flowchart for computing and printing the simple interest for 10, 11, 12, 13, and 14 years
at the rate of 3% per annum on an investment of ` 25,000.
Solution:
START
P = 25,000
R = 3%
T = 10
I=P×R×T
Print I
Is Yes
T = 14
?
No
T = T+1
END
Problem 5: Assume that you opened a savings account with a local bank on 01.01.2016 the annual interest
rate is 5%. Interest is compounded at the end of each month. Assuming that your initial deposit is X rupees,
draw a flowchart to print out the balance in your account at the end of each month for three years.
Solution:
START
Start
Input
Read
XX
R = 5%
C=1
I = (X*R) / 12
X=X+I
Print
Print
X X
Is Yes
C = 36
C =?36
?
No
No
C=C+1
END
End
Problem 6: A Company provides a commission to its sales people on the following basis:
(a) If Sales ≤ ` 50,000 = Commission will be 0%
(b) If Sales > ` 50,000 and
≤ ` 1,00,000 = Commission will be 10% of Sales above ` 50,000
(c) If Sales >` 1,00,000 = Commission will be 7% of Sales amount
Solution:
Sales S
Commission Com.
Input Sales
Output Commission
A
START
Input
Sales
Is Yes
Sales ≤ 50,000 Com.
Com==00
?
No
Is Yes
Sales ≤ 1,00,00 Com.
Com==Sales-
(Sales50,000) × 0.1× 0.1
- 50,000)
?
No
Is Com. = Sales
Com × 0.07
= Sales × 0.07
more
records
?
Print
PRINTCom
Output
Com.
END
Problem 7: Draw flowchart to compute commission of a sales representative based on the following
conditions:
Sales (`) Commission
≤ 5,000 Nil
> 5,000 and ≤ 5,0000 10% of sales
> 50,000 ` 5000 + 12% of sale above ` 50,000
Draw a flowchart to print the sales and commission.
Solution:
Commission Com.
Input Sales
Output Commission Sales
Sale S
START
INPUT
S
Is Yes
S ≤ 5,000 Com. = 0
?
No
Is Yes
S ≤ 50000 Com. = S × 0.10
?
No
Com. = 5,000 + (S – 50,000) × 0.12
PRINT
S, Com.
END
Problem 8: For computing custom duty, the imported items are classified into 4 categories.
The rate of duty to be levied on each category of items is given below:
Category % custom duty on the value of
Class of goods
(K) goods (V)
1 Food and beverages 10
2 Textile and leather goods 15
3 Heavy machinery 20
4 Luxury items 40
Category K
Value of Goods V
Custom Duty CD
Input K, V
Output CD
START
INPUT
V, K
Is Yes
K=1 CD = V × 0.1
?
No
Is Yes
K=2 CD = V × 0.15
?
No
Is Yes
K=3 CD = V × 0.20
?
No
CD = V × 0.4
PRINT
CD
END
Problem 9: XYZ Ltd. follows the following procedures for dealing with the Delivery charges (DC) of goods
sold. For the purpose of determining delivery charges customers are divided into 2 categories (K)
(1) Those whose Sale Region Code (SRC) ≥ 30
(2) Those whose SRC < 30
START
Delivery Charges DC
A
Sale Region Code SRC
DC = 0
Invoice Amount IA
Input
INPUT
Categories K
K,K,IA,
IASRC
No Is Yes Is Yes
SRC < 30 IA < 15,000 DC = 300
? ?
No
Is Yes
IA < 15,000 DC = 400 DC = 150
?
No
DC = 200
Print
DC
Yes Is
A more K
?
No
END
Problem 10: Draw a flowchart to compute and print Income-tax, Surcharge and Education cess on the
income of a person, where income is to be read from terminal and tax is to be calculated as per the following
rates:
S. No. Slab (`) Rate
i. 1 to 1,00,000 No tax.
ii. 1,00,001 to 1,50,000 @ 10% of amount above 1,00,000.
iii. 1,50,001 to 2,50,000 ` 5,000 + 20% of amount above 1,50,000.
iv. 2,50,001 onwards ` 25,000 + 30% of amount above 2,50,000.
Surcharge @ 10% on the amount of tax, if the income of a person exceeds ` 10,00,000.
Education cess 2% on the total tax. [May 2006]
Solution:
Income INC
START Surcharge SCHG
A Education Cess Edu. Cess
Tax = 0
SCHG = 0
Input INC
Edu. cess = 0
Output Tax, SCHG,
Input Edu. Cess Education Cess
INC
Is Is Is Is
INC < No INC < No INC < No Tax = 25000 + No
INC >
1,00,000 1,50,000 2,50,000 0.3 * (INC – 2,50,000)
10 lac
? ? ? ?
Yes Yes Yes Yes
Tax = 0 Tax = 0.1 * Tax = 5000 + SCHG = 0.1* Tax
(INC – 1,00,000) 0.2 * (INC – 1,50,000)
Is
PRINT more Yes
Tax, SCHG, A
records
Edu. Cess ?
No
END
Problem 11: The Income-tax for the employees of an organization is calculated on the basis of their Gross Income and
the Investments made by them, under Section 80CCC. The taxable income is calculated according to the following
rules:
Taxable Income = Gross Income – Investments provided investments are less than ` 1 Lac.
Otherwise,
Taxable Income = Gross Income – 1,00,000
Following rules are applied to calculate the Income-tax, on the Taxable Income:
Also an educational cess of 3% of Income-tax is levied on all the employees, irrespective of the income.
Employee number, Name, Gross Income, Investment amount is given as input. Draw a flow chart to calculate the
Income-tax payable by each employee. [May 2010]
Solution:
START
GI Gross Income
A EN Employee Number
Input INV Investment made
Inv, EN, N
N Name
NoNo
Is
Yes TI Total Income
TI = GI - 1L Inv < 1Lac TI = GI - Inv
? IT Income Tax
EC Education Cess
IT Pay Income Tax Payable
Is Yes
TI ≤ 1.6L IT = 0
?
No
Is Yes
TI ≤ 3L IT = (TI - 1.6L) × 0.1
?
No
No
Is Yes
TI ≤ 5L IT = 14,000 + (TI - 3L) × 0.2
?
No
No Yes
IT = 54,000 + (TI - 5L) × 0.3
EC = IT × 0.03
IT PAY = IT + EC
PRINT
IT Pay
Is there
Yes
Yes more
A Employees
?
No
No
END
Problem 12: An electric supply company charges the following rates from its domestic consumers:
No. of unit consumed Charges/unit (`)
For the first 200 units 1.60
For the next 300 units 2.10
Over 500 units 3.90
Surcharge @ 20% of the bill is to be added to the charges.
Draw a flowchart for the above, which will read the consumer number and the number of units consumed
and print out the total charges with the consumer number and the units consumed.
SCHG = Surcharge TC = Total Charges
UC = Units Consumed CN = Consumer number [November 2006]
Solution:
START
A
INPUT
CN, UC
Is
units Yes
Chg = UNITS × 1.60
< 200
?
No
Is
units Yes Chg = (200 × 1.60) +
< 500 (UNITS – 200) × 2.10
?
No
TC = SCHG + SUR
Print
TC, CN, UC
Is
Yes more
A records
?
No
END
Problem 13: An electric supply company charges the following rates from its consumers:
No. of units consumed Charges/unit (`)
For the first 200 units 2.50
For the next 300 units 3.50
Over 500 units 5.00
Computer database of a company has the following information:
• Consumer name • Address • Unit consumed • Bill date • Payment date
If the consumer pays his bill within 15 days from the bill date, 10% discount is given. If he makes the payment after
15 days from the bill date, 5% surcharge is levied. Draw a flowchart to calculate the net amount of the bill for each
consumer and print it. [November 2007]
Solution:
START
Abbriviations
A
INPUT Name, Add, Consumer Name Name
UC, DOB, DOP
Address Add
Units Consumed UC
Is
Units Yes
AMT = UC × 2.50
Bill Date DOB
< 200
? Payment Date DOP
No Amount AMT
Is Net Amount NAMT
Units ‘U’ Yes AMT = 200 × 2.50 +
< 500 (UC – 200) × 3.50 Surcharge Sur
?
Discount Disc
No
AMT = (200 × 2.50) + (300 × 3.50)
+ (UC – 500) × 5.00
Is
Sur = 0.0 Yes PDAYS No Sur = 0.05
Disc = 0.10 <15 Disc = 0.00
?
Is
Print more Yes
A
Name, records
Add, UC, NAMT ?
No
END
Problem 14: CNP India Ltd. offers different items to sell to different types of customers as per following
procedures:
Discount
Item
Dealers Retailer
Washing Machines 12% 12%
Cooking Range 12% 9%
Decorative product 20% if value of order is 10000 or above else 0% 10%
START I Items
K Categories
D=0
V Value
INPUT
D Discount
I, K, V
I=
No Yes
“Washing D = V × 0.12
machine”
?
I=
“Cooking Yes
Range”
?
Is Yes
No K = “Dealer” D = V × 0.12
?
Is Yes No
K = “Dealer” D = V × 0.09
?
Is Yes
V ≥ 10,000 D = V × 0.20
?
No No
D = V × 0.0
D = V × 0.10
Print D
END
Problem 15: A bicycle shop in Delhi hires bicycles by the day at different rates as shown in table:-
S.No. Season Charges per day (`) S.No. Season Charges per day (`)
i. Spring (March - May) 8.00 iii. Autumn (Sept - Nov.) 5.00
ii. Summer (June - August) 9.50 iv. Winter (Dec. - Feb.) 6.00
To attract his customers, the proprietor also gives a discount on the number of days a bicycle is hired for. If the hire
period is more than 10 days, a reduction of 15% is made. For everybicycle hired, a deposit of `20 must be paid.
Develop a flowchart to print out the details for each customer such as name of customer, number of days a bicycle
is hired for, hire-charges and total charges including the deposit. It is also assumed that there are 25 customers and
complete details for each customer such as name of customer, season and number of days the bicycle is required for is
inputted through console.
Solution:
START Input
Customer Name CN
C=0
Season S
A
No. of Days ND
C=C+1
Output
CN, ND
INPUT
CN, S, ND Hire - Charges HC
Total Charges THC
Is Yes Desposits DP
S = SP CD = 8.00
? Other Terms Used
No Spring SP
Is
Yes Summer SU
S = SU CD = 9.50
? Autumn AU
No Winter WI
Is
S = AU
Yes
CD = 5.00
Charges/Day CD
? Customer C
No
CD = 6.00
No Is Yes
HC = (ND × CD) - 0 ND > 10 HC = (ND × CD) - (ND × CD × 0.15)
?
THC = HC + 20
Is Yes PRINT
No CN, ND, HC,
A C = 25
? THC, DP
END
Problem 16: The following information has been provided for a programme execution of 100 employees (E).
Take Name (EN), Basic Salary (BS), DA, Type of Employee (K) as input.
Draw a flowchart to compute and print the following for (each employee).
Employees are of 2 types:
(1) Permanent (P)
(2) Temporary (T)
Output → Employe’s Name (EN), Gross Salary (GS), and Net Salary (NS)
•• Gross Salary = Basic Salary + DA + HRA
•• HRA = 30% of Basic Salary
•• Net Salary = Gross Salary – Deduction
•• Deduction are PF and TDS
•• PF = 12% of basic Salary for Permanent (P) employee.
Conditions TDS
If Gross Salary ≤ ` 10,000 = NIL
If Gross Salary ≤ ` 15,000 = 5% of G.S.
If Gross Salary ≤ ` 25,000 = 10% of G.S.
If Gross Salary > ` 25,000 = 20% of G.S.
Vis
Knowledge Through Visualization.... ?
Topic: QR Code
u
Flowchart - Part 2
aliza
ti
on
Solution:
START
E=0
A
E=E+1
Input
NE, BS, DA, K
GS = BS + DA + HRA
No If Yes
PF = 0 K = ‘P’ PF = BS × 0.12
?
If Yes
GS ≤ 10K TDS = 0
?
No
No
If Yes
GS ≤ 15K TDS = GS * 0.05
?
No
No
If Yes
GS ≤ 25K TDS = GS * 0.1
?
No
No
TDS = GS * 0.2
NS = GS - PF - TDS
PRINT
NE, GS, NS
No Is
A E = 100
?
Yes
END
Problem 17: A Housing Society in a newly developed Smart City has provided several advanced security
systems to each house in that city. Based on the value of these advanced security systems installed in each
house, the Society has divided all the houses in four categories and fixed the criteria for annual maintenance
charges as under:
House Category Maintenance charges as % of value of advanced security systems installed at house
A 8%
B 6%
C 4%
D 3%
In addition to above there is a service tax @ 12.36% on the amount of maintenance charges. Considering
house number and value of advanced security system installed, as input, draw a flow chart to have printed
output as house number, maintenance charges, service tax and the total amount to be paid by each house
owner. [May 2014]
Solution:
START
A
INPUT
HNO, VAL_ASS
Is Yes
HC= A MC = 0.08 × VAL_ ASS
?
NO
Is
HC= B MC = 0.06 × VAL_ ASS
? Yes
NO
If Yes
HC= C MC = 0.04 × VAL_ ASS
?
NO
ST = 0.1236 × MC
TM=MC+ST
Is
PRINT More HNO Yes
HNO, MC, ST, TA A
?
No
END
STOP
Problem 18: ABC Limited is a software development company, which appointed 50 software engineers
in August’ 2014 at a monthly salary of `30,000. All these engineers shall be entitled for an increment in
their monthly salary after six months. The increment on present monthly salary shall be based on their
performance to be evaluated on a 100 marks scale as per details given below:
◘◘ Performance Marks < 70, then increment shall be 10% of present salary.
◘◘ 70 ≤ Performance marks < 80, then increment shall be 20% of present salary.
◘◘ Performance marks ≥ 80, then increment shall be 30% of present salary.
Draw a Flow-Chart to enable to print the details like name of the engineer, performance marks, monthly increment
amount and revised monthly salary for each of these 50 engineers. [May 2015]
Solution:
START Abbreviation
N Number of Engineers
CAWL PM Performance Marks
INCAMT Increment Amount
RESAL Revised Salary
N = 0 INCREMENT = 0
INPUT NAME, PM
N=N+1
Is
Yes
PM < 70 INCREMENT = 0.10
?
No
Is Yes
PM < 80 INCREMENT = 0.20
?
No
INCREMENT = 0.30
PRINT
NAME, PM,
INCAMT, RESAL
Is
Yes N < 50
A
?
No
END
Problem 19: A University has 3,000 students. These students are divided in four categories:
ww B. Tech
ww M. Tech
ww M.S.
ww Ph.D.
Draw a flow chart for finding the percentage of the students in each category. [May 2007]
Solution:
START Abbreviation
I=1
ST Student Type
A I Number of Student
I = I+1
INPUT
ST
Yes
Is
ST = “B.Tech” S1 = S1 +1
?
No
Is Yes
ST = “M.Tech” S2 = S2 +1
?
No
Is Yes
ST = “M.S” S3 = S3 +1
?
No
S4 = S4 +1
Yes Is
A I < 30000
?
No
PS1 = S1/3000
PS2 = S2/3000
PS3 = S3/3000
PS4 = S4/3000
PRINT
PS1, PS2, Ps3, PS4
END
Problem 20: A company has 2,500 employees. Their salaries are stored as J(s), 1, 2, ---- 2500. The salaries are
divided in four categories as under:
(i) Less than `1,000 (iii) `2,001 to `5,000
(ii) `1,000 to `2,000 (iv) Above `5,000.
Draw a flow chart for finding the percentage of the employees in each category.
Solution:
START
I=0
A
I = I+1
INPUT J(1)
J(2) ... J(2500)
Is Yes
J(I) < 1000 P1 = P1 + 1
?
No
Is Yes Is No
J(I) < 2000 P2 = P2 + 1 L = 2,500 A
? ?
No Yes
Is Yes R1 = P1/2500
J(I) < 5000 P3 = P3 + 1
?
No R2 = P2/2500
P4 = P4 + 1
R3 = P3/2500
R4 = P4/2500
PRINT
R1, R2, R3, R4
END
Problem 21: A labourer in a manufacturing company gets his wages as per following calculations:
Basic pay = 10 × N if N ≤10
Basic pay = 12 × N if N ≤15
Basic pay = 15 × N if N >15
He is also awarded a quality related bonus as per following norms:
If QI ≤ 0.5; Bonus = 0.0
If QI ≤ 0.75; Bonus = 10% of basic pay
If QI ≤ 0.9; Bonus = 20% of basic pay
If QI > 0.9; Bonus = 30% of basic pay
Where, N = Number of items manufactured QI = Quality index
For the above conditions, draw a flow chart to calculate and print basic pay, bonus and total pay received by the labourer.
Solution:
START
Abbreviations
CAWL CAWL Clear all working locations
N Number of items manufactured
Read N, QI
QI Quality index
Is Yes
N ≤ 10 Rate = 10
BR Bonus rate
?
BP Basic pay
No
Is Yes TPay Total pay
N ≤15 Rate = 12
?
No
Rate = 15
Is Yes
QI ≤ 0.5 BR = 0.0
?
No
Is Yes
QI ≤ 0.75 BR = 0.1
?
No
Is Yes
QI ≤ 0.9 BR = 0.2
?
No
BR = 0.3
BP = N × Rate
Bonus = BR × BP
TPay = BP + Bonus
PRINT
BP, Bonus, TPay
No
No Is
last record
?
Yes
END
Problem 22: A water distribution company has two categories of consumers (Domestic and Commercial). The charges
of water per unit consumed by these consumers are ` 5.00 and ` 8.00 respectively. The computer database of the
company has the following information:
ww Consumer’s name ww Billing date
ww Category ww Date of payment.
ww Units consumed
The company processes bills according to the following criterion: If the consumer is domestic and pays his
bill within 10 days of the bill date, 7% discount is given. If he pays the bill within 15 days, no discount is given.
If he makes the payment after 15 days of the bill date, 10% surcharge is levied. For commercial consumers,
corresponding percentage be 15%, 0% and 15% respectively. Draw a Flow chart to calculate the bill amount,
discount, surcharge and net amount of the bill for each type of consumer and print it. [November 2005]
Solution:
START Abbreviations
A CN Consumer’s name
Read CN, K, UC, DOB, DOP
K Category
UC Units consumed
Yes Is No
K = 'D’ BD Billing date
?
DOP Date of payment
Rate = 5.00 Rate = 8.00
BA Bill Amount
DISC Discount
SCHG Surcharge
AMT = Units × Rate NBA Net Amount
D Domestic
PDAYS = DOP - DOB
C Commercial
Yes Is No
K = 'D'
?
Yes Is Yes Is
PDAYS < 10 PDAYS < 10
? ?
No No
Is Yes Is Yes
PDAYS > 15 PDAYS > 15
? ?
No No
DISC = 0.07 DISC = 0.00 DISC = 0.07 DISC = 0.15 DISC = 0.00 DISC = 0.00
SUR = 0.00 SUR = 0.00 SUR = 0.10 SUR = 0.00 SUR = 0.00 SUR = 0.15
PRINT
CN, BA, DISC, SCHG, NBA
Yes
No Is
A last record
?
No
Yes
END
START
B
INPUT, Age, Health, A
Lives, Sex
Is No
Age 20-40
?
Yes
Poor Is Good
Health
?
Is Male Is Female
Female
A Sex Sex
? ?
Male
No Is
B last record
?
Yes
Yes
END
Problem 24: A Book publisher offers discount to customers on the basis of customer type and number of
copies ordered as shown below:
Customer type Number of Copies Ordered Percentage of Discount
Book Seller More than 10 25
Less than or equal to 10 15
Library More than 5 20
Less than or equal to 5 10
Customer number, name, type, book number, number of copies ordered and unit price are given as input.
Draw a flow chart to calculate the net amount of the bill for each customer and print it. The above is to be
carried out for 50 customers. [November 2008]
Solution:
START Abbreviations
NOC = 0 NOC Number of Customer
CNO Customer Number
NOC = NOC+1
CNAME Customer Name
INPUT CTYPE Customer Type
CNO, CNAME,CTYPE, BNO,NC,UP
BNO Book Number
Is Yes
NC Number of Copies
CTYPE= ‘BS’
? UP Unit Price
AMT = NC × UP
PRINT
CNO, CNAME, NAMT
No Is
NOC = 50
?
Yes
END
Problem 25: A book publisher of Information Technology offers discount to its customers on the basis of
customer type as detailed below:
Customer Type Discount
Book Seller 30%
Library 20%
Student 10%
Further, if number of copies purchased is more than 20, then additional discount of 5% is allowed irrespective
of customer type. Number of books, unit price of each book and customer type are given as input. Draw a
flow chart to calculate the net amount after all discount and print customer type, number of copies and net
amount. [November 2013]
Solution:
Abbreviations
START
CT Customer Type
Is No Is No Is No
CT= Book CT = Library CT = Student
Seller ? ?
?
Is Yes
Yes Is Yes Is Yes
NC > 20 NC > 20 NC > 20
? ? ?
No No No
PRINT
CT,CT,
Print NC, AMT
NC, AMT
END
Problem 26: A bicycle shop in a city hires bicycles by the day at different rates for different models as given
below:
Model No. Hire rate per day (`)
Model No. 1 14.00
Model No. 2 12.00
Model No. 3 10.00
In order to attract customers, the shopkeeper gives a discount on the number of days a bicycle is
hired for. The policy of discount is as given below:
No. of days Discount rate (%)
1-5 0.00
6-10 8
11 and over 15
For every bicycle hired, a deposit of ` 30.00 must be paid.
Develop a flow chart to print out the details for each customer such as name of the customer, bicycle model
number, number of days a bicycle is hired for, hire charges, discount and total charges including deposits.
[May- 2008]
Solution:
START Abbreviations
A D Days
INPUT Name, Model, D R Rate
Disc. Discount
Is Yes
ND = 1 to 5 Disc = 00.00
?
No
Is Yes
ND = 6 to 10 Disc = 0.08
?
No
DISC = 0.15
HCHG = D × R
PRINT
Name, Model, D, HCHG, TDISC, TCHG
Yes Is
More
A Customer
?
No
END
Problem 27: A bicycle shop in a city hires bicycles by the day at different rates for different models as given below:
Customer Type Discount Customer Type Discount
Model No. 1 ` 10 Model No. 3 `8
Model No. 2 `9 Model No. 4 `7
In order to attract customers, the shopkeeper gives a discount of 15 percent to all those customers, who
hire a bicycle for more than one-week period. Further to attract women customer, he gives additional
discount of 10 percent irrespective of hire period. For every bicycle hired a security deposit of ` 25 must
be paid. Draw a flow chart to print out the details of each customer such as name of customer, bicycle model
number, number of days a bicycle is hired for, hire charges, discount and total charges including deposits.
[November 2004]
Solution:
START
A
INPUT
Name, Model , Days, Sex
If Yes
Model = 1 Rate = 10.00
?
No
If Yes
Model = 2 Rate = 9.00
?
No
If Yes
Model = 3 Rate = 8.00
?
No
Rate = 7.00
If Yes No
SEX = “Female” If Days > 7 DISC = 0.10
?
No Yes
Yes If
DISC = 0.15 Days > 7 DISC = 0.25
?
No
DISC = 0
PRINT
NAME, MODEL, DAYS, HCHG, TDISC
Is
Yes
A More Customers
?
No
END
Problem 28: Frame the problem for which the given flowchart has been drawn. See the abbreviations defined
beside:
START
Abbreviations
Cust Customer
INPUT
Cust, Amt, Prod Prod Product
Amt Amount
Yes
Is Disc Discount
Prod = TV Disc = Amt × 0.15
? TV Television
No FR Fridge
No
No
No Is
Disc = 0 Prod = MS Disc = Amt × 0.15
?
Yes
Is Yes
Cust = ST Disc = Amt × 0.10
?
No
No Is Yes
Disc = 0 Amt > 1lac Disc = Amt × 0.18
?
PRINT
Prod, Disc
END
Solution:
The flowchart drawn is for the following problem:
A company engaged in selling electronic items to different class of clients has adapted the following discount
policy:
i. A discount of 15% is offered on TV irrespective of category of client and the value of order.
ii. On purchase of fridge, a discount of 15% is allowed to others and 12% to students, irrespective of the
value of the order.
iii. On Music system, others are offered a discount of 18% only if the value of order is more than ` 1 Lac.
Students are offered a discount of 10% irrespective of the value of order.
Prepare a flowchart to print the product type and discount allowed to a customer.
Note: It is a sample formation of the problem. Students can frame the problem in their own language based
on the above three conditions.
Problem 29:
a. Write the output sequence (at least first five numbers) for the given flowchart, if N = 0 is selected as the
value of N as input.
b. If the statement “N. = N * N” in the computation box of the flowchart is modified as “N = N * (N – 1)”.
Write the output sequence (at least first five numbers) for the flowchart with N = 0 as the input value for N.
START
INPUT
N
Is Yes
N > 1000
?
No
PRINT
N
N=N+1
N=N*N
END
Solution:
(a) 0, 1, 4, 25, 676
(b) 0, 0, 0, 0, 0
Problem 30: An E-commerce site has the following cash back offers.
i. If the purchase mode is via website, an initial discount of 10% is given on the bill amount.
ii. If the purchase mode is via phone app. An initial discount of 20% is given on the bill amount.
iii. If done via any other purchase mode, the customer is not eligible for any discount.
Every purchase eligible to discount is given 10 reward points.
i. If the reward points are between 100 and 200 points, the customer is eligible for a further 30% discount
on the bill amount after initial discount.
ii. If the reward points exceed 200 points, the customer is eligible for a further 40% discount on the bill
amount after initial discount.
Taking purchase mode, bill amount and number of purchases as input draw a flowchart to calculate
and display the total reward points and total bill amount payable by the customer after all the
discount calculation.
[November 2015]
Solution:
START
A
Abbreviations
PM Purchase Mode
TRP = 0, TBA = 0, BA = 0 BA Bill Amount
TBA Total Bill Amount
INPUT NOP Number of Purchases
PM, BA, NOP
TRP Total Reward Points
Yes
If IN_DISC Initial Discount
PM = Website IN_DISC = 0.10
? Extra Discount on
NoNo
ET_DISC purchases eligible to
No If Yes
IN_DISC = 0 PM = Phone App IN_DISC = 0.20 Initial Discount
?
Counter (to track the
N
number of purchases)
TRP = NOP × 10
BA = BA - (BA × IN_DISC)
NO
If Yes
100 ≤ TRP ≤ 200 ET_DISC = 0.30
?
No
If Yes
TRP > 200 ET_DISC = 0.40
?
No
TBA = BA
PRINT
TBA = BA - (BA × ET_DISC)
TRP, TBA
END
A
Problem 31: A bank has 500 employees. The salary paid to each employee is sum of his basic pay, Dearness
Allowance and House rent allowance. For the purpose of computing house rent allowance bank has classified his
employees into three classes A, B and C. The house rent allowance for each class is computed at the rate of 30%,
20% and 10% of the basic pay respectively. The dearness allowance is computed at a flat rate of 60% of the basic
pay. Draw a flow chart to determine the percentage of employee falling in the each of the following salary slabs:
(i) Above ` 30,000 (ii) ` 15,001 to ` 30,000
(iii) ` 8,001 to ` 15,000 (iv) Less than or equal to ` 8,000. [May 2005]
Abbreviations
P1 Percentage of employees falling in salary slab (salary ≤ 8,000)
P2 Percentage of employees falling in salary slab (8,001≤ salary≤15,000)
P3 Percentage of employees falling in salary slab (15,001≤ salary ≤ 30,000)
P4 Percentage of employees falling in salary slab (salary ≥ 30,000)
I Count of number of employees
Solution:
START
I=1
INPUT
Basic, Class
If Yes
Class = A HRA = 0.3 × BASIC
?
No
No
If Yes
Class = B HRA = 0.2 × BASIC
?
No
HRA = 0.1 × Basic
If Yes
SALARY ≤ 8,000 C1 = C1 + 1
?
I=I+1 No
If Yes
SALARY ≤ 15,000 C2 = C2 + 1
?
No
If Yes
SALARY ≤ 30,000 C3 = C3 + 1
?
No
C4 = C4 + 1
No If
I ≤ 500
?
Yes
P1 = C1 × 100/500
P2 = C2 × 100/500
P3 = C3 × 100/500
P4 = C4 × 100/500 PRINT
P1, P2, P3, P4
END
FIN BILL AMT = TOT BILL AMT + (SCHG × TOT BILL AMT)
PRINT
DISC, SCHG, FIN BILL AMT
END
Problem 33: A company is selling three types of products, namely, A, B and C to two different types of customers
viz, dealers and retailers. To promote the sales, the company is offering the following discounts:
i. 10% discount is allowed on Product A, irrespective of the category of customers and the value of order.
ii. On product B, 8% discount is allowed to retailers and 12% discount to dealers, irrespective of the value
of order.
iii. On product C, 15% discount is allowed to retailers irrespective of the value of order and 20% discount to
dealers if the value of order is minimum of ` 10,000.
Draw a flowchart to calculate the discount for the above policy.
Solution:
Abbreviations
PROD TYPE Product Type
CUST TYPE Customer Type
VAL ORDER Value of Order
DISC Discount
START
DISC = 0
If Yes
PROD TYPE ='A' DISC = 0.10 × VAL ORDER
?
No
If
If Yes
CUST TYPE Yes
PROD TYPE ='B’ DISC = 0.12 × VAL ORDER
? = 'DEALER'
?
No
No
DISC = 0.15 × VAL ORDER
If CUST TYPE Yes
= 'RETAILER
?
No DISC = 0.15 × VAL ORDER
If Yes
VAL ORDER >=10,000 DISC = 0.20 × VAL ORDER
?
PRINT
No DISC
DISC = 0.0
END
Problem 34: A bank has 500 employees. The salary paid to each employee is sum of his Basic Pay (BP), Dearness
Allowance (DA) and House Rent Allowance (HRA). For computing HRA, bank has classified his employees
into three classes A, B and C. The HRA for each class is computed at the rate of 30%, 20% and 10% of the BP
Pay respectively. The DA is computed at a flat rate of 60% of the Basic Pay.
Draw a flow chart to determine percentage of employee falling in the each of following salary slabs:
(i) Above ` 30,000
(ii) ` 15,001 to` 30,000
(iii)` 8,001 to` 15,000
Less than or equal to` 8,000
Solution:
Working Notes
Abbreviations used in the above flowchart are as follows:
(i) P1, P2, P3 and P4: Percentage of employees falling in salary slab (salary <= 8,000); salary slab (8,001 <=
salary <= 15,000); salary slab (15,001 <= salary <= 30,000) and salary slab (salary >= 30,000) respectively;
(ii) C1, C2, C3 and C4: are the number of employees falling in salary slab (salary<=8,000); salary slab
(8,001 <= salary <=15,000); salary slab (15,001 <= salary <= 30,000) and salary slab (salary >= 30,000)
respectively;
(iii) I: Count of number of employees
Start
I=1
No No
Is Class = A ? Is Class = B ? HRA = 0.1* Basic
DA = 0.6* Basic
No
C4=C4+1
P3=C3*100/500
P4=C4*100/500
Stop
Start
Step A
S=Z
Z=Y
Y=X
X=S
I=I+1
No
Step B If I + 1
Yes
Print X. Y, Z
Stop
2 D
Case Studies and Scenarios I
Financial and Accounting
Systems
V E
Case Based Scenario 1 (Study Material 2021)
I
CA XYZ a leading publication house of Delhi was facing many issues like delay in completing the order of
its customers, manual processing of data, increased lead time, inefficient business processes etc. Hence,
SE
R
the top management of XYZ decided to get SAP - an ERP system implemented in the publication house.
Using the proper method of vendor selection, Digisolution Pvt. Ltd. was selected to implement SAP
S TU D Y
software in XYZ publication house. To implement the software, the IT team of Digisolution Pvt. Ltd.
T
visited XYZ’s office number of times and met its various officials to gather and understand their
requirements. With due diligence, the SAP software was customized and well implemented in the
publishing house.
After the SAP implementation, the overall system became integrated and well connected with other
departments. This raised a concern in the mind of few employees of XYZ worrying about their jobs’
M
security leading to quitting of jobs. The top management of XYZ showed its concern on this issue and
wanted to retain few of its employees.
O
Answer the following questions:
1. Imagine you are core team member of Digisolution Pvt. Ltd. While customizing the Sales and
.
Distribution Module of SAP software, you need to know the correct sequence of all the activities
involved in the module. Identify the correct option that reflects the correct sequence of the
F
activities.
(i) Material Delivery (ii) Billing
O
(iii) Pre-Sales Activities (iv) Sales Order
(v) Payments (vi) Inventory Sourcing
R
Choose the correct sequence from the following
(a) (i) - (iii) – (ii) – (iv) – (v)- (vi)
P
(b) (ii) – (iv)- (vi) – (iii) – (i) – (v)
(c) (iii)- (iv) – (vi)- (i) –(ii) – (v)
(d) (iv)- (i) – (iii), (v), (ii), (vi)
2. In purview of above situation, which of the following control can be helpful to management of
XYZ ubliching house to retain its employees and stopping them to leave the company?
(a) Training can be imparted to employees by skilled consultant.
(b) Allocation of employees to task matching their skill set, fixing of compensation package.
(c) Management should stop the implementation of ERP.
(d) Backup arrangement is required.
3. The SAP software was successfully implemented by XYZ publication house after overcoming
many challenges. The risk associated with “Patches and upgrades not installed and the tools
being under-utilized” belongs to __________ risk.
(a) Technological (b) Implementation
(c) People (d) Process
Solution
Question No. Answer
1. (c) (iii)- (iv) – (vi)- (i) –(ii) – (v)
2. (b) Cloud Base Application
3. (a) Technological
CA Unique Services, a well-established firm of Chartered Accountants with nine branches at different
locations in Delhi, deals in accounting, auditing and taxation assignments like – return filing, corporate
SE
taxation and planning, company formation and registration of foreign companies etc.
The firm has its own ERP software. The firm decided to come up with Real Estate Regulatory Authority
S TU D Y
(RERA) registration which requires upgradation in its software. Hence, the principal partner of the firm
asked its associate partner to prepare a list of various clients dealing in construction and development
of flats, commercial properties etc.
The firm’s management took care to select the vendor to upgrade their ERP software which will act as
an online assistant to its clients providing them the complete details about registration and filling of
various forms and resolving their frequently asked questions. The firm also wanted a safe and secure
working environment for their employees to filing various forms under RERA Act on behalf of clients
using digital signature. The management also instructed its employees to mandatorily use Digital
Signature of clients for fair practices and any dishonesty found in this regard may lead to penal
provisions under various act including IT Act, 2000.
Answer the following questions:
1. In purview of case scenario, Unique Services requires to make changes in its software for its
users for RERA related matters. Identify the part of the overall software which actually interacts
with the users using the software?
(a) Back end
(b) Front end
(c) Middle layer
(d) Reports
2. The firm decided to have an online assistant for its clients to provide complete details regarding
taxation, registration and filling of various forms and solve their queries. This is an example of
_______ application.
(a) Installed application
(b) Web Application
(c) Cloud Based Application
(d) Direct Application
3. While filling the tax for its client ABC, the firm Unique Services enters the detail of its TDS and
GST in the requisite forms. Identify from the following which type of master data it belongs to.
(a) Accounting Master data
(b) Inventory Master Data
(c) Statutory Master data
(d) Payroll master Data
Solution
Question No. Answer
1. (b) Front end
2. (c) Allocation of employees to task matching their skill set, fixing of compensation package.
3. (c) Statutory Master data
TECHNOLOGIES will have to deal with several ERP Implementation related risk and control issues.
Required:
i. Mention all the categories of ERP implementation related issues.
ii. Explain various Risks and corresponding Controls related to Technological issues.
iii. Explain various Risks and corresponding Controls related to Implementation issues.
CRM team in place. Auditors have also reported serious concerns over the mismatch of data of different
departments, violations of regulatory compliances and have raised doubts over the internal control
S TU D Y
measures taken by the firm’s top management. It is a matter of serious concern for an organization
like MD Enterprises and basis this, the CEO of the company, Mr. Ashish Koyande, forms a committee
headed by Mr. Om Trivedi to look into this matter, find out the reasons for above-mentioned issues and
submit the report within a week.
The committee submits its report within a week and the findings are as follows:
◘◘ There is system of maintaining data in a decentralized way (Non-integrated System).
◘◘ Each department within the organization maintains its own data separately and not in an
integrated way.
◘◘ This gives rise to the issues like:
◘◘ Communication gaps among departments and with the customers, suppliers and other
stakeholders.
◘◘ Mismatched data in the databases of different departments.
◘◘ Access of data and availability of right information at the right time has been slower many a
times when it was needed the most to reply to the customers or the stakeholders.
◘◘ Several instances of access and privilege violations have been found in financial and accounting
systems.
◘◘ Decision making is slow and weaker at times where fast and dynamic ones were needed.
Required:
i. You are supposed to suggest, with reason, an appropriate Enterprise Information System for MD
Enterprises that can handle the above issues raised by the committee headed by Mr. Om Trivedi.
ii. Also suggest the features of an ideal Enterprise Information System that it needs to implement
within the organization.
referred to as Role-Based Security is a policy neutral access control mechanism defined around roles and privileges that
lets employees having access rights only to the information they need to do their jobs and prevent them from accessing
information that doesn’t pertain to them. It is used by most enterprises and can implement Mandatory Access Control (MAC)
or Discretionary Access Control (DAC).
ww MAC criteria are defined by the system administrator strictly enforced by the Operating System and are unable
to be altered by end users. Only users or devices with the required information security clearance can access
protected resources. Organizations with varying levels of data classification, like government and military
institutions, typically use MAC to classify all end users.
ww DAC involves physical or digital measures and is less restrictive than other access control systems as it offers
individuals complete control over the resources they own. The owner of a protected system or resource sets
policies defining who can access it.
The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform
user assignments. RBAC can be used to facilitate administration of security in large organizations with hundreds of
users and thousands of permissions. Roles for staff are defined in organization and permission to access a specific
system or perform certain operation is defined as per the role assigned. For example – a junior accountant in accounting
department is assigned a role of recording basic accounting transactions, an executive in human resource department is
assigned a Role of gathering data for salary calculations on monthly basis, etc.
Question 2: DEF consultant is a consultancy company that provides its services to various clients on GST, Company
Law, and Income Tax. At present, the company is using separate software each for accounting and tax compliance. Mr.
Rajesh, IT head in the DEF consultant, suggested the management that they should rather adopt single software for
accounting and tax compliance both. He prepared a supportive document highlighting the pros and cons of Accounting
and Tax compliance software over only the tax compliance software. Elaborate the content of Mr. Rajesh’s document.
(RTP December 2021)
Answers: The pros and cons of using single software for accounting and tax over the software with tax compliance only
on various aspects are as follows:
S. Particu- Accounting & Tax Compliance Software Only Tax Compliance Software
No. lars
1 Ease of Less – as this is integrated system of accounting and More – as this is used only for one single purpose, i.e.
software tax compliance, everything connected with other and tax compliance, it is less complicated and bound to be
operation making changes at one place may affect other aspects easy.
also.
2 Features Less – as this system is not an exclusive system for More – as this is an exclusive and specifically
and facili- tax compliance, it may have limited features for tax designed system for tax compliance, naturally more
ties compliance features and facilities shall exist in this system.
3 Time and Less – as this is an integrated system, time required to More – as this is a separate software, data from ac-
efforts transfer data to compliance software is zero. More counting software need to put in this for reparation of
required returns. This may take extra time and efforts.
4 Accuracy More – as this is an integrated system and hence ac- Less – as there are two separate systems, reconcilia-
counting data and tax compliance data shall always be tion with accounting data is needed, and possibility of
same. No need to transfer data to compliance software mismatch of data is always there.
and reconcile the data.
5 Cost More – if tax compliance feature is not available in Less – as this is specific purpose software, there shall
accounting system, getting it customized may require be less complications and the cost also shall be less.
some amount of cost which may be higher than buy-
ing separate software.
Questions 3: Business Intelligence is a technology-driven process for analysing data and presenting actionable
information to help corporate executives, business managers and other end users make more informed business
decisions. List out the benefits of using Business Intelligence in an organization. (July 2021, 3 Marks)
Answer:
The list of various benefits of Business Intelligence (BI) is provided below:
Application These processes focus on the selection of new By bringing to the light the sheer number of applica-
Portfolio business applications and the projects required tions in the current portfolio, IT organizations can
Management delivering them. begin to reduce duplication and complexity.
Technological With the advent of more efficient technologies This requires critical choice of technology, archi-
Obsolescence every day, the ERP system also becomes obsolete tecture of the product, ease of enhancements, ease
as time goes on. of upgrading, quality of vendor support.
Questions 5: Cloud based applications are now taking over Installed applications. What are the major differences
between Cloud based Applications and Installed Applications? Explain any four.
© Carvinowledge Press (CNP), 2022
Questions 6: Identify the functional module of ERP that controls the business flow in an organization and facilitates
coordinating, monitoring and optimizing all processes in an organization and elaborate the key features of this
module. (RTP Nov-2020)
Answers: In ERP, the Controlling Module controls the business flow in an organization and facilitates coordinating,
monitoring, and optimizing all the processes in an organization. This module helps in analysing the actual figures with
the planned data and in planning business strategies.
Questions 8: Mr. Rajesh, a manager of a medium-sized company’s customer service department, uses MIS reporting
tool to obtain the reports that help him evaluating company’s businesses’ daily activities or problems that arise, making
decisions and tracking progress. Elaborate the criterions that the information generated through MIS tool meet so that it
is useful to Mr. Rajesh in discharging his role. (RTP May-2021)
Answers:
To make the information most useful, Mr. Rajesh needs to ensure that it meets the following criteria:
1. Relevant: MIS reports need to be specific to the business area they address. This is important because a report that
includes unnecessary information might be ignored.
2. Timely:Managers need to know what’s happening now or in the recent past to make decisions about the future. Be
careful not to include information that is old. An example of timely information for your report might be customer
phone calls and emails going back 12 months from the current date.
3. Accurate: It’s critical that numbers add up and that dates and times are correct. Managers and others who rely on
MIS reports can’t make sound decisions with information that is wrong. Financial information is often required to
be accurate to the dollar. In other cases, it may be OK to round off numbers.
4. Structured: Information in an MIS report can be complicated. Making that information easy to follow helps
management understand what the report is saying. Try to break long passages of information into more readable
blocks or chunks and give these chunks meaningful headings.
Question 9: A manufacturing company is implementing an ideal ERP software, where a single database is being
© Carvinowledge Press (CNP), 2022
utilized and it contains all the data for various software modules. Identify the modules of an ideal ERP software along
with their functions. (May-2018, 6 Marks)
Hint:
◘◘ Manufacturing ◘◘ Projects
◘◘ Financials ◘◘ Customer Relationship Management (CRM)
◘◘ Human Resources ◘◘ Data Warehouse
◘◘ Supply Chain Management
Question 10: Explain the significance of Front End and Back End in a software. (May-2018, 2 Marks)
Hint:
◘◘ Front End of a Software: It is part of the overall software which interacts with the user who is using the software.
For example - If a user wants to have some information from the Balance Sheet; user will interact with Front End
part of the software and request front end to generate the report.
◘◘ Back End of a Software: It is a part of the overall software which does not directly interact with the user, but
interact with Front End only. Front End will receive the instruction from user and pass it on to the back end. Back End
will process the data, generate the report and send it to the front end. Front end will then display the information to user.
Question 12: A business organization is planning to switch on to an integrated software for accounting as well as
tax compliance instead of separate software for accounting and tax compliance. Being a consultant to the management
of this organization, you are required to advise them on various Pros and Cons of having single software for both the
accounting and tax compliance. (Nov-2018, 4 Marks)
Question 13: ‘Web Applications’ are one of the two ways of using a software including financial and Accounting
Software and now-a-days, the use of web applications is increasing rapidly. You, being an IT consultant, have to list out
some of the advantages and disadvantages of using web applications. (Nov-2018, 6 Marks)
Hint:
◘◘ Definition ◘◘ Data Storage
◘◘ Installation ◘◘ Flexibility
◘◘ Mobile Application ◘◘ Data Security
◘◘ Accessibility ◘◘ Example
◘◘ Performance
Question 14: Customer Relationship Management (CRM) is a system which aims at improving relationship with customers.
Briefly explain any four key benefits of CRM module of ERP. (May-2019, 4 Marks)
Hint:
1. Improved Customer Relations 4. Better Internal Communication
2. Increase Customer Revenues 5. Optimize Marketing
3. Maximize Cross-Selling and Up-Selling
Question 15: A business organization is shifting from traditional accounting system to computerized accounting
system. The organization needs to store the data that is relatively permanent and not expected to change frequently in
accounting system. As a financial expert, suggest any two types of such data in accounting system. (May-2019, 2 Marks)
Hint: Master data is relatively permanent data that is not expected to change again and again. It may change, but not
again and again. In accounting systems, there may be following type of master data.
◘◘ Accounting Master Data
◘◘ Inventory Master Data
Question 18: Explain Briefly the concept of Role-Based-Access-Control (RBAC) in ERP System.
(Nov-2019, 2 Marks)
Hint:
◘◘ RBAC largely eliminates discretion when providing access to objects.
◘◘ Administrators or automated systems place subjects into roles.
◘◘ Subjects receive only the rights and permissions assigned to those roles.
◘◘ When an employee changes jobs, all previous access is removed, and the rights and permissions of the new role
are assigned.
Question 19: Explain the concept of “Customer Relationship Management (CRM)” and identify its key benefits
also. (RTP May-2018)
Hint: Customer Relationship Management (CRM): CRM is a system which aims at improving the relationship with
existing customers, finding new prospective customers, and winning back former customers. This system can be
brought into effect with software which helps in collecting, organizing, and managing the customer information. CRM
manages the enterprise’s relationship with its customers. This includes determining who the high-value customers are
and documenting what interactions the customers have had with the enterprise.
Question 20: Being an IT consultant to a Government agency PQR, identify the most common open international
standard, that should be used by the agency for their standardized digital business reporting. Support the recommendation
by preparing a list of its important features also. Study Material, RTP May-2018)
© Carvinowledge Press (CNP), 2022
Hint: eXtensible Business Reporting Language (XBRL) is an open international standard for digital business reporting
that provides a language in which reporting terms can be authoritatively defined. Those terms can be used to uniquely
represent the contents of financial statements or other kinds of compliance, performance and business reports. XBRL
lets reporting information move between organizations rapidly, accurately and digitally. XBRL is a standard-based way
to communicate and exchange business information between business systems. These communications are defined by
metadata set out in taxonomies, which capture the definition of individual reporting concepts as well as the relationships
between concepts and other semantic meaning. Information being communicated or exchanged is provided within an
XBRL instance.
Important features of XBRL are as follows:
◘◘ Clear Definitions
◘◘ Testable Business Rules
◘◘ Multi-lingual Support
◘◘ Strong Software Support
Question 21: Explain the term “Master Data” and its types. (Study Material, RTP Nov-2018)
Hint:
◘◘ Master Data: Master data is relatively permanent data that is not expected to change again and again. It may
change, but not again and again. In accounting systems, there may be following type of master data.
Master Data
Question 22: On joining a Manufacturing company XYZ, you are briefed about the functioning of different modules
like Financial Accounting Module, Sales and Distribution Module, Human Resource Module, Material Management
Module, Production Planning Module etc. Prepare a brief description on the Material Management Module (MM) based
on your understanding. (RTP Nov-2018)
Hint: Material Management (MM) Module manages materials required, processed and produced in enterprises.
Different types of procurement processes are managed with the system. Some of the popular sub-components in MM
module are vendor master data, consumption-based planning, purchasing, inventory management, invoice verification
and so on. Material management also deals with movement of materials via other modules like logistics, Supply Chain
Management, sales and delivery, warehouse management, production and planning. The overall purchase process
includes the following sub-processes:
◘◘ Purchase Requisition from Production Department
◘◘ Evaluation of Requisition
◘◘ Asking for Quotation
◘◘ Evaluation of quotations
◘◘ Purchase Order
ww Description of stock items to be purchased.
ww Quantity of these stock items.
ww Rate for purchases.
ww Due Date by which material is to be received.
ww Godown where material is to be received.
◘◘ Material Receipt
◘◘ Issue of material
◘◘ Purchase Invoice
Question 23: You have been appointed as an Information Systems (IS) Auditor in a company JKL Ltd. and asked
to perform an ERP audit. Prepare a checklist of the common concerns that should be asked during development and
implementation of the system as well as ERP Audit. (RTP May-2019)
Hint: Some of the questions auditors should ask during an ERP audit are pretty much the same as those that should be
asked during development and implementation of the system:
◘◘ Does the system process according to GAAP (Generally Accepted Accounting Principles) and GAAS (Generally
Accepted Auditing Standards)?
◘◘ Does it meet the needs for reporting, whether regulatory or organizational?
◘◘ Were adequate user requirements developed through meaningful interaction?
◘◘ Does the system protect confidentiality and integrity of information assets?
◘◘ Does it have controls to process only authentic, valid, accurate transactions?
◘◘ Are effective system operations and support functions provided?
◘◘ Are all system resources protected from unauthorized access and use?
◘◘ Are user privileges based on what is called “role-based access?”
◘◘ Is there an ERP system administrator with clearly defined responsibilities?
◘◘ Is the functionality acceptable? Are user requirements met? Are users happy?
◘◘ Have worka rounds or manual steps been required to meet business needs?
◘◘ Are there adequate audit trails and monitoring of user activities?
◘◘ Can the system provide management with suitable performance data?
◘◘ Are users trained? Do they have complete and current documentation?
◘◘ Is there a problem-escalation process?
Question 24: Sales and Distribution Process that is used by organizations to support sales and distribution activities
of products and services, starting from enquiry to order and then ending with delivery is one of the most important
modules in ERP. Determine the various activities that are involved in Sales and Distribution Process. (RTP Nov-2019)
Hint: The various activities that are involved in a Sales and Distribution Process are as follows:
◘◘ Pre-Sales Activities ◘◘ Inventory Sourcing ◘◘ Billing
◘◘ Sales Order ◘◘ Material Delivery ◘◘ Receipt from Customer
Question 25: Describe the term “Business Reporting” and why do you think there is a need of it in today’s world?
(RTP May-2019 and Nov-2019)
Hint: Business Reporting is defined as the public reporting of operating and financial data by a business enterprise,
or the regular provision of information to decision-makers within an organization to support them in their work. This
reporting process involves querying data sources with different logical models to produce a human readable report - for
example, a computer user must query the Human Resources databases and the Capital Improvements databases to
show how efficiently space is being used across an entire corporation.
Through reporting, organizations communicate with their stakeholders about:
Question 26: Discuss the different ways in which Database Administrator (DBA) can store the data of ABC enterprise
implementing Accounting Information System (AIS). (RTP May-2020)
Hint:
A. Master Data
ww Accounting Master Data ww Payroll Master Data
ww Inventory Master Data ww Statutory Master Data
B. Non-Master Data
Question 27: ERP implementation is the difficult task as the organization which is in the process of implementing
ERP should keep abreast of latest technological development. Describe the different risks associated with technology
while implementing ERP. (RTP May-2020)
Hint: Various risks associated with technology while implementing ERP are as following:
◘◘ Software Functionality
◘◘ Technological Obsolescence
◘◘ Application Portfolio Management
Question 28: An article joined an Audit firm where he was briefed upon the details of an Accounting Process Flow.
Determine the steps involved in the process. (Study Material)
Question 29: Discuss the process involved under Materials Management Module of ERP.
(Study Material)
Question 30: List the benefits of Customer Relationship Management (CRM). (Study Material)
Question 31: As a manager, you are provided a MIS Report about your department’s customer service calls. Determine
the various criterions that the information in the report should meet so that the information becomes useful for you.
(Study Material)
Question 32: Recognize the application areas of Data Analytics in today’s world.
(Study Material, Nov. 2020)
Question 33: Explain the ways in which the Regulators can use eXtensible Business Reporting Language (XBRL).
(Study Material)
Question 34: Discuss the key features of Controlling Module in an Enterprise Resource Planning (ERP).
(Study Material)
Question 36: A voucher is very important for recording a transaction. What is a voucher? Explain?
Question 37: Voucher is a documentary evidence of a transaction. What are the different types of voucher?
Question 38: Discuss the peculiarities that must be considered while allotting a voucher number to a voucher.
Hint: A Voucher Number or a Document Number is a unique identity of any voucher/ document. A voucher may be
identified or searched using its unique voucher number. The peculiarities that must be considered while allotting a
voucher number to a voucher are as follows:
◘◘ Voucher number must be unique.
◘◘ Every voucher type shall have a separate numbering series
Question 39: In a financial accounting system why is there a separate front end and backend system? Why not only
one? Explain.
Question 40: Identify and explain any four differences between Installed Applications and Web Applications.
Question 41: What is a cloud app? Explain and give examples of some cloud apps. Also, explain the features of cloud
apps.
Q uestion 42 : “ERP is the technological backbone of e-business, an enterprise wide transaction framework with links
into sales order processing, inventory management and control, production and distribution planning, and finance.”
What are the Features of an ideal ERP system? (Study Material)
Q uestion 43 : “ERP is the technological backbone of e-business, an enterprise wide transaction framework with links
into sales order processing, inventory management and control, production and distribution planning, and finance.”
What are the Benefits of an ideal ERP system? (Nov. 2020)
Q uestion 44 : ERP has a lot of risk involved related to ERP Implementation. Explain the risk associated with ERP
related to ERP Implementation and controls required in an ERP Environment.
Question 50: What are the criteria to make information in a MIS Report most useful?
Question 51: Data is everywhere. The amount of digital data that exists is growing at a rapid rate. What are data
analytics? Explain.
Question 54: Data Analytics initiatives can help businesses increase revenues, improve operational efficiency, and
gain a competitive edge over rivals. How does the data analytics process get the data ready for analysis?
Question 55: Analyze the statement “The potential benefits of Business Intelligence (BI) programs include
accelerating and improving decision making; optimizing internal business processes; increasing operational efficiency;
driving new revenues; and gaining competitive advantages over business rivals.” Determine its justification.
Hint: Business Intelligence (BI) is a technology-driven process for analyzing data and presenting actionable information
to help corporate executives, business managers and other end users make more informed business decisions.
◘◘ BI encompasses a wide variety of tools, that enable organizations to collect data from internal systems and external
sources, prepare it for analysis, develop and run queries against the data, and create reports, dashboards and data
visualizations to make the analytical results available to corporate decision makers as well as operational workers.
◘◘ BI systems can also help companies identify market trends and spot business problems that need to be addressed.
◘◘ Business Intelligence uses data from different sources and helps to finds answers to various questions.
© Carvinowledge Press (CNP), 2022
◘◘ BI data can include historical information, as well as new data gathered from source systems as it is generated,
enabling BI analysis to support both strategic and tactical decision-making processes.
◘◘ Initially, BI tools were primarily used by data analysts and other IT professionals who ran analyses and produced
reports with query results for business users. Increasingly, however, business executives and workers are using BI
software themselves, thanks partly to the development of self-service BI and data discovery tools.
◘◘ Business Intelligence combines a broad set of data analysis applications, including ad hoc analysis and querying,
enterprise reporting, Online Analytical Processing (OLAP), mobile BI, real-time BI, operational BI, cloud and
software as a service BI, open source BI, collaborative BI and location intelligence.
◘◘ BI technology also includes data visualization software for designing charts and other infographics, as well as tools
for building BI dashboards and performance scorecards that display visualized data on business metrics and key
performance indicators in an easy-to-grasp way.
◘◘ BI applications can be bought separately from different vendors or as part of a unified BI platform from a single
vendor.
◘◘ BI programs can also incorporate forms of advanced analytics, such as data mining, predictive analytics, text
mining, statistical analysis and big data analytics. In many cases, though, advanced analytics projects are conducted
and managed by separate teams of data scientists, statisticians, predictive modelers and other skilled analytics
professionals, while BI teams oversee more straightforward querying and analysis of business data.
◘◘ Business Intelligence data in terms of unstructured data, log files, sensor data and other types of big data are stored
in a data warehouse or smaller data marts that hold subsets of a company’s information. Before it’s used in BI
applications, raw data from different source systems must be integrated, consolidated and cleansed using data
integration and data quality tools to ensure that users are analyzing accurate and consistent information.
Question 56: Business Intelligence (BI) is the delivery of accurate, useful information to the appropriate decision
makers within the necessary time frame to support effective decision making for business processes. Discuss the various
types of BI tools.
Question 57: Describe the concept of extensible Business Reporting Language (XBRL) Tagging.
Question 58: Accountants use XBRL in support of clients reporting requirements. What does XBRL do?
Question 59: XBRL has made reporting more accurate and efficient. What are the features of XBRL?
Question 60: Are Data warehouse and data warehousing are different? If yes, then how? Explain.
Question 61: Are Data warehouse and data warehousing are different? If yes, then how? Explain.
14. Which of the following function can be performed in (a) Accounting voucher
a master data? (b) Payroll voucher
(a) Create (b) Alter (c) Inventory voucher
(c) Display (d) All of the above (d) All of the above
15. Stock items forms part of which of the following 23. To enter information like sales and purchase which
master data? of the following vouchers are used?
(a) Payroll master data (a) Accounting voucher
(b) Inventory master data (b) Payroll voucher
(c) Accounting master data (c) Inventory voucher
(d) Statutory master data (d) All of the above
© Carvinowledge Press (CNP), 2022
16. ___________________ are pre- defined structure and 24. To enter information like attendance and payroll
content of your accounting information. which of the following vouchers are used?
(a) Master (b) Relative (a) Accounting voucher
(c) Non-master (d) Non- relative (b) Payroll voucher
17. ______________________ is data which is expected (c) Inventory voucher
to change frequently, again and again and not a (d) All of the above
permanent data. 25. As far as Financial and Accounting Systems are
(a) Non-master (b) Master concerned, ledgers may be classified in which of the
(c) Relative (d) Non- relative following types?
(a) Nominal and personal
VOUCHER (b) Ledger having debit and credit balance
18. A ________________ is a unique identity of any (c) Real and personal
voucher/ document. (d) Real and nominal
(a) Voucher Number 26. For which of the following transactions contra
(b) Document Number voucher types are issued?
(c) Both a and b (a) Fund transfer from our one bank account to our
(d) Either a and b own another bank account.
19. Voucher is _____________________. (b) For recording of all types of payments. Whenever
the money is going out of business by any mode
(a) An internal document
(c) For recording of all types of receipts. Whenever
(b) Used in a company’s accounts payable
money is being received into business from
department
outside by any mode
(c) Used to collect and organize the necessary
(d) For recording of all non-cash/bank transactions
documentation and approvals before paying a
vendor invoice. 27. For which of the following transactions contra
(d) All of the above voucher types are issued?
(a) For recording all types of trading sales by any
20. For entering information such as sales and purchase
mode
which of the following voucher is used?
(b) For recording all types of trading purchase by any
(a) Accounting Voucher Types
mode
(b) Inventory Voucher Type
(c) Cash deposit in bank
(c) Payroll Voucher Type
(d) For making changes/corrections in already
(d) All of the above
recorded sales/purchase transactions.
21. Voucher is _______________ document used in a
28. For which of the following transactions are contra
company’s accounts payable department in order to
voucher types issued?
collect and organize the necessary documentation
(a) Cash transfer from one location to another.
and approvals before paying a vendor invoice.
(b) For recording of physical movement of stock from
(a) Internal (b) External
one location to another.
(c) Micro (d) Macro
(c) For making corrections in stock after physical
22. To enter information like stock journal, which of the counting.
following voucher types are used?
(d) For recording of physical delivery of goods sold to 34. For which of the following transactions are credit
a customer. note voucher types issued?
29. For which of the following transactions are payment (a) For recording all types of trading sales by any
voucher types issued? mode
(a) Fund transfer from our one bank account to our (b) For recording all types of trading purchase by any
own another bank account. mode
(b) For recording of all types of payments. Whenever (c) Cash deposit in bank
the money is going out of business by any mode (d) For making changes/corrections in already
(c) For recording of all types of receipts. Whenever recorded sales/purchase transactions.
money is being received into business from 35. For which of the following transactions are debit
(c) For making corrections in stock after physical 45. In accounting, there are _______ kinds of accounts.
counting. (a) one (b) two
(d) For recording of physical delivery of goods sold to (c) three (d) four
a customer.
46. An aspiring CA in his interview was asked to provide
40. For which of the following transactions are delivery correct sequence of the following sub- processes
note voucher types issued? that represent accounting process flow. The sub-
(a) Cash transfer from one location to another. processes are-
(b) For recording of physical movement of stock from i. Source document
one location to another. ii. Financial statement
(c) For making corrections in stock after physical iii. Adjustment
© Carvinowledge Press (CNP), 2022
(c) Back end (d) Presentation layer 61. _________________ are programs installed on the
53.
_________________________________ software is hard disc of the user’s computer.
meant for handling requests from users. (a) Web applications
(a) Database layer (b) Front End (b) Front end
(c) Back end (d) Presentation layer (c) Installed application
(d) Back end
54. ________________________ software is meant storing
and handling the data. 62. _________________ are installed on a web server
(a) Front End and it is accessed using a browser and internet
(b) Database layer connection.
(c) Presentation layer (a) Front end
data compression, security, backup schedule. (a) Enterprise Reprogramming Planning System
(b) Can be used from web browser and/or custom (b) Enterprise Resource Production System
built apps installed on Internet connected devices
(c) Enterprise Resource Planning Skill
such as desktops, mobile phones.
(d) Enterprise Resource Planning System
(c) Can be used to access a wider range of services
such as on-demand computing cycle, storage, 77. ERP stands for _____________.
application development platforms. (a) Enterprise Resource Policy
(d) All of the above (b) Enterprise Rating Points
(c) Enterprise Report Presentation
NON- INTEGRATED SYSTEMS (d) Enterprise Resource Planning
71. ___________________ is a system of maintaining data 78. Most of the organization lack consistency to
in a decentralized way. maintain their business operations and cross-
functional co-ordination. To overcome the above-
(a) Non- integrated system
mentioned inconsistencies, companies adopt
(b) Integrated system
______________.
(c) Enterprise Resource Planning
(a) Enterprise Resource Planning
(d) Non- relative system
(b) Middleware
72. In ______________________ each department shall (c) Non- integrated systems
maintain its own data separately and not in an (d) Artificial intelligence
integrated way.
79. ERP is the ______________ backbone of e-business,
(a) Integrated system
an enterprise wide transaction framework with links
(b) Relative system
into sales order processing, inventory management
(c) Enterprise Resource Planning
and control, production and distribution planning,
(d) Non- integrated system and finance.
(a) Financial (b) Social
INTEGRATED SYSTEMS (ERP)
(c) Technological (d) Ecological
73. ________________ is an overall business management 80. ERP is software architecture that allows the
system that caters need of all the people connected exchange of information between ________.
with the organization. (a) Specific functions
(a) Non-Integrated system (b) All functions
(b) Relative system (c) Some functions
(c) Cloud application (d) General functions
(d) Enterprise Resource Planning
74.
______________________ is an enterprise-wide
information system designed to coordinate all 81. Enterprise Resource Planning (ERP)
the resources, information, and activities needed (a) Is essentially a software which integrates all
to complete business processes such as order the departments and their functions within a
fulfilment or billing. company through a single IT system.
(a) Non-Integrated system (b) Is software architecture that allows the exchange
(b) Enterprise Resource Planning of information between all functions, e.g.
(c) Relative system manufacturing, finance, procurement and human
resources, and manages them as processes not (d) All of the above
functions. 89. ERP controls ensure that information remains
(c) ERP is the technological backbone of e-business, ___________.
an enterprise wide transaction framework with
(a) Accurate
links into sales order processing, inventory
(b) Confidential
management and control, production and
(c) Available when required
distribution planning, and finance.
(d) All of the above (d) All of the above
82. ERP has the ability to customize an organization’s 90. Which of the following is a main characteristic of
requirements. Which of the following feature of an Integrated ERP System?
ERP is highlighted in the above statement? (a) Separate data maintenance by each department
97. ______________________ is the process of verifying a 104. If Cash ledger is grouped under Indirect income,
subject’s identity at the point of object access. __________________.
(a) Authentication (a) It shall be displayed in profit and loss account
(b) Authorization (b) It shall still be considered in balance sheet as it is
(c) Identity Management a cash ledger
(d) Accountability (c) Software shall show error message
98. _____________________ identifies what systems, (d) None of above
network resources, etc. a subject can access.
ERP- BUSINESS PROCESS MODULES
Related processes also enforce least privilege, need-
to-know, and separation of duties. 105. __________________ includes tracking of flow of
© Carvinowledge Press (CNP), 2022
of products to customers, delivery of products and 118. If stock balance for a stock item touches
billings. ______________, order for purchase of goods is to be
(a) Financial accounting module placed.
(b) Sales and distribution module (a) Re-order (b) Price level
(c) Human resource module (c) Stock group (d) Stock ageing
(d) Controlling module 119. It is pre-decided rate structure for different
111. ________________________ includes all activities stock items for different customers for different
right from hiring a person to evaluating quantities.
one’s performance, managing promotions, (a) Re-order (b) Price level
compensation, handling payroll and other related (c) Stock group (d) Stock ageing
139. Which of the following modules shall be integrated 140. Which of the following modules shall be integrated
in the areas of delivery and stock transfer check? for quality inspection?
(a) Material management Module & Sales and (a) Material management Module & Quality
distribution module management module
(b) Human resource module & Project system (b) Plant maintenance management & quality
module management module
(c) Human resource module & financial accounting (c) Human resource module & quality management
module module
(d) Project system module & Plant Maintenance (d) Plant maintenance management & quality
(PM) Module management module
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a c d d c a b d b c a b d b c a c d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
a c a b b a c a b c d a b d a c d a c d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b b c b d b c d a c b d a b b a a c
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
c b c c d d c b d d a d d b b d d a c b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
d a b d c a c d d b d d c c a d a b d d
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
c b c a a d b c b d c a c a b c d a b d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
a b c b d c a b a d b a b a c a b d a a
Unit II
Business Reporting Data Analytics and
XBRL
REPORTING SYSTEM (d) Inventory Reports
© Carvinowledge Press (CNP), 2022
(c) It deals with unstructured as well as structured (a) Scorecard (b) Dashboard
data. (c) Data mining (d) OLTP
(d) It does not deal with any kind of data. 21. _________________ involves data analysis for
13. Which of the following type of Data Analytics (DA) discovering useful patterns that are “hidden” in
application involves analysis of numerical data large volume of diverse data.
with quantifiable variables that can be compared or (a) Scorecard (b) Dashboard
measured statistically? (c) Data mining (d) OLTP
(a) Exploratory DA 22. _________________________ is a process of delivering
(b) Quantitative Data Analysis business intelligence (BI) or information about
(c) Confirmatory DA business operations as they occur.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b d d b a c b d a d d c b a a b d d b a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c c a b c d d d d b d d a c b b b b a c
3
Amendments at a Glance D I
Information System and
Components
I
Functions of Information Systems
R
T
Input Processing Output
(Business problems in the (Software, Programs, people (Solution to problems in the
form of data, information, communication, equipment) form reports, graphics calcu-
instructions, opportunities lations, voices)
O M Storage
(Memory for storing and
.
retrieving information)
O F
a. Input: Data is collected from an organization or from external environments and converted into suitable format required
for processing.
b. Processing: A process is a series of steps undertaken to achieve desired outcome or goal. Information Systems are
R
becoming more and more integrated with organizational processes, bringing more productivity and better control to
those processes.
P
c. Output: The system processes the data by applying the appropriate procedure on it and the information thus produced
is stored for future use or communicated to user.
d. Storage: The storage of data shall be done at the most detailed level possible. Regular backups should be stored in a
geographically different locations to avoid impact on both the original data storage and the backup data storage due to
any major disasters such as flooding or fires etc.
e. Feedback: Apart from these activities, information system also needs feedback that is returned to appropriate members
of the enterprises to help them to evaluate at the input stage.
ww A gas-based fire suppression system is preferable, however, depending upon the situation, different fire suppression
techniques like Dry-pipe sprinkling systems, water-based systems, halon etc., may be used.
ww When a fire alarm is activated, a signal may be sent automatically to permanently manned station.
v. Regular Inspection and Raising awareness
ww Regular inspection by Fire Department Officials should be conducted.
ww The procedures to be followed during an emergency should be properly documented.
ww Fire Exits should be clearly marked, and all the staff members should know how to use the system in case of
emergency.
vi. Documented and Tested Emergency Evacuation PlansA
ww Relocation plans should emphasize human safety but should not leave information processing facilities physically
unsecured.
ww Procedures should exist for a controlled shutdown of the computer in an emergency.
ww The feasibility assessment is done to obtain a commitment to change and to evaluate whether cost-effective
solutions are available to address the problem or opportunity that has been identified.
ww All solutions must be properly and formally authorized to ensure their economic justification and feasibility.
ww This requires that each new solution request to be submitted in written form by stakeholders to systems professionals
who have both the expertise and authority to evaluate and approve (or reject) the request.
b. Analysis of existing system
Designers need to analyze the existing system that involves two major tasks:
ww Studying the existing organizational history, structure, and culture to gain an understanding of the social and
task systems in place, the ways these systems are coupled, and the willingness if stakeholders to change.
ww Studying the existing product and information flows as the proposed system will be based primarily on current
product and information flows. The designers need to understand the strengths and weaknesses of existing product
to determine the new system requirements and the extent of change required.
c. Information Processing System design
This phase involves following activities:
ww Elicitation of detailed requirements: Either ask the stakeholders for their requirement in case they are aware about
it or discover the requirement through analysis and experimentation in case stakeholders are uncertain about their
need.
b. Existence/Backup Controls
ww These controls ensure the existence of the database by establishing backup and recovery procedures.
ww Backup refers to making copies of the data so that these additional copies may be used to restore the original data
after a data loss.
ww Backup controls ensure the availability of system in the event of data loss due to unauthorized access, equipment
failure or physical disaster; the organization can retrieve its files and databases.
ww Various backup strategies like dual recording of data; periodic dumping of data; logging input transactions and
changes to the data may be used.
c. Access Controls: These controls are designed to prevent unauthorized individual from viewing, retrieving, computing, or
destroying the entity’sdata. User Access Controls are established through passwords, tokens and biometric controls; and
Data Encryption controls are established by keeping the data in database in encrypted form.
d. Update Controls: These controls restrict update of the database to authorized users in two ways either by permitting
only addition of data to the database or allowing users to change or delete existing data.
e. Concurrency Controls: These controls provide solutions, agreed-upon schedules, and strategies to overcome the data
integrity problems that may arise when two update processes access the same data item at the same time.
f. Quality Controls: These controls ensure the accuracy, completeness, and consistency of data maintained in the database.
© Carvinowledge Press (CNP), 2022
This may include traditional measures such as program validation of input data and batch controls over data in transit
through the organization.
Boundary Controls
The major controls of the boundary system are the access control mechanisms that links the authentic users to the
authorized resources, they are permitted to access.
The boundary subsystem establishes the interface between the would-be user of a computer system and the computer itself.
Major Controls at the Boundary subsystem are as follows:
a. Cryptographic Controls
ww These are designed to protect the privacy of data and prevent unauthorized modification of data by scrambling
data.
ww These deal with programs for transforming data into cipher text that are meaningless to anyone, who does not possess
the authentication to access the respective system resource or file.
ww A cryptographic technique transforms (encrypts)data (known as clear text) into cryptograms (known as
ciphertext) and its strength depends on the time and cost to decipher the ciphertext by a cryptanalyst.
ww Three techniques of cryptography that are used are Transposition (permute the order of characters within a set
of data), Substitution (replace text with a key-text) and Product Ciphers (combination of transposition and
substitution).
b. Access Controls
ww These controls restrict the use of computer system resources to authorized users, limit the actions authorized users
can take with these resources and ensure that users obtain only authentic computer system resources.
ww The access control mechanism involves three steps: Identification, Authentication and Authorization.
ww User’s identification is done by user itself by providing his/her unique user id allotted to him/her or account number.
ww Authentication mechanism is used for proving the identity with the help of a password which may involve personal
characteristics like name, birth date, employee code, designation or a combination of two or more of these. Biometric
identification including thumb or finger impression, eye retina etc. and information stored in identification cards
can also be used in an authentication process.
ww Authorization refers to the set of actions allowed to a user once authentication is done successfully. Example:Read,
Write, Print, etc. permissions allowed to an individual user.
ww An access control mechanism is used to enforce an access control policy which are mainly of two types - Discretionary
Access Control and Mandatory Access Control policies (already discussed in Chapter 2).
c. Personal Identification Numbers (PIN)
ww As already discussed before, we may recall that it is a form of remembered information used to authenticate users
like verification of customers in electronic fund transfer systems.
ww PIN is like a password assigned to a user by an institution, a random number stored in its database
independent to a user identification details.
ww Several phases of the life cycle of PINs include the steps that are (a) Generation of the PIN; (b)
Issuance and delivery of PIN to users; (c) Validation of the PIN upon entry at the terminal device; (d)
Transmission of the PIN across communication lines; (e) Processingof the PIN; and (i) Termination of the PIN.
ww A PIN may be exposed to vulnerabilities at any stage of the life cycle of PIN and therefore, controls need to be put
in place and working to reduce exposures to an acceptable level.
d. Digital Signatures
ww Establishing the authenticity of persons and preventing the denial of message or contracts are critical requirements
when data is exchanged in electronic form.
ww A counterpart known as Digital Signature (a string of 0’s and 1’s) is used as an analog signature for such
e-documents.
ww Digital Signatures are not constant like analog signatures – they vary across messages and cannot be forged.
e. Plastic Cards:
ww We may recall that while PIN and Digital Signatures are used for authentication purposes, plastic cards are used
primarily for identification purpose.
ww This includes the phases namely - application for a card, preparation of the card, issue of the card, use of the card and
card return or card termination.
Communication Controls
Physical Component Controls
ww In the communications subsystem, the physical components shall have characteristics that make them reliable and
incorporate features and controls that mitigate the possible effects of exposures.
ww Major physical components that affect the reliability of communication subsystem are Transmission media,
Communication lines, Modem, Port protection devices, Multiplexers, and Concentrators etc.
Flow Controls
ww Flow controls are needed because two nodes in a network can differ in terms of the rate at which they can be sent,
receive, and process data.
ww Example: Data transmission between mainframe and microcomputers may become erroneous because of difference
in their speed and storage capacity.
ww Flow controls will be used therefore to prevent the main frame flooding the microcomputer and as a result, data
being lost.
Topological Controls
ww A communication network topology specifies the location of nodes within a network, the ways in which these
nodes will be linked, and the data transmission capabilities of the links between the nodes.
ww The network must be available for use at any one time by a given number of users that may require alternative
hardware, software, or routing of messages.
Controls over Subversive threats
ww Firstly, the physical barriers are needed to be established to the data traversing into the subsystem.
ww Secondly, in case the intruder has somehow gained access to the data, the data needs to be rendered useless when
access occurs.
Internet working Controls
ww Different internet working devices like bridge, router, gateways are used to establish connectivity between
homogeneous or heterogeneous networks.
ww Therefore, several control functions in terms of access control mechanisms, security and reliability of the networks
are required to be established.
Database Controls
These controls are used within an application software to maintain the integrity of data, to prevent integrity violations when
multiple programs have concurrent access to data, and the ways in which data privacy can be preserved within the database
subsystem.
a. Access Controls: These controls in database subsystem seek to prevent unauthorized access to and use of the data. A
security policy has to be specified followed by choosing an access control mechanism that will enforce the policy chosen.
If database is replicated, the same access control rules must be enforced by access control mechanism at each site.
b. Integrity Controls: These are required to ensure that the accuracy, completeness, and uniqueness of instances used
within the data or conceptual modeling are maintained. Integrity Constraints are established to specify the type of
relationship and consistency among rows (tuple) in relationship.
c. Application Software Controls: When application software acts as an interface to interact between the user and the
database, the DBMS depends on application software to pass across a correct sequence of commands and
update parameters so that appropriate actions can be taken when certain types of exception condition
© Carvinowledge Press (CNP), 2022
arise. This is achieved through Update Controls that ensure that changes to the database reflect changes
to the real-world entities and associations between entities that data in the database is supposed to
represent and Report Controls that identify errors or irregularities that may have occurred when the
database has been updated.
d. Concurrency Controls: These are required to address the situation that arises either due to simultaneous access to the
same database or due to deadlock.
e. Cryptographic Controls: These controls can be well used for protecting the integrity of data stored in the database using
block encryption.
f. File Handling Controls: These controls are used to prevent accidental destruction of data contained on a storage
medium. These are exercised by hardware, software, and the operators or users who load/unload storage media.
g. Audit Trail Controls:
Accounting Audit Trail Operational Audit Trail
This includes the data items to confirm whether an application properly accepts, processes, and This maintains a chronology of
stores information, to attach a unique time stamp to all transactions, to attach before-imag- resource consumption events
es and after-images of the data item on which a transaction is applied to the audit trail, any that affects the database defini-
modifications or corrections to audit trail transactions accommodating the changes that occur tion or the database.
within an application system, and to not only test the stated input, calculation, and output rules
for data integrity; but also should assess the efficacy of the rules themselves.
These controls ensure that the data delivered to users will be presented, formatted, and delivered in a consistent and secured
manner. Output can be in any form, it can either be a printed data report or a database file in a removable media.
a. Inference Controls: These are used to prevent compromise of statistical databases from which users can obtain only
aggregate statistics rather than the values of individual data items. These are restriction controls which limit the set of
responses provided to users to try to protect the confidentiality of data about persons in the database.
b. Batch Output Production and Distribution Controls: Batch output in the form of tables, graphs or images etc. is produced
at some operations facility and distributed to users of the output.
This includes several controls like
ww Report program execution Controls to ensure that only authorized users are permitted to execute batch report
programs and these events are logged and monitored;
ww Spooling file Controls so that the user(s) can continue working while a queue of documents waiting to be printed on
a particular printer to ensure that the waiting files to get printed shall not be subject to unauthorized modifications;
ww Printing Controls to ensure that output is made on the correct printer, and unauthorized disclosure of printed
information does not take place;
ww Report collection Controls to ensure that report is collected immediately and secured to avoid unauthorized
disclosure and data leakage;
ww User/Client service Review Controls to ensure user should obtain higher quality output and detection of errors or
irregularities in output;
ww Report distribution Controls ensuring that the time gap between generation and distribution of reports is reduced,
and a log is maintained for reports that were generated and to whom these were distributed;
ww User output Controls to be in place to ensure that users review output on a timely basis;
ww Storage Controls to ensure proper perseverance of output in an ideal environment, secured storage of output and
appropriate inventory controls over the stored output and Retention and
ww Destruction Controls in terms of deciding the time duration for which the output shall be retained and then
destroyed when not required.
c. Batch Report Design Controls: Batch report design features should comply with the control procedures laid down for
them during the output process. The information incorporated in a well-designed batch reportshall facilitate its flow
though the output process and execution of controls.
d. Online output production and Distribution Controls: It deals with the controls to be considered at various phases
like establishing the output at the source, distributing, communicating, receiving, viewing, retaining and destructing the
output.
ww Source controls ensure that output which can be generated or accessed online is authorized, complete and timely;
ww Distribution Controls to prevent unauthorized copying of online output when it was distributed to a terminal;
ww Communication Controls to reduce exposures from attacks during transmission;
likely problems they will encounter in the application systems they are evaluating.
of the overseas transactions and the management’s need for periodic performance analysis; XYZ
Systems planned to leverage the benefit of data warehouse whereas the research team suggested
the implementation of Big data. However, XYZ Systems did not implement suitable security controls
and hence recently faced data security breach which led to the unauthorized manipulation of certain
confidential data. This resulted in XYZ Systems paying a substantial amount as compensation and loss
of a major client.
Consequently, XYZ Systems has now implemented varied controls starting from strict password
management to high level access controls and monitoring mechanism ensuring that there are no further
data security issues. In this context, let’s analyze and answer the following questions:
© Carvinowledge Press (CNP), 2022
A. The XYZ Systems initially used IBM Information Management system which used a hierarchical
database model. Which type of relationship is not supported by such database model?
i. One-to-One
ii. Many-to-One
iii. One-to-Many
iv. None of the above
B. The XYZ Systems recently shifted to the SQL Server DBMS from the IBM Information Management
system that it previously used. Under which aspect, the SQL Server differs from IBM Information
Management System?
i. One-to-one relationship
ii. One-to-many relationship
iii. Relational Database structure
iv. None of the above
C. Which among the following is not an advantage of the SQL Server DBMS?
i. Data Sharing
ii. Data Redundancy
iii. Program and File consistency
iv. None of the above
D. To ensure that the communication between their private network and public network is secured,
one of the step taken by XYZ Systems are to install firewall. The installation of firewall is
__________type of control.
i. Preventive
ii. Corrective
iii. Detective
iv. None of the above
E. XYZ Systems made its access privileges more stringent so as to prevent unauthorized users
gaining entry into secured area and also minimum entry granted to users based on their job
requirements. Which of the following Logical Access control covers this aspect?
i. Operating System Access Control
ii. Network Access Controls
iii. User Access Management
iv. Application and Monitoring System control
F. Based on the risk assessment by the audit team, the management of XYZ Systems decided to
specify the exact path of the internet access by routing the internet access by the employees
through a firewall and proxy. This is referred to as_______.
i. Encryption
ii. Enforced Path
iii. Call Back Devices
iv. None of these
Solution
Question No. Answer
A (ii) Many-to-One
B (iii) Relational Database structure
C (ii) Data Redundancy
D (i) Preventive
maintenance of information systems takes place in a planned and controlled manner. It has also
ensured that logs are designed to record activity at the system, application, and user level.
S TU D Y
Along with the implementation of controls and maintenance of logs, it has approached a leading firm
of IS auditors to conduct a comprehensive audit of its controls. Within the organization also, it has
opened new job roles and has hired people with the required skill sets for the same. In this context,
answer the following.
A. The team of network engineers of Bianc Computing Ltd. recommended certain controls to be
implemented in the organization to bridge the rate of data reception and transmission between
two nodes. Which types of controls are being referred to here?
i. Link Controls ii. Flow Controls
iii. Channel Access Controls iv. Line Error Controls
B. A process is used to ensure that the user can continue working, while the print operation is
getting completed. This is known as ___________.
i. Logging
ii. Spooling
iii. Spoofing
iv. Print-Run-to Run Control Totals
C. Bianc Computing Ltd. has also opened up new job roles and has hired persons with the required
skill sets for the same as given below.
Job Role Person Responsible
1. Developing logical and physical designs of data models (a) Operations Manager
2. Providing front line user support services (b) Security Analyst
3. Staffing of resources for upcoming projects. (c) Database Architect
4. Examining logs from firewalls, and providing security advisories (d) Help Desk Analyst
5. Performing maintenance and configuration operations on sys- (e) Systems Analyst
tems.
6. Build and maintain network devices such as routers, switches etc. (f ) System Administrator
7. Developing technical requirements, program design, and soft- (g) Network engineer
ware test plans
Identify the right match to the job roles assigned and the responsible persons for the job role.
i. 1(c), 2(d), 3(a), 4(b), 5(f), 6(g), 7(e)
ii. 1(d), 2(b), 3(c), 4(g), 5(f), 6(a), 7(e)
iii. 1(e), 2(b), 3(c), 4(g), 5(a), 6(f), 7(d)
iv. 1(g), 2(f), 3(e), 4(d), 5(c), 6(b), 7(a)
Solution
Question No. Answer
A (ii) Flow Controls
B (ii) Spooling
C (i) 1(c), 2(d), 3(a), 4(b), 5(f ), 6(g), 7(e)
India. It owns one of the most popular web portals www.ads2nukkad.com which has more than 10
SE
crores members and subscribers. Now, it is integrating thousands of small advertisers and AD agencies
from across the country as their AD service partners, sellers and resellers on its portal. It provides
S TU D Y
‘Dashboards’ to each of its partners, sellers and resellers (advertisers and AD agencies), so that they
can upload their multimedia contents and offer their products to the larger population through www.
ads2nukkad.com. They can upload their data through the ‘Dashboards’ on www.ads2nukkad.com.
Manoramdeep Advertisements (India) Ltd. appoints you as a BPA consultant.
Required:
i. Suggest the company a suitable Database Model, that caters to the data upload requirements
of multimedia content through the ‘Dashboards’ on www.ads2nukkad.com.
ii. Define the suggested Database Model and explain the manner in which it is executed, with a
real-life example.
3. Heating, Ventilation, and Air Conditioning (HVAC): The IS auditor should determine if HVAC systems are providing
adequate temperature and humidity levels, and if they are monitored. Also, the auditor should determine if HVAC systems
are properly maintained and if qualified persons do this.
4. Water detection: The IS auditor should determine if any water detectors are used in rooms where computers are used.
He or she should determine how frequently these are tested and if there are monitored.
5. Fire detection and suppression: The IS auditor should determine if fire detection equipment is adequate, if staff
members understand their function, and i f they are tested. S/he should determine how frequently fire suppression
systems are inspected and tested, and if the organization has emergency evacuation plans and conducts fire drills.
6. Cleanliness: The IS auditor should examine data centers to see how clean they are. IT equipment air filters and the
inside of some IT components should be examined to see if there is an accumulation of dust and dirt.
Question 2: The processing subsystem of any application software is responsible for computing, sorting, classifying, and
summarizing the data. The processor controls of the application software are responsible to reduce the expected losses from
errors and irregularities associated with Central processors. Discus these controls. (RTP December 2021)
Answers:
The processor controls of any application software are as follows:
Question 3: Information systems have set high hopes to companies for their growth as it reduces processing speed and
helps in cutting cost. Being an auditor of ABC manufacturing company, discuss the key areas that should pay attention to while
evaluating Managerial controls by top management. (January 2021)
Answer:
The key areas that auditors should pay attention to while evaluating Managerial controls are as follows:
1. Planning: Auditors need to evaluate whether top management has formulated a highquality information system’s plan
that is appropriate to the needs of an organization or not. A poor-quality information system is ineffective and inefficient
leading to losing of its competitive position within the marketplace.
2. Organizing: Auditors should be concerned about how well top management acquires and manages staff resources.
3. Leading: Generally, the auditors examine variables that often indicate when motivation problems exist or suggest poor
leadership – for example, staff turnover statistics, frequent failure of projects to meet their budget and absenteeism level
to evaluate the leading function. Auditors may use both formal and informal sources of evidence to evaluate how well
top managers communicate with their staff.
4. Controlling: Auditors should focus on subset of the control activities that should be performed by top management
– namely, those aimed at ensuring that the information systems function accomplishes its objectives at a global level.
Auditors must evaluate whether top management’s choice to the means of control over the users of IS services is likely to
be effective or not.
Question 5: Data Warehouse extracts data from one or more of the organization’s databases and loads it into another
database for storage and analysis purpose. As a Data Warehouse Manager, determine the design criteria, which should be met
while designing Date Warehouse. (May-2018, 6 Marks)
Hint:
The Data Warehouse extracts data from one or more of the organization’s databases and loads it into another database for
storage and analysis purpose. A data warehouse should be designed so that it meets the following criteria:
◘◘ It uses non-operational data ◘◘ The data is time-variant ◘◘ The data is standardized
There are two approaches to follow when designing a data warehouse:
◘◘ The Bottom-Up Approach ◘◘ The Top-Down Approach
Question 6: Explain, briefly the objectives of Information System’s Auditing. (May-2018, 4 Marks)
Hint:
The major objectives of Information System’s (IS) Auditing are as follows:
◘◘ Asset Safeguarding ◘◘ System Effectiveness
© Carvinowledge Press (CNP), 2022
Question 9: Data that is waiting to be transmitted are liable to unauthorized access called ‘Asynchronous Attack’. Explain
various types of Asynchronous attacks on data. (Nov-2018, 4 Marks)
Question 10: An operating system allows users and their applications to share and access common computer resources
and execute a variety of activities. Hence, protecting operating system access is extremely crucial. Identify various steps through
which protection of operating system access can be achieved. (Nov-2018, 8 Marks)
Hint:
◘◘ Automated Terminal ID ◘◘ Access Control List ◘◘ User of System Utilities
◘◘ Terminal Login procedure ◘◘ User ID ◘◘ Duress Alarm
◘◘ Access Token ◘◘ Pw. Mgt. System ◘◘ Terminal time-out
Question 11: Company XYZ is implementing the software using the program development life cycle methodology and
applying control phases in parallel to the development phases to monitor the progress against plan. Being an IT developer,
design the various phases and their controls for program development life cycle. (May-2019, 6 Marks)
Hint:
◘◘ Planning ◘◘ Coding ◘◘ Maintenance
◘◘ Analysis ◘◘ Testing
◘◘ Design ◘◘ Implementation
Question 12: General controls are pervasive controls and apply to all system components, processes and data for a given
enterprise or systems environment. As an IT consultant, discuss some of the controls covered under general controls which
you would like to ensure for a given enterprise. (May-2019, 6 Marks)
Hint:
ww Information Security Policy
ww Administration, Access and Authentication
ww Separation of key IT functions
ww Management of Systems Acquisition and Implementation
ww Change Management
ww Backup, Recovery and Business Continuity
Hint:
a. As an Information Systems (IS) Auditor, various Audit Tools that can be used to perform IS Auditing are as follows:
i. Snapshots
ii. Integrated Test Facility (ITF)
iii. System Control Audit Review File (SCARF)
iv. Continuous and Intermittent Simulation (CIS)
v. Audit Hooks
b. Some of the advantages of continuous audit techniques are as under:
ww Timely, Comprehensive and Detailed Auditing
ww Surprise test capability
ww Information to system staff on meeting of objectives
ww Training for new users
Question 17: Recognize the activities that deal with the System Development Controls in an IT Setup. (RTP Nov-2018)
Hint: The activities that deal with system development controls in IT setup are as follows:
i. System Authorization Activities
© Carvinowledge Press (CNP), 2022
Question 18: Determine the controls that are classified based on the time when they act, relative to a security incident.
(RTP Nov-2018)
Hint: The controls per the time that they act, relative to a security incident can be classified as under:
ww Preventive Controls
ww Detective Controls
ww Corrective Controls
Question 19: In Information Systems, identify the type of Managerial controls that are responsible for the daily running of
software and hardware facilities. Prepare a detailed note on these controls. (RTP May-2019)
Hint: Under the Managerial Controls, Operations Management Controls are responsible for the daily running of hardware and
software facilities. Operations management typically performs controls over the functions as below:
i. Computer Operations
ww Operation Controls: These controls prescribe the functions that either human operators or automated operations
facilities must perform.
ww Scheduling Controls: These controls prescribe how jobs are to be scheduled on a hardware/software platform.
ww Maintenance Controls: These controls prescribe how hardware is to be maintained in good operating order.
ii. Network Operations vi. Documentation and Program Library
iii. Data Preparation and Entry vii. Help Desk/Technical support
iv. Production Control viii. Capacity Planning and Performance Monitoring
v. File Library ix. Management of Outsourced Operations
Question 20: Many organizations now recognize that data is a critical resource that must be managed properly and
therefore, accordingly, centralized planning and control are implemented. Identify the various control activities involved in
maintaining the integrity of the database. (RTP Nov-2019)
Hint: Many organizations now recognize that data is a critical resource that must be managed properly and therefore,
accordingly, centralized planning and control are implemented. For data to be managed better; users must be able to share
data, data must be available to users when it is needed, in the location where it is needed, and in the form in which it is needed.
Careful control should be exercised over the roles by appointing senior, trustworthy persons, separating duties to the extent
possible and maintaining and monitoring logs of the data administrator’s and database administrator’s activities.
The control activities involved in maintaining the integrity of the database is as under:
Question 21: An Internet connection exposes an organization to the harmful elements of the outside world. Prepare a list
of various Network Access Controls by means of which the protection can be achieved against these harmful elements.
(RTP Nov-2019)
Hint:
ww Policy on use of network services ww Security of network services
ww Enforced path ww Firewall
ww Segregation of networks ww Encryption
ww Network connection and routing control ww Call Back Devices
Question 22: Mr. A is a System Administrator of the company who must ensure the protection of Operating System used in
information system of the company. How can this purpose be achieved? (RTP May-2020)
Hint: Operating System protection can be achieved using following steps.
ww Automated terminal identification ww Password management system
Question 25: What do you understand by the term ’Operating System’? Discuss various operations performed by the
Operating System. (Study Material)
Question 28: What do you understand by Boundary Controls? Explain major Boundary Control techniques in brief.
(Study Material)
Question 29: Briefly explain major update and report controls regarding Database Controls in brief.
(Study Material)
Question 30: What do you mean by Corrective Controls? Explain with the help of examples. Also, discuss their broad
characteristics in brief. (Study Material)
Question 31: What do you mean by Preventive Controls? Explain with the help of examples. Also, discuss their broad
characteristics in brief. (Study Material)
Question 33: “Virtual Memory is in fact not a separate device, but an imaginary memory area supported by some operating
systems (for example, Windows) in conjunction with the hardware”. Explain what virtual memory is and what is its importance
in memory management? (Study Material)
Question 34: Data warehouse and Data Mining are the order of the day for better management of information and quicker
and effective decision-making in organizations. Critically evaluate.
(Study Material)
Question 35: What is the difference between data and information? (May 2017)
Question 36: What is a Central Processing Unit (CPU)? What are the three functional units of a Central Processing Unit
(CPU)?
Question 41: MySQL and Oracle are they leading examples of database management systems. What is Database
management system? Explain.
Question 42: A DBMS is very important for every enterprise. State its objectives and operations that could be done on the
files.
Question 43: Eesha Ltd. follows a Hierarchical Database Structure Model. What is Hierarchical Database Structure Model?
Also explain its features.
Question 44: Vishal Ltd. followed a Hierarchical Database Structure Model, now it wishes to follow Network Database
Structure Model. State how a Hierarchical Database Structure Model is different from Network Database Structure Model.
Question 45: Analytica Ltd. followed Big Data analytics to find insights that help organizations make better business
decisions. In your opinion, what are the benefits of Big Data processing for Analytica Ltd.
Question 46: ‘Today, organizations have begun to utilize databases as the center piece of their operations; the need to
fully understand and leverage the data they are collecting has become more and more apparent.” Explain the benefit of data
warehouse.
Question 47: Data Warehouse extracts data from one or more of the organization’s databases and loads it into another
database for storage and analysis purpose. As a Data Warehouse Manager, determine the design criteria, which should be met
while designing Data Warehouse.
Question 48: What can be the critical controls lacking in a computerized environment?
Question 49: Physical security mechanisms in an organization provide protection to people, data, equipment, systems,
facilities and company assets. Determine some major ways of protecting the organization’s computer installation in the even
to any explosion or fire.
Question 50: In OTC Media Pvt. Ltd., big data in a data warehouse are analyzed to reveal hidden patterns and trends in
historical business activity. OTC Media Pvt. Ltd. uses this analysis to help managers make decisions about strategic changes
in business operations to gain competitive advantages in the marketplace. List out the steps involved in the above analysis
process.
Question 51: Technical exposures are the unauthorized modification or change of data or resource. What are the different
types of technical exposures?
Question 52: Operating System security involves policy, procedure and controls that determine, ‘who can access the
operating system,’ ‘which resources they can access’, and ‘what action they can take’. As an Information Systems auditor,
determine the key areas which shall be put in place by any organization.
Question 53: Program development and implementation is a major phase within the systems development life cycle. What
are the phases of a system development life cycle?
Question 54: Recognize the major reasons for the emergence of Quality assurance in many organizations nowadays?
Question 55: Om Trivedi, a chartered accountant was appointed as the information system’s auditor of Eesha Enterprises.
What is an information system (IS) audit? Explain. Also, explain the objectives of an IS audit.
Question 56: An information system (IS) audit or information technology (IT) audit is an examination of the controls
within an entity’s Information technology infrastructure. What is the need of information system (IS) audit? Explain.
Question 57: What is an audit trail? What are its types and objective?
Question 58: What do you mean by continuous audit? Discuss the advantages of continuous Audit Techniques.
Hint: Some of the advantages of continuous audit techniques are as under:
i. Timely, Comprehensive and Detailed Auditing: Evidence would be available more timely and in a comprehensive
Question 59: What do you mean by managerial controls and their audit trail? Explain.
Question 60: What do you mean by application controls and their audit trail? Explain.
Question 61: What do you mean by segregation of duties? Explain with Examples of SOD Controls.
COMPONENTS OF INFORMATION SYSTEMS (c) Are all of which are physical objects that can be
touched
16. Which of the following is not a component of (d) All of the above
Information Systems?
23. ____________________ are a necessity in order to
(a) People ensure that data is entered into a computer to be
(b) Data processed and the results given out.
(c) Transaction Processing System (a) Input Devices (b) Output devices
(d) Network (c) Neither a nor b (d) Both a and b
17. Which of the following is a people resource of 24. Which of the following is a hardware unit?
Information Systems (IS)? (a) Graphic cards (b) Sound cards
(a) Operating system program (c) Motherboard (d) All of the above
(b) System analyst and developers 25. Which of the following is an output device?
(c) Customer records (a) Light pen
(b) Visual Display Unit (VDU)
(d) Communication media
(c) Optical scanner
18. Which of the following is an information product of
(c) Centralized Processing Unit 48. There is a huge speed difference between
(d) Central Processing Unit ____________ and _________________ to bridge these
speed differences, we have cache memory.
39. The Central Processing Unit (CPU) is the __________
(a) Primary Memory, Secondary memory
of the computer.
(b) Registers, Secondary Memory
(a) Heart (b) Soul
(c) Registers, Primary Memory
(c) Brain (d) All of the above
(d) RAM, ROM
40. Which of the following is not a functional unit of
Central Processing Unit (CPU)? 49. Which of the following is a type of Register?
41. In a microcomputer, the entire CPU is on a tiny chip 50. Primary Memory is of how many types?
called a _________________. (a) Two (b) Three
(a) Micro powered unit (c) Four (d) Five
(b) Microprocessor 51. Which of the following is a primary memory?
(c) Micro unit (a) RAM (b) ROM
(c) CMOS (d) All of the above 63. Virtual memory is an allocation of __________ space
52. The full form of RAM is _____________. to help RAM.
(a) Random Access Memory (a) CMOS (b) ROM
(b) Read Access Memory (c) Hard disk (d) Bubble memory
(c) Random Accessible Memory 64. CMOS memory stands for _________________.
(d) Random Authorization Memory (a) Complex Metal Oxide Semiconductor Memory
53. Which of the following is volatile memory? (b) Complementary Metal Oxide Sodium-conductor
Memory
(a) RAM (b) Hard drive
(c) Complementary Metallic Oxide Semiconductor
(c) Pen drive (d) ROM
Memory
54. The data written on ______________ cannot be (d) Complementary Metal Oxide Semiconductor
modified. Memory
(a) RAM (b) Virtual memory
(c) Flash Memory (d) ROM SYSTEM SOFTWARE
55. ROM stands for _________________________. 65. Which of the following is an example of a system
(d) Memory Management 78. Which of the following type of application software
72. ____________________ helps in a user friendly has multiple applications bundled together?
interaction between a computer and users. (a) Enterprise Software
(a) Character User Interface (CUI) (b) Application Suit
(b) Graphical User Interface (GUI) (c) Enterprise Infrastructure Software
(c) Both a and b (d) Information Worker Software
(d) None of the above 79. Which of the following type of application software
73. Every computer could have different specifications addresses an enterprise’s need and data flow in a
and configurations of hardware. If application huge distributed environment?
developers would have to rewrite code for every (a) Enterprise Software
configuration they would be in a big trouble. Which (b) Application Suit
of the following feature of an operating system deals
(c) Enterprise Infrastructure Software
with the above problem?
(d) Information Worker Software
(a) Performing Hardware Function
80. Which of the following type of application software
(b) User Interface
provides capabilities required to support enterprise
© Carvinowledge Press (CNP), 2022
90. Which of these is not an example of Relational (d) More than 1 set at one time
Database? 100. A ______________________ is structured into a series
(a) Access (b) MySQL of two-dimensional tables.
(c) Java (d) Oracle (a) Hierarchical database
91. Which of these is not an example of Relational (b) Network database
Database? (c) Relational database
(a) Access (b) MySQL (d) Object oriented database
(c) Java (d) Oracle
92. What is the objective of DBMS? DATABASE MANAGEMENT SYSTEM (DBMS)
(a) To know its information needs.
101. In DBMS, Same information ______________.
(b) To acquiring that information.
(c) To organize the acquired information in a (a) Can be made available to different users
meaningful way. (b) Can’t be made available to different users
(d) All of the above (c) Can be made available to a single user only
93. What DBMS Operations can be done on the Files? (d) Can’t be made available to any user
(a) Adding new files to database.
(b) Deleting existing files from database.
102.
Data integrity is maintained by having 108. ___________________ is a key intellect who is
_____________________ data. employed owing to his or her acquaintance of a
(a) Accurate (b) Consistent subject matter, rather than their ability to perform
(c) Up-to-date (d) All of the above manual labour.
(a) Worker (b) Knowledge worker
103. Which of the following is a disadvantage of DBMS?
(c) Collaborator (d) System Analyst
(a) Implementing a DBMS system can be expensive
109. _____________________________ is a key intellect who
and time-consuming, especially in large
is employed owing to his or her acquaintance of a
enterprises.
subject matter, rather than their ability to perform
(b) Training requirements alone can be quite costly. manual labour.
(c) Even with safeguards in place, it may be possible (a) Knowledge worker
for some unauthorized users to access the (b) Intellectual worker
database. If one gets access to database, then it (c) Brain worker
could be an all or nothing proposition.
(d) All of the above
(d) All of the above 110. ___________________________ is a major use of
data warehouse databases and the static data
SOME RELATED CONCEPTS OF DBMS
© Carvinowledge Press (CNP), 2022
116. ________________ refers to the amount of data which 125. Which of the following is not a feature of RAM?
can be sent across a network in given time. (a) Power interruptions destroy RAM contents.
(a) Resilience (b) Contention (b) Data and Programs can be stored in RAM through
(c) Routing (d) Bandwidth Input Device or through auxiliary storage devices.
117. ________________ refers to the ability of a network
(c) Data and instruction written on the RAM can be
to recover from any kind of error like connection
read or re-written.
failure, loss of data, etc.
(a) Routing (b) Bandwidth (d) RAM is permanent memory (non – volatile)
(c) Resilience (d) Contention 126. Which of the following is not a feature of ROM?
118. _______________ refers to the situation that arises (a) Instruction written on the ROM can be read but
when there is a conflict for some common resource. cannot be rewritten.
(a) Routing (b) Contention (b) Programmers and Machines use ROM.
(c) Bandwidth (d) Resilience
(c) ROM is permanent memory (non – volatile).
119. In computer networks, _________ refers to the ability
(d) ROM will not allow to store data or instruction
of a network to recover from any kind of error like
instead they will be written by the Manufacturer
connection failure, loss of data etc.
once and for all.
(a) Routing (b) Resilience
132. Table Structure, Relations, Attributes and Domains (a) Hub (b) Bridge
are all concepts used in ________ Database model. (c) Switch (d) Router
(a) Hierarchical (b) Network 140. A protocol that enables sounds to be converted to
(c) Relational (d) Object Oriented a digital format for transmission over the Internet
133. No child record can have more than one Parent and then recreated at the other end is called
record. However, each Parent Record can have as______________.
multiple lower – level (child) records. This is a (a) Internet Protocol
distinguishing feature of _____________ Database (b) Network Protocol
model. (c) Voice Over Internet Protocol
(a) Hierarchical (b) Network (d) None of the above
(c) Relational (d) Object Oriented
141.
A Technology that takes an Internet
134.
____________________ database model permits Signal and converts it into Radio Waves is
multiple – branches from one or more nodes. called__________________.
(a) Hierarchical (b) Network (a) Wi Fi Technology
(c) Relational (d) Object Oriented (b) Internet Technology
© Carvinowledge Press (CNP), 2022
146. ________________ involves the five activities – (1) (b) Procedures – Data Entry Procedures, Error
Identification of Information Needs, (2) Obtaining Correction Procedures, Paycheck Distribution
that Information from various sources, (3) Procedures, etc.
Organizing that information in a meaningful way, (c) Both of ‘a’ and ‘b’
(4) Ensuring Information quality, and (5) Providing (d) None of the above
Software Tools for users to access the required
information. 149. In CBIS, which of the following is correct about
“People”?
(a) Information System
(a) Both Internal Users (Management Staff, System
(b) Information Management
Users) and External Users (Government, Vendors,
(c) Information Analysis Customers, etc.) may required information
(d) Information Processing Cycle provided by the CBIS, and constitute the “People”
147. In CBIS, Hardware Resources refer to: Component of the CBIS.
(a) Machines – Computers, Video Monitors, (b) Internal users may be at all levels of the Entity’s
Magnetic Disk Drive, Printers, Optical Scanners hierarchy, - (a) End User, (b) Programmers,
(b) Media – Floppy Disks Magnetic tape Optical (c) System Analysts, and (b) Database
Administrators.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
b a c d d c a b d b c a b d b c a c d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
a c a b b a c a b c d a b d a c d a c d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
a c b b c b d b c d a c b d a b b a a c
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
c b c c d d c b d d a d d b b d d a c b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
d a b d c a c d d b d d c c a d a b d d
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
c b c a a d b c b d c a c a b c d a b d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
a b c b d c a b a d b a b a c a b d a a
Unit II
Information System Controls and Auditing
INTRODUCTION (c) Compliance (d) Valuation
8. Which of the following objective of auditing verify
1. Auditing assures that ____________________.
that the program, area, or activity is performed
(a) Assets and information resources are safeguarded economically, efficiently, and effectively?
(b) Data integrity is protected (a) Operational (b) Authorisation
(c) System complies with applicable policies, laws (c) Cut off (d) Valuation
© Carvinowledge Press (CNP), 2022
and regulations.
9. _______________________ requires the use of CAAT
(d) All of the above
tools.
2. Which of the following is a cause of the exposure to (a) Manual audit (b) IT audit
potential loss?
(c) Both a and b (d) None of the above
(a) Errors or omissions
(b) Improper authorizations OBJECTIVE OF CONTROLS
(c) Inefficient activity
10. Which of the following are causes of the exposure to
(d) All of the above
potential loss?
3. Which of the following objective of auditing verifies (a) Errors or omissions in data, procedure,
that the assets, liabilities, ownership, and/or processing, judgment and comparison.
activities are real?
(b)
Improper authorizations and improper
(a) Authorisation (b) Valuation accountability with regard to procedures,
(c) Cut off (d) Existence processing, judgment and comparison.
4. Which of the following objective of auditing verify (c) Inefficient activity in procedures, processing and
that events have occurred in accordance with comparison.
management’s intent? (d) All of the above
(a) Existence (b) Authorisation 11. Which of the following control is based on Objective
(c) Valuation (d) Cut off of Control?
5. Which of the following objective of auditing verify (a) Detective (b) Managerial
that the accounting values fairly present an item is (c) Application (d) Logical access control
worth?
12. Which of the following control is not based on
(a) Valuation (b) Existence Objective of Control?
(c) Authorisation (d) Cut off (a) Preventive (b) Application
6. Which of the following objective of auditing verify (c) Detective (d) Corrective
that the transaction is re-coded in the proper
13. Which of the following control is based on nature of
accounting period?
IS resource?
(a) Existence (b) Authorisation
(a) Preventive (b) Detective
(c) Cut off (d) Valuation
(c) Logical access (d) Corrective
7. Which of the following objective of auditing
14. Which of the following control is not based on
verify that the processing is in compliance with
nature of IS resource?
governmental laws and regulations, generally
accepted accounting procedures, and the (a) Environmental (b) Physical Access
organization’s policies and procedures? (c) Logical Access (d) Detective
(a) Operational (b) Authorisation
15. Which of the following control is based on audit 24. Encryption techniques, Anti-virus programs and
functions? Firewall are all part of which of the following
(a) Managerial (b) Application controls?
(c) Logical Access (d) Both a and b (a) Physical Access (b) Logical Access
16. Which of the following control is not based on audit (c) Environmental (d) Detective
functions? 25. Which of the following key factors are considered in
(a) Application (b) Managerial designing logical access control controls?
(c) Logical Access (d) Both a and b (a) Abuse of data processing resources
(b) Blackmail
CLASSIFICATION BASED ON NATURE OF (c) Embezzlement
INFORMATION SYSTEM RESOURCES (d) All of the above
17. Smoke detectors are a part of which of the following 26. _______________ is a piece of bad code deliberately
control? planted by an insider or supplier of a program.
(a) Environmental (b) Physical Access (a) Bomb (b) Worm
(c) Logical Access (d) Detective (c) Trojan (d) Christmas card
to specify the exact path or route connecting the 56. If users are forced to execute some instruction
network? under threat, the system should provide a means to
(a) Enforced path alert the authorities.
(b) Privilege management (a) Duress alarm to safeguard users
(c) Segregation of networks (b) Terminal time out
(d) Call back devices (c) Limitation of connection time
50. Based on the sensitive information handling (d) Clock synchronisation
function; say a VPN connection between a branch 57. Which of the following logical access control defines
office and the head-office, this network is to be the available time slot and does not allow any
isolated from the internet usage service. The above transaction beyond this time?
example is the implementation of which of the type (a) Duress alarm to safeguard users
of logical access control? (b) Terminal time out
(a) Enforced path (c) Limitation of connection time
(b) Privilege management (d) Clock synchronisation
(c) Segregation of networks 58. Which of the following logical access control creates
(d) Call back devices event logs maintained across an enterprise network
to accomplish the goals that are established during 70. The scope of _______________________ includes
planning function. systems analysis, general systems design, feasibility
(a) Planning (b) Leading analysis, and detailed systems design.
(c) Controlling (d) Organising (a) Technical Design Activities
63. ___________________ includes motivating, guiding, (b) System Authorization Activities
and communicating with personnel. (c) User Specification Activities
(a) Planning (b) Leading (d) Internal Auditor’s Participation
(c) Controlling (d) Organising 71. The internal auditor plays an important role in the
64. The process of ____________________ requires control of systems and should become involved at
managers to motivate subordinates, direct them the inception of the system development process
and communicate with them. to make conceptual suggestions regarding system
requirements and controls and should be continued
(a) Leading (b) Planning
throughout all phases of the development process
(c) Controlling (d) Organising and into the maintenance phase. The above phrase
65. _______________________ includes comparing actual states which of the following activities?
performance with planned performance as a basis
© Carvinowledge Press (CNP), 2022
115. Ms. Prathama Trivedi, data analyst of Kumar (c) Valid code check (d) Check digits
enterprises notices that inventory code “SQC1066” 122. Which of the following checks are made against
is recorded as “SQC0661”. predetermined transactions codes, tables or order
(a) Transposition Error data to ensure that input data are valid?
(b) Truncation errors (a) Limit check (b) Picture check
(c) Addition errors (c) Valid code check (d) Check digits
(d) Substitution errors 123. A ____________________ is a control digit (or digits)
added to the code when it is originally assigned that
116. Mr. Raj Trivedi, the data entry operator of Prathama
allows the integrity of the code to be established
Ltd. While recording the inventory code, records
during subsequent processing.
Inventory Code “SQC1066” as “SQC1076”. This is an
(a) Check digits (b) Limit check
example of which of the following errors?
(c) Picture check (d) Valid code check
(a) Transposition Error
(b) Addition errors 124. The check digit can be ______________________.
(c) Truncation errors (a) Located anywhere in the codeas a prefix
(d) Substitution errors (b) Located anywhere in the code as a suffix
117. ___________ involves programmed procedures that (c) Embedded someplace in the middle.
© Carvinowledge Press (CNP), 2022
examine the characters of the data in the field. (d) All of the above
(a) Field Interrogation
125.
_____________________ ensure that the data
(b) Cryptographic controls delivered to users will be represented, formatted
(c) Personal Identification Numbers (PIN) and delivered in a consistent and secured manner.
(d) Biometric sets (a) Database controls
118. Which of the following statements depicts an
(b) Output controls
exposure that arises in the communication
(c) Update controls
subsystem?
(a) As data is transported across a communication (d) Report controls
subsystem, it can be impaired through 126. Which of the following component of a processor
attenuation, delay distortion, and noise. fetches programs from memory and determines
(b) The hardware and software components in a their type?
communication subsystem can fail. (a) Control unit (CU)
(c) The communication subsystem can be subjected (b) An Arithmetic and Logical Unit (ALU)
to passive or active subversive attacks.
(c) Registers
(d) All of the above
119. Which of the following exposure arise in the (d) All of the above
communication subsystem. 127. Which of the following component of a processor
(a) As data is transported across a communication performs operations?
subsystem, it can be impaired through (a) Control unit (CU)
attenuation, delay distortion, and noise. (b) Registers
(b) The hardware and software components in a
(c) Arithmetic and Logical Unit (ALU)
communication subsystem can fail.
(c) The communication subsystem can be subjected to (d) All of the above
passive or active subversive attacks. 128. Which of the following component of a processor
(d) All of the above is used to store temporary results and control
120. Which of the following type of check fieldis checked information?
by the program against predefined limits to ensure (a) Control unit (CU)
that no input/output error has occurred or at least (b) Registers
no input error exceeding certain pre-established
(c) An Arithmetic and Logical Unit (ALU)
limits has occurred?
(d) All of the above
(a) Picture check (b) Valid code check
(c) Limit check (d) Check digits 129. _____________ ensure that the data delivered to
121. Which of the following is a check againstentry into users will be represented, formatted and delivered
processing of incorrect or invalid characters? in a consistent and secured manner.
(a) Limit check (b) Picture check
170. _____________________ is responsible for overall (a) Security Architect (b) Security Engineer
operations that are carried out by others. (c) Security Analyst (d) Security Auditor
Responsibilities will include establishing operations 178. ____________________ is responsible for examining
shift schedules. logs from firewalls, intrusion detection systems,
(a) Operations Manager and audit logs from systems and applications. This
(b) Operations Analyst position may also be responsible for issuing security
(c) Controls Analyst advisories to others in IT.
(d) Systems Operator (a) Security Architect (b) Security Engineer
171. ___________________ is be responsible for the (c) Security Analyst (d) Security Auditor
development of operational procedures; examining 179. ________________ is responsible for performing
the health of networks, systems, and databases; internal audits of IT controls to ensure that they are
setting and monitoring the operations schedule; being operated properly.
and maintaining operations records. (a) Security Architect (b) Security Engineer
(a) Operations Manager (c) Security Analyst (d) Security Auditor
(b) Controls Analyst 180. ___________________ is responsible for providing
(c) Operations Analyst front line user support services to personnel in the
© Carvinowledge Press (CNP), 2022
(c) Information System Audit 192. Database Backup procedures are scheduled
(d) Shift over to Manual System for every hour on the customer sales records
of the Enterprise Database. This is an example
185. Control Objectives define what is sought to be
of__________________________ Controls.
accomplished by implementing the control and the
(a) Preventive (b) Detective
purpose thereof. What are the purposes of these
control objectives? (c) Corrective (d) Compensatory
193. Hash Totals are calculated both at the sender and
(a) Outline the policies of the organization as laid
receiver end of the data Transmission Network.
down by the Management.
This is an example of__________________________
(b) Provide a Benchmark for evaluating whether
Controls.
control objectives are met.
(a) Preventive (b) Detective
(c) Both ‘a’ and ‘b’.
(c) Corrective (d) Compensatory
(d) None of the above. 194. Based on IS Audit Functions, controls may be
186. Which of these is not a control objective, in the classified into managerial controls and Application
context of IT Environment? controls. In this regard, identify which of these is
(a) Completeness (b) Validity not covered under Application controls?
212. Which of the following is not part of Control Activities (b) Input Control
for maintaining the integrity of the database? (c) Processing Control
(a) Definition Controls (d) Communication Control
(b) Quality Controls
215.
“Field Initializations” is an example
(c) Existence / Backup Controls of___________________ controls.
(d) Piggybacking Controls (a) Data Coding
213. Which of these are within the scope of Security (b) Data Processing
Management control? (c) Data Validation
(a) Insurance (d) Data Identification
(b) Disaster Recovery Plan 216. Maintaining integrity of these Internal tables,
(c) Business Continuity Plan i.e., Pay Rate Table, Price Table and Interest
(d) All of the above Table, etc. is important. This is achieved
214. _____________ establishes interface between the through___________________ controls.
User of the system and the system itself. Report
(a) (b) Update
(a) Boundary Control (c) Table (d) System
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d d d b a c c a b d a b c d d c d c c d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
b b a b d a c b d d b d a b a c a a b a
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
b c d b d a c b a c a c d a b a c c a d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b d b a c d a b c a d a c b d c a b d d
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
c b a a c d a d d d a c d a b c b a d c
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
b a c b a d d c a b c a d c b d a d d c
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
b c a d b a c b a d d b a d d b c a a b
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
d a b b b c d d a c b d a a b c d a a b
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
c b a d c c b a d a c b d a c a b c d b
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200
d a d b c d b b d a a c b c c d b c c d
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
c d b c d a a d c d b d d a b a
4
Amendments at a Glance D I
E-Commerce, M-Commerce
and Computing Technologies
R I
e – Mall (electronic mall)
T
An e-mall, in its basic form, consists of a collection of e-shops usually grouped under a single Internet address. It is a website
that displays electronic catalog from several suppliers, and charges commission from them for the sales revenue generated
at that site. The basic idea of it is the same as retailing model of a regular shopping mall, a conglomeration of different e-shops
that provide consumers a one-stop shopping place offering variety of products and services.
M
They are mainly of following types:
◘◘ General stores/malls: These are online stores that have a variety of items for sale and do not specialize in selling any
one item and are thus called General stores.
O
Example: amazon.comwhich is primarily an e-mall that provides platform to vendors sell and users to purchase various
products ranging from books, music, movies, housewares, electronics, toys, clothes etc.
.
◘◘ Specialized stores/malls: The specialized stores would sell only specialized items.
Example: www.99acres.comis a website that specializes in buying and selling property and housing on an online
F
platform.
O
e-Rupi
Government of India has launched a new mode of cashless and contactless digital payment named e-Rupi based on UPI
R
systems to ensure seamless transfer of benefits to the citizens in a “leak-proof” manner.
ww It is an e-voucher, which will be delivered to beneficiaries in the form of a QR code and SMS-string-based voucher
P
through which funds will be directly transferred to their bank account.
ww These vouchers are person- and purpose-specific, meaning if they are released by the government for the purpose
of vaccination, for instance, then they can be redeemed only for that.
ww This contactless e-RUPI is easy, safe, and secure as it keeps the details of the beneficiaries completely confidential.
ww The entire transaction process through this voucher is relatively faster and at the same time reliable, as the required
amount isalready stored in the voucher.
ww Any government agency and corporation can generate e-RUPI vouchers via their partner banks.
Blockchain
Blockchain, also referred as Distributed Ledger Technology(DLT) is
ww a shared,
ww peer-to-peer, and
ww decentralized
open ledger oftransactions system with no trusted third parties in between.
ww This ledger database has every entry as permanent as it is an append-only database which cannot be changed or
altered.
ww All transactions are fully irreversible with any change in the transaction being recorded as new transaction.
ww The decentralised network refers to the network which is not controlled by any bank, corporation, or government.
ww A blockchain generally uses a chain of blocks, with each block representing the digital information stored in public
database (“the chain”).
ww A simple analogy for understanding blockchain technology is a Google Doc.
ww When we create a document and share it with a group of people, the document is distributed instead of copied or
transferred.
ww This creates a decentralized distribution chain that gives everyone access to the document at the same time.
ww No one is locked out awaiting changes from another party, while all modifications to the document are being
recorded in real-time, making changes completely transparent.
Risks
1. With the use of blockchain, organizations need to consider risks with a wider perspective as different members of a
particular blockchain may have different risk appetite/risk tolerances that may further lead to conflict when monitoring
controls are designed for a blockchain. There may be questions about who is responsible for managing risks if no one
party is in-charge and how proper accountability is to be achieved in a blockchain.
2. The reliability of financial transactions is dependent on the underlying technology and if this underlying consensus
mechanism has been tampered with, it could render the financial information stored in the ledger to be inaccurate and
unreliable.
3. In the absence of any central authority to administer and enforce protocol amendments, there could be a challenge
in the establishment of development and maintenance of process control activities and in such case, users of public
blockchains find difficult to obtain an understanding of the general IT controls implemented and the effectiveness of
these controls.
4. As blockchain involves humongous data getting updated frequently, risk related to information overload could potentially
challenge the level of monitoring required.
5. To find competent people to design and perform effective monitoring controls may again prove to be difficult.
Controls
1. As opposed to traditional manual techniques, computerized continuous monitoring techniques shall be used to perform
ongoing evaluations, considering the large volume of data processed and the frequency at which these transactions are
getting processed.
2. Suitable data analytics procedures shall be developed to identify and obtain relevant and quality data from the blockchain
so that it can then be processed into information that subsequently can be used to support management’s business
processes and reporting objectives.
3. Communication methods shall be developed to ensure that operational changes and updates relating to the use of
blockchain are communicated to appropriate personnel so that internal control related responsibilities are carried out in
proper manner.
4. The unique aspects of blockchain such as consensus protocols, smart contracts, and private keys, as well as factors
relating to the ongoing health, governance, and overall reliability of the blockchain in use; shall be assessed thoroughly.
5. Both internal and external auditors shall be engaged in discussions during the development or identification of a
blockchain so as to make the management understand the typical auditability issues associated with using blockchain.
Subsequently, processes can be established to mitigate against those issues so that the appropriate information and
support for transactions is available.
© Carvinowledge Press (CNP), 2022
customer base of more than 85,00,000 customers across the country. It handles Mediclaim requests of
approximately 51,000 patients on daily basis. The numbers are so large that there is a great risk of
S TU D Y
fraud in Mediclaim processing. Keeping the situation in mind, Trivedi and Narang Insurance Co. (India)
Ltd. urgently needs a modern computing technology that can handle such a huge volume of Mediclaim
requests from 85 lacs customers and 25,000 hospitals and mine data from partner hospitals to detect
and prevent fraud at the right time. It appoints Parimal Jha and Associates as its auditor. You are an
article clerk with Parimal Jha and Associates.
Required:
i. As an auditor, which emerging computing technology will you suggest to Trivedi and Narang
Insurance Co. (India) Ltd.?
ii. Define the suggested emerging computing technology.
iii. Explain the Computing Architecture and resources of the suggested emerging computing
technology
deals in corporate, retail, consumer, social, political and community related databases of very
sensitive, sensitive and general nature. It has recently collaborated with 3 of the like-minded virtual
S TU D Y
organizations (communities) in the same field to gain the benefits of synergy and an strategic edge
over its rivals like Amazon, Flipkart and Snapdeal. The CEO, Prathama Trivedi, is planning to use the
services of the cloud service providers (CSPs) to reduce the burden of IT Management by outsourcing
the whole IT infrastructure to a third party vendor. She appoints you an advisor on this matter.
Required: Suggest her the most suitable Cloud Computing Deployments, keeping the nature, diversity
and complexity of business of Prathama Ltd. in mind.
Flipkart began selling books to begin with. It soon expanded and began offering a wide variety of
S TU D Y
goods. Innovating right from the start, Flipkart has been home to few of the striking features of Indian
e-commerce. Flipkart made good profits in the first few years of its existence. Flipkart raised funds
through venture capital funding. As the company grew in stature, more funding arrived.
Flipkart addressed major issues in online purchasing in India. Indians love to pay after getting
the product in hand so Flipkart was the first to implement the popular ’Cash On Delivery’ facility,
which every online shopping website in India offers as an option today. Second major issue Flipkart
addressed was timely delivery. It was more of a cultural revolution to ensure the whole supply chain
was revamped and sensitized to the issue of timely delivery.
Despite being one of the most popular and economical modes of public transportation in
S TU D Y
India, auto-rickshaws have remained highly underutilized due to inefficiencies prevalent in the
conventional hailing procedure such as availability and fares. Jugnoo was started with a vision
to overcome these roadblocks by bringing structure into this space, aggregating auto-rickshaws
via technology, thereby, and enabling optimum utilization of resources.
which might not have Spa, Gym etc.) like the star hotels but will live up to the basic standards & high
SE
expectations for prices like never before. The rooms would have few basic amenities including, clean
rooms, clean linen, AC, clean bathroom, free wifi, and free breakfast.
S TU D Y
The teenage boy – Ritesh Agarwal is the young Founder & CEO of OYO Rooms – fastest growing
Branded network of hotels offline & online. OYO rooms does nothing out of the box but provides
travelers the coolest yet cheapest efficient, young, standardized rooms with no add-ons attached to it!
He used to replace the new mobiles internal components with defective components.
He kept on doing this for two years before being caught.
S TU D Y
products. It is important to check the history of the seller and read all the details to ensure the
product is the brand name product you originally intended to buy. A good rule of thumb is that if it’s
S TU D Y
too good to be true, it usually is. Designer headphones, purses, and watches will always cost around
retail price online.
CA Indian Railway Catering and Tourism Corporation (IRCTC) is a subsidiary of the Indian Railways that
SE handles the catering, tourism and online ticketing operations of the Indian railways, with around
5,50,000 to 6,00,000 bookings everyday is the world’s second busiest network and a web portal. It’s
tagline is “Lifeline of the nation”. It pioneered internet-based rail ticket booking through its website,
S TU D Y
as well as from the mobile phones via WiFi, GPRS or SMS. It also provides SMS facility to check PNR
status and Live Train Status as well. In addition to e-tickets, Indian Railways Catering and Tourism
Corporation also offers I-tickets that are basically like regular tickets except that they are booked
online and delivered by post.
Required:
i. Considering the number of users IRCTC has, you are supposed to find out the kind of Networking
Architecture used by it.
ii. Define the particular kind of Networking Architecture of IRCTC.
iii. Explain the need of using such type of Networking Architecture by IRCTC.
iv. Mention the advantages of the Networking Architecture of IRCTC.
a “Horizontal and Vertical keiretsu” to compete against it’s main rivals in International market, Ford
Automobiles and General Motors and to gain a competitive advantages over them. To communicate
S TU D Y
and share data, documents, files, databases and other computing resources with privacy and in a
secured manner, these companies have formed a private logical network.
Required:
2. Recycle
ww Dispose e-waste according to central, state and local regulations;
ww Discard used or unwanted electronic equipment in a convenient and environmentally responsible manner as
computers emit harmful emissions;
ww Manufacturers must offer safe end-of-life management and recycling options when products become unusable;
and
ww Recycle computers through manufacturer’s recycling services.
3. Make environmentally sound purchase decisions
ww Purchase of desktop computers, notebooks and monitors based on environmental attributes;
ww Provide a clear, consistent set of performance criteria for the design of products;
ww Recognize manufacturer efforts to reduce the environmental impact of products by reducing or eliminating
environmentally sensitive materials, designing for longevity, and reducing packaging materials; and
ww Use Server and storage virtualization that can help to improve resource utilization, reduce energy costs, and
simplify maintenance.
4. Reduce Paper Consumption
ww Reduce paper consumption by use of e-mail and electronic archiving;
ww Use of “track changes” feature in electronic documents, rather than red line corrections on paper;
ww Use online marketing rather than paper-based marketing; e-mail marketing solutions that are greener, more
affordable, flexible and interactive than direct mail; free and low-cost online invoicing solutions that help cut
down on paper waste; and
ww While printing documents; make sure to use both sides of the paper, recycle regularly, use smaller fonts and
margins, and selectively print required pages.
5. Conserve Energy
ww Use Liquid Crystal Display (LCD) monitors rather than Cathode Ray Tube (CRT) monitors;
ww Develop a thin-client strategy wherein thin clients are smaller, cheaper, simpler for manufacturers to build than
traditional PCs or notebooks and most importantly use about half the power of a traditional desktop PC.
ww Use notebook computers rather than desktop computers whenever possible;
ww Use the power-management features to turn off hard drives and displays after several minutes of inactivity;
ww Power-down the CPU and all peripherals during extended periods of inactivity;
ww Try to do computer-related tasks during contiguous, intensive blocks of time, leaving hardware off at other
times;
ww Wherever possible, the devices that can perform more than one function should be used. For example, multi-
purpose printer saves energy by combining a printer, scanner, fax, and photocopier into one device.
ww Power-up and power-down energy-intensive peripherals such as laser printers according to need;
ww Employ alternative energy sources for computing workstations, servers, networks and data centers; and
ww Adapt more of Web conferencing offers instead of travelling to meetings to go green and save energy.
Question 2: Ms. Anita, a final year student of undergraduate course had to submit her project report in pdf form. She
initially prepared her report in MS Word and used online software from google to edit the photos used in her assignment.
Later, for final submission, she used online pdf converter to convert her word file into pdf. Identify the Cloud Computing
Service Model that is being used by her and further discuss the Model’s different instances. (RTP December 2021)
Answers: The Cloud Computing service model used by Ms. Anita is Software as a Service (SaaS). The different
instances of the model are as follows:
ww Testing as a Service (TaaS): This provides users with software testing capabilities such as generation of test
data, generation of test cases, execution of test cases and test result evaluation on a pay-per-use basis.
ww API as a Service (APIaaS): This allows users to explore functionality of Web services such as Google Maps,
Payroll processing, and credit card processing services etc.
ww Email as a Service (EaaS): This provides users with an integrated system of emailing, office automation,
records management, migration, and integration services with archiving, spam blocking, malware protection,
and compliance features.
Question 4: PQR limited is planning to receive payment from the customers through Digital Payments. Though
there are lots of benefits of digital payments but there are drawbacks as well. Briefly explain any six drawbacks of digital
payments. (July 2021, 6 Marks)
Answer:
Some drawbacks of Digital Payments are listed below:
1. Difficult for a Non-technical person: As most of the digital payment modes are based on mobile phone, the
internet, and cards; these modes are somewhat difficult for non-technical persons such as farmers, workers etc.
2. The risk of data theft: There is a big risk of data theft associated with the digital payment. Hackers can hack the
servers of the bank or the E-Wallet a customer is using; and easily get his/her personal information. They can use
this information to steal money from the customer’s account.
3. Overspending: One keeps limited cash in his/her physical wallet and hence thinks twice before buying anything.
But if digital payment modes are used, one has access to all his/her money that can result in overspending.
4. Disputed transactions: In case the electronic money such as credit card is misused by someone else, it is very
difficult to receive a refund.
5. Increased business costs: Digital payment systems come with an increased need to protect sensitive financial
information stored in a business’s computer systems from unauthorized access. Businesses have to incur additional
costs in procuring, installing and maintaining sophisticated payment-security technologies.
6. The necessity of internet access: Digital payment cannot be performed if Internet connection fails.
Question 5: Hybrid cloud is a combination of both at least one private and at least one public cloud computing
environments. Explain the characteristics of Hybrid Cloud. (July 2021, 4 Marks)
Answer:
The characteristics of Hybrid Cloud are as follows:
1. Scalable: The hybrid cloud has the property of public cloud with a private cloud environment and as the public
cloud is scalable; the hybrid cloud with the help of its public counterpart is also scalable.
2. Partially Secure: The private cloud is considered as secured and public cloud has high risk of security breach. The
hybrid cloud thus cannot be fully termed as secure but as partially secure.
3. Stringent SLAs: In the hybrid cloud, the Service Level Agreements (SLAs) are overall more stringent than the
private cloud and might be as per the public cloud service providers.
4. Complex Cloud Management: Cloud management in hybrid cloud is complex as it involves more than one type of
deployment models, and the number of users is high.
© Carvinowledge Press (CNP), 2022
Question 6: Explain the concept of green computing. How will you develop a sustainable green computing plan?
(January 2021, 6 Marks)
Answer:
Green Computing
ww Green Computing or Green IT refers to the study and practice of environmentally sustainable computing
or IT. It is the study and practice of establishing/ using computers and IT resources in a more efficient and
environmentally friendly and responsible way.
ww The objective of Green computing is to reduce the use of hazardous materials, maximize energy efficiency
during the product’s lifetime, and promote the recyclability or biodegradability of defunct products and factory
waste.
ww Green computing’s practices include the implementation of energy-efficient Central Processing Units (CPUs),
servers and peripherals as well as reduced resource consumption and proper disposal of electronic waste
(e-waste).
The steps to develop a sustainable Green Computing plan are as follows:
ww Involve stakeholders to include checklists, recycling policies, recommendations for disposal of used equipment,
government guidelines and recommendations for purchasing green computer equipment in organizational
policies and plans;
ww Encourage the IT community for using the best practices and encourage them to consider green computing
practices and guidelines.
ww On-going communication about and campus commitment to green IT best practices to produce notable results.
ww Include power usage, reduction of paper consumption, as wel l as recommendations for new equipment and
recycling old machines in organizational policies and plans; and
ww Use cloud computing so that multiple organizations share the same computing resources thus increasing the
utilization by making more efficient use of hardware resources.
Question 8: Draw Workflow Diagram for e-commerce and describe various steps and corresponding activities
involved in this diagram. (May-2018, 8 Marks)
Question 10: After demonetization, one of your elderly neighbours, who was using traditional digital methods of
making payments like cards, net banking etc., asked for your help to know about the various new methods of Digital Payments.
Identify and explain various new methods of Digital Payments for him.
(Nov-2018, 6 Marks)
Question 13: Write any two application areas of Internet of Things (IOT). (May – 2019, 3 Marks)
Question 14: Mobile computing is an important and rapidly evolving technology that allows users to transmit data
from remote location to other locations in mobility condition. Being a communication expert, identify the limitations in
current scenario that impede or hesitate users to use this technology frequently. (May – 2019, 8 Marks)
Question 15: Every business decision is accompanied with a set of threats and so is BYOD program. Explain briefly
the areas in which the risks associated with BYOD program can be classified.
(Nov – 2019, 4 Marks)
Question 16: Explain the concept of E-Commerce briefly. How can you protect your E-Commerce business from
intrusion? (Nov – 2019, 4 Marks)
Question 17: Write a brief description of three tier architecture of Application Software.
(Nov – 2019, 2 Marks)
Question 19: E-business benefits individuals, businesses, government and society at large. As a business seller,
analyze the benefits that you would draw from e-business. (RTP Nov-2018)
Hint: E-businesses benefits individuals, businesses, governments and society at large. As a seller, the benefits to Business
/ Sellers are as follows:
ww Increased Customer Base ww Efficiency improvement due to
ww Recurring payments made easy ww Creation of new markets
ww Instant Transaction ww Easier entry into new markets
ww Provides a dynamic market ww Better quality of goods
ww Reduction in costs ww Elimination of Time Delays
Question 20: As an IT consultant, advise some tips to an aspiring e-commerce vendor so that his business can be
protected from intrusion. (RTP Nov-2018)
Hint: Tips to protect any e-Commerce business from intrusion are as follows:
ww Viruses
ww Hackers
ww Passwords
ww Regular software updates
ww Sensitive data
ww Know the details of your payment service provider contract.
Question 21: Discuss the concept of “Virtualization” and its application areas. (RTP May-2019)
Hint: In computing, Virtualization means to create a virtual version of a device of resource, such as a server, storage
device, network or even an operating system where the framework divides the resource into one or more execution
environments. Virtualization refers to technologies designed to provide a layer of abstraction between computer
hardware systems and the software running on them. By providing a logical view of computing resources, rather than
a physical view; virtualization allows its’ users to manipulate their systems’ operating systems into thinking that a
group of servers is a single pool of computing resources and conversely, allows its users to run multiple operating
systems simultaneously on a single machine. Thus, the core concept of Virtualization lies in Partitioning, which divides a
single physical server into multiple logical servers. For example - Partitioning of a hard drive is considered virtualization
because one drive is partitioned in a way to create two separate hard drives. Devices, applications and human users
can interact with the virtual resource as if it were a real single logical resource. Application Areas of Virtualization are as
follows:
ww Server Consolidation ww Portable Applications
ww Disaster Recovery ww Portable Workspaces
ww Testing and Training
Question 22: Though Mobile computing is a versatile and strategic technology that increases information quality
and accessibility; however, it has its own limitations. Analyze them. (RTP May-2019)
Hint: Limitations of Mobile Computing are as follows:
ww Insufficient Bandwidth ww Transmission interferences
ww Security Standards ww Potential health hazards
ww Power consumption ww Human interface with device
Question 23: The Prime Minister Office of a country X plans to establish specific infrastructure setup with its access
© Carvinowledge Press (CNP), 2022
shared amongst members of the group constituting of some selected high-profiled dignitaries and officers from different
ministries. The objective of the group is to carry out certain assignments related to nation’s security and integrity. Which is the
most suitable choice of the cloud under Cloud Computing? Discuss its advantages and limitations as well. (RTP Nov-2019)
Hint: The most suitable choice is Community Cloud which is the cloud infrastructure provisioned for exclusive use by
a specific community of consumers from organizations that have shared concerns (e.g. mission security requirements,
policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations
in the community, a third party or some combination of them, and it may exist on or off premises. In this, a private cloud
is shared between several organizations. This model is suitable for organizations that cannot afford a private cloud and
cannot rely on the public cloud either.
Advantages of Community Cloud are as follows:
ww It allows establishing a low-cost private cloud.
ww It allows collaborative work on the cloud.
ww It allows sharing of responsibilities among the organizations.
ww It has better security than the public cloud.
The limitation of the Community Cloud is that the autonomy of the organization is lost and some of the security features
are not as good as the private cloud. It is not suitable in the cases where there is no collaboration.
Question 24: DEF is a car battery manufacturing company which intends to provide online business to its customers.
Briefly explain various components involved in any e-Commerce transaction. (RTP May-2020)
Hint: Various components of e-Commerce transaction are as follows:
i. User
ii. E-commerce Vendors
iii. Technology Infrastructure
ww Computers, Servers and Database ww Digital Library
ww Mobile Apps ww Data Interchange
iv. Internet/Network
v. Web portal
vi. Payment Gateway
Question 25: ABC University wants to conduct online exams for its different courses for which a contract is given
to vendor XYZ. The vendor provides computing resources such as processing power, memory, storage, and networks to
ABC university users to run their online exam application on-demand. Identify the Service Model of Cloud Computing
that vendor XYZ is providing to ABC University and also describe its characteristics. (RTP May-2020)
Hint: The Service Model provided by vendor XYZ to ABC University is Infrastructure as a Service (IaaS).
Characteristics of Infrastructure as a Service (IaaS) of Cloud Computing are as follows:
ww Web access to the resources ww Shared infrastructure
ww Centralized Management ww Metered Services
ww Elasticity and Dynamic Scaling
Question 26: Define the following: (Study Material)
a. E- Commerce d. Bring Your Own Device
b. M-Commerce e. Grid Computing Security
c. Machine learning
Question 27: What are the risks associated with E-Commerce Transactions that are high as compared to general
Internet activities? (Study Material)
Question 28: Miss Prathama is confused between e- business and e-commerce. Advise her whether they are the
same or not.
Question 29: Mr. Pankaj, the Managing Director of Carvinowledge Ltd, wants to know about e-commerce. He has
appointed you as his consultant. Explain to him the concept of E-commerce and its benefit to his enterprise and its
Question 30: E- Commerce has become an important part of day to day purchase by consumers. Discuss the
components of E- Commerce. (Study Material)
Question 31: E- Commerce has made our lives so convenient. However, it is not an unmixed blessing. Explain.
(Study Material)
Hint: This means it is a mixed blessing which means it has a positive as well as a negative side. It has some benefits as
well as some risks.
Question 32: D4Delivery.com is an online portal. How can it apply control in E- Commerce Environment?
Question 33: Carvinowledge is an online book seller and operates through its site Carvinowledge.com. It wants to
apply control in its E-Commerce Environment. On whom should control be placed?
Question 34: What are the Levels through which Cyber Breach can occur? Also illustrate the considerations as
controls addressing key cyber security risks. (Study Material)
Question 35: There are various types of traditional digital payment s method. Enumerate and explain different kinds
of traditional digital payment method. (Study Material)
Question 36: Digital Payment is a mechanism that has evolved with e-commerce transactions and is becoming
increasingly popular. Its advantageous for the banks to implement digital payments, however the same has certain
drawbacks also. Support the statement by identifying advantages as well as drawbacks of digital payments.
Question 37: Now-a-days, Credit Cards are extensively being used for payment purpose. As a consultant to credit
card section of a bank, advise the risks involved in the credit card process.
Question 38: Ms. Y is using Google Apps through which she can access any application, service and data storage
facilities on the Internet and pay asper-usage. Analyze which computing model is providing her these facilities. Also,
determine the model’s key characteristics. [May 2015]
Hint: Cloud computing model provides the facility to access shared resources and common infrastructure offering
services on demand over the network to perform operations that meet changing business needs. Thus, we can say that
Ms. Y is using the Cloud Computing model which allows her to use many computing resources as a service through
networks, typically the Internet. Also, Refer to page 212 (characteristics of Cloud Computing).
Question 39: Trivedi enterprises want to avail cloud service. What are the different types of clouds in a Cloud
computing environment? [Nov. 2014]
Question 40: Google provides cloud computing services. What are the advantages of Cloud computing?
[Nov. 2015]
Question 41: What is Mobile Computing? Discuss its components. [Nov. 2014, (Study Material)]
Question 42: Mobile computing gives users the freedom to roam, with access to data and services at any time and in
any place. However, there are also some limitations of mobile computing. Explain.
Question 43: What is Grid Computing? What are the possible reasons of using Grid Computing? [Nov. 2014]
Question 44: Vishal Insurance Corporation, an insurance company has established grid computing system in its enterprise
to mine data from partner hospitals for fraud detection. Discuss the benefits of grid computing. (Study Material)
Question 45: With the help of grid computing Eesha enterprises wants to configure internal and external resources
to support e-Business workload. Advise it on the type of resources it will need to successfully use grid computing.
Question 46: To develop security architecture, some constraints are taken from the characteristics of grid environment
and application. Explain.
Question 47: Virtualization means to create a virtual version of a device or resource, where the framework divides the
resource into one or more execution environments. Explain the types of virtualization. (Study Material)
Question 48: The concept of green computing was launched by the U.S. environmental protection agency in 1992
© Carvinowledge Press (CNP), 2022
through the Energy Star program. What does green computing Refer to? Also state its objectives.
Question 49: Carvinowledge press, a publishing house follows a BYOD policy. Explain BYOD policy and its benefits.
Question 50: BYOD policy renders the workspaces flexible, empowers employees to be mobile and gives them the
right to work beyond their required hours. Despite all these benefits to the enterprise and its employees, Prathama ltd is
not agreeing to implement. What could be the possible reasons for so? (Study Material)
Question 51: What is semantic web? Also, what are the components of semantic web?
Question 53: Artificial intelligence (AI) is on the rise both in business and in the world in general. What is Artificial
intelligence? Explain. Also, state its application.
Question 54: Artificial intelligence is attempting to duplicate the attributes of intelligent behavior and capabilities in
computer-based systems. What are the risks of Artificial intelligence?
Question 55: E-commerce business is expected to grow at a rapid pace. With the advancement in technology, such
as smart phones and Apps, it is clear that there will be astonishing growth for this sector in the coming years. In your
opinion, what are the latest trends evolving in the area of E-Commerce?
Question 56: What do you mean by Machine Learning? List down any 5 application areas of Machine Learning
15. CaaS stands for _________________________. 22. What feature of a cloud service can completely
(a) Communication as a Solution isolate the failure of server and storage resources
(b) Communication as a Service from cloud users. Work is migrated to a different
physical resource in the cloud with or without user
(c) Customization as a Service
awareness and intervention.
(d) Customization as a Solution
(a) Resiliency
16. The _______________ vendor is responsible for all (b) Elasticity and Scalability
hardware and software management and offers
(c) Pay per use
guaranteed Quality of Service (QoS).
(d) On-demand service
(a) NaaS (b) SaaS
(c) IaaS (d) CaaS 23. Public cloud service providers often can host the
cloud services for multiple users within the same
17. Voice over IP (VoIP) and Instant Messaging (IM) is infrastructure. Which of the following features does
an example of _________________________. the above statement signify?
(a) CaaS (b) Naas (a) Pay per use
(c) SaaS (d) Iaas (b) On-demand service
18. PaaS stands for _________________________. (c) Multi Tenancy
(a) Platform as a Solution (d) Elasticityand Scalability
(b) Program as a Solution
(c) Platform as a Service CLOUD COMPUTING ENVIRONMENT
(d) Program as a Service 24. Which of the following cloud describes cloud
© Carvinowledge Press (CNP), 2022
(c) Community and private clouds only (b) It is feasible to confine within budgetary allocations
(d) At least two clouds, where the clouds included are and can be ahead of completion cycle times.
a mixture of public, private, or community. (c) Storing information in the cloud could make the
30. A _____________ cloud is essentially a combination company vulnerable to external hack attacks and
of at least two clouds. threats.
(a) Public (b) Private (d) Surrendering all the company’s sensitive
information to a third-party cloud service
(c) Community (d) Hybrid
provider could potentially put the company to
great risk.
BENEFITS/ DRAWBACKS OF CLOUD COMPUTING
31. Which of the following is a benefit of cloud MOBILE COMPUTING
computing?
35. _______________________ is a computing system
(a) Data and applications can be accesses anytime, where the users with portable computers still have
anywhere, using any smart computing device, network connections while they move.
making our life so much easier.
(a) Cloud computing
(b) Not required to spend huge money on hardware,
(b) Grid computing
software, or licensing fees.
(c) Mobile computing
(c) Volume output or productivity can be increased
even with fewer systems and thereby reduce the (d) Parallel computing
cost per unit of a project or product. 36. __________ refers to the infrastructure put in place to
(d) All of the above ensure that seamless and reliable communication
39. Which of the following is a benefit of mobile (a) Virtualization (b) Cloud computing
computing? (c) Grid computing (d) Mobile computing
(a) Cell phones may interfere with sensitive medical 44. Grid computing in general is a special type of
devices. Cell phone signals may cause health parallel computing that ______.
problems.
(a) Relies on the entire computer systems (with
(b) Weather, terrain, and the range from the nearest on-board CPU, storage, power supply, network
signal point can all interfere with signal reception. interface, and so forth)
Reception in tunnels, some buildings, and rural
(b) Is a computer network in which each computer’s
areas is often poor.
resources are shared with every other computer
(c) Screens and keyboards tend to be small, which in the system.
may make them hard to use.
(c) Connected to a network (private, public, or the
(d) Mobile device enables employees to work from Internet) by a conventional network interface.
anywhere, anytime by accessing and updating
(d) All of the above
information as required. Thus, increase in
workforce productivity. 45. Which of the following persons can incorporate grid
computing in its operations?
40. Which of the following is a drawback of mobile
computing? (a) Civil engineers collaborate to design, execute,
and analyse shake table experiments.
(a) Mobile computing gives users the freedom to
roam, with access to data and services at any time (b) An application service provider off loads excess
and in any place. load to a compute cycle provider.
(b) Screens and keyboards tend to be small, which (c) Large-scale science and engineering are done
© Carvinowledge Press (CNP), 2022
may make them hard to use. through the interaction of people, heterogeneous
computing resources, information systems and
(c) Customer service can be improved by responding
instruments, all of which are geographically and
to customer queries on site or off site.
organizationally dispersed.
(d) Incident management can be improved by
(d) All of the above
resolving problems faster without limitation of
time as the concerned employees can attend to 46. Which of the following is a benefit of grid computing?
these regardless of their location. (a) Virtual resources and virtual organizations for
collaboration
GRID COMPUTING (b) Enforcing security rules
(b) Allow local access control mechanisms to be used (b) Support for multiple implementations
without change. (c) Protection of Credentials
(c) Neither a Nor b (d) Interoperability with local security solutions
(d) Both ‘a’ and ‘b’
55. There should be a security policy which should
50. In a grid computing system, a user should
provide security to multiple sources based on
authenticate once and they should be able to
public and private key cryptography. Which of the
acquire resources, use them, and release them and
following feature of a grid security architecture is
to communicate internally without any further
highlighted in the above statement?
authentication. Which of the following feature of
(a) Support for secure group communication
a grid security architecture is highlighted in the
above statement? (b) Support for multiple implementations
(a) Protection of Credentials (c) Protection of Credentials
(b) Interoperability with local security solutions (d) Interoperability with local security solutions
(c) Single Sign-on
VIRTUALISATION
(d) Exportability
51. In a grid computing system, user passwords, 56. ____________ is the process of creating logical
private keys, etc. should be protected. Which of the computing resources from available physical
following feature of a grid security architecture is resources.
highlighted in the above statement? (a) Grid computing
(a) Single Sign-on (b) Mobile computing
(c) Virtualization
61. In ______________, a single physical server is divided 68. The basic idea of ___________________ is to
into multiple logical servers. consolidate many small physical servers into one
(a) Partitioning (b) Consolidation large physical server so that the processor can be
(c) Grouping (d) Both b and c used more effectively.
(a) Network virtualisation
62. _____________________ are used to consolidate many
physical servers into fewer servers, which in turn (b) Storage virtualisation
host virtual machines. (c) Operating virtualisation
(a) Virtual machines (d) Platform virtualisation
(b) Physical machines 69. _________________ is the apparent pooling of data
(c) Relational machines from multiple storage devices, even different types
(d) Logical machines of storage devices, into what appears to be a single
device that is managed from a central console.
63. Virtual machines are used to _______________ many
(a) Network virtualisation
physical servers into fewer servers, which in turn
host virtual machines. (b) Storage virtualisation
(a) Partition (c) Hardware virtualisation
(b) Parallel compute (d) Platform virtualisation
(c) Consolidate 70.
Hardware virtualisation is also known as
(d) Distributed compute _____________________________.
(a) Network virtualisation
64.
Platform Virtualization is also known as
(b) Platform virtualisation
© Carvinowledge Press (CNP), 2022
_____________________.
(a) Hardware Virtualization (c) Storage virtualisation
(b) Network Virtualization (d) Operating virtualisation
(c) Storage Virtualization
GREEN COMPUTING
(d) All of the above
65. __________________ refers to the creation of a virtual 71. _________________ refers to the study and practice of
machine that acts like a real computer with an environmentally sustainable computing.
operating system. (a) Sustainable development
(a) Hardware Virtualization (b) Green Computing
(b) Platform Virtualization (c) Green IT
(c) Storage Virtualization (d) Both b and c
(d) Both a and b 72. Which of the following is an objective of green
66. _________________________ is a method of combining computing?
the available resources in a network by splitting (a) To promote the recyclability or biodegradability
up the available bandwidth into channels, each of of defunct products and factory waste.
which is independent from the others, and each of (b) To reduce the use of hazardous materials.
which can be assigned (or reassigned) to a particular (c) To maximize energy efficiency during the
server or device in real time. product’s lifetime.
(a) Hardware Virtualization (d) All of the above
(b) Network virtualization 73. Which of the following is not a practice under Green
(c) Platform Virtualization Computing?
(d) Storage Virtualization (a) Disposing waste according to central, state and
67. ____________________ refers to the creation of a local regulations
virtual machine that acts like a real computer with (b) Purchase of desktop computers, notebooks and
an operating system. monitors based on environmental attributes
(a) Network virtualisation (c) Power-down the CPU and all peripherals during
(b) Storage virtualisation extended periods of inactivity
(c) Platform virtualisation (d) Use Cathode Ray Tube (CRT) monitors than
(d) Operating virtualisation Liquid Crystal Display (LCD) monitors
91. Which of the following is not an advantage of Grid (d) Testing Tools
computing?
99. In the context of “Software as a Service”,
(a) Resource Sharing amongst Entities ______________ provides users with an integrated
(b) Higher Computing Capacity system of office automation, records management,
(c) Increased use of Internet migration, and integration services with archiving,
(d) Resource Balancing spam blocking malware protection, and compliance
features.
92. Use of Internet – based computing is called
(a) Testing as a Service (TaaS)
(a) Grid Computing (b) Cloud Computing
(b) API as a Service (APIaaS)
(c) Virtualization (d) Internetworking
(c) E-mail as a Service (Eaas)
93. ________ feature is cloud computing allows
(d) All of the above
servers and storage devices to share and utilize
applications, by easy migration from one physical 100. In “Data as Service” model, which of the following is
server to another. not TRUE?
(a) Agility (b) Scalability (a) Data can be made available only to a
(c) Virtualization (d) Reliability restricted set of users, systems or application
(b) Users can only perform read operations on the
94. Which of the following is not true about cloud
data
computing?
(c) Users have access to high – quality data in a
(a) Software Integration occurs automatically without
centralized place and pay by volume or data type
additional efforts to customize and integrate the
applications as per User’s preferences (d) None of the above
(b) Cloud computing is suitable only for 101. When an End user (Client Entity) accesses the
SMEs since they need not invest heavily in Authentication Infrastructure that is built, hosted,
infrastructure managed and provided by the Third party service
(c) Cloud Computing also permits customization provider, it is said to avail _______ facility.
with greater ease, i.e., select those services and (a) Communication as a service
software application that fits best to the Entity (b) Data as a service
(d) Project Managers can also track user – wise and (c) Security as a Service
project – wise time usage on various type of (d) Identity as Service
clouds
102. Which of these is NOT within the scope of “Identity (a) Recycling
as a Service”? (b) Reducing paper consumption
(a) Directory Services (c) Conserving energy
(b) Risk and Event Monitoring (d) Green security
(c) Web content filtering 107. Which of the following is not a risk associated with
(d) Identity and Profile Management bring your own device (BYOD) concept?
103. Which of these is a service model operated by (a) Lack of device Visibility
“Network as Service” (NaaS) providers? (b) Application Viruses and Malware
(a) Bandwidth on Demand (Bod) (c) Need to provide End user support to a variety
(b) Virtual Private Network (VPN) of devices
(c) Mobile Virtual Network (MVN) (d) Loss of Corporate data if device is stolen
(d) All of the above 108. In BYOD Environment, Loss of employee’s Personal
104. Which of the following is not TRUE about mobile devices which contains sensitive corporate
computing? information, can cause financial and reputational
(a) Use of portable computing devices embarrassment to an organization.
(b) Allows data transmission through a computer This is an a example of________________.
(c) There is a need for connecting to a fixed (a) Network Risk (b) Device Risk
physical link (c) Application Risk (d) Implementation Risk
(d) Data is being sent and received across the 109. Internet of Things (IoT) has many risks. There are
Unit II
E-Commerce and M-Commerce
E-COMMERCE (a) Any form of business transaction in which the
parties interact electronically rather than by
1. E-commerce transactions can be executed with the
physical exchanges.
help of __________.
(b) Usually associated with buying and selling over
(a) Laptop (b) Mobile
the internet, or conducting any transaction
(c) PCs. (d) All of the above
involving the transfer of ownership or rights
2. E- Business provides a __________ market to the to use goods or services through a computer-
sellers. mediated network.
(a) Dynamic (b) Static
(c) The use of electronic communications and digital
(c) Both a and b (d) None of the above information processing technology in business
3. Which one of the following is not an Operating transactions to create, transform, and redefine
system? relationships for value creation between or
© Carvinowledge Press (CNP), 2022
14. Which are the advantages of e-commerce to sellers? (c) Suppliers and supply chain management
(a) Reduction in cost (d) Guarantees
(b) Creation of new markets 21. ____________________________ is the application
(c) Easier entry into new markets through which users interact with the e-commerce
(d) All of the above vendors.
(a) Internet/Network
15. Which of the following is a benefit of e-commerce (b) Payment gateway
available to the sellers? (c) Web portal
(a) Reduction in error (d) Digital libraries
(b) Better quality of goods 22. In two-tier architecture, ______________ is an
(c) Reduction in cycle time interface that allows user to interact with the
(d) All of the above e-commerce / m-commerce vendor.
(a) Presentation Tier
16. Which of the following is not a component of
e-commerce? (b) Database Tier
(a) Warehouse operations (c) Physical Tier
(b) Supply chain (d) Application Tier
(c) Shipping and returns 23. Arrange the following in the correct order:
(d) Data Grid. i. User places the order
ii. Payment gateway requests for confirmation from
E-COMMERCE COMPONENTS
26. A single computer that contains a database and (c) A single tier system is impractical for an
a front end to access the database is known as organization which requires two or more users to
__________________. interact with the organizational data stores at the
(a) One-tier (b) Two-tier same time.
(c) Three-tier (d) N-tier (d) All of the above
27. One - tier architecture is also known as ____. 36. Which of the following is a disadvantage of a single
(a) Lone-tier (b) Stand-alone tier tier architecture?
(c) Isolated tier (d) Single- tier (a) A single-tier system requires only one stand-
alone computer.
28. A ____________ system consists of a client and a
(b) It also requires only one installation of proprietary
server.
software which makes it the most cost-effective
(a) One-tier (b) Two-tier system available.
(c) Three-tier (d) N-tier (c) It is impractical for an organization which
29. In ______________ system, the database is stored requires two or more users to interact with the
on the server, and the interface used to access the organizational data stores at the same time.
database is installed on the client. (d) All of the above
(a) Two-tier (b) One-tier 37. The performance of _____________ deteriorates if
(c) Three-tier (d) N-tier number of users is greater than 100.
30. In two-tier system, the database is stored on the (a) Single tier (b) Two- tier
_________________. (c) Three- tier (d) N- tier
© Carvinowledge Press (CNP), 2022
(a) Server (b) Client 38. Which of the following is an objective of applying
(c) Neither a Nor b (d) Both a and b control in e-commerce environment?
31.
In two-tier system, the interface is used (a) Prevent loss of Computer Hardware, Software
to access the database is installed on the and Personnel
_________________________. (b) Prevent high costs of computer Error
(a) Server (b) Client (c) Safeguard assets from un-authorized access
(c) Either a or b (d) Both a and b (d) All of the above
32. In _______________ system, the user system interface 39. Which of the following is an advantage of two-tier
is usually located in the user’s desktop and the architecture?
database management services are usually in a (a) Since processing was shared between the client
server which is a more powerful machine that and server, more users could interact with system.
services many clients.
(b) Performance deteriorates if number of users is
(a) One-tier (b) Three-tier greater than 100.
(c) Two-tier (d) N-tier (c) Limited functionality in moving the program or
33. In two tier system, the user system interface is programs across servers.
usually located in the ________________________. (d) All of the above
(a) Server (b) User’s desktop 40. Which of the following is a disadvantage of a two-
(c) Either a or b (d) Both a and b tier architecture?
34. In two tier system, the database management (a) Since processing was shared between the client
services are usually in a ________ which is a more and server, more users could interact with system.
powerful machine that services many clients. (b) Performance deteriorates if number of users is
(a) Server (b) User’s desktop greater than 100.
(c) Either a or b (d) Both a and b (c) Limited functionality in moving the program or
35. Which of the following is an advantage of single tier programs across servers.
architecture? (d) Both b and c
(a) It requires only one installation of proprietary 41. A ____________ system can handle users only up to
software which makes it the most cost-effective 100 ueses,
system available. (a) One-tier (b) Three-tier
(b) Can be used by only one user at a time. (c) Two-tier (d) N-tier
42. Which of the following is an advantage of 3 -tier iii. Customer pays through credit card
architecture, as compared to two-tier system? iv. Shipping is scheduled an sent tocustomer
(a) Improved scalability v. Order sent to warehouse for shipping
(b) Improved data integrity (a) i, ii, iii, iv, v
(c) Improved security (b) i, iii, v, iv, ii
(d) All of the above (c) i, iii, iv, ii, v
(d) iv, iii, v, i, ii
E-COMMERCE ARCHITECTURE
51. Arrange the following steps in an e-commerce
43. Client / user interface includes ________. transaction in the correct order:
(a) Web server (b) Web browser i. Customers login
(c) Internet (d) All of the above ii. If product/service inventory is managed by
44. The application layer includes the ___________. e-commerce vendor, then dispatch shall be
initiated at merchant warehouse or if e-commerce
(a) Web server
merchants allow third party vendors to sale
(b) Back end server through merchant websites.
(c) Information store house iii. Order placed for selected product/service by
(d) All of the above customer.
45. The client interface includes ___________. iv. Customer makes a selection of the payment
(a) Application server method.
(b) Back end server v. In case products/services were sold on cash on
54. There is a possibility that the electronic transaction (b) Non-recognition of electronic transactions
in the form of contract, sale order or purchase by the (c) Denial of Service
trading partner or customer may be denied. Which (d) Lack of audit trails
of the following risk in an e-commerce environment
is highlighted in the above? 60. Audit trails in e-commerce system may be lacking
and the logs may be incomplete, too voluminous or
(a) Repudiation of contract
easily tampered with. Which of the following risk in
(b) Problem of anonymity an e-commerce environment is highlighted in the
(c) Lack of authenticity of transactions above?
(d) Data Loss or theft or duplication (a) Attack from hackers
55. The electronic documents that are produced (b) Denial of Service
during an e-commerce transaction may not be (c) Non-recognition of electronic transactions
authentic and reliable. Which of the following risk (d) Lack of audit trails
in an e-commerce environment is highlighted in the
above? 61. Intellectual property may not be adequately
protected when such property is transacted through
(a) Problem of anonymity
e-commerce. Which of the following risk in an
(b) Repudiation of contract e-commerce environment is highlighted in the
(c) Lack of authenticity of transactions above?
(d) Data Loss or theft or duplication (a) Attack from hackers
56. The data transmitted over the internet may be lost, (b) Problem of piracy
duplicated, tampered with or replayed.Which of the (c) Denial of Service
© Carvinowledge Press (CNP), 2022
66. Data is a critical resource of an organization for its (c) Safeguard assets from un-authorized access
present and future process and its ability to adapt (d) System efficiency objectives
and survive in a changing environment. Which of
71. The importance to maintain integrity of data of an
the following control objective is being highlighted
organization depends on the value of information,
in the above statement?
the extent of access to the information and the
(a) Prevent organizational costs of data Loss value of data to the business from the perspective
(b) Prevent loss from incorrect decision making of the decision maker, competition and the
(c) Prevent loss of Computer Hardware, Software market environment. Which of the following
and Personnel control objective is being highlighted in the above
(d) Prevent from high costs of computer Error statement?
67. Management and operational controls taken by (a) Ensure data integrity
managers involve detection, investigations and (b) Safeguard assets from un-authorized access
correction of out-of-control processes. These high- (c) System effectiveness objectives
level decisions require accurate data to make (d) System efficiency objectives
quality decision rules. Which of the following
72. Effectiveness of a system is evaluated by auditing
control objective is being highlighted in the above
the characteristics and objective of the system to
statement?
meet substantial user requirements.Which of the
(a) Prevent organizational costs of data Loss following control objective is being highlighted in
(b) Prevent loss from incorrect decision making the above statement?
(c) Prevent loss of Computer Hardware, Software (a) Safeguard assets from un-authorized access
and Personnel
LEVELS THROUGH WHICH CYBER BREACH CAN 85. GSM stands for _____________.
(a) Global Service for Mobile Communication
OCCUR
(b) Global System for Mobile Communication
79. Which of the following are controls addressing key (c) Global Semantics for Mobile Communication
cyber security risks? (d) Global System for Mobile Code
(a) A Network Diagram detailing servers, databases, 86. AEPS stands for _________________________.
hubs, routers, internal and external network, etc.
(a) Aadhaar Enabled Payment Station
(b) List of the Digital Assets used by the Company and
(b) Aadhaar Employed Payment Service
the IT Managers responsible for the protection
for those digital assets along with the physical (c) Aadhaar Enabled Payment Service
location of those assets. (d) Aadhaar Enterprise Payment Service
(c) Policy and Procedure document of the Digital 87. Which of the following statement about digital
Assets payment is true?
(d) All of the above (a) It is also called electronic payment.
80. Which of the following stores the financial (b) No hard cash is involved in the digital payments.
information? (c) All the transactions in digital payments are
(a) Application layer completed online.
(b) Database layer (d) All of the above
(c) Internal network 88. UPI stands for _________________.
(d) Perimeter network (a) Unitary Payment Interface
(b) Unified Payment Interface
103. In the context of client Server Technology, a Tier is a (a) Policy Clarity
(a) distinct part of Hardware (b) Regulatory Compliance
(b) level of system software (c) Training and Education
(c) distinct part of Hardware or Software (d) All of the above
(d) None of the above 107. Which of the following is not directly relevant Law
104. In a 3 – Tier Architecture, the data in Database Tier applicable to e – commerce Transactions?
is kept independent of (a) The Indian Contract, 1872
(a) Application layer (b) The Factories Act, 1948
(b) Presentation layer (c) The Internet Banking Act, 2002
(c) Both a and b (d) The Customs Act, 1962
(d) None of the above 108. “SBI Buddy” is an example of
105. In E-Commerce with a 3-Tier Architecture, the (a) IMPS system
Customer checks the products and services on the (b) E-wallet
website, and places his order therein, using the (c) Mobile Apps
__________ Tier.
(d) UPI Apps
(a) Presentation
109. There is a risk that Intellectual Property may not
(b) Application
be adequately protected when such property is
(c) Database transacted through e – commerce. This risk is
(d) All of the above generally referred to as
© Carvinowledge Press (CNP), 2022
106. Each participant should have policies, practices and (a) Hacking (b) Piracy
procedures in place to protect from e-commerce / (c) Anonymity (d) Authenticity
m-commerce related risks. These will includes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d a d b d a a c d a a b d d d d d d d a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
c a c b a a d b a a b c b a a c b d a d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
c d d b d c a b c b a d c a c d c a b d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
b a b c d a b c d c a c b d d a b d d b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
c d c a b c d b d a d d d d a b d d b d
101 102 103 104 105 106 107 108 109
d a c c b d c b b
5
Amendments at a Glance D I
CORE Banking Systems (CBS)
I
Non-life Insurance
R
Insurance contracts that do not come under the ambit of life insurance are called Non-life or General Insurance. As the
tangible assets like home, vehicle etc. are susceptible to damages, the general insurance provides protection against
unforeseeable contingencies like loss of the asset due to fire, marine, motor, accident etc.
T
Cyber Security
Comprehensive Cyber Security Framework is prescribed by RBI for Banks to ensure effective information security governance.
Some key features of Cyber Security Framework as prescribed by are RBI for banks are as under:
M
1. Network Security and Secure Configuration: The following key measure are required to be implemented:
a. Multi-layered boundary defense through properly configured proxy servers, firewalls, intrusion detection systems to
O
protect the network from any malicious attacks and to detect any unauthorized network entries.
b. Different LAN segments for in-house/onsite ATM and CBS/branch network to confirm the adequacy of bandwidth
to deal with the volume of transactions so as to prevent slowing down and resulting in lower efficiency.
.
c. To ensure secure network configuration; proper usage of routers, hubs and switches should be envisaged.
d. Periodic security review of systems and terminals to assess the network’s vulnerability and identify the weaknesses.
F
e. Identification of the risks to ensure that risks are within the bank’s risk appetite and are managed appropriately.
2. Application Security: Full-fledged Security policy to ensure Confidentiality, Integrity and Availability (CIA) of data and
O
information needs to be development and implemented covering following key features:
a. Implementation of bank specific email domains (example, XYZ bank with mail domain xyz.in) with anti-phishing
R
(security measures to prevent steal of user data) and anti-malware software (software tool/program to identify and
prevent malicious software/malware from infecting network) with controls enforced at the email solution.
P
b. Two factor authentication, an extra step added to the log-in process, such as a code sent to user’s phone or a
fingerprint scan, that helps verify the user’s identity and prevent cybercriminals from accessing private information.
c. Implementation of Password Management policy to provide guidance on creating and using passwords in ways that
maximize security of the password and minimize misuse or theft of the password.
d. Effective training of employees to educate them to strictly avoid clicking any links received via email.
e. Proper reporting mechanism to save the banks from the effects of misconduct – including legal liability, lasting
reputational harm, and serious financial losses.
f. Required to conduct effective due diligence and oversight to thoroughly assess the credentials of vendors/third party
service providers/partners and making non-disclosure and security policy compliance agreements mandated for them.
g. Effective change management process to record/ monitor all the changes that are moved/ pushed into production
environment.
h. Robust configuration management processes to register changes to business applications, supporting technology,
service components and facilities.
i. Incident response and management mechanism to take appropriate action in case of any cyber security incident
with well written incident response procedures elaborating the roles of staff handling such incidents.
j. Capturing of the audit logs pertaining to user actions and an alert mechanism to monitor any change in the log
settings.
k. Continuous surveillance to stay regularly updated on the latest nature of emerging cyber threats.
major part of the sale proceeds amounting to ` 65 lakhs was collected and routed through various
bank accounts held in SNFC Bank which was subsequently advanced to various bogus companies and
S TU D Y
a series of transactions were initiated to make the money appear to have been obtained from a
legal legitimate source. These activities were carried out with the assistance of one of the employees
of SNFC Bank who intentionally altered few computer sources codes so that no records for major
transactions that took place could be found in the database. A series of transactions ranging from `
10,000 to ` 1 lakh was initiated in a month for depositing the amount of ` 65 lakhs in SNFC Bank.
However, SNCF Bank had failed to keep proper record of information relating to few of the transactions
as they were not of substantial amount. Furthermore, it was later found that one of the staff members
of SNFC bank whose relative was an insurance agent, used to obtain medical information of the
customers having account with the bank for obtaining personal benefits.
In this context, answer the following:
i. Which amongst the following activities carried out by Mr. Shoren could be considered as an
offence of Money Laundering?
a. Expenses incurred for procurement of narcotic drugs
b. Sale of narcotic drugs without a license.
a. Routing the illegal proceeds through bank and other transactions to appear as obtained
from legitimate source.
d. Being a part of the cartel/association carrying out illegal sale of drugs.
ii. The employee of SNFC Bank who had assisted Mr. Shoren in routing the illegal money through
bank by altering the computer source code so that major transactions’ amounts were not
© Carvinowledge Press (CNP), 2022
traceable in the bank’s database. Under which section of IT Act 2000 will this act be punishable?
a. Section 66E b. Section 66B
c. Section 65 d. Section 66D
iii. Mr. Shoren was involved in the collection and sale of illegal drugs and got the routing done
through various banking transactions and advances to bogus companies. Which stages of Money
Laundering process address these afore said activities?
a. Placement and Integration b. Layering and Integration
c. Placement and Layering d. Placement, Layering and Integration
iv. SNFC Bank failed to maintain records of information relating to baking transactions carried
out by Mr. Shoren as many of the transaction amounts were not substantial. Also, the privacy
regarding the details of medical history of its customers was breached. Which kind of risk
would SNFC bank be exposed to if it has to face legal penalties as it had failed to act in
accordance with laws and requirements as per Prevention of Money Laundering Act (PMLA).
a. Legal and Compliance Risk
b. Compliance and Information Security Risk
c. Information Security and People Risk
d. Transaction processing and Legal risk
Solution
Question No. Answer
1. (c) Routing the illegal proceeds through bank and other transactions to appear as obtained from
legitimate source.
2. (c) Section 65
3. (c) Placement and Layering
4. (b) Compliance and Information Security Risk
for internet banking facilities. He has also applied and produced all the necessary documents for
availing a housing loan from the said bank. Though the procedures followed for sanctioning housing
S TU D Y
loans are quite stringent, GNI bank offers floating interest rate on its loans and offers comparatively
higher interest rates on its fixed deposits compared to the other banks in the state also.
In this context, answer the following:
i. Given below are the features of Core Banking Solution recently implemented by GNI Bank that
prove advantageous to both the bank and its customers. Which among the following advantages
would relate the most to Mr. Doshi who has recently availed a housing loan in terms of easy and
effortless Internet banking?
a. Reliance on transaction balancing
b. Highly dependent system-based controls
c. Daily, half yearly and annual closing
d. Automatic processing of standing instructions
ii. GNI Bank during this stage of the loan processing of Mr. Doshi, checks the borrower’s ability to
repay the loan based on an analysis of his credit history, and his earning capacity. This process
which forms a major aspect in loan approvals is referred to as _________.
a. Clearing b. Underwriting
c. Collections d. Letter of Credit
iii. GNI bank has also implemented necessary controls to ensure safeguards against the exposure
Solution
Question No. Answer
1. (d) Automatic processing of standing instructions
2. (b) Underwriting
3. (c) Proxy Server
4. (b) Security policies are established and management monitors compliance with policies.
Opening of Fixed deposit etc. are some of the services that can be avai led under Phone Banking.
◘◘ Branch Banking: Core Banking Systems are the bank’s centralized systems that are responsible for
ensuring seamless workflow by automating the frontend and backend processes within a bank. CBS
enables single view of customer data ac ross all branches in a bank and thus facilitate information
across the delivery channels. The branch confines itself to the following key functions:
ww Creating manual documents capturing data required for input into software;
ww Internal authorization;
ww Initiating Beginning-Of-Day (BOD) operations;
ww End-Of-Day (EOD) operations; and
ww Reviewing reports for control and error correction.
Question 2: BMN Bank limited has recently started its core banking operations. The Bank approached
Mr. X for his advice regarding the maintenance of records as a reporting entity considering the provisions
of the PMLA, 2002. What do you think shall be the probable reply of Mr. X mentioning the relevant
provisions of the PMLA, 2002? (RTP December 2021)
Answers: Section 12 of the Prevention of Money Laundering Act, 2002 provides for the obligation of
Banking Companies, Financial Institutions and Intermediaries i.e. the reporting entity to maintain
records of transactions. Mr. X should have advised BMN Bank Ltd. To maintain records in the compliance
to said section.
1. Accordingly, every reporting entity shall –
i. maintain a record of all transactions, including information relating to transactions covered
under point (ii) below, in such manner as to enable it to reconstruct individual transactions.
Here records shall be maintained for a period of five years from the date of transaction between
a client and the reporting entity.
ii. furnish to the Director within such time as may be prescribed, information relating to such
transactions, whether attempted or executed, the nature and value of which may be prescribed;
iii. Omitted
iv. Omitted
v. Maintain record of documents evidencing identity of its clients and beneficial owners as well as
account files and business correspondence relating to its clients.
2. Every information maintained, furnished or verified, save as otherwise provided under any law for
the time being in force, shall be kept confidential.
3. The records referred to in clause (i) of sub-section (1) shall be maintained for a period of five years
from the date of transaction between a client and the reporting entity.
4. The records referred to in clause (e) of sub-section (1) shall be maintained for a period of five years
after the business relationship between a client and the reporting entity has ended or the account
has been closed, whichever is later.
5. The Central Government may, by notification, exempt any reporting entity or class of reporting
entities from any obligation under this Chapter.
Question 3: Briefly discuss the characteristics of Core Banking Systems (CBS). (July 2021, 2 Marks)
Answers: The characteristics of Core Banking Systems (CBS) are as follows:
ww CBS is centralized Banking Application software that has several components which have been
designed to meet the demands of the banking industry.
ww CBS is supported by advanced technology infrastructure and has high standards of business
functionality.
ww Core Banking Solution brings significant benefits such as a customer is a customer of the bank
Question 10:
a. In Core Banking Systems, discuss the possible risks and their controls around the CASA (Current
and Savings Account) process.
b. Define Money Laundering. (RTP May-2018)
Hint:
Risks Controls
Credit Line setup is unauthorized and The credit committee checks that the Financial Ratios, the Net-worth, the Risk fac-
not in line with the banks policy. tors and its corresponding mitigating factors, the Credit Line offered and the Credit
amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit
Line.
Credit Line setup in CBS is unauthorized Access rights to authorize the credit limit in case of account setup system should be
and not in line with the banks policy. restricted to authorized personnel.
Customer Master defined in CBS is not Access rights to authorize the customer master in CBS should be restricted to
in accordance with the Pre- Disburse- authorized personnel.
ment Certificate.
Inaccurate interest / charge being calcu- Interest on fund-based facilities are automatically calculated in the CBS as per the
lated in CBS. defined rules.
Unauthorized personnel approving the Segregation of Duties to be maintained between the initiator and authorizer of the
CASA’s transaction in CBS. transaction for processing transaction in CBS.
Inaccurate accounting Accounting entries are generated by CBS basis the facilities requested by the cus-
entries generated in CBS. tomer and basis defined configurations for those facilities in CBS.
In Core Banking Systems (CBS), the possible risks and their controls around the CASA (Current and
Savings Account) Process are as follows:
c. Money Laundering: Money Laundering is the process by which the proceeds of the crime and the
© Carvinowledge Press (CNP), 2022
true ownership of those proceeds are concealed or made opaque so that the proceeds appear to
come from a legitimate source. The objective in money laundering is to conceal the existence, illegal
source, or illegal application of income to make it appear legitimate. Money laundering is commonly
used by criminals to make ‘dirty’ money appear ‘clean’ or the profits of criminal activities are made
to appear legitimate. Money Laundering involves three stages namely – Placement, Layering and
Integration.
Question 11: Analyze new set of IT risks and challenges associated with the businesses and standards
that the banks should consider? (RTP Nov-2018)
Hint: The business processes and standards adapted by Banks should consider these new set of IT
risks and challenges:
i. Frequent changes or obsolescence of technology: Technology keeps on evolving and changing
constantly and becomes obsolete very quickly. Hence, there is always a risk that the investment
in technology solutions unless properly planned may result in loss to bank due to risk of
obsolescence.
ii. Multiplicity and complexity of systems: The core of banking services remain same but by using
technology the way these banking products and services are provided changes drastically. The
Technology architecture used for services could include multiple digital platforms and is quite
complex. Hence, this requires the bank personnel to have personnel with requisite technology
skills or the management of the bank’s technology could be outsourced to a company having the
relevant skill set.
iii. Different types of controls for different types of technologies/ systems: Deployment of
Technology gives rise to new types of risks which are explained later in this chapter. These risks
need to be mitigated by relevant controls as applicable to the technology/information systems
deployed in the bank.
iv. Proper alignment with business objectives and legal/ regulatory requirements: Banks must
ensure that the CBS and allied systems implemented, cater to all the business objectives and
needs of the bank, in addition to the legal/regulatory requirements envisaged.
v. Dependence on vendors due to outsourcing of IT services: In a CBS environment, the bank
requires staff with specialized domain skills to manage IT deployed by the bank. Hence, these
services could be outsourced to vendors and there is heavy dependency on vendors and gives
rise to vendor risks which should be managed by proper contracts, controls and monitoring.
vi. Vendor related concentration risk: There may not one but multiple vendors providing different
services. For example, network, hardware, system software and banking software services may
be provided by different vendors or these services may be provided by a single vendor. Both
these situations result in higher risks due to heavy dependence on vendors.
vii. Segregation of Duties (SoD): Banks have a highly defined organization structure with clearly
defined roles, authority and responsibility. The segregation of duties as per organization
structure should be clearly mapped in the CBS used by the bank. This is a high-risk area since
any SoD conflicts can be a potential vulnerability for fraudulent activities. For example, if a single
employee can initiate, authorize and disburse a loan the possibility of misuse cannot be ignored.
viii. External threats leading to cyber frauds/ crime: The CBS environment provides access to
customers anytime, anywhere using internet. Hence, information system which was earlier
accessible only within and to the employees of the bank is now exposed as it is open to be
accessed by anyone from anywhere. Making the information available is business imperative but
this is also fraught with risks of increased threats from hackers and others who could access the
software to commit frauds/crime.
ix. Higher impact due to intentional or unintentional acts of internal employees: Employees in
a technology environment are the weakest link in an enterprise. This is much more relevant
◘◘ Financial and administrative powers of each official/ position is fixed and communicated to all
persons concerned.
◘◘ Branch managers must send periodic confirmation to their controlling authority on compliance of
the laid down systems and procedures.
◘◘ All books are to be balanced periodically. Balancing is to be confirmed by an authorized official.
◘◘ Details of lost security forms are immediately advised to controlling so that they can exercise caution.
◘◘ Fraud prone items like currency, valuables, draft forms, term deposit receipts, traveler’s cheques
and other such security forms are in the custody of at least two officials of the branch.
Question 13: Discuss the risks and their corresponding controls associated with the Treasury Process
in Core Banking Systems (CBS). (RTP May-2019)
Hint: The Risks and their corresponding Controls associated with the Treasury Process in Core
Banking Systems are as follows:
S.No. Risk Key Controls
Unauthorized securities setup in
Appropriate Segregation of duties and review controls around securities
1. systems such as Front office/Back
master setup/amendments.
office.
Appropriate Segregation of duties and review controls to ensure the accuracy
2. Inaccurate trade is processed.
and authorization of trades.
Unauthorized confirmations are
3. Complete and accurate confirmations to be obtained from counterparty.
processed.
Insufficient Securities available for
4. Effective controls on securities and margins.
Settlement
Incomplete and inaccurate data
5. Inter-system reconciliations, Interfaces and batch processing controls.
flow between systems.
© Carvinowledge Press (CNP), 2022
Question 14: “The deployment and implementation of Core Banking Systems (CBS) should be controlled
at various stages to ensure that the banks automation objectives are achieved”. Analyze the statement.
(RTP No-2019)
Hint: The deployment and implementation of Core Banking Systems (CBS) should be controlled at
various stages to ensure that banks automation objectives are achieved:
◘◘ Planning: Planning for implementing the CBS should be done as per strategic and business
objectives of bank.
◘◘ Approval: The decision to implement CBS requires high investment and recurring costs and will
impact how banking services are provided by the bank. Hence, the decision must be approved by
the Board of directors.
◘◘ Selection: Although there are multiple vendors of CBS, each solution has key differentiators. Hence,
bank should select the right solution considering various parameters as defined by the bank to meet
their specific requirements and business objectives.
◘◘ Design and develop or procured: CBS solutions used to be earlier developed in-house by the bank.
Currently, most of the CBS deployment are procured. There should be appropriate controls covering
the design or development or procurement of CBS for the bank.
◘◘ Testing: Extensive testing must be done before the CBS is live. The testing is to be done at different
phases at procurement stage to test suitability to data migration to ensure all existing data is correctly
migrated and testing to confirm processing of various types of transactions of all modules produces
the correct results.
◘◘ Implementation: CBS must be implemented as per pre-defined and agreed plan with specific
project milestones to ensure successful implementation.
◘◘ Maintenance: CBS must be maintained as required. E.g. program bugs fixed, version changes
implemented, etc.
◘◘ Support: CBS must be supported to ensure that it is working effectively.
◘◘ Updating: CBS modules must be updated based on requirements of business processes, technology
updates and regulatory requirements.
◘◘ Audit: Audit of CBS must be done internally and externally as required to ensure that controls are
working as envisaged.
Fundamentally, in a CBS, all the bank’s branches access applications from centralized datacenters. All
transactions are routed through core systems, which are available 24x7 and accessible from anywhere,
anytime and through multiple devices such as desktops, laptops, ATM, Internet, mobile phone, tablets,
etc.
Question 15: Differentiate between Internet Banking Channel Server (IBCS) and Internet Banking
Application Server (IBAS) used in Core Banking Systems (CBS). (RTP Nov-2019)
Hint: Internet Banking Channel Server (IBCS): IBCS (Internet Banking Channel Server) software
stores the name and password of the entire internet banking customers. IBCS server also contains
the details about the branch to which the customer belongs. The Internet Banking customer would
first have to log into the bank’s website with the username and password.
Internet Banking Application Server (IBAS): The Internet Banking Software which is stored in the IBAS
(Internet Banking Application Server) authenticates the customer with the login details stored in the
CORE BANKING SYSTEM (CBS) 7. Which of the following is not an element of CBS?
(a) Managing customer accounts.
1. CBS allows the bank’s customers to deposit money
(b) Establishing criteria for minimum balances,
in _______________________.
interest rates, number of withdrawals allowed
(a) The home branch only and so on.
(b) The specified branches in the city only (c) Maintaining records for all the bank’s transactions.
(c) All branches other than home branch (d) None of the above
(d) All the branches of the bank
8. Core Banking System may be defined as the ________
2. CBS allows the customer to _________. components that manage the services provided by a
(a) Deposit from home branch and get it withdrawal bank to its customers through its branches (branch
easily from the home branch. network).
(b) Deposit from home branch and get it withdrawal (a) Set of basic rules
easily from the other branch. (b) Set of basic software
(c) Deposit from any branch and get it withdrawal (c) Set of basic hardware
easily from the any other branch. (d) Set of basic application
© Carvinowledge Press (CNP), 2022
number of banks in the same clearing house area (a) High Net worth Individuals
are credited. (b) Harmonized Network Individuals
(a) ECS credit (b) Guarantee (c) High Network Interface
(c) ECS debit (d) Letter of credit (d) Harmonized Network Interface
12. A _____________ is an undertaking by a bank to the
payee (the supplier of goods and/or services) to pay RISK MANAGEMENT AND IT RISKS
to him, on behalf of the applicant (the buyer) any
21. Which of the following are risks relating to Banking?
amount up to the limit specified in the aforesaid
document, provided the terms and conditions (a) Inaccuracy of data leading to incorrect decision-
mentioned herein are complied with. making
(a) ECS credit (b) Letters of Credit (b) Loss of money or reputation or business due to
frauds
(c) Reporting (d) Guarantee
(c) Unauthorized access to customer information
13. The _____________ is required by the customers
(d) All of the above
of banks for submission to the buyers of their
goods or services to guarantee the performance 22. Which of the following are risks to data?
of contractual obligations undertaken by them or (a) Unauthorized data changes
satisfactory performance of goods supplied by them, (b) Absence of logs and audit trail.
or for submission to certain departments like excise (c) Unauthorized transactions
and customs, electricity boards, or to suppliers of
(d) All of the above
goods, etc. in lieu of the stipulated security deposit.
23. Which of the following are risks to data?
(a) ECS credit (b) Letters of Credit
(a) Unauthorized entry or corrections or deletions.
(c) Reporting (d) Guarantee
(b) Transactions without vouchers.
14. ____________________ cover all operations done at
(c) Changing data using other’s password.
the back office of the bank.
(d) All of the above
(a) Back operations (b) Front operations
16.
______________ are also called front-office 25. Which of the following is an IT risk?
operations. (a) Unauthorized or incorrect Interest rate changes.
(a) Back operations (b) Retail banking (b) Incorrect Interest computation.
(c) Reporting (d) Front operations (c) Incorrect computation of charges
17. ______________________ covers all operations which (d) All of the above
provide direct retail services to customers. 26. Which of the following is an IT risk?
(a) Back operations (b) Reporting (a) Unauthorized increased in credit limits.
(c) Front operations (d) Retail banking (b) Payments of stolen drafts.
18. ______________________ covers all operations which (c) Payment of stopped cheques.
provide direct retail services to customers. (d) All of the above
(a) Back operations (b) Reporting 27. Which of the following is an IT risk?
(c) Front operations (d) Retail banking (a) Payment of duplicate drafts.
19.
Risk management should be done at (b) Opening of new accounts without complying
____________________. with KYC.
(a) Strategic (b) Tactical (c) Payments of stolen drafts.
(c) Operational (d) All of the above (d) All of the above
20. HNI stands for _______________.
28. Which of the following is not a core banking 35. If a single employee can initiate, authorize and
services? disburse a loan the possibility of misuse ________.
(a) Advances (b) Letters of Credit (a) Is reduced (b) Is increased
(c) Reporting (d) Deposits (c) Does not exist (d) Has no effect
29. Which of the following is a challenge of IT in core
36. Which of the following strategy of risk management
banking system?
refers to eliminating the risk by not taking up
(a) Frequent changes or obsolescence of technology or avoiding the specific business process which
(b) Multiplicity and complexity of systems involves risk?
(c) Dependence on vendors due to outsourcing of IT (a) Avoid (b) Mitigate
services
(c) Transfer (d) Accept
(d) All of the above
30. Which of the following is an indicator of high IT 37. Which of the following strategy of risk management
risk? means sharing risk with partners or transfer to
insurance coverage?
(a) IT security is not given required priority.
(b) Attitude of ‘Computer will take care of everything (a) Avoid (b) Mitigate
– no checking is required”. (c) Transfer (d) Accept
(c) Lack of transparency of IT operations and 38. Which of the following strategy of risk management
responsibility assigned. refers to formally acknowledging that the risk exists
(d) All of the above and monitoring it?
31. Which of the following is an indicator of high IT (a) Avoid (b) Mitigate
risk? (c) Transfer (d) Accept
(a) Lack of Input control.
39. Which of the following strategy of risk management
(b) Lack of output verification. refers to implementing controls?
(c) Lack of evidence.
(a) Avoid (b) Mitigate
(d) All of the above
(c) Transfer (d) Accept
32. Which of the following is an indicator of high IT
© Carvinowledge Press (CNP), 2022
44. Which of the following is an objective of Internal (a) Work of one staff member is invariably supervised/
Control System in Banks? checked by another staff member, irrespective of
(a) To ensure orderly and efficient conduct of the nature of work (Maker-Checker process).
business. (b) A system of job rotation among staff exists.
(b) To ensure adherence to management policies. (c) Financial and administrative powers of each
(c) To ensure safeguarding assets through prevention official/ position is fixed and communicated to
and detection of fraud and error. all persons concerned.
(d) All of the above
(d) All of the above
52. Which of the following illustrates the application of
45. Which of the following is an objective of Internal internal controls in bank branch?
Control System in Banks?
(a) Branch managers must send periodic
(a) To ensure adherence to management policies. confirmation to their controlling authority
(b) To ensure accuracy and completeness of the on compliance of the laid down systems and
accounting record. procedures.
(c) To ensure timely preparation of the reliable (b) All books are to be balanced periodically.
financial information. Balancing is to be confirmed by an authorized
(d) All of the above official.
(c) Details of lost security forms are immediately
APPLYING IT CONTROLS advised to controlling so that they can exercise
caution.
46. Which of the following is an application control?
(d) All of the above
(a) Configuring system software 53. Which of the following illustrates the application of
(b) Setting parameters in masters internal controls in bank branch?
(c) Transaction Logging (a) A system of job rotation among staff exists.
(d) Back up of data (b) Details of lost security forms are immediately
47. Which of the following is a General control? advised to controlling so that they can exercise
(c) The system checks whether the amount to be 61. Which of the following shows the implementation of
withdrawn is within the drawing power. general controls?
(d) All of the above (a) Management of Systems Acquisition and
Implementation.
56. Which of the following illustrates IT Controls in
Bank? (b) Backup, Recovery and Business Continuity
(c) Proper Development and Implementation of
(a) The system flashes a message if the balance in
Application Software
a lien account would fall below the lien amount
after the processing of the transaction. (d) All of the above
62. Which of the following shows the implementation of
(b) Access to the system is available only between
general controls?
stipulated hours and specified days only.
(a) Backup, Recovery and Business Continuity
(c) Individual users can access only specified
(b) Confidentiality, Integrity and Availability of
directories and files. Users should be given access
Software and Data Files
only on a ‘need-to-know basis’ based on their role
in the bank. This is applicable for internal users of (c) Proper Development and Implementation of
the bank and customers. Application Software
(d) All of the above
(d) All of the above
63. ______________ are controls which are implemented
57. Which of the following illustrates IT Controls in in an application to prevent or detect and correct
Bank? errors.
(a) Exception situations such as limit excess, (a) Application control
reactivating dormant accounts, etc. can be (b) Report control
handled only with a valid supervisory level
(c) General Control
password.
(d) Update Control
(b) A user time out is prescribed. This means that
64. ________________ are in-built in the application
after a user logs-in and there is no activity for a
software to ensure accurate and reliable processing.
pre-determined time, the user is automatically
(a) Application control
© Carvinowledge Press (CNP), 2022
84. Which of the following is not a server to the CBS, in (b) File server
reference to CBS? (c) Internet server
(a) Brach Server (b) WAP Server (d) Printer server
(c) ATM/POS (d) Web Server 90. The ____________________ hosts the core banking
85. Which of the following is a host-database server, in application.
reference to CBS? (a) Application server
(a) Oracle (RDBMS) (b) File server
(b) Business Intelligence (c) Print server
(c) TP Monitors (d) Web server
(d) cHost Connect 91. _______________ is a powerful and robust system
86. Which of the following is an application Servers, in that performs all the core banking operations.
reference to CBS? (a) File server
(a) Business Intelligence (b) Application server
(b) TP Monitors (c) Web server
(c) cHost Connect (d) Database server
(d) all of the above 92. Which of the following statement about web host is
87. Following is the list of CBS stages. Which of the true?
following order is correct? (a) There is a web host attached to the web server.
i. Planning (b) The web host has an operating system and runs
ii. Approval the services from the web server.
iii. Selection (c) It accepts web page requests from the customers
iv. Design and develop or procured and processes the same.
v. Testing (d) All of the above
© Carvinowledge Press (CNP), 2022
vi. Implementation 93. ______________ of the bank contains the entire data
vii. Maintenance of the bank.
viii. Support (a) Database server
ix. Updation (b) File server
x. Audit (c) Application server
(a) i, ii, iii, vi, vii, iv, v, viii, ix, x (d) Web server
(b) i, ii, iii, iv, v, vi, vii, viii, ix, x 94. ___________________ can access the database server.
(c) i, ii, iii, iv, v, vi, vii, viii, ix, x (a) ATM server
(d) i, vii, iv, v, viii, ix, x, iii, ii, vi, (b) Internet Banking Application Server (IBAS)
(c) Application server
CBS IT ENVIRONMENT (d) All of the above
88. Which of the following statement is true? 95. When the Central Database is busy with central
(a) It is a computer (Hardware) or device on a end-of- day activities or for any other reason, the
network dedicated to run one or more services file containing the account balance of the customer
(as a host), to serve the needs of the users of other is sent to the ATM switch. Such a file is called
computers on a network. _____________________.
(b) Servers operate within client-server architecture. (a) Neutral Balance File
(c) Servers are computer programs running to serve (b) Positive Balance File
the requests of other programs, the clients. (c) Negative Balance File
(d) All of the above (d) Unique Balance File
89. Web servers, mail servers, FTP servers, multimedia 96. As most of the ATMs are attached to the central
servers and real-time communication servers are network, the only control is through ____________.
all examples of ___________________. (a) ATM server
(a) Application server (b) Internet Banking Application Server (IBAS)
111. Which of the following is a risk in the credit card (b) Incorrect loan amount disbursed.
processing? (c) Interest amount is in-correctly calculated and
(a) Credit Line setup can be breached charged.
(b) Inaccurate interest or charge being calculated in (d) All of the above
the Credit Card system. 118. Which of the following are the controls for the risk
(c) Inaccurate reconciliations performed. of capturing incorrect customer and loan details, in
the Mortgage Process?
(d) All of the above
(a) There is secondary review performed by an
BUSINESS PROCESS FLOW OR MORTAGAGES independent team member who will verify loan
amount to be disbursed with the core banking
112. _________________ is a secured loan which is secured application to the signed offer letter.
on the borrower’s property by marking a lien on the (b) There is secondary review performed by an
property as collateral for the loan. independent team member who will verify loan
(a) Hypothecation (b) Mortgage details captured in core banking application with
(c) Lien (d) Pledge offer letter.
(c) System enforced segregation of duties exist in the
113. _______________ is a traditional mortgage where
core banking application where the inputter of the
customer has an option of selecting fixed or variable
transaction cannot approve its own transaction
rate of interest and is provided for the purchase of
and reviewer cannot edit any details submitted
property.
by inputter.
(a) Home Loan
(d) Interest amount is auto calculated by the core
(b) Top Up Loan
banking application basis loan amount, ROI and
(c) Loans for Under Construction Property tenure.
(d) All of the above
119. Which of the following are the controls for the risk of
114. In case of ________________, the customer already disbursing incorrect loan amount, in the Mortgage
has an existing loan and is applying for additional Process?
© Carvinowledge Press (CNP), 2022
amount either for refurbishment or renovation of (a) There is secondary review performed by an
the house. independent team member who will verify loan
(a) Home Loan amount to be disbursed with the core banking
(b) Top Up Loan application to the signed offer letter.
(c) Loans for Under Construction Property (b) There is secondary review performed by an
(d) All of the above independent team member who will verify loan
115. In case of ________________________, the loan is details captured in core banking application with
disbursed in branches or parts as per construction offer letter.
plan. (c) System enforced segregation of duties exist in the
(a) Home Loan core banking application where the inputter of the
(b) Top Up Loan transaction cannot approve its own transaction
(c) Loans for Under Construction Property and reviewer cannot edit any details submitted
(d) All of the above by inputter.
116. In which of the following loans the customer already (d) Interest amount is auto calculated by the core
has an existing loan and is applying for additional banking application basis loan amount, ROI and
amount either for refurbishment or renovation of tenure.
the house? 120. Which of the following are the controls for the risk
(a) home loan of calculating and charging wrong interest, in the
(b) top-up loan Mortgage Process?
(c) loan for under construction property (a) There is secondary review performed by an
(d) all of the above independent team member who will verify loan
117. Which of the following are the risks around the details captured in core banking application with
Mortgage Process? offer letter.
(a) Incorrect customer and loan details are captured (b) There is secondary review performed by an
which will affect the over-all downstream process. independent team member who will verify loan
amount to be disbursed with the core banking (c) Venture Capital Funds
application to the signed offer letter. (d) Interest derivatives
(c) System enforced segregation of duties exist in the 125. With reference to treasury process, which of the
core banking application where the inputter of the following doesn’t fall under the list of products in
transaction cannot approve its own transaction investment category?
and reviewer cannot edit any details submitted (a) Options (b) Swaps
by inputter. (c) Futures (d) Security Receipts
(d) Interest amount is auto calculated by the core 126. ___________________ includes dealing room
banking application basis loan amount, ROI and operations wherein the dealers enter into deal
tenure. with the various corporate and interbank Counter-
121. Which of the following are the controls for the risk of parties.
unauthorised changes been made, in the Mortgage (a) Front office (b) Middle office
Process? (c) Back office (d) All of the above
(a) There is secondary review performed by an 127. In the _____________________, deals are entered
independent team member who will verify loan by dealers on various trading /communication
details captured in core banking application with platform such as Routers’ system, telephonic
offer letter. conversation, Brokers or any other private channel
(b) There is secondary review performed by an with the respective counter-party.
independent team member who will verify loan (a) Front office (b) Middle office
amount to be disbursed with the core banking (c) Back office (d) All of the above
application to the signed offer letter. 128. _________________________ includes risk
(c) System enforced segregation of duties exist in the management, responsibility for treasury
core banking application where the inputter of the accounting, and documentation of various types,
transaction cannot approve its own transaction producing the financial results, analysis and budget
and reviewer cannot edit any details submitted forecasts for the treasury business unit, input into
by inputter. regulatory reporting.
150. In a Bank’s IT system (CBS), channel Servers route with various corporate and Inter – Bank counter –
the Client Request to the Parties?
(a) Overall Server (a) Front Office (b) Middle Office
(b) Channel Server (c) Back office (d) All of the above
(c) Application Server 153. In an Internet Banking System, the user’s Password
151. In Bank’s IT system (CBS), no user is granted access will be displayed as
to CBS directly. Access is always through ________ (a) Plain Text (b) Dots
that processes the request and fetches or sends data (c) Both (a) and (b) (d) None of the above
to the CBS for updating.
(a) ATMs (b) Central Server
(c) Channel Server (d) Database Server
152. A Bank’s Treasury Operations can be functionally
divided into – (1) Front Office, (2) Middle Office,
and (3) Back office. Which of these relate to dealing
room operations where the dealers enter into deal
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
d c d d d d d b d a c b d a c d c c d a
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d d d d d d c d d d d d d b a c d b c
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
d d d d d c a a c d d d d d d d d a c d
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
d d a b d d d d d d d d d d d a d d d b
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
b c a c a d b d c a b d a d b c a c a c
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
a d d a b b c c a d d b a b c b d b a d
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
c b a d d a a b a c c a c b b d c b a d
141 142 143 144 145 146 147 148 149 150 151 152 153
d b c c d a a b d c c a b
6 Regulatory Compliances
D I
Descriptive Questions for Practice
V E
I
Question 1: Explain the salient features of Section 134 & Section 143 of the Companies Act 2013. (Study Material)
R
Question 2: Give five examples of computer related offences that can be prosecuted under the IT Act 2000 (amended
via 2008). (Study Material)
Question 3:
T
Corporate governance is the framework of rules and practices, by which a board of directors ensures
accountability, fairness and transparency in a company’s relationship with all its stakeholders. List out the rules and procedures
that constitute corporate governance framework. (May – 2019, 3 Marks)
M
Hint:
Corporate Governance is the framework of rules and practices by which a board of directors ensures accountability,
O
fairness, and transparency in a company’s relationship with its all stakeholders.
The corporate governance framework consists of:
◘◘ Explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities,
.
rights, and rewards.
F
◘◘ Procedures for reconciling the sometimes-conflicting interests of stakeholders in accordance with their duties,
privileges, and roles, and
◘◘ Procedures for proper supervision, control, and information-flows to serve as a system of checks-and-balances.
Question 4:
R O
As a cyber-expert, you have been invited in a seminar to share your thoughts on data protection and
privacy in today’s electronic era. In your PowerPoint presentation on the same, you wish to incorporate the main
principles on data protection and privacy enumerated under the IT Act, 2000. Identify them.
P
Question 5: Describe any six commercial laws each in brief, that are applicable to any e-commerce or m-commerce
transactions. (RTP May-2018/Nov-2019)
Hint: All e-commerce transactions are commercial business transactions. All these transactions are covered under
multiple laws, including commercial laws. Following commercial laws are applicable to e-commerce and m-commerce
transactions.
◘◘ Income Tax Act, 1961: Income Tax Act, has detailed provisions regarding taxation of income in India. In respect
of e-commerce / m-commerce transactions, the issue of deciding place of origin transaction for tax purpose is
critical.
◘◘ Companies Act, 2013: Companies Act, 2013, regulates the corporate sector. The law defines all regulatory aspects
for companies in India. Most of the merchants in e-commerce/m-commerce business are companies, both private
and public.
◘◘ Foreign Trade (Development and Regulation) Act, 1992: An Act to provide for the development and regulation
of foreign trade by facilitating imports into, augmenting exports from, India and for matters connected therewith or
incidental thereto. Amazon has recently allowed Indian citizens to purchase from its global stores. All these shall
be regulated through above law.
◘◘ The Factories Act, 1948: Act to regulate working conditions of workers. The act extends to place of storage as well as
transportation. Most of the merchants in e- commerce / m-commerce business need to comply with provisions of the act.
◘◘ The Custom Act, 1962: The act that defines import / export of goods / services from India and provides for levy of
appropriate customs duty. India being a signatory to General Agreement on Trade and Tariff (GATT) under World
Trade Organization, cannot levy any custom duty that GATT non-compliant.
◘◘ The Goods and Services Tax Act, 2017 (GST): This Act requires each applicable business, including e-commerce/
m-commerce, to upload each sales and purchase invoice on one central IT infrastructure, mandating reconciliations
of transactions between business, triggering of tax credits on payments of GST, facilitating filling of e-returns, etc.
◘◘ Indian Contract Act,1872: The act defines constituents of a valid contract. In case of e-commerce / m-commerce
business it becomes important to define these constituents.
◘◘ The Competition Act, 2002: Law to regulate practices that may have adverse effect on competition in India.
Competition Commission have been vigilant to ensure that e-commerce / m-commerce merchants do not engage
in predatory practices.
◘◘ Foreign Exchange Management Act (FEMA 1999): The law to regulate foreign direct investments, flow of
foreign exchange in India. The law has important implications for e-commerce / m-commerce business. Foreign
investment in Business to Customer (B2C) e-commerce activities has been opened in a calibrated manner and an
entity is permitted to undertake retail trading through e-commerce under certain circumstances.
◘◘ Consumer Protection Act, 1986: The law to protect consumer rights has been source of most of litigations for
transaction done through e-commerce and m- commerce.
Question 9: Money laundering is used by anti-social elements to make ‘dirty’ money appear ‘clean’ that affects the
economy of any country. Discuss the various stages involved in the process of Money Laundering.
(Nov – 2019, 6 Marks, RTP May-2020)
Hint: Stages of Money Laundering are as follows:
i. Placement: The first stage involves the Placement of proceeds derived from illegal activities - the
(c) To amend the Indian Penal Code, 1860, Indian (a) Harassment via fake public profile on social
Evidence Act, 1872, The Bankers’ Books Evidence networking site.
Act, 1891 and the Reserve Bank of India Act, 1934. (b) E-mail Account Hacking.
(d) All of the above (c) Credit Card Fraud.
11. The important issues dealt in by the Information (d) All of the above
Technology Act, 2000 includes _______________. 17. Which of the following is a computer related
(a) Legality of products or services being offered offence?
online. (a) Web Defacement.
(b) Data Protection (b) Introducing Worms
(c) Protecting your Customer’s Privacy Online. (c) Cyber Terrorism.
(d) All of the above (d) All of the above
12. The important issues dealt in by the Information 18. Which of the following is a computer related
Technology Act, 2000 includes _______________. offence?
(a) Protecting your Customer’s Privacy Online. (a) Online sale of illegal Articles.
(b) Online Advertising Compliance. (b) Cyber Pornography.
(c) Compliance with Information Technology Act, (c) Phishing and Email Scams.
provisions. (d) All of the above
(d) All of the above 19. Which of the following is a computer related
offence?
13. Which of the following is an advantage of cyber
(a) Theft of Confidential Information.
laws?
(b) Source Code Theft.
(a) E-mail would now be a valid and legal form of
(c) Introducing Viruses
communication in India.
(d) All of the above
(b) Companies can carry out e-commerce using the
20. Introducing _______________ into a system is a
legal infrastructure provided by the Act.
computer related offence.
(c) Digital signatures have been given legal validity.
(a) Viruses (b) Worms
(d) All of the above
(c) Backdoors (d) All of the above
14. Which of the following is an advantage of cyber
21. Introducing _______________ into a system is a
laws?
computer related offence.
(a) Opens the doors for the entry of corporate
(a) Rootkits (b) Trojans
companies in the business of being Certifying
30. Which of the following is an example of cybercrime? 39. In accordance to rule 3 of SPDI Rules, 2011, sensitive
personal information involves _________________.
(a) Spam
© Carvinowledge Press (CNP), 2022
41. In accordance to section 143(3) the auditor’s report 45. ___________________ is an Act to regulate working
shall state ___________________________. conditions of workers.
(a) Whether the company has adequate internal (a) Income Tax Act, 1961
financial controls system in place (b) Companies Act, 2013
(b) Whether the operating effectiveness of such (c) The Factories Act, 1948
controls has been ensured (d) Foreign Trade (Development and Regulation)
(c) Either a or b Act, 1999
(d) Both a and b 46. _________________________ defines import / export
of goods / services from India and provides for levy
CORPORATE GOVERNANCE
of appropriate customs duty.
42. Corporate Governance is the framework of rules (a) Income Tax Act, 1961
and practices by which a board of directors ensures (b) The custom Act, 1962
_________________ in a company’s relationship with (c) The Factories Act, 1948
its all stakeholders.
(d) Foreign Trade (Development and Regulation)
(a) Accountability Act, 1999
(b) Fairness
47. ________________________ requires each applicable
(c) Transparency business, including e-commerce or m-commerce,
(d) All of the above to upload each sales and purchase invoice on one
43. The corporate governance framework consists of: central IT infrastructure, mandating reconciliations
(a) Explicit and implicit contracts between the of transactions between business, triggering of tax
company and the stakeholders for distribution of credits on payments of GST, facilitating filling of
responsibilities, rights, and rewards. e-returns, etc.
(b) Procedures for reconciling the sometimes- (a) The Goods and Services Tax Act, 2017 (GST)
conflicting interests of stakeholders in accordance (b) The Factories Act, 1948
with their duties, privileges, and roles, and (c) Foreign Trade (Development and Regulation)
(c) Procedures for proper supervision, control, and Act, 1999
information-flows to serve as a system of checks- (d) Income Tax Act, 1961
the development and regulation of foreign trade (c) Indian Contract Act, 1872
by facilitating imports into, augmenting exports (d) Income Tax Act, 1961
from, India and for matters connected therewith or 49. _________________________ is an Act to regulate
incidental thereto. practices that may have adverse effect on
(a) Income Tax Act, 1961 competition in India.
(b) Companies Act, 2013 (a) The Competition Act, 2002
(c) The Factories Act, 1948 (b) The Factories Act, 1948
(d) Foreign Trade (Development and Regulation) (c) Foreign Trade (Development and Regulation)
Act, 1999 Act, 1999
(d) Income Tax Act, 1961
50. ____________ regulates foreign direct investments, (b) To keeping of reserves with a view to securing
flow of foreign exchange in India. monetary stability in India.
(a) The Factories Act, 1948 (c) To operate the currency and credit system of the
country to its advantage.
(b) Foreign Trade (Development and Regulation)
(d) All of the above
Act, 1999
(c) Foreign Exchange Management Act (FEMA 1999) MONEY LAUNDERING
(d) Income Tax Act, 1961
55. Money laundering is to conceal the ____________ of
PART 5- CORE BANKING SYSTEM (CBS) income to make it appear legitimate.
(a) Existence
51. The Act gives the Reserve Bank of India (RBI) the (b) Illegal source
power to ______________.
(c) Illegal application
(a) license banks
(d) All of the above
(b) have regulation over shareholding and voting
rights of shareholders 56. _____________________ involves conversion of illegal
proceeds into apparently legitimate business
(c) supervise the appointment of the boards and
earnings through normal financial or commercial
management
operations.
(d) all of the above
(a) Integration (b) Placement
52. The Act gives the Reserve Bank of India (RBI) the (c) Layering (d) All of the above
power to ______________.
57. _________________ involves the separation of
(a) regulate the operations of banks
proceeds from illegal source using complex
(b) lay down instructions for audits transactions designed to obscure the audit trail and
(c) issue directives in the interests of public good and hide the proceeds.
on banking policy and (a) Integration (b) Placement
(d) all of the above (c) Layering (d) All of the above
53. The Act gives the Reserve Bank of India (RBI) the 58. The first stage of money laundering involves the
power to ______________. _______________ of proceeds derived from illegal
(a) lay down instructions for audits activities.
(b) issue directives in the interests of public good and (a) Integration (b) Placement
on banking policy and (c) Layering (d) All of the above
© Carvinowledge Press (CNP), 2022
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
a d d d a b d d d d d d d d d d d d d d
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
d d d d d d d d d d d d d d d d d d d d
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
d d d d c b a c a c d d d d d a c b
Appendix - I
Self-Evaluation Test (SET) - 1
1. OTC Enterprises is implementing BPA in purchase despite of having a good CRM team in place.
order generation process for its manufacturing Auditors have also reported serious concerns over
facility in Jamnagar, Gujrat. To keep cost at the mismatch of data of different departments,
minimum, it has calculated EOQ for which orders
violations of regulatory compliances and have
are placed for procurement of Raw Material. Which
raised doubts over the internal control measures
of the following steps of BPA implementation will be
followed for above process? taken by the firm’s top management. It is a matter
(a) Document the process for which BPA is required of serious concern for an organization like CNP
(b) Define the objectives/goals during BPA Enterprises and basis this, the CEO of the company,
implementation Mr. D N Albela, forms a committee headed by
(c) Understand the rules which need to be complied Ms. Krishna Sobati to look into this matter to find
with out the reasons for above-mentioned issues and
(d) Define why we plan to go for a BPA? submit the report within a week.
2. ENT Enterprises is implementing BPA in employee The committee submits its report within a week
attendance process for its refinery in Mumbai. It
and the findings are as follows: There is system of
wants correct recording of attendance and timely
compilation of monthly attendance so that salary
maintaining data in a decentralized way
can be calculated and distributed on a timely basis. (Non-integrated System).
Which of the following steps of BPA implementation Each department within the organization
will be followed for above process? maintains its own data separately and not in an
(a) Document the process for which BPA is required integrated way.
(b) Define the objectives/goals during BPA This gives rise to the issues like:
implementation (i) Access of data and availability of right information
(c) Understand the rules which need to be complied at the right time has been slower many a times when
with it was needed the most to reply to the customers or
(d) Define why we plan to go for a BPA? the stakeholders.
3. Which of the following Enterprise Process or (ii) Several instances of access and privilege violations
Activities of the Value Chain , in case of a hotel, have been found in financial and accounting
would include reception, room service etc.? systems.
(a) Inbound logistics (b) Outbound logistics (iii) Decision making is slow and weaker at times where
(c) Marketing and sales (d) Operations fast and dynamic ones were needed.
4. RSC Ltd. is implementing ERP to run its business 5. As an advisor, which of the following Enterprise
effectively and efficiently. They believe that there Information Systems will you suggest for CNP
could be a possibility of an information gap between Enterprises that can handle all the issues raised by
day-to-day program management activities and the committee headed by Ms. Krishna Sobati?
ERP-enabled functions like MM , PP, QM, PM, SCM (a) Non-Integrated EIS (b) Integrated EIS
and CRM. Which type of ERP Implementation (c) ERP (d) Both B and C
Related Risks is involved in this case? 6. In an integrated system, all the data are updated
(a) People Related to the minute, is available in the centralized
(b) Implementation Related database and all the procedures are automated,
(c) Process Related almost all these activities are done without human
(d) Technology Related intervention. This efficiency of the ERP systems
Scenario Based MCQs helps in______________ ________________________.
(a) Easy Shipment and Delivery
CNP Enterprises is a manufacturer of furniture
(b) Reduction of Quality Costs
for house and offices. It has been facing serious (c) Better Analysis and Planning
customer dissatisfaction issues on daily basis (d) Reduction of Cycle time
7. Since the implementation of ERP in CNP Enterprises, 11. __________________________ are needed when
all functions involved in Material Management, running an application from a removable drive,
Production Planning and Sales are integrated without installing it on the system’s main disk drive.
and the procedures are automated; the chances of (a) Server consolidation
errors are minimal and the production efficiency is (b) Portable applications
high. By integrating the various business functions (c) Disaster recovery
and automating the procedures and tasks the ERP (d) Portable workspace
system ensures _________________. 12. In a grid computing system, large amount of
(a) Easy Shipment and Delivery of Raw Material encryption shall not be used at a time. There should
(b) Reduction of Quality Costs of Goods and Services be a minimum communication at a time. Which
(c) On-time delivery of goods to the customers of the following constraint of security on grid is
(d) Reduction of Cycle time of Production highlighted in the above phrases?
8. While implementing ERP in CNP Enterprises, it (a) Single Sign-on
can face risks related to Change Management, Top (b) Exportability
management’s support for funds, consultants, (c) Protection of Credentials
etc. Which of the following categories of ERP (d) Interoperability with local security solutions
implementation risk is involved in this? 13. Benefits to the sellers in terms of efficiency
(a) Process Related improvement due to reduction in inventories is
(b) People Related possible as the demand for goods and services is
(c) Technology Related electronically linked through ________________ and
(d) Implementation Related integrated manufacturing technique.
9. While implementing ERP in CNP, CNP is bridging (a) JIT Inventory
the information gap between traditional ERP-based (b) Inventory Control
functions and high value operational management (c) ABC Analysis
functions, such applications can provide reliable (d) All of the Above
real-time information linkages to enable high- 14. ____________________________ is the application
quality decision making.Which of the following ERP through which users interact with the e-commerce
implementation control is involved in this? vendors.
(a) Programme Management (a) Internet (b) Payment mechanism
(b) Business Process Management (c) Web portal (d) Digital libraries
(c) Application Portfolio Management 15. Which of the following is the correct sequence of
(d) Change Management Mobile Computing?
10. _________________________ is a method of combining (i) The user enters or access data using the
the available resources in a network by splitting application on handheld computing device.
up the available bandwidth into channels, each of (ii) Now both systems (handheld and site’s computer)
which is independent from the others, and each of have the same information and are in sync.
which can be assigned (iii) The process work the same way starting from the
(or reassigned) to a particular server or device in other direction.
© Carvinowledge Press (CNP), 2022
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
C b d c d d c b a b b b d c d
12. Which of the following Green Computing Best data error during entry or process would cause great
Practices involve stakeholders to include checklists, damage. Which of the following control objective is
recycling policies, recommendations for disposal being highlighted in the above statement?
of used equipment, government guidelines and (a) Prevent organizational costs of data Loss
recommendations for purchasing green computer (b) Prevent loss from incorrect decision making
equipment in organizational policies.
(c) Prevent loss of Computer Hardware, Software
(a) Conserve Energy and Personnel
(b) Make environmentally (d) Prevent from high costs of computer Error
(c) Develop a sustainable Green Computing plan
15. In IRCTC’s multi-tier architecture, many database
(d) Reduce Paper Consumption changes can be made transparently. A service in the
13. Which of the following is not considered as an Application Layer that exchanges data with other
advantage of IRCTC’s 3 tier architecture, as applications could retain its original interface while
compared to two tier system? the underlying database structure was enhanced
(a) Scalability during a new application release. This ITCTC’s
(b) Data integrity Multi-tier Architectural advantage is called-
(c) Security (a) Improved Data Security
(d) Static load balancing (b) Improved Data integrity
(c) Change Management
14. In a computerized enterprise environment where
many critical business processes are performed, a (d) Hidden Data Structure
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b a b a C a b d c b c c d d d
ii. To set up the organizational process that creates the sales cannot be more than 40,000 units even at
value throughout the organization. the full utilization of the company’s resources. So,
iii. To implement the steps the above goal were not achieved.
(tasks) in the process. Which of the following feature of an optimum goal is
iv. To define the steps (tasks) in the process. lacking in the above case?
v. To establish performance measures to improve (a) Specific (b) Measurable
the process. (c) Attainable (d) Timely
You are required to arrange them in the correct 4. Which of the following is ERP’s Post-implementation
sequence/order. issues?
(a) v , i, ii, iv, iii (b) iv, iii, v, ii, i (a) Data safety (b) Life long commitment
(c) i, iii, iv, ii, v (d) iv, i, iii, v, ii (c) Data access (d) System failure
2. Updating the allowance for uncollectible accounts 5. Controlling module includes-
is an activity of ____________________ Cycle (a) Cost Element (b) Revenue Element
(a) Revenue (b) Payroll (c) Internal Orders (d) All of the above
(c) Expenditure (d) Financial Reporting
6. CNP Ltd. Assumes that some risks may be considered (c) Develop a sustainable GreenComputing plan
minor because their impact and probability of (d) Reduce Paper Consumption
occurrence is low. Further, it believes that some 11. _________________________ is normally exemplified
risks remain even after the counter measures and hidden in ‘Weak BYOD Policy’.
are analyzed and implemented. In this case, the (a) Network Risk (b) Device Risk
most appropriate will be to make sure that risk is (c) Application Risks (d) Implementation Risks
periodically reviewed to ensure its impact remains 12. A user, desirous of connecting to a grid network, has
low. Which of the following Risk Management to enrol his machine as _______________ on the grid
Strategies is followed by CNP Ltd.? and install the provided grid software on his own
(a) Transfer/Share the Risk machine.
(b) Treat the Risk (a) Authenticator (b) Administrator
(c) Tolerate/Accept the Risk (c) Donor (d) Customer
(d) Terminate the Risk 13. Arrange the following in the correct order:
7. DBMS are software that provide the facility to create i. User places the order
and maintain a well-organized database. They aid in ii. Payment gateway requests for confirmation from
organizing, controlling and using the data needed issuer bank
by the ___________________ . iii. Merchant’s web server requests to payment gateway
(a) Decision Maker iv. Bank transfers fund to the merchants bank account
(b) User v. Payment gateway responses to the merchant’s web
(c) Application Programme portal
(d) Memory Unit vi. Bank responses to the payment gateway and
8. Integration of Big Data technologies and data confirms the payment
warehouse helps an organization to off load vii. Merchant’s web server responds to the user placing
infrequently accessed data, this leading to the order and confirms payment
_______________________. (a) i, ii, iii, iv, v, vi, vii (b) i, iii, v, vi, vii, ii, iv
(a) Access to Social Data. (c) i, iii, ii, iv, vi, v, vii (d) i, , ii, iii, iv, vi, vii, v
(b) Better operational efficiency. 14. Bean Enterprise’s B2B E-Commerce business has
(c) Early Identification of Risk. grown from a very small scale to medium scale level
(d) Improved Customer Services. with a network of over 5000 users across the country
9. _______ is ___________ information assets that and a turnover of over 3000 Crores. The performance
demand cost-effective, innovative forms of of its existing network has deteriorated drastically.
information processing that enable enhanced In your opinion, which of the following Network
insight, decision-making, and process automation. Architecture, it has been using so far?
(a) Big data, High-volume (a) Single tier (b) Two- tier
(b) Big data, High-velocity (c) Three- tier (d) N- tier
(c) Big data, High-variety 15. Which of the following is a disadvantage of a two-
(d) All of the above tier architecture?
10. Which of the following Green Computing Best (a) Since processing was shared between the client
Practices Recognizes manufacturer’s efforts to and server, more users could interact with system.
© Carvinowledge Press (CNP), 2022
reduce the environmental impact of products by (b) Performance deteriorates if number of users is
reducing or eliminating environmentally sensitive greater than 100.
materials, designing for longevity and reducing (c) Limited functionality in moving the program or
packaging materials. programs across servers.
(a) Conserve Energy (d) Both b and c
(b) Make environmentally sound purchase decisions
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(d) (d) (c) (a) (c) (a) (c) (b) (d) (b) (d) (c) (c) (b) (d)
5. Which of the following is not a part of Inventory 11. ‘Dashboards’ on www.eissmpendrive.in is typically
Master Data? built/developed on OOPs with:
(a) Stock Item (b) Stock Group (a) State (Value)
(c) Payroll Structure (d) Godowns (b) Behaviour (Operations)
(c) Both A and B
6. Structure and content of accounting vouchers which
will be used to enter transactions is an example of (d) None of the Above
_______________. 12. Which one of the following servers receives data
(a) Master data (b) Non-master data from all the client machines installed at the
(c) Relative data (d) Non-Relative data branches and performs necessary operations and
updates the central database?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (d) (d) (b) (c) (a) (a) (a) (c) (c) (c) (c) (d) (c) (a)
i. Career Development
6. Which sentence is true about installed software (c) ATM server. (d) Application Server
application? 12. The Internet Banking Software which is stored in the
(a) It is installed on the hard disc of the computer of IBAS
the user (Internet Banking Application Server) authenticates
(b) It is installed on the web server the customer with the login details stored in which
(c) It is installed on cloud server?
(d) It is installed on a website (a) IBCS (b) POS Server
7. A _____________ is an undertaking by a bank to the (c) Application Server (d) IBAS
payee 13. Intellectual property may not be adequately
(the supplier of goods and/or services) to pay to protected when such property is transacted through
him, on behalf of the applicant e-commerce. Which of the following risk in an
(the buyer) any amount up to the limit specified in e-commerce environment is highlighted in the
the aforesaid document, provided the terms and above?
conditions mentioned herein are complied with. (a) Attack from hackers
(a) ECS credit (b) Letters of Credit (b) Problem of piracy
(c) Reporting (d) Guarantee (c) Denial of Service
8.
__________________________ functions include (d) Non-recognition of electronic transactions
settlements, clearances, record maintenance, 14. The _______________ vendor is responsible for all
regulatory compliance, accounting, and IT services. hardware and software management and offers
(a) Front Office (b) Back Office guaranteed Quality of Service
(c) Middle Office (d) Central Server (QoS).
9. In computer networks, _________ refers to the ability (a) Naas (b) SaaS
of a network to recover from any kind of error like (c) Iaas (d) CaaS
connection failure, loss of data etc. 15. Which of the following is the correct sequence of
(a) Routing (b) Resilience Mobile Computing?
(c) Contention (d) Bandwidth (i) The user enters or access data using the
10. Automated Teller Machine application on handheld computing device.
(ATM) server contains the details of all ATM account (ii) Now both systems (handheld and site’s
holders. It temporarily holds data that is converted computer) have the same information and are in
by the ___________ as requested by title ATM switch. sync.
(a) Application Software (iii) The process work the same way starting from the
(b) Middleware other direction.
(c) CBS (iv) Using one of several connecting technologies, the
(d) Firmware new data are transmitted from handheld to site’s
information system where files are updated and
© Carvinowledge Press (CNP), 2022
11. When the Central Database is busy with central end- the new data are accessible to other system user.
of- day activities or for any other reason, the file
(a) (i), (ii), (iii), (iv) (b) (iv), (iii), (ii), (i)
containing the account balance of the customer is
sent to the ________________________. (c) (i), (ii),(iv), (iii) (d) (i), (iv),(ii), (iii)
(a) ATM switch. (b) Middleware
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (a) (b) (a) (a) (b) (b) (b) (b) (a) (a) (b) (d) (d)
12. Standing Orders, Payment Systems, Clearing, 14. The concept of green computing was launched by
Liquidity management, etc. are which of the the U.S. environmental protection agency in 1992
following layer of the Functional Architecture of through the ___________ program.
CBS? (a) Green Sustainability
(a) Enterprise CRM (b) Product Factory (b) Energy Star
(c) Functional Services (d) Infrastructure (c) Recyclability Super Star
13. In a grid computing system, large amount of (d) Biodegradability
encryption shall not be used at a time. There should 15. Which of the following Green Computing Best
be a minimum communication at a time. Which Practices encourages the use of online marketing,
of the following constraint of security on grid is e-mail marketing solutions that are greener, more
highlighted in the above phrases? affordable, flexibleand interactive than direct mail.
(a) Single Sign-on (a) Conserve Energy
(b) Exportability (b) Make environmentally
(c) Protection of Credentials (c) sound purchase decisions
(d) Interoperability with local security solutions (d) Develop a sustainable Green Computing plan
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (a) (?) (c) (b) (a) (c) (b) (a) (d) (c) (b) (b) (d)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (c) (b) (a) (a) (b) (a) (c) (b) (c) (c) (?) (c) (b)
(b) Biometric enabled Data Centre (b) i, ii, iii, iv, v, vi, vii, viii, ix, x
(c) Review of payroll reports. (c) i, ii, iii, iv, v, vi, vii, viii, ix, x
(d) Access control (d) All of the above
6. ____________________ collaborates with master data, OTC Ltd. has recently launched an e-commerce
sales and operations planning, distribution resource web portal www.pendriveclass.com to promote it’s
planning, material requirements planning, product books, study notes, DVDs, Pen drive lectures and
cost planning and so on while working towards online video tutorials with animation. It also deals
production management in enterprises. in corporate, retail, consumer, social, political and
(a) Financial accounting module community related databases of very sensitive,
(b) Production planning module sensitive and general nature. It has recently
(c) Controlling module collaborated with 3 of the like-minded virtual
(d) Human resource module organizations
7. _______________ is a kind of Technical Exposure, A (communities) in the same field to gain the benefits
Trojan of synergy and an strategic edge over its rivals like
(A Malware) which hides within a system or network Amazon, Flipkart, Jiomart and Snapdeal.
with the help of _________________. 12. The CEO, Prathama Trivedi, is planning to reduce the
(a) Bomb, Rootkits burden of IT Management by outsourcing the whole
(b) Christmas Card, Spyware IT infrastructure of OTC Ltd.. She appoints you as an
(c) Christmas Card, Rootkits IT consultant and advisor of OTC Ltd.As an advisor,
(d) Bomb, Spyware Which of the following type of emerging computing
8. _______________ involves forging one’s source Technologies and their services/Application will
address. best suit the current business model of OTC Ltd?
(a) Spoofing (b) Christmas card (a) Grid Computing (b) Mobile Computing
(c) Rounding down (d) SCARF (c) BYOD (d) Cloud Computing
9. ___________ involves spying on information being 13. As an advisor of OTC Ltd., suggest CEO the most
transmitted over communication network. suitable Cloud Computing Deployments, keeping
(a) Data Leakage (b) Subversive attack the nature, diversity and complexity of their
(c) Wire-tapping (d) Piggy-backing business in mind.
10. Which of the following best defines Money (a) Private Cloud (b) Public Cloud
Laundering? (c) Community Cloud (d) Hybrid Cloud
(a) Converting proceeds of crime and projecting it as 14. As an advisor, suggest the most suitable Cloud
untainted property Deployments Combination of Hybrid Cloud to the
(b) Tax Planning as per provision of IT Act CEO, keeping the nature, diversity and complexity
(c) Gifting immoveable property to relatives of their business in mind.
(d) Transferring fixed deposit to employees (a) Private + Public
11. Following is the list of CBS stages. Which of the (b) Public + Community
following order is correct? (c) Private + Community + Public
i. Planning ii. Approval (d) Private + Community
© Carvinowledge Press (CNP), 2022
iii. Selection 15. As an advisor of OTC Ltd., suggest CEO the most
iv. Design and develop or procured suitable Cloud Service Model that will reduce the
v. Testing vi. Implementation burden of IT Management by outsourcing it to a
vii. Maintenance third party vendor, keeping the nature, diversity
viii. Support and complexity of their business in mind.
ix. Updation (a) SaaS (b) PaaS
x. Audit (c) DaaS (d) IaaS
(a) i, ii, iii, vi, vii, iv, v, viii, ix, x
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (a) (c) (b) (b) (c) (a) (c) (?) (b) (d) (d) (c) (a)
13. _______________ is a powerful and robust system customers across the country. It handles Mediclaim
that performs all the core banking operations. requests of approximately 60,000 patients on daily
(a) IBCS (b) Application server basis. The numbers are so large that there is a great
(c) IBAS (d) Web server risk of fraud in Mediclaim processing. Keeping the
situation in mind, TNN Insurance Co.
14. In the above scenario, by integrating the (India) Ltd. urgently needs a modern computing
_______________ services OTC Ltd. leverages cloud technology that can handle such a huge volume
solutions for specific functions that are too costly of Mediclaim requests from 90 lacs customers
to maintain on premise, such as virtual server and 30,000 hospitals and mine data from partner
disaster recovery, backups and test/development hospitals to detect and prevent fraud at the right
environments. time. It appoints VKT and Associates as its auditor.
(a) Private Cloud (b) Public Cloud You are an article clerk with VKT and Associates.As
(c) Community Cloud (d) Hybrid Cloud an auditor, which emerging computing technology
15. TNN Insurance Co. will you suggest to TNN Insurance Co.
(India) Ltd. is country’s largest medical and general (India) Ltd.?
insurance services provider in the country. It has a (a) Grid Computing (b) Mobile Computing
collaborative network of more than 30,000 hospitals (c) BYOD (d) Cloud Computing
and a customer base of more than 90,00,000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (a) (c) (b) (b) (a) (a) (c) (d) (b) (c) (c) (b) (b) (a)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (c) (b) (b) (c) (d) (a) (c) (a) (a) (b) (b) (c) (c) (c)
the house?
that the information is being received. Business (a) Home loan (b) Top-up loan
reports that fail critical rules can be bounced back
(c) Loan for under construction property
to the preparer for review and resubmission.This
feature of XBRL Reporting is known as: (d) All of the above
(a) Strong Software Support 12. Which of the following are the controls for the risk of
(b) Multi Lingual Support unauthorised changes been made, in the Mortgage
Process?
(c) Clear Definitions
(a) There is secondary review performed by an
(d) Testable Business Rules
independent team member who will verify loan
6. ________________includes running data profiling details captured in core banking application with
and data cleansing jobs to make sure that the offer letter.
information in a data set is consistent and that (b) There is secondary review performed by an
errors and duplicate entries are eliminated. independent team member who will verify loan
(a) Data Collection (b) Data Integration amount to be disbursed with the core banking
(c) Data Modelling (d) Data Quality Fixation application to the signed offer letter.
(c) System enforced segregation of duties exist in the In the above scenario, Which of the following
core banking application where the inputter of the emerging computing technologies will you suggest
transaction cannot approve its own transaction to keiretsu Partners?
and reviewer cannot edit any details submitted (a) Grid Computing (b) Mobile Computing
by inputter. (c) BYOD (d) Cloud Computing
(d) Interest amount is auto calculated by the core
14.
EISSM Ltd. implemented cloud computing
banking application basis loan amount, ROI and
technology in its enterprise, where the organization
tenure.
runs non-core applications on web servers/
13. Five Japanese automobile companies of Japan web applications of a third party who bills on a
(Mitsui, Mitsubishi, Fuyo, Sanwa and Sumitomo) in utility computing basis, while maintaining core
collaboration with its banker DKB applications and sensitive data in-house.
(Dai-Ichi Kangyo Bank), 20 distributors and
Which of the following type of cloud computing
18 suppliers have formed a “Horizontal and
environment is used by EISSM Ltd.?
Vertical keiretsu” to compete against it’s main
rivals in International market, Ford Automobiles (a) Community cloud (b) Public cloud
and General Motors and to gain a competitive (c) Hybrid cloud (d) Private cloud
advantages over them. To communicate and 15. Public cloud service providers often can host the
share data, documents, files, databases and other cloud services for multiple users within the same
computing resources with privacy and in a secured infrastructure. Which of the following features does
manner, these companies have formed a computer the above line signify?
network as a collection of similar computers running (a) Pay per use (b) On-demand service
on the same operating system or as complex as inter-
(c) Multi Tenancy (d) Elasticity and Scalability
networked systems comprised of every computer
platform we can think of.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(c) (c) (c) (d) (d) (d) (c) (c) (d) (a) (b) (c) (a) (c) (c)
5. An amount of ` 5,000 is written off as same has not (a) Anti-virus (b) Firewall
been recovered from Miranda Distributors Pvt. (c) Malwares (d) Bomb
Ltd. since last 4 years. Which type of the voucher is 11. What is the primary objective of SPDI?
created for this? (a) Protecting computer software
(a) Sales (b) Journal (b) Securing critical information
(c) Purchase (d) Contra (c) Securing Personal Information
6. System failure in one of the major risks that can be (d) Identifying Sensitive Information
seen in case of integrated systems like ERP. What 12. ______________defines ‘money laundering’ as:
controls would you suggest for addressing the above “whosoever directly or indirectly attempts to
type of risk? indulge or knowingly assists or knowingly is a
(a) With help of proper staff training system having party or is actually involved in any process or
help manuals, having backup plans for staff activity connected with the proceeds of crime and
turnover projecting it as untainted property shall be guilty of
(b) By having proper and updating backup of data the offence of money-laundering”.
as well as alternate hardware and internet (a) Section 2, FEMA Act, 1999
arrangements. In case of failure of primary (b) Section 3, PML Act, 2002
system, secondary system may be used. (c) Section 12, RBI Act, 1934
(c) All the processes must be document carefully in (d) Section 12, PML Act, 2002
the beginning of implementation itself so as to 13. Cloud computing gives us the ability to expand and
avoid any discomfort in future. reduce resources according to the specific service
(d) This can be controlled by removing redundant requirement. Which of the following features does
data, using techniques like data warehousing and the above line signify?
updating hardware on a continuous basis. (a) Elasticity and Scalability
7. _______________ are placed to ensure that the (b) Pay per use
database always corresponds and comply with its (c) On-demand service
definition standards. (d) Resiliency
(a) Existence/Backup Controls 14. ___________________________ refers to the
(b) Definition Controls components and subcomponents that typically
(c) Access Controls consist of a front end platform
(d) Update Controls (fat client, thin client, mobile device), back end
8. Ms. Prathama Trivedi, data analyst of Kumar platforms
enterprises notices that inventory code “SQC1066” (servers, storage), a cloud based delivery, and a
is recorded as “SQC106”. network
(a) Transposition Error (Internet, Intranet, Inter-cloud).
(b) Truncation errors (a) System design
(c) Addition errors (b) Cloud computing architecture
(d) Substitution errors (c) Cloud Deployments
9. Mr. Raj Trivedi, the data entry operator of Prathama (d) Instruction design architecture (ISA)
© Carvinowledge Press (CNP), 2022
Ltd. While recording the inventory code, records 15. To optimize the use of various information system
Inventory Code “SQC1066” as “SQC1076”. This is an resources (machine time, peripherals, system
example of which of the following errors? software and labour) along with the impact on its
(a) Transposition Error computing environment. Which of the following
(b) Addition errors control objective is being highlighted in the above
(c) Truncation errors statement?
(d) Substitution errors (a) Safeguard assets from un-authorized access
10. To protect the web server from unauthorized use (b) System Effectiveness Objectives
and abuse, the traffic is necessarily to go past a (c) Ensure data integrity
____________. (d) System Efficiency Objectives
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (a) (a) (b) (b) (b) (b) (b) (d) (b) (c) (b) (a) (b) (d)
(c) Financial risk (d) Credit risk 9. In many ways, the SCARF technique is like the
_____________ technique along with other data
4. RSC Ltd. is implementing ERP to run its business
collection capabilities.
effectively and efficiently. They believe that there
could be a possibility of an information gap between (a) Snapshot
day-to-day program management activities and (b) Integrated Test Facility (ITF)
ERP-enabled functions like MM , PP, QM, PM, SCM (c) System Control Audit Review File (SCARF)
and CRM. Which type of ERP Implementation (d) Continuous and Intermittent Simulation (CIS)
Related Risks is involved in this case?
10. ______________consist of several banks to bank
(a) People Related transfers or wire transfers between different
(b) Implementation Related accounts in different names in different countries
(c) Process Related making deposit and withdrawals to continually vary
(d) Technology Related the amount of money in the accounts changing the
© Carvinowledge Press (CNP), 2022
money’s currency purchasing high value items to
5. Which of the following type of check field is checked
change the form of money-making it hard to trace.
by the program against predefined limits to ensure
that no input/ output error has occurred or at least (a) Layering (b) Integration
no input error exceeding certain pre-established (c) Placement (d) Cyber Crime
limits has occurred? 11. A comprehensive set of reform measures, developed
(a) Picture check (b) Valid code check by the Basel Committee on Banking Supervision,
(c) Limit check (d) Check digits to strengthen the regulation, supervision and risk
management of the banking sector with aim to
6. __________________ technique involves embedding
improve the banking sector’s ability to absorb
audit software modules within a host application
shocks arising from financial and economic
system to provide continuous monitoring of the
stress, whatever the source and to improve risk
system’s transactions.
management and governance is?
(a) Snapshot
(a) Basel I (b) Basel II
(b) Integrated Test Facility (ITF)
(c) Basel III (d) RBI Act
12. We invoke cloud services only when we need (d) It is a computer network in which each computer’s
them, they are not permanent parts of the IT resources are shared with every other computer
infrastructure: this is a significant advantage for in the system.
cloud use as opposed to internal IT services. 14. _________________________ is a method of combining
Which of the following features does the above line the available resources in a network by splitting
signify? up the available bandwidth into channels, each of
(a) Pay per use which is independent from the others, and each
(b) Elasticity and Scalability of which can be assigned (or reassigned) to a
particular server or device in real time.
(c) Resiliency
(a) Hardware Virtualization
(d) On-demand service
(b) Network virtualization
13. Which of the following statement is not true about
(c) Platform Virtualization
virtualization?
(d) Storage Virtualization
(a) It means to create a virtual version of a device or
resource. 15.
__________________________ are needed when
(b) It refers to technologies designed to provide a running an application from a removable drive,
layer of abstraction between computer hardware without installing it on the system’s main disk drive.
systems and the software, running on them. (a) Server consolidation
(c) It is the process of creating logical computing (b) Portable applications
resources from available physical resources. (c) Disaster recovery
(d) Portable workspace
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (d) (c) (a) (c) (c) (d) (a) (a) (a) (c) (d) (d) (b) (b)
the product, resulting in a costly disruption in sales. (b) Enterprise risk management
The company decides to avoid the risk by choosing (c) Business process automation
ingredients that are recognized as healthy. Which of (d) Risk Assessment Procedure
the following risk is avoided? 4. __________ is the degree of risk, on a broad- based
(a) Compliance risk (b) Strategic risk level that an enterprise is willing to accept in pursuit
(c) Reputation risk (d) Financial risk of its goals.
2. Chakravorty Enterprises was involved in a major (a) Risk appetite (b) Risk analysis
controversy, ban and lawsuit in 2020. With an (c) Risk response (d) Risk assessment
embarrassing product recall, negative publicity 5. ERM provides the rigor to identify and select
about Chakravorty Enterprises or high-profile among alternative risk responses – risk avoidance,
criticism of its products or services, it had to face a reduction, sharing and acceptance. This ERM
situation of: Benefit is known as-
(a) Operational risk (b) Credit risk (a) Allign Risk Appetite and Strategy
(c) Financial risk (d) Regulatory risk (b) Enhance Risk and Response Decisions
3. A systematic approach to setting the best course (c) Link Growth, Risk and Returns
of action to manage uncertainty by identifying, (d) Provide integrated responses to multiple risks
6. ________________ is the creation of a dummy entity of the following constraint of security on grid is
in the application system files and the processing highlighted in the above phrases?
of audit test data against the entity as a means of (a) Single Sign-on (b) Exportability
verifying processing authenticity, accuracy, and (c) Protection of Credentials
completeness. (d) Interoperability with local security solutions
(a) Snapshot 12. The concept of green computing was launched by
(b) Integrated Test Facility (ITF) the U.S. environmental protection agency in 1992
(c) System Control Audit Review File (SCARF) through the ___________ program.
(d) Audit Hooks (a) Green Sustainability
7. Resource usage from log-on to log-out time and log (b) Energy Star
of resource consumption is a ___________________ (c) Recyclability Super Star
audit trail. (d) Biodegradability
(a) Operational (b) Accounting 13. Platform fragmentation and lack of technical
(c) Both ‘A’ and ‘B’ (d) None of the above standards are situations where the variety of IOT
8. Comprehensive log on hardware consumption – devices, in terms of both hardware variations and
CPU time used, secondary storage space used, and differences in the software running on them, makes
communication facilities used and comprehensive the task of developing applications tough.
log on software consumption – compilers used, This is ____________________ Risk.
subroutine libraries used, file management (a) Manufacture’s (b) User’s
facilities used, and communication software used (c) Technology (d) Environmental
are _____________________ audit trail. 14. Which of the following Green Computing Best
(a) Operational (b) Accounting Practices involve stakeholders to include checklists,
(c) Both ‘A’ and ‘B’ (d) None of the above recycling policies, recommendations for disposal
9. Physical Component Controls, Line Error Controls, of used equipment, government guidelines and
Flow Controls, Link Controls, Topological Controls, recommendations for purchasing green computer
Channel Access Controls, Internet working Controls equipment in organizational policies.
are ____________________ Controls. (a) Conserve Energy
(a) Boundary (b) Communication (b) Make environmentally sound purchase decisions
(c) Database (d) Process (c) Develop a sustainable Green Computing plan
10. ___________________ performs tasks that are junior (d) Reduce Paper Consumption
to the database administrator, carrying out routine 15. Which of the following Green Computing Best
data maintenance and monitoring tasks. Practices Recognizes manufacturer’s efforts to
(a) Database Architect reduce the environmental impact of products by
(b) Database Administrator reducing or eliminating environmentally sensitive
(c) Database Analyst materials, designing for longevity and reducing
(d) All of the above packaging materials.
11. In a grid computing system, large amount of (a) Conserve Energy
encryption shall not be used at a time. There should (b) Make environmentally sound purchase decisions
be a minimum communication at a time. Which (c) Develop a sustainable Green Computing plan © Carvinowledge Press (CNP), 2022
(d) Reduce Paper Consumption
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(a) (b) (b) (a) (b) (b) (a) (a) (b) (c) (b) (b) (c) (c) (b)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
(b) (b) (d) (d) (c) (d) (d) (d) (a) (c) (c) (c) (b) (c) (b)
objectives of Business Process Automation that Gigs 10. ABC Corporative bank strictly follows the policy
and Gigs is achieving by using this method. of Sensitive Personal Information. Choose the
(a) Governance & Reliability attribute that is not defined as Sensitive Personal
(b) Reduced Costs Information.
(c) Reduced Turnaround Time (a) Home address (b) Password
(d) Quality and consistency (c) Financial information
5. Mr. X has setup his new business of manufacturing (d) Biometric information
color pens. He is well known about various kinds 11. Mr. Shravan, HR Manager of a Multinational
of risks involved in his business; however, he Company (MNC) asked his subordinate to prepare
unintentionally violated some industry regulations the files of processes involved in Human Resource
while setting up his business. Which category of the Management. Which of the following does not form
risk does this refer to? part of HR Management?
(a) Strategic (b) Financial (a) Training and Development
(c) Compliance (d) Environmental (b) Career Development
6. Mr. Z is fresh MCA and doing internship in an (c) Leadership Management
e-Commerce company. He has been given a task (d) Invoicing
to prepare a flowchart describing the flow of 12. An online store follows a process of intimating about
transactions through various modes of payment whole tracking of the order placed by the customers
through SMS on their registered mobile numbers.
used by customers to pay the bill to company. This activity is a perfect example of ______.
Identify the terminology that is irrelevant to the (a) Supply Chain Management
process of making of flowcharts. (b) Customer Relationship Management
(a) Process (b) Decision (c) Order to Cash Cycle
(c) Document (d) Risk (d) Procure to Pay
13. A huge oil spilled from an oil well run by British
7. Enterprise Risk Management (ERM) framework
Petroleum, one of largest oil companies in world,
consists of interrelated components that are used and resulted in an assessed environmental damage
to identify events that are relevant to organization’s of about USD 20 Billion. The company expanded
objective. Identify which of the following is not a an amount of USD 2 Billion on promotional ads
component of ERM Framework. informing the world that it is an environment
friendly company. The promotional ads were done
(a) Internal environment
to prevent company from which damage?
(b) Organization chart (a) Strategic (b) Operational
(c) Objective setting (c) Financial (d) Reputational
(d) Event identification 14. A bank shares financial data of its borrowers with
8. The objective of Internal Control is to enable an third-party without consent of borrowers. Identify
organization manage its challenges or disruptions the rule of Sensitive Information and Personal Data
Rules, 2011 that bank has violated.
seamlessly. Identify which of the following is not an (a) Rule 3 (b) Rule 4
objective of Internal Control. (c) Rule 5 (d) Rule 6
(a) Compliance with applicable laws and regulations 15. Mr. Ajay as an internal auditor of steel company
(b) Meeting sales targets observed that the vendor supplying the material to
manufacture steel has begun to supply the damaged
© Carvinowledge Press (CNP), 2022
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b b c c d b b b c a d b d d c
11. Mr. Rajiv, a software developer installed application acronym of various Data analytics tools which were
software for attendance system of employees in Raj non-understandable by many members. One of the
and sons Ltd. During the briefing session about it, he terms that he referred often was OLAP. Help the
made certain statements mentioned below. Out of members in solving confusion and finding the full
these, choose the statement that is true for Installed form of OLAP.
software application. (a) Offline Application Processing
(a) It is installed on the hard disc of the computer of (b) Online Analytical Processing
the user. (c) Online Analytical Product
(b) The access of the application is dependent on the (d) Offline Application Product
speed of the internet.
14. Sales and distribution module is one of an important
(c) The user has full physical control over the data.
modules of ERP Package. Which of the following
(d) Installed applications cannot be used from any activity does not belong to Sales and Distribution
other stand-alone computer. Process?
12.
The implementation of _________ involves (a) Pre-sales Activities
Extract, Transform and Load (ETL) procedures in (b) Payment
coordination with a data warehouse and then using
(c) Delivery of product to customer
one or more reporting tools.
(d) Production Planning
(a) Business Reporting
(b) Inventory Accounting 15. If an organization does not want to install Financial
Application on its own System to avoid the hassles of
(c) Financial Accounting
its implementation and maintenance, they can use
(d) Payroll Accounting _______ Applications as an alternative of the same.
13. While presenting data analytics report to the (a) Cloud-based (b) Software
members of top management of his firm, Mr. X used (c) Installed (d) Mobile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
c c a b c b d a b d a a b d a
required to make an entry in the Accounting system works on an accounting system of the college. He is
for maintaining a record of physical receipts of responsible to record all types of payments - salaries
goods purchased from one of the firm’s vendor. and incentives, made to teaching and non-teaching
Which type of voucher shall he use to do the same? staff through any mode. Identify the type of voucher
(a) Delivery note (b) Receipt note of accounting module used for this purpose.
(c) Sales (d) Purchase (a) Receipt (b) Contra
2. In Accounting System, various types of vouchers (c) Journal (d) Payment
are required to maintain the transaction within 4. Mr. Anil is a clerk in accounts department of GBS
organization. Which of the following transactions public school who works on an Accounting system
are not recorded in the voucher type “Contra” of the well implemented in the school. He is supposed to
Accounting System? record the details of purchase/sale of fixed assets on
(a) Cash deposit in bank credit. Identify the voucher from following which is
(b) Cash withdrawal in bank being used by him during this work.
(c) Cash transfer from one location to another (a) Contra (b) Receipt
(d) Recording of all types of trading sales by any (c) Journal (d) Payment
mode 5. JKM Pvt. Ltd. is an apparel manufacturing company
well equipped with ERP. MM group approached
JKM Pvt. Ltd. with a requisition of 1000 pieces of (d) The Network Layer
female black formal suits. Mr. Y, a senior manager 10. Information Systems not only establish
of JKM Pvt. Ltd. wants to evaluate the current stock communication but also support decision making
position and purchase order pending position of his within an organization. Below mentioned are many
company before accepting the requisition. Which of components that comprise an Information system
the following module of ERP will help Mr. Y in this? except one. Identify that odd one out.
(a) Sales and Distribution Module (a) People (b) Data
(b) Material Management Module (c) Network (d) Transaction
(c) Production Planning Module 11. Communication controls responsible to handle
(d) Supply Chain Management Module exposures caused during the internetwork
6. VV Enterprises is a publication house that publishes communication are categorized further based on
kids’ newspaper, reading and activity books. The the specific functions performed. Which of the
management of VV from its R&D department following communication control incorporates
demanded an analysis on consumer behaviour features that mitigate the possible effects of
on purchase of its publications during summer exposure?
break and exam time. Which of the following Data (a) Line Error Control
Analytical tool would be helpful to R&D department? (b) Flow Control
(a) Machine Learning (c) Channel Access Control
(b) Predictive Analytics (d) Physical Component Control
(c) Data Mining 12. A ______ memory which is volatile in nature and
(d) Qualitative Data Analysis can read and modify the information is referred as
7. Identify the false statement from the following ______.
statements on various modules of ERP. (a) Primary, Random Access Memory
(a) Controlling Module evaluates the profit or loss of (b) Secondary, Random Access Memory
individuals. (c) Secondary, Cache Memory
(b) Sales and Distribution Module includes product (d) Primary, Virtual Memory
enquiries, placing order and scheduling activities. 13. In DBMS, Relational Database Model allows the
(c) Plant Maintenance Module involves the process data and its related operations like storage, retrieval
of planning the production activities. and integrity in a Table structure. All the terms
(d) Human Resource Module deals with financial mentioned below are associated with Relational
entries like advances or loan to employees. Database Model except one. Pick that odd one out.
8. Organizations implementing ERP should be abreast (a) Relations (b) Attributes
of latest technological development. The control (c) Objects (d) Domains
where care must be taken while selecting the 14. Corrective controls are designed to reduce the
vendor and upgrade contracts should be signed to impact or correct an error once it has been
minimize the risks, it belongs to ________ aspect of detected. Which of the following is not an example
technological risks. of Corrective Control?
(a) Technological Obsolescence (a) Backup Procedure (b) Rerun Procedure
© Carvinowledge Press (CNP), 2022
(b) Application Portfolio Management (c) Contingency Planning
(c) Enhancement and Upgrades (d) Hash Total
(d) Software Functionality 15. Mr. Y, a senior network administrator of HKL Pvt
9. ABC Company started using SAP as application Ltd., sent a confidential data of the company to
software for its HR and Accounting department. its Chief Financial Officer. For transmission in
Which of the following layer of the software carries networking, __________ technique that converts
the instruction and processes them using data data into a secret code for storage in databases and
stored in database? ensures that the transmission is secure.
(a) The Database Layer (a) Encapsulation (b) Encryption
(b) The Application Layer (c) Decryption (d) Logging
(c) The Operating System Layer
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
b d d c b b c c c d d a c d b
(a) Output Controls (b) Input Controls (c) Integrated Test Facility (ITF)
(c) Database Controls (d) Processing Controls (d) Continuous and Intermittent Simulation (CIS)
4. Every time when a user attempts to gain access to 9. Mr. Ashu works in a Network Service provider
and employs system resources in an application, the Company where his job responsibility includes
chronology of each such event is maintained. Which performing routine tasks in the network such
control under Application Controls is responsible to as making minor configuration changes and
do so? monitoring event logs. Which of the following role
he performs in the company?
(a) Boundary Controls
(a) Network Administrator
(b) Input Controls
(b) Network Architect
© Carvinowledge Press (CNP), 2022
6. Ms. Shilpi is a final year student of B.Tech who is 11. Below mentioned are the steps that are involved in
required to submit her project report on Library the Data Mining process. Select the step at which
Management System based on Relational Database
the data is collected from all the different sources to (b) Used by manufacturers to store the data.
initiate the process. (c) Used to store small amount of information for
(a) Data Selection quick reference by CPU.
(b) Data Integration (d) It is a secondary memory.
(c) Data Transformation 14. Operating System Software provides Application
(d) Data Cleaning Program Interfaces (API) which can be used
12. Output Controls are responsible to ensure that the by application developers to create application
data delivered to users will be presented, formatted software. This is referred to as ______.
and delivered in a consistent and secured manner. (a) Memory Management
Which of the following activity does not belong (b) Hardware Independence
under the purview of Output Control? (c) Task Management
(a) Spooling (d) File Management
(b) Storage and Logging of sensitive, critical forms 15. Operating system acts as an interface between
(c) Asset Safeguarding hardware and user be it a Smartphone, tablet or PC.
(d) Control over printing Which of the following is not an Operating system?
13. Which of following statement does not belong to (a) Android (b) Blackberry OS
Read Only Memory? (c) Apple OS (d) Chrome
(a) Non-volatile in nature.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a b b a d c d b a b b c d b d
(a) Traditional commerce works on manual accessories. Identify from the following, which type
processing and e-commerce works on electronic of e-market has he setup?
mode. (a) Buyer Aggregator (b) e-Mall
(b) Resource focus of Traditional commerce is on (c) e- Shop (d) Portal
demand side whereas e-commerce focuses on 11. Ms. Radha started her business through a website
Supply side. www.tastyfood.com wherein few food vendors and
(c) Traditional commerce is limited to particular restaurants are associated with her as the partner.
area whereas e-commerce has worldwide reach. The customers can place order for the food of his/
(d) Unlike traditional commerce, e-commerce her choice of vendor through the website. This is a
provides a uniform platform for information good example of_______________
exchange. (a) e-Auction (b) Buyer Aggregators
7. The following steps are involved in the working of (c) e-Mall (d) e-shops
mobile Computing. 12. Taste and tasty, an online tiffin service vendor has
(i) The user enters or access data using the started a new policy wherein they provide certain
application on handheld computing device. credit points to customers whose bills are above `
(ii) Now both systems (handheld and site’s computer) 1000 per order. Customers can avail these credit
have the same information and are in sync. points in the next order they place. Which of the
(iii) The process works the same way starting from the following is taken care by taste and tasty tiffin
other direction. service as an e-commerce vendor?
(iv) Using one of several connecting technologies, the (a) Privacy Policy
new data are transmitted from handheld to site’s (b) Marketing and Loyalty program
information system where files are updated and (c) Different Ordering Method
the new data are accessible to other system user. (d) Supply Chain Management
Identify from following the correct sequence. 13. PMP Ltd. is a network service provider company
(a) (i), (ii), (iii), (iv) (b) (iv), (iii), (ii), (i) has consolidated many physical servers into one
(c) (i), (ii), (iv), (iii) (d) (i), (iv), (ii), (iii) large physical server to make the effective use of its
8. If an organization wants to start its e-business in processor. Which of the following concept does this
India, which of the following law will regulate its refer to?
practices that it does not engage in any predatory (a) Network Virtualization
practices? (b) Grid Computing
(a) Indian Contract Act, 1872 (c) Storage Virtualization
(b) The Customs Act, 1962 (d) Hardware Virtualization
(c) The Competition Act, 2002 14. Which of the following statement does not belong to
(d) The Competition Act, 2004 security constraints of Grid Computing?
9. In Cloud Computing, which instance of Software as a (a) The coordination between processors must be
Service (SaaS) allows users to explore functionality secure and for this there is no such policy.
of Web services such as Google Maps, Payroll (b) User password and private keys should be
processing and Credit Card processing services protected.
© Carvinowledge Press (CNP), 2022
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a a c a d b d c b b b b d d c
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
a b d b c c a a d c a b c c b
© Carvinowledge Press (CNP), 2022
state-wise. Each collection center is run by co-operatives created in each district of the state. The total
members of these co-operatives are more than 1.5 Crores as on April 2020.
Other than retail sales, a few other major revenue sources of the company are as follows:
§§ Department of Defence, Government of India
§§ Corporate Customers
§§ Export Customers
To achieve the target company’s turnover of ` 50,000/- Crores by 2020-21; Board of Directors of
the company decides a two-prong strategy - Business Strategy and System Strategy which are as
follows.
The Business Strategy includes the following:
§§ Launch new products.
§§ Get into new markets for existing products.
§§ Increase per capita consumption of products in existing market.
The System Strategy includes the following:
§§ Company needs to create infrastructure that could cater to ever changing needs of business.
This includes robust network infrastructure as well as database configuration.
There are two things in business
§§ Innovation &
§§ Strategy,
§§ Rest are cost and Details.
ww The proposed database structure needs to cater to needs of business and to store complex
data like identification of animals through their images, health-card system etc.
ww Creates a system to keep track of target on monthly basis.
ww At village level, Company shall install a computer system at each milk collection center.
These systems shall be connected to main server of the company. There are 50,000 villages
to be covered.
Based on the above case scenario, answer the following MCQs:
1. The company Ind Milk Dairy decides to have a database structure where each member of
the district level cooperative society shall be part of database defined as “OWNER”. Each
Owner record shall have images of their milk giving animals with its health cards. Identify
the best database structure the company may use to store such complex data.
a. Hierarchical Database Model
b. Network Database Model
c. Object Oriented Database Model
d. Relational Database Model
2. The company Ind Milk Dairy decides to have a system to track its target on monthly basis.
This can be achieved using _____________.
a. Big Data
b. Artificial Intelligence
c. Management Information System
d. Knowledge Management System
3. The company Ind Milk Dairy decides to have systems in the collection centres at village
level that requires updating of data into central server in online / real time basis. This will
improve ____________business cycle of the company.
a. Order to Cash (O2C)
b. Procure to Pay (P2P)
c. Raw Material to Finished Goods
d. Debtors Management
4. The Ind Milk Dairy company’s decision to increase its turnover to ` 50,000/- crores by
2020-21 is a strategic decision. Which ERP functional module supports this type of decision
making?
a. Project Management
b. Sales and Distribution
c. Financial Accounting
d. Materials Management
5. In purview of above case scenario, the company’s central server shall keep the data of each
milk collection center and shall also perform the task of backup, archiving and recovery.
Which of the following technology can be useful in this case?
a. Storage Virtualization
b. Network Virtualization
c. Hardware Virtualization
d. Software Virtualization
years. It had opened a current account with the bank’s Panjim branch on 12th December 2017.
§§ The auditors noted that several small value cash deposits have been made from NGO’s Bank
S TU D Y
account to a current account over the past one year, the ledger summation being ` 29.49 Lakhs
for the year.
§§ There have been two instances of high value RTGS (Real-Time Gross Settlement) transfers
from this account to another account of a nationalized bank’s branch located at Delhi, the first
executed for ` 12 Lakhs on 07th March 2018 and the second for ` 10 Lakhs on 29th March
2018.
§§ The bank manager initiated an email on 29th March 2018 to NGO’s email-id available with
© Carvinowledge Press (CNP), 2022
the branch, requesting for the details of the parties to whom the transactions were initiated and
the reason for the same.
§§ The NGO’s Bangalore office replied that though it cannot share specific party details, the
transactions were initiated for fund remittances to another Delhi based NGO having similar
philanthropic purposes. The auditors suspect this as case of money laundering.
§§ The auditors recommended that the bank should initiate integration to BHIM (Bharat Interface
for Money) application to provide better services to its account holders.
§§ The auditors suggested that a separate automated control report to be generated in bank for
each day-end closure which will total all the centralized printed cheque book count and cross-
check the printed cheque book dispatch register.
§§ Letter of Credits (LCs) are currently set in the bank to auto renew on expiry date.
§§ The auditor found that there are five thumb impression based biometric units that are connected
to terminals but are not working.
3. Which of the following clause will not be a part of the KKLP’s Service Level Agreement
(SLA) in case SaaS (Software as a Service) model is provided to them by the cloud service
provider?
a. The responsibility of the service provider to maintain data connectivity 24x7.
b. The responsibility of the service provider for providing alternative data recovery plan.
c. The rights and responsibilities of both KKLP and service provider towards the SLA.
d. The responsibility of the service provider for storage of data and data security.
4. The management of KKLP requires its IT manager to generate an exception report on daily
basis for those vendors who have placed orders in excess to their permissible account limits
and to trigger a lock on their accounts from further operations, which can be unlocked only
by remitting funds to the extent of the excess in limit. This activity can be done by the IT
Manager by_______________.
a. introducing a detective control for monitoring limits versus order balances at account
level for each vendor.
b. introducing a preventive control for past due accounts report on each day end basis at
account level for each vendor.
c. introducing a detective control for variance reporting and auto emailing system to all
exception flagged vendors.
d. introducing a preventive control based on hash totals between permissible account limits
and order placed values where the excess will be reported for hash total violation
rules.
5. The IT manager is responsible to ensure that a premium registered vendor does not
download, copy or extract any information from its website. If someone does this, he shall
be liable to penalty. Which of following section of IT Act, 2000 would be helpful for this?
a. Section 66D
b. Section 43A
c. Section 43
d. Section 65
employees to promote and to sell its products across the country and initiated selling its products
S TU D Y
through online mode to reach customers worldwide. Hence, the company started e-Business through
website and started receiving orders from worldwide customers.
To make optimal use and quick sharing of data, the company started keeping all its data on Google
cloud. Now the marketing employees and salespersons of the company have readily available data
related to inventory and online orders anywhere, anytime. Also, they can update their status and
targets achieved on company’s website instantly. Initially the company got 15GB free space on cloud,
but in due course of time, the demand for the data storage increased so, it subscribed for more space
on cloud. The company is satisfied with the cloud service as it isolates the company completely from
server failures and needs to pay for only amount of storage it uses.
The company uses digital mode of payment for both the customers and suppliers and also uses
modules of Enterprise Resource Planning system. The organization has some controls in the system that
restricts unauthorized entry into the premises. Some controls also have been designed to detect errors,
omissions and malicious act occurrence and report that occurrence. The company also appointed an IS
auditor to ensure the completeness, accuracy and validity of data.
i. One day, IT Manager of the company observed that while accessing the home page of © Carvinowledge Press (CNP), 2022
company’s website; some pornographic content was displayed on its home page.
ii. The manager informed the management of the company which in turn reported about this
to cyber security cell.
iii. On investigation, it was found that Mr. A, a team member of IT Department, intentionally
hosted the objectionable content on the company’s website and also concealed some
important information.
The regular customers of grocery store have been provided a membership number and a membership
S TU D Y
card. When a purchase is made by a customer; all the details related to purchase are recorded in
database against that membership number.
As a part of promotional campaign activity, the PQR Ltd. offers various discounts and schemes to draw
attention of new customers and provide satisfactory services to its existing customers. These schemes
are developed by top management based on purchase patterns, market trends and association of
purchases done by customers. The company is using software, which provides the details that enable
the top management in efficient decision making.
© Carvinowledge Press (CNP), 2022
Each plan offers adequate risk coverage at low rates through a simple application process. It offers
S TU D Y
rewards for healthy life style at relatively low premium and certain tax benefits as per the applicable
Tax Laws.
With the goal to grow, the company has given the facility to buyers to purchase its plans online. All the
data related to investors, claims, policies and marketing agents are stored in a database which can
be accessed online. All data and website of the company are hosted on a cloud.
The performance of the XYZ insurance company about planning, implementation and monitoring of
computerization process was reviewed by IS auditor since last 5 years. The audit of Data Centre
and Information System department was conducted with a view to obtain a reasonable assurance on
accuracy and consistency of data. Existence and adequacy of IT controls and network controls are
also reviewed. The audit was conducted at 12 various branches selected on random basis.
The audit was performed against various frameworks, standards, laws, guidelines and policies relevant
to insurance business as well as IT.
Audit findings and recommendations to Management were as follows:
i. All computers should be provided indirect network connections with other networking
services or servers.
ii. There is a need to make huge volumes of data availability from cloud at peak time.
iii. The controls that ensure the availability of system in case of data loss due to unauthorized
access and equipment failure etc. are not adequate.
iv. There is a need to establish a mechanism to transfer the data in an encrypted form so that
it would be safe and other users who are not authenticated cannot access that data.
v. Mr. A dishonestly used electronic signature of the branch manager of Z branch of Company
and passed the false claim of one of the buyers and allowed him to withdraw the funds.
The legal action must be taken against him.
vi. Special audit routines are advised to highlight and notify suspicious records with frequent
change in name and address so that policyholder system becomes less vulnerable to frauds
like funds withdrawal because of false claims.
Based on the above case scenario, answer the following MCQs:
1. According to IS Auditor, some controls need improvement to ensure the availability of
system in case of data loss due to unauthorized access and equipment failure etc. so that
the company can retrieve the files. Which of the following strategies should be adopted by
XYZ Company for this purpose?
a. Grouping the similar transactions b. Logging input transactions
c. Dual recording of data d. Periodic dumping of data
2. The IS auditor has found that Mr. A dishonestly made use of electronic signature of the
© Carvinowledge Press (CNP), 2022
branch manager of Z branch of the company and passed the false claim of one of the
buyers. Under which section of IT Act, 2000 is Mr. A punishable?
a. Section 66B b. Section 66C
c. Section 66D d. Section 43
3. What kind of server has been recommended by IS auditor to provide networking services to
all computers of XYZ company?
a. Proxy Server b. Web Server
c. Database Server d. Application Server
4. In purview of above case scenario, which type of audit routines can be recommended by IS
auditor to avoid withdrawal of funds due to false claims?
a. Continuous and Intermittent Simulation
b. Snapshot
c. System Control and Review File
d. Audit Hook
5. The company started using wearable smart watches and bands that provide the medical
condition of individual who wishes to buy life insurance. This initiative of the company is
a part of their risk management strategy. Identify it.
a. Tolerate the risk b. Terminate the risk
c. Transfer the risk d. Treat the risk
Because of the growing competition in the market, the ABC Company wants to use some technology
on sustainable position in comparison to others, and to reveal its capabilities and market conditions so
that it can take good strategic and tactical decisions to maintain its repute in the market.
The company uses controls to protect its data and information on its private network from the outside
network by filtering the information, thus allowing only authorized traffic to pass through the network.
Despite of all its functioning and care, a case has been reported where two drivers of the company
had transported the cash of `12 lakhs from Delhi to Jaipur without any bill or proof while taking the
passengers in the company’s cab without the notification of the company’s higher authority.
There is a need of legal action against them.
Based on the above case scenario, answer the following MCQs:
1. Under which section of Prevention of Money Laundering Act, the two reported drivers of
the ABC Company are liable?
a. Punishment of cheating by personation
b. Punishment to give false information
c. Offence of money laundering
d. Punishment of theft
2. some technologies to be on sustainable position. Which technology can help the company
to make well-informed business decision and be the source of competitive advantage?
a. Artificial Intelligence
b. eXtensible Business Reporting Language (XBRL)
c. Internet of Things
d. Business Intelligence
3. According to case scenario, what kind of business risk ABC Company tries to avoid by
giving health safety facilities to employees?
a. Regulatory risks b. Financial risks
c. Hazard risks d. Technology risks
4. In purview of above case scenario, what kind of business market model is being followed © Carvinowledge Press (CNP), 2022
by ABC Company?
a. E-shop b. Buyer Aggregator
c. Virtual community d. E-market
5. What kind of network access controls are being used by the ABC Company to ensure
network security?
a. Firewall
b. Call back device
c. Encryption
d. Enforced Path
These branches have been managing all the operations related to administrative, financial, clinical
aspects and health care facilities manually. But, now the management of the hospital wants to
streamline and optimize all its business operations in its branches.
After consulting the experts, the hospital decides a strategy to implement a comprehensive, integrated
and specialized system which is designed to manage the administrative, financial and clinical aspects of
hospital and healthcare facilities of all its departments in single software and maintains a centralized
database for all the relevant data.
§§ This proposed system is planned to be developed in-house during which an IS Auditor Mr.
Kamal is responsible to provide his valuable inputs and supervise the development and working
of the system from auditor’s aspects.
§§ The proposed software or system would make available up-to-date data that bring workflow
efficiency in hospital management.
§§ All its branches would be interconnected with each other through intranet and share data with
each other.
§§ Also, the administrative staff could track the status of funds, patients, doctors and facilities etc.
very easily just on the click of a button.
§§ Each employee shall have a unique login Id and certain access privileges depending on his/her
job profile and designation.
§§ The proposed software has facility of Electronic funds transfer for its various stakeholders like
vendors, doctors and patients in order to provide them more satisfaction.
§§ With the implementation of the new system, the security of the confidential data of its patients
that is being stored, processed and maintained in the centralised database is a serious concern
for the top management of the hospital.
Recently, the hospital is also facing many connectivity and security issues in its intranet due to which the
data transmission between its branches has become unreliable.
Hospital management considers various risks associated with this, including cyber risks and infringe
of various IT laws and also puts controls in place in response to these risks. It puts controls in place
to ensure that either failures do not impact or have a minimum impact on hospital operations and
services. It also keeps a check that no unlawful activity can take place.
Based on the above case scenario, answer the following MCQs:
1. Which strategy is used by ABC hospital that streamlined and optimized its operations?
a. Database Management System b. Business Process Reengineering
c. Business Process Automation d. Bring Your Own Device
2. Which type of control mechanism is implemented by ABC hospital to restrict its system
© Carvinowledge Press (CNP), 2022
1. Central database for the engineering business line to be modelled on a relational database
model deploying RDB - Oracle. This software can be installed on each system to maintain
the database.
2. The rules pertaining to a sale invoice is written as:
ww Invoice Amount: Primary Key
ww Invoice Date: Attribute
ww Product Name in Invoice: Relation
3. Access controls to be based on user preference basis.
4. Running a backup procedure each day at 22:00 hours.
5. Internally created ERP software to be deployed, which will be efficient in terms of cost and
performance.
6. Accounts Payable Module will be code written auto-rules for payment cheque creation.
7. The COO wants to implement a VOIP (Voice over IP) system for efficient time management
8. The COO also wants to have a penalty enforced for any employee who misuses company
data stored in the company servers and computers.
Based on the above case scenario, answer the following MCQs:
1. In context with the case scenario, the statement ‘Access controls to be based on user
preference basis’; in your opinion is_____________.
a. False, as access controls are defined on need-to-know basis.
b. False, as access controls are defined on need to know and need to do basis.
c. False, as access controls are defined on need to know and compliance basis.
d. True, as access controls are defined on user preference and utility basis.
2. Which control is adopted in the case of HAK Systems Private Limited running a backup
procedure each day at 22:00 hours?
a. Preventive control
b. Corrective control
c. Detective control
d. Application and Monitoring system access control
3. One of the business lines of HAK Systems Private Limited is that of Cloud-based server
solutions. In this context identify, which of the following statement is correct for an installed
application software?
a. Installed application software will be more efficient than a cloud-based application © Carvinowledge Press (CNP), 2022
based on performance parameter.
b. The CAPEX (Capital Expenditure) spent for an internal software application will be
higher to the CAPEX for a cloud-based application, but OPEX spend will be lower than
the cloud-based application.
c. Definite service agreement is recommended in installed software application.
d. Maintenance will be the defined liability of the installed application service provider.
4. In purview of above case scenario, Accounts Payable Module is suggested to be used.
Which of the following is one of the fundamental rules adopted in an Accounts Payable
automation set up for payment to vendor?
a. Vendor Invoice, PO and GRN to be matched to PO terms and rates, and vendor master
table for payment cheques preparation.
b. Vendor PO, Invoice to be matched to the GRN for terms and rates for payment cheque
preparation.
c. Vendor Master Table to be checked with the PO and supply terms to be matched to the
GRN for payment cheque preparation.
d. Vendor Invoice to be matched to Vendor master table, and if validated, the ledger
table to be matched to invoice value and then the GRN to be validated for payment
cheque preparation.
5. HAKPL has Cloud based server solution business line. As per suggestion of the COO, which
of the following Service Model of cloud computing will be used in e-VoIP?
a. Platform as a Service (PAAS)
b. API as a Service (APIaaS)
c. Software as a Service (SaaS)
d. Communication as a Service (CaaS)
6. Referring to the IT Act 2000, the COO suggested the penalty for a person who extracts or
copies any data from the computer system of the company without prior approval. What is
the penalty defined under which section of IT Act, 2000 for such an offence?
a. Imprisonment for a term up to 3 years and penalty up to ` 5 lakh or with both under
Section 66.
b. Imprisonment for a term upto 5 years and penalty upto ` 5lakh under Section 43A.
c. Imprisonment for a term upto 3 years and penalty upto ` 10 lakh under Section 66.
d. Imprisonment for a term upto 5 years and penalty upto ` 3 lakh under Section 43A.
performance parameters.
S TU D Y
The newspaper article ended by stating that bank has 2,50,000 account holders. If each customer
loses ` 0.05 (Five Paisa) each month, that means bank is gaining ` 12,500/- per month meaning `
1,50,000/- per year.
MANAGEMENT ACTION ON ISSUE
As soon as the matter came in public domain, the management of SBL realized that some swift action
is needed on urgent basis.
SBL board called for a high-profile meeting and discussed the matter. At the end of the meeting, the
management took a decision to get the bank’s system audited by a system expert.
Subsequently, Mr. A was hired to conduct the audit which he completed and submitted a report
stating that:
i. Many important reports like Asset - Liability Management (ALM) Report, Cash Reserve
Ratio (CRR), Statutory Liquidity Ratio (SLR) reports are not being provided by the CBS.
SmlCBS does have capability to add a new report that may be needed in future, if RBI
mandates the same.
ii. SmlCBS does not have any backup facility in case of any disaster or natural calamity.
iii. SmlCBS does not have it’s m-banking facility.
iv. Finally, the system auditor suggested that SBL needs to go for a new CBS.
v. SBL board immediately decided to change the software.
vi. SBL this time went through the due process of software selection and implemented new
software.
vii. Having done this, SBL Board had organized a public launch function for the new
software by inviting ministers of technology from all three states where bank has its
operation.
Based on the above case scenario, answer the following MCQs:
1. CBS Implementation needs to be controlled and monitored. SBL board’s decision to
implement CBS lacks which critical aspect of CBS deployment?
a. Approval b. Selection
c. Planning d. Testing
2. ALM, CRR and SLR are not being generated from SmlCBS. These reports are important for
management decision making. All these reports shall be classified as__________.
a. Daily Reports b. MIS reports
c. Exception Reports d. Balance Sheet Report
3. In purview of above case scenario, the published key facts in the newspaper represented a
fraudulent way of interest calculation which was due to inherent weakness in system. This
would be classified as a ____________.
a. Risk
b. Vulnerability
c. Threat
d. Impact
4. The newspaper national daily pointed the error in interest calculation where each customer © Carvinowledge Press (CNP), 2022
loses `0.05 (Five Paisa) each month. It is most likely to be classified as_______________.
a. Spoofing
b. Bomb
c. Piggybacking
d. Rounding Down
5. System Auditor’s report highlighted that SmlCBS does not have a live back up. In case of
disaster, the bank may be subject to grave risk. These types of risk are addressed through
having ________.
a. Data Management Control
b. Programming Management Control
c. System Development Control
d. Security Management Control
A client of Ridonix, Ghoomo Hotels was going through a huge cash crunch and on the verge of closure.
They approached Ridonix to find solutions to reduce costs and implement effective pricing models to
lure customers. The objective given to Ridonix is to bring the hotel chain at break-even point in next
two years.
The analysts’ team from Ridonix gathered relevant information from Ghoomo’s operations team, and
found many genuine loop holes in their systems. Followings are the observations of Ridonix:
1. There were multiple online booking partners to book rooms to whom high commissions
were being paid, and no proper checks on payouts to these booking partners were in place.
2. Further, there were three banking gateway partners associated. They charged higher than
industry standards as their convenience fees.
3. The booking system was also internally flawed as it could not manage cancellations,
wherein the system reported rooms as booked, while they had actually been cancelled
online.
4. A major confidentiality breach was also reported, where two employees had access to
confidential data of customers and their preferences, and they were selling that data to
Ghoomo’s competitors.
5. The entire internal reporting system was redundant and needed a corrective update.
The system advisory report from Ridonix suggested Ghoomo:
a. to setup a new information system, i.e. to call in change management of the existing
reporting software.
b. to implement a strong ERP system to keep a track of room inventory.
c. to save costs in banking transactions, Ghoomo was advised to go for an integrated
payments system rather than relying on multiple gateways of multiple banks.
d. to reflect timely and accurate cancellation of rooms in the system, Ridonix advised
putting an audit tool in place and executing it frequently to keep a check on errors.
To safeguard the business from data privacy litigations in future, Ridonix also advised Ghoomo to get
legal contracts drafted by legal experts and put them up on their website and application.
Based on the above case scenario, answer the following MCQs:
1. Which of the following could be cheapest and most effective in implementing integrated
© Carvinowledge Press (CNP), 2022
The business is focused on a niche target market with immense potential in India. The owners are quite
satisfied with the results so far, but also face a few challenges as they plan to scale up.
Kumari G., the founder of the 1k Pvt. Ltd., hired a market research firm to ratify her gut feeling, that the
teenage segment in India is increasingly focused on sports and fitness, and has available disposable
income to spend on themselves. The market firm did an in-depth data analysis and reported that it
was indeed a potential market with 10X growth visibility in coming 5 years.
The Company has been quite adamant in finding internal flaws and with recent plans of scaling up © Carvinowledge Press (CNP), 2022
operations; a special meeting was called on to find solid solutions of identified concerns. The major
concern of the management was regarding the Purchase Department.
Firstly, delays in posting accurate raw material inventory position were creating undue pressure on the
production line. Proper reporting mechanism was suggested to be put in place.
Second, major concern was cash leakage from the system. Internal Audit experts were notified to
put in strong audit trails to mark red flag transactions and further, block those transaction owners
temporarily.
1k Pvt. Ltd.’s core essence of being of new age company focused on teenagers is also mandated
in its office campus. The employees are encouraged to bring their own devices at work and are
even reimbursed the cost of internet if they use their personal hotspots. It creates an environment of
individuality and freedom amongst workers.
It has also helped the company in saving good amount of money in IT infrastructure and network
provider costs.
The company reported revenue of ` 3.00 crores last year, and with scale up of operations, it is
projected that numbers would cross ` 10.00 crores in the coming year.
Purity can be connected with the home Wi-Fi and when the purifying agents deplete, may inform
SE
the service agents of the company. The management decided to outsource the service agent work to
S TU D Y
different local agencies. The company was facing financial difficulties in launching the product. For
this, they had taken a bank guarantee from the Amy Bank, for making the payment of raw material
purchased from the supplier.
The company also changed the collection of payment policy for debtors and giving more payment
options as well as introducing the discount policies on bulk purchases and timing of the payments.
Additionally, the company adopted online marketing rather than paper-based marketing and online
invoicing to cut down the paper wastage as well as to make an addition to the cost-saving.
To increase the awareness of Purity and ease to its customers to use Purity, the company decided to
register itself on famous shopping applications to deliver the product to customers at their doorsteps.
Now, the customer can purchase Purity online as well as offline. They also decided to open cash on
delivery option for its customers.
§§ The bank decided to adopt the Core Banking System that will help in assessing the same bank
data by all the branches and ATMs.
S TU D Y
§§ The management of KPL Bank decided to introduce “tab banking” wherein the bank officials
would go to the customer’s place and open the bank account at their premise by clicking the
customer’s photographs and scanning the required documents using tab.
§§ They decided to provide doorstep banking services to senior citizens and differently-abled
customers, wherein the, the bank may help these people in deposit and withdrawal of the cash,
and other banking services at their doorstep.
§§ A google application named “mKPL” would be created that may allow the customers to make
financial transactions, check balance, transfer money, and perform other banking operations
using their smart phones or tablets.
§§ Banks being the backbone of the economy, KPL Bank decided to be better equipped with
technology to minimize fraud and control exposure risks.
§§ Hence, the management also aimed to strengthen its Information Technology department with
proper segregation of duties among personnel.
§§ This step will help in establishing proper controls with risk management.
§§ They worked towards the establishment of branches in rural areas all over the country and
providing the farmers with different loans and savings options.
§§ Now, the bank is ready to adhere with all the regulatory and compliance requirements
applicable to them.
§§ Their focus is on using IT in the best possible ways and achieves higher customer satisfaction by
rendering them all the products and services.
Based on the above case scenario, answer the following MCQs:
1. The Reserve Bank of India has given approval to “KPL Bank” to start operations as
universal bank. Which among the following Act gives the power to the Reserve Bank of
India to license new banks to start operations?
a. Reserve Bank of India Act, 1934
b. Banking Regulation Act, 1949
c. Negotiable Instrument Act, 1881
d. Information Technology Act, 2000
2. As a part of risk management, the KPL Bank is deploying a separate Information Technology
organization structure with proper segregation. This type of risk management comes under
which control?
a. Application Control b. Internal Control
© Carvinowledge Press (CNP), 2022
However, due to system vulnerability and lack in appropriate controls, recently an incident took place
S TU D Y
wherein an employee Mr. R was caught sharing confidential records of Mr. Z (who was insured under
Mediclaim Policy) to Satyam Cell Marketing Global Private Limited.
Mr. S, appointed as an IS auditor of NIGHPL, conducted it’s IS audit and highlighted some key control
weakness issues and comments on company’s password policy that was prepared but not implemented
by the Information Technology (IT) Dept. He submitted his audit report to Board of Directors and
recommended an immediate attention of Management of the NIGPL to address the issues as specified
in the report.
After considering the recent incident of Mr. R and recommendations of IS auditor Mr. S; Board of
Directors of NIGHPL held a meeting with its’ senior members of the management including Chief
Information Officer, Chief Financial Officer and Chief Executive Officer.
The decisions of the meeting were as follows:
ww Company will approach Big 4 System Development & Service Provider to develop ERP
system and its implementation at various locations across the country with in-built effective
and efficient IT Controls in place.
ww Company also decided to implement Balance Scorecard, a strategy performance
management tool to identify and improve various internal business functions and their
resulting external outcomes.
ww None of the employee can access detail of customer without prior permission of IT head.
Mr. SK an employee of Big 4 system development and service provider was assigned the job to
understand the requirements for the proposed system of NIGHPL. For that, he frequently visited the
company and interacted with users of the computer system.
The Company also approached to AWS to provide them access to Virtual Machines for data
processing. The company went-live with new ERP system. Company had also prepared the backup
strategy whereby the data is taken from the live environment to backup drive.
Based on the above case scenario, answer the following MCQs:
1. In the light of IT Act, 2000; who will be responsible for paying compensation to Mr. Z for
failure to protect his data?
a. Directors of Satyam Cell Marketing Global Private Limited
b. Directors of New India Global Healthcare Private Limited
c. Shareholders of New India Global Healthcare Private Limited
d. Directors of Big 4 system development and service provider
2. IS auditor has observed that the NIGHPL has not implemented password policy properly
and allowed users to keep short-length login passwords for system access and not aware
for frequently changing it. This refers to ____ in purview of Information System Concepts.
a. Exposure b. Threat © Carvinowledge Press (CNP), 2022
c. Vulnerability d. Attack
3. NIGHPL approached to Amazon Web Services to provide them access to Virtual Machines
for data processing. Which of the following Cloud Computing Service Model will be useful
for this?
a. Network as a Service (NaaS)
b. Infrastructure as a Service (IaaS)
c. Platform as a Service (PaaS)
d. Software as a Service (SaaS)
4. If you were requested to advice NIGHPL’s management on its Password Policy to be
followed by its users to protect its data, which of the following feature will you recommend
to make the password control strong?
a. Password length should at least be of 4 characters.
b. Password should be changed once in a year.
c. Password should always be in numeric form.
d. Password of user should be blocked after three unsuccessful login attempts.
In India, IRDA is an autonomous statutory body tasked with regulating and promoting the insurance
S TU D Y
and re-insurance industries in India. It protects the interest of policy holders, regulates, promotes and
ensures orderly growth of the insurance in India.
Information Systems Audit has a significant role in the emerging insurance sector.
CBZ Singapore Global Insurance Limited has framed and setup a committee of ten personnel for
implementation of ERP to automate all business processes in their company and also responsible for
the compliance of various rules and regulations of IRDA and other applicable laws.
The Company adopts Mobile Computing to sell its insurance products online.
Also, the company establishes 50 branches throughout India to appoint agents to promote the selling
of their insurance products.
Company uses a Wide Area Network to allow its agents away from home office to obtain current rates
and client information and to submit approved claim using notebook computers and dial in modems.
Based on the above case scenario, answer the following MCQs:
1. In the given case scenario, the technology Mobile Computing adopted by CBZ Singapore
Global Insurance Limited will has its own limitation. Which of the following however will
fall under the list of limitations of Mobile Computing?
a. Ensuring reduced travel time for employees.
b. Ensuring mobile workforce with remote access to work order details.
c. Increased information flow enables in improving management effectiveness.
d. The users’ disrupted access of information due to insufficient bandwidth
2. In the given scenario, suppose if there is a leakage of sensitive/confidential data of a
policy holder; under IT Act, 2000, who will be held liable to pay compensation for failure
to protect policyholder’s data?
a. Directors of CBZ Singapore Global Insurance Limited
b. Shareholders of CBZ Singapore Global Insurance Limited
c. Officer of Telecom Regulatory Authority of India
d. Agents of CBZ Singapore Global Insurance Limited
3. Suppose you are appointed as an IS auditor of CBZ Singapore Global Insurance Limited.
When you are going to audit the physical access controls, which of the following activity is
not undertaken by you?
a. You must check that the risk assessment procedure adequately covers periodic and
timely assessment of all physical access threats.
b. You must check whether the physical access controls are adequately in place.
c. You must examine the relevant documents such as security policies and procedures are
© Carvinowledge Press (CNP), 2022
prepared.
d. You must develop and document an overall audit plan describing the expected scope
and conduct of the audit.
Ms.VA has more than a decade of experience and is a MBA from IIMA plus qualified CISA, CISM
expert. Ms.VA has been given in six months to submit the report. Ms.VA, submits her reports in two
parts.
ww Part one deals with identification of key reasons for business decline.
ww Part two is solutions to identified problems.
Ms.VA found that, Customer order execution (turnaround time: TAT) is twice the market norms. In the
present system retailers’ orders are accepted by sales representatives, who send the same to HO on
email. Sales head at HO takes gives the necessary instructions. This process is having many human
interfaces leading to delay in supply of material once email has been sent for orders, and many times
the received goods and ordered goods do not match.
Ms. VA applied the principles of risk management and suggested following solutions:
ww XTC needs to implement a new system. The proposed system shall integrate all departments
of the company including key departments; Sales and Distribution & Material Management
& Financial Management & Production, Planning and Costing and Human Resources. This
shall help XTC optimize resource utilization and increase profitability.
ww The proposed system shall have an online mobile APP enabled system of order acceptance
from retailers and wholesalers. Mobile APP to be installed on all sales representative
systems.
ww In the new system, XTC limited plans to preload reorders levels for various products for
each wholesaler individually. This will help better inventory management. As soon inventory
level of a product will reach reorder level, system will send a purchase order for Re-order
Quantity/Economic Order Quantity to vendor. This shall significantly reduce the Turnaround
Time.
Based on the above case scenario, answer the following MCQs:
1. Expert used risk management principles to suggest a solution. Risk management
terminologies include all except……….
a. Vulnerability Assessment
b. Threat Assessment
c. Risk Sharing
d. Exposure
2. Use of Mobile APP by employee is convergence of two emerging technologies referred
to as Mobile Computing and BYOD. The common risk associated with both technologies
include
a. Security Risk © Carvinowledge Press (CNP), 2022
b. Bandwidth
c. Application Risk
d. Health Hazard
3. Ms. VA proposed a system that shall integrate all key departments of the company. Identify
from the following which type of system she is proposing?
a. Business Process Reengineering
b. Enterprise Resource Planning
c. Business Research Automation
d. Business Continuity Planning
Exchange for listing its securities. Mr. Sameer Jain joined the Company as Chief Executive Officer
S TU D Y
(CEO) with effect from 01st January, 2020. After taking his duty charge; he held various meetings
with the company’s management and stakeholders and presented a unified proposal on future of the
company in meeting which are as given below:
i. Expansion of the company business in other foreign countries includes European Countries
and Gulf Countries and Asia-Pacific Countries.
ii. With best quality product under reasonable price i.e., called value for money for its
customers worldwide.
iii. Spreading out e-commerce business activities and online presence worldwide.
iv. Development & Implementation of IS security policy.
v. Adoption of new and emerging IT technologies includes Cloud Computing, Mobile
Computing, Green Computing etc. for the company.
vi. Upgrading to all business processes through latest technology & trends & keeping all
records and documents in electronic digitalized form.
vii. Reciprocal agreement for disaster recovery with another company called G.K. Global
Textile and Cotton Fabrics Limited (already a listed entity in Bombay Stock Exchange)
w.e.f. 5th January, 2020.
Based on the above case scenario, answer the following MCQs:
1. VK Textile Cotton Fabrics Private Limited has entered into a reciprocal agreement as one
of the strategies of Disaster Recovery Planning. Which of the following risk treatment
approach does it indicate?
a. Risk Transfer
b. Risk Avoidance
c. Risk Mitigation
d. Risk Acceptance
2. Which of the following is a practice of using computers and IT resources in a more efficient
environmentally friendly and responsible way?
a. Grid Computing
b. Cloud Computing
c. Virtualization
d. Green Computing
3. Under which sub process of Information Security, the company can implement security at
various aspects of application of any transaction?
© Carvinowledge Press (CNP), 2022
a. Database Security
b. Network Security
c. Application Security
d. Operating System Security
Department. The same is defined in the Job Profile of GM (Finance) who is responsible to supervise
S TU D Y
the allocation, deletion, modification and suspension of user rights based on approvals made by HR
Department. On 26th September 2018; the General Manager (Finance) resigned from the Company
and on 1st October 2018; a new joinee who joined the company as GM was given another super-user
password.
In due course of time, the Company hired Mr. J as its internal auditor in the month of March 2019.
After the due procedure, he submitted his Draft IS Audit Report to Chief Executive Officer (CEO) and
Managing Director highlighting following key control issues:
ww All employees of Accounts Departments have been using the Super-User Password of the
previous General Manager (Finance). For past six months, after the new joinee has joined,
the audit logs of some dates are missing and not available.
ww There is no basic configuration in the accounting system to restrict cash payment in excess
of ` 10,000/- that result in the expense being disallowed as a business expense. That shall
lead to increase in the tax liability of the company.
ww There is no effective internal control system regarding user management, creation and
modification of accounting voucher.
ww Company has no emergency plan with an outdated list of names to contact in case there is
some type of emergency within the company
ww There are unused computer systems lying idle.
ww There is no antivirus or security mechanism existing in the computer systems of the employees
carrying out day to day transactions.
ww There are versions of unauthorized software installed on numerous computer systems.
ww There is no physical and environmental control policy for safeguarding of company assets.
IS auditor recommended a proposed solution to overcome the afore-mentioned issues. To implement
the same, he recommended a strategy to adopt new accounting system with the old and new systems
both being used alongside each other, both being able to operate independently. If all goes well, the
old system is stopped and new system carries on as only system.
Based on the above case scenario, answer the following MCQs:
1. An accountant has rights to create as well as modify accounting vouchers. Which of the
following principle has not been followed by the company in the given scenario?
a. Confidentiality
b. Availability
c. Integrity
d. Segregation of Duties
2. In the given case scenario, IS auditor using concurrent audit technique to check whether the © Carvinowledge Press (CNP), 2022
accounting system restricting the cash payment in excess of ` 10000/- or not. Identify from
the following concurrent audit techniques which will be useful in above case.
a. Use of System Control Audit Review File (SCARF)
b. Use of Integrated Test Facility (ITF)
c. Use of Continuous and Intermittent Simulation (CIS)
d. Use of Snapshot
3. In the given case scenario, if a junior employee Mr. AB from finance department sends
email to banker for request for money transfer and pertained to be as GM (Finance) of
Company. Under which of the following section of Information Technology Act, 2000 Mr.
AB will be punished?
a. Section 66A
b. Section 66B
c. Section 66C
d. Section 66D
However, it’s current system is unable to cope up with the growing volume of transactions. Frequent
SE
connectivity problems, slow processing and a few instances of phishing attacks and virus attacks
S TU D Y
were also reported. Hence the Company has decided to develop more comprehensive robust in-
house software for providing good governance and sufficient use of computer and IT resources with
implementation of effective and efficient controls provided in the system to ensure the data integrity,
confidentiality and availability.
Also, an updated backup plan is to be prepared for SMS Limited in order to specify the type of
backup to be kept, frequency with which backup is to be undertaken, procedures for making a
backup, location of backup resources, site where these resources can be assembled and operations
restarted, personnel who are responsible for gathering backup resources and restarting operations,
priorities to be assigned to recover various systems and a time frame for the recovery of each system.
SMS Limited is also planning to take various types of insurance coverage for safeguarding of their
assets and to avoid unexpected future liabilities due to uninterrupted event or disaster.
Based on the above case scenario, answer the following MCQs:
1. A few instances of phishing attacks were also reported in SMS Limited. Which of the
following section of Information Technology Act, 2000 fixes liability on SMS Limited to
secure data of their customers?
a. Section 43A
b. Section 46
c. Section 66D
d. Section 75
2. Suppose you are appointed as an IS auditor of SMS Limited for auditing the Information
System. You are determining what controls are exercised to maintain data integrity. You
might also interview database users to determine their level of awareness of these controls.
Which of the following Control are you working on?
a. Data Resource Management Control
b. Security Management Control
c. Operation Management Control
d. Quality Assurance Control
3. SMS Limited is also planning to take various types of insurance coverage for safeguarding
of their assets and to avoid unexpected future liabilities due to uninterrupted event or
disaster. These Insurance Coverage falls under which type of a specific risk mitigation
strategy?
a. Terminate/Eliminate the Risk
b. Treat/Mitigate the Risk
c. Tolerate/Accept the Risk
© Carvinowledge Press (CNP), 2022
It also contained detailed information on how to protect company’s information asset and instruction
regarding acceptable practices and behavior. In a week’s time, she got to meet Mr. Raja, Chief
Executive Officer (CEO) of the ABC Company.
Mr. Raja instructed her to conduct broad review of Human Resource Department Process to determine
the probable risks and to analyze the effectiveness and efficiency of existing controls in HR process.
Based on that, Ms. Queen started to review HR processes and controls implemented in the
company and highlighted following key matters in her report submitted to CEO:
ww Absence of rotation of duties control
ww Absence of Segregation of duties control
ww Lack of maker and checker concept
ww Manual authorization procedure exists
ww Key Man policies not implemented
ww Manual attendance registers and leaves record.
ww Invalid data in Human Resource Computer System.
ww Using of Social Networking Website like Facebook, Twitter etc. in office timings using
computer resources of HR Department.
ww Plan & Budget approved for development of Robust & Fully Automated Payroll Software
but not implemented till date.
ww Suggested to implementation of BYOD concept.
The CEO Mr. Raja appreciated the detailed report of Ms. Queen and started taking corrective steps
for improvement.
Based on the above case scenario, answer the following MCQs:
1. Which of the following would BEST provide assurance of the integrity of Ms. Queen (new
staff) that will be treated as preventive control measure for ABC Company?
a. Employing qualifies personnel
b. References
c. Bonding
d. Qualifications listed on a resume
2. During review, Ms. Queen found that an employee Mr. X is using social networking
websites like Facebook and Twitter after Office hours. Under which of the following section
of Information Technology Act, 2000; shall he be punishable?
a. Under section 43
b. Under Section 66A
c. Unser Section 66D
© Carvinowledge Press (CNP), 2022
d. Not be punishable unless they come under the provisions of the Indian Penal Code,
1860
3. In the given case scenario, implementation of Bring Your Device (BYOD) policy makes the
ABC Company’s systems vulnerable to related threats. Any lost or stolen device could result
in an enormous financial and reputational embarrassment to the company. Which of the
risk does this refer to?
a. Device Risk
b. Implementation Risk
c. Confidentiality Risk
d. Application Risk
Companies Act and its equity shares are listed on the National Stock Exchange (NSE) and Bombay
S TU D Y
Stock Exchange (BSE) in India. The Company is primarily involved in manufacturing and sale of Gold
and Silver Watches, Jewelry, Eyewear and other related accessories and products. Company located
200 retail stores all over India and launched Loyalty Card for its customers in which the customer data
for the loyalty card issued by a retail store is picked from a form filed by the customer. The data from
the form is entered into the software by data entry operators who report to a manager.
In order to protect customer data, Segregation of Duties are built in the software in such a way that
the operators have permission only to enter data. Any editing or modification can be done only by
the manager.
The retail store across India collecting customer data for loyalty programs consolidated into one
database and accessible in from centralized IT server anytime anywhere and also Company
maintained a separate fully equipped facility where the company can move immediately after
disaster and resume business.
Company Data Centre Housing about 350 employees are involved in handling business processes of
the Company and for security reasons, Management decides to shift its network server and mail server
to a secluded room with restricted entry.
On the recommendation of Chief Information Officer of the Company, existing system of the company
is being extensively enhanced by extracting and reusing design and program components.
Based on the above case scenario, answer the following MCQs:
1. Gold Silver Watch India Limited (GSWIL) decides to control the access to a software
application by segregating entry level and updating level duties. What type of Internal
Control does this amount to?
a. Physical Implementation of a Control
b. Corrective Control
c. Detective Control
d. Preventive Control
2. Gold Silver Watch India Limited (GSWIL) has a data centre housing about 350 employees
involved in handling businesses processes of company. For security reasons, it decides to
shift its network server and mail server to a secluded room with restricted entry. What kind
of internal control is applied by the Company in this situation?
a. Manual Preventive Control
b. Manual Detective Control
c. Computerized Preventive Control
d. Computerized Corrective Control
3. In Gold Silver Watch India Limited (GSWIL), an IS auditor wants to collect evidences based
on system user profiles. Which of the following can be used by the IS auditor to achieve this
© Carvinowledge Press (CNP), 2022
objective?
a. Continuous and intermittent Solution (CIS)
b. Audit Hooks
c. System Control Audit Review File (SCARF)
d. Integrated Test Facility (ITF)
4. If Gold Silver Watch India Limited (GSWIL) has been found negligent in handling personal
information of customers then company’s liability to damages is covered under __________.
a. Information Technology Act, 2000, Section 67
b. Right to Information Act, 2006, Section 43A
c. Information Technology Act, 2000, Section 43A
d. Information Technology Act, 2000, Section 66B
for smooth and fast processing of different types of loan applications all over branches & regional
S TU D Y
offices.
Company has adopted an internal control work in line with section 134(5) (e) of the Companies Act,
2013 and as per Clause 49 V (C) and (D) of SEBI, Equity Listing Agreement ensuring the orderly and
efficient conduct of its business, including adherence to the Company’s policies, safeguarding of its
assets and prevention and detection of frauds and errors, accuracy and completeness of Information
to various stakeholders.
Company is hosted on a robust Data Centre (DR) and Disaster Recovery Centre has designed on
fundamental principles – data security, data integrity, data availability and data scalability and has
strict information security procedures.
Company also entered into a reciprocal agreement with TBJ Capital Finance Limited (i.e., Internal
Business Group Company) as one of its strategists in Disaster Recovery Planning.
The Management of Company appointed a reputed Mumbai-based Chartered Accountancy Firm
called as DKT specialized in IS audit for conducting Information System Audit of the Company.
Further, the Company is now gearing up to enhance its technology capabilities across other areas such
as mobile computing, cloud computing, and BYOD.
Based on the above case scenario, answer the following MCQs:
1. IS auditor requires to check whether the Application System is calculating correct interest
on loan provided by ABC Capital Finance Limited using creation of a dummy entity in
the application system. Identify which of the following auditing technique is this process
referring to so that authenticity and accuracy of the processes can be verified?
a. Snapshot
b. Integrated Test Facility (ITF)
c. Audit Hooks
d. Audit Trail
2. ABC Capital Finance Limited entered into a reciprocal agreement with TBJ Capital Finance
Limited (i.e., Internal Business Group Company) as one of strategy of Disaster Recovery
Planning. Identify which of the following risk treatment approach does it indicate?
a. Transfer/Share the risk or Risk Transfer
b. Terminate/Eliminate the risk or Risk Avoidance
c. Treat/Mitigate the risk or Risk Mitigation
d. Tolerate/Accept the Risk or Risk Acceptance
3. XYZ Limited is engaged in providing Data Processing Service. It received a big contract
from ABC Capital Finance Limited (Non-Banking Financial Company) for its various
loan processing activities. XYZ Limited has limited Personal Computers at its office, so
it approached Amazon Web Service to provide them access to Virtual Machines for data © Carvinowledge Press (CNP), 2022
processing. XYZ Limited is using which Cloud Computing Service Model?
a. Software as a Service (SaaS)
b. Platform as a Service (PaaS)
c. Infrastructure as a Service (IaaS)
d. Network as a Service (NaaS)
4. ABC Capital Finance Limited has effective internal control system that includes Segregation
of Duties. Is Segregation of duties useful for Company? Why?
a. Yes, it reduces employee cost.
b. No, it complicates the role of the manager who has to manage more employees.
c. Yes, it reduces fraud risk & facilitates accuracy check of one person’s work by another.
d. No, it is not an advantage; it increases employee cost.
ww The password policies were prescribed but not implemented by the bank.
ww Branches use out dated security manual or documentation of security procedures.
ww There was only one ATM machine near Bank Premises which had deposits as well as withdrawal
facility. Its maintenance was outsourced through at third party. The service level agreement was
not renewed since last three years and also there is no security guard since last six month.
ww During the inspection, it was observed that while refilling cash in ATM machine, the presence
of security guard was not mandatory.
ww Illegal and unauthorized software were installed on few computer systems of the Bank.
ww Antivirus software was not updated on few computers of the bank’s branches.
ww Disaster Recovery Plan existed but was not tested by the employees.
ww During inspection, Inspection and Supervision team observed a fraud where an employee
Mr. X had transferred a small amount of money from various account holders to his own
account while rounding off in computerized banking system. That fraud turned around to be
of ` 2,49,587/-.
After review report, the NABARD instructed the Great India Gramin Co-Operative Society Bank
Limited to sort out the security control weakness and demanded a reasonable assurance for better
security control in future in effective and efficient manner.
Subsequently, Bank worked on all the observation made by NABARD and established the
following controls:
ww Highly qualified IT personnel were appointed in every branch.
ww Strict follow up and compliance of Information Security and Password Policy for all users.
ww Fulfilled the mandatory requirement of two personnel for accessing and refilling cash in the
ATM machine.
ww Predefined role and responsibility of each employee.
ww Regular training on risk awareness was to be given to every employee on periodically basis.
ww Updated Antivirus software, Intrusion Detection System and firewall on all computers.
ww CCTV cameras were installed in every branch of the Bank.
ww Bio-metric attendance system was made compulsory for every employee of the Bank.
ww New service level agreement with ATM Caretaker Company was renewed to provide ATM
security guard.
© Carvinowledge Press (CNP), 2022
the customer requirements are tracked, assembling materials are ordered and the details regarding
S TU D Y
entire cost incurred for training, research and full-fledged development of the product are managed © Carvinowledge Press (CNP), 2022
through the implemented SAP ERP system.
Furthermore, different versions of all the documents and white papers related to the ongoing
research are stored in the Relational Database Management Systems (RDBMS) Teradata warehouse
periodically to maintain record of all the changes a said project undergoes during its entire life cycle.
Such methodology enables SciLabs to maintain and compare the data between different time periods
based on the time stamps the data is stored in the data warehouse.
SciLabs has also implemented stringent controls so that the high-level architectural diagrams of the
new project are kept with utmost confidentiality.
operations. The company maintains its account with ABC Bank from where it also has taken various
loans and advances.
S TU D Y
Sometime ago, the company’s business processes like accounting, purchase, sales and inventory were
maintained in manual mode. The management of the company observed that the manual processing
of these activities hinder the overall working of the business related daily operations. This resulted
in huge gap in the flow of information, pending orders, delayed deliveries, and delayed decision
making due to lack of business reports and therefore overall non-performance. Thus, the management
© Carvinowledge Press (CNP), 2022
committee decides to adopt the process of automation for its various business operations so that
information flow would be timely and consolidated within its branches and manufacturing units. To
attain this objective, the service models of Cloud Computing are proposed to be adopted so that the
branches and manufacturing units are interconnected with centralized mechanism of data sharing and
storage. The proposed system with well-implemented access controls will provide robust data security
among its systems of branches and manufacturing units. Not only the record keeping, but also data
maintenance and reports generation would become simpler after the implementation of proposed
system. The management is also looking for better prospects of adhering to the legal compliances of
the country and also to initiate its business operations through online mode.
Subsequently, the company hires a consultant Mr. Sumit to carry out the feasibility study of its proposed
system who prepares a feasibility report and submits to the management. Based on the go ahead
report of Mr. Sumit’s report, a project team is scheduled to be constituted who will work under him to
execute the project and ensure its delivery on time.
The management settled on a plan to benefit all its customers by providing them discounted coupons
in case they recommend their services to others and customer ensuring to provide the food chain of
three new customers. Also, the management decided for a centralized billing system that mandatorily
requires customer’s name and phone number to be filled for each bill that system generates. To maintain
these necessary details of its customers, the data management team of Sweet & Sour implemented
major changes in the database design of its billing software. Subsequently, the security and database
maintenance has become essential to protect the system against any unlawful activity as the database
now contains the personal details of its customers.
a multi-saver sale wherein huge discount on the best brands are available, complimentary gifts for
S TU D Y
purchases above a certain amount and express free delivery are also provided. All the revenue
generated through the multi saver sale will be routed through a separate current account maintained
with CSC Bank, from where GoCart has already taken a loan.
With the increase in the cybercrimes and misuse of customer data, GoCart has implemented stringent
controls to prevent any unauthorized access to data and has opened up new job roles exclusively with
objective of ensuring security at network and operating system levels. GoCart has also implemented
certain controls to avoid the risk that prevent it from losses due to failure of internal processes, any
criminal activity by an employee and product/service failure. Further to comply with the regulatory
requirements, GoCart books of accounts are well maintained and subjected to annual statutory audit
and the business reporting is done through XBRL.
© Carvinowledge Press (CNP), 2022
3. With the objective of maintaining utmost security, GoCart recruited Mr. Y to examine logs
from firewalls, intrusion detection system and to issue security advisories to other members
in IT depar tment. Which of the following job roles best fits into job profile of Mr. Y?
a. Operations Manager
b. Network Architect
c. Security Analyst
d. Database Administrator.
4. With the recently entered Service Level Agreement (SLA) with Google, GoCart successfully
developed and deployed its new application. Identify the type of cloud service utilized by
GoCart in the application which is developed online?
a. Infrastructure as a Service
b. Platform as a Service
c. Software as a Service
d. Network as a Service
5. In addition to routing the revenue in accounts maintained with CSC Bank, GoCart also
has taken various loans and advances from CSC Bank. If CSC Bank faces the information
security risk of non - establishment of user accountability for the accounts created for
GoCart, which control would be best suggested for this?
a. The identity of users is authenticated to system through password.
b. System validations have been implemented to restrict set up of duplicate customer
master records.
c. All users are required to have a unique user id.
d. Access for changes made to the configuration, parameter settings is restricted to
authorized user.
Answer Keys
Integrated Cases 1
Integrated Cases 2
Topics Covered 1. CBS – Risks and Controls 2. PMLA
3. FAS – ERP Modules 4. Digital Payment Systems
5. ISCA
MCQs Key 1 2 3 4 5
a c b b c
Integrated Cases 3
Topics Covered 1. CBS – Risks and Controls 2. PMLA
3. FAS – ERP Modules 4. Digital Payment Systems
5. ISCA
MCQs Key 1 2 3 4 5
b c a a c
Integrated Cases 4
MCQs Key 1 2 3 4 5
© Carvinowledge Press (CNP), 2022
c a b c a
Integrated Cases 5
MCQs Key 1 2 3 4 5
c b d c b
Integrated Cases 6
MCQs Key 1 2 3 4 5
d b a d b
Integrated Cases 7
MCQs Key 1 2 3 4 5
c b a b a
Integrated Cases 8
Topics Covered 1. BPA 2. DBMS
3. FAS – ERP Modules 4. ISCA
5. Regulatory Compliances
MCQs Key 1 2 3 4 5
c d b b a
Integrated Cases 9
Topics Covered 1. IT Act, 2000 2. FAS
3. ERM 4. Cloud Computing
5. ISCA
MCQs Key 1 2 3 4 5 6
b b a b d a
Integrated Cases 10
Topics Covered 1. BPA 2. DBMS
3. FAS – ERP Modules 4. ISCA
5. Regulatory Compliances
MCQs Key 1 2 3 4 5
c b b d d
Integrated Cases 11
Topics Covered 1. IT Act, 2000 2. Digital Payment Syatems
3. ERM 4. Concurrent Audit Tools
5. ISCA
MCQs Key 1 2 3 4 5
b a d c d
Integrated Cases 12
Topics Covered 1. Emerging Computing Technologies 2. E-Commerce
3. ERM 4. Concurrent Audit Tools
5. ISCA © Carvinowledge Press (CNP), 2022
MCQs Key 1 2 3 4 5
b c b c b
Integrated Cases 13
Topics Covered 1. Emerging Computing Technologies 2. Green Computing
3. ERP Modules 4. ISCA
5. BPA 6. CBS
MCQs Key 1 2 3 4 5
b c d d d
Integrated Cases 14
Topics Covered 1. Cloud Computing 2. ISCA
3. CBS 4. Regulatory Compliances
5. FAS
MCQs Key 1 2 3 4 5
b d c a b
Integrated Cases 15
Topics Covered 1. Cloud Computing 2. IT Act, 2000
3. ERM 4. ISCA
MCQs Key 1 2 3 4
b c b d
Integrated Cases 16
Topics Covered 1. Cloud Computing 2. IT Act, 2000
3. ERM 4. ISCA
MCQs Key 1 2 3
d a d
Integrated Cases 17
Topics Covered 1. FAS-ERP 2. Mobile Computing
3. BYOD 4. ERM
MCQs Key 1 2 3
c a b
Integrated Cases 18
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3
c d c
Integrated Cases 19
© Carvinowledge Press (CNP), 2022
MCQs Key 1 2 3
d b d
Integrated Cases 20
Topics Covered 1. IT Act, 2000 2. ISCA 3. FAS
MCQs Key 1 2 3 4
a a d b
Integrated Cases 21
Topics Covered 1. IT Act, 2000 2. ISCA 3. FAS
MCQs Key 1 2 3
a d a
Integrated Cases 22
Topics Covered 1. IT Act, 2000 2. ISCA 3. FAS
MCQs Key 1 2 3 4
d a c c
Integrated Cases 23
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4
c c c c
Integrated Cases 24
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4 5
a a b c a
Integrated Cases 25
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4 5
c b b b b
Integrated Cases 26
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4 5
© Carvinowledge Press (CNP), 2022
b b c b d
Integrated Cases 27
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4 5
a c c a b
Integrated Cases 28
Topics Covered 1. FAS 2. Computing Technologies 3. ISCA
MCQs Key 1 2 3 4 5
b d c b c
Appendix - III
Glossary
A
ww Access Control defines allowing / disallowing facilities and features in a software to a particular person or group of
persons.
ww Accounting Master Data is master data relating to financial accounting, e.g.
ww ledger, Group, Cost Centre, etc.
ww Application Controls are the controls which are implemented in an application to prevent or detect and correct
errors. These controls -in-built in the application software ensure accurate and reliable processing.
ww Application Server performs necessary operations and this updates the account of the customer
ww Artificial Intelligence is defined as the capability of humans analyzing situations, create rules and ensure compliance
with the rules is defined as intelligence. The same being done by system is called as Artificial Intelligence.
B
ww Back End is a part of overall software system which does not interact with user directly and used to store data.
ww BHIM (Bharat Interface for Money) is a Mobile App developed by National Payments Corporation of India (NPCI)
based on UPI. It facilitates e-payments directly through banks and supports all Indian banks which use that platform.
ww Business Intelligence provides tools for using data about yesterday and today to make better decisions about
tomorrow.
ww Business Process Automation (BPA) is the technology-enabled automation of activities or services that accomplish
a specific function and can be implemented for many different functions of company activities.
ww Business Process is an activity or set of activities that will accomplish a specific organizational goal.
C
ww Central Database is a common database used by all the departments and business functions.
ww Computerized Accounting is an accounting done using a computer software system.
ww Control refers to the policies, procedures, practices and organization structures that are designed to provide
reasonable assurance that business objectives are achieved and undesired events are prevented or detected and
corrected.
ww Core Banking Solution (CBS) refers to a common IT solution wherein a central shared database supports the entire
banking application. Business processes in all the branches of a bank update a common database in a central server
located at a Data center, which gives a consolidated view of the bank’s operations.
ww Corporate Governance is the framework of rules and practices by which a board of directors ensures accountability,
fairness, and transparency in a company’s relationship with its all stakeholders (financiers, customers, management,
employees, government, and the community).
ww Corrective Control is designed to correct errors or irregularities that have been detected.
ww Cybercrimes are the offences that are committed against individuals or groups of individuals with a criminal motive
to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly
or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and
groups) and mobile phones.
D
ww Data Analysis is defined as the science of examining raw data with the purpose of drawing conclusions about that
information.
ww Data Flow Diagrams (DFD) show the flow of data or information from one place to another. DFDs describe the
processes showing how these processes link together through data stores and how the processes relate to the users
and the outside world.
ww Data is defined as a raw or unprocessed information.
ww Database is the place where data is stored in a systematic and logical format, generally in tables and in rows and
columns.
ww Detective Control is designed to detect errors or irregularities that may have occurred.
E
ww E-commerce refers to the products / Services being purchased and sold through electronic mode by using internet
on desktops / laptops etc.
ww Electronic Safety is making data safe using electronic methods like password protection.
ww Emerging Technology are technology frontiers which are changing the way humans work and use technology.
ww Enterprise Information Systems provide a technology platform that enables organizations to integrate and
coordinate their business processes on a robust foundation.
ww ERP (Enterprise Resource Planning) is a type of software system which take care of all the departments and
functions.
ww E-wallets are like normal wallet holding cash of owner, the only difference is that cash is not physical by e-form.
F
ww Financial Risk is a risk that could result in a negative financial impact to the organization (waste or loss of assets).
ww Flowcharts are used in designing and documenting simple processes or programs.
ww Front End is defined as a part of overall software system which interacts with users directly and sends and receives
data from database.
G
ww General Controls also, known as infrastructure controls are applied to all systems components, processes, and data
for a given organization or systems environment.
H
ww Hand held Devices can be carried comfortably by user from one location to other like mobiles, IPAD etc. and are
internet ready.
ww Human Resource refers to the human being working in an organization, and are considered as resource for
generating income.
I
ww Immediate Payment Service (IMPS) is an instant interbank electronic fund transfer service through mobile phones.
It is also being extended through other channels such as ATM, Internet Banking, etc.
ww Information is the processed data.
ww Information Technology Act provides the legal framework for electronic governance by giving recognition to
electronic records and digital signatures. It also deals with cybercrime and facilitates electronic commerce.
ww Installed Application are software application installed on the hard disc of computer of a user.
ww Integrated Systems are the systems taking care of communication and data needs of all the departments and
business functions.
ww Internal Control is a process, effected by an entity’s board of directors, management, and other personnel, designed
to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of
operations, reliability of reporting and compliance with applicable laws and regulations.
ww Internet of Things refers to the capability of household devices to communicate through internet.
ww Interoperability is an ability of two or more applications that are required to support a business need to work
together by sharing data and other business- related resources.
ww Inventory is defined as a list of stock items intended for sale or consumption in normal course of business.
ww Inventory Master Data is the master data relating to inventory accounting, e.g. Stock Items, Stock Groups, Godowns,
Units of Measures, etc.
ww IT Control objectives are a statement of the desired result or purpose to be achieved by implementing control
procedures within a particular IT activity.
K
ww Knowledge is defined as processed information derived from the raw data after processing. It is the inference out of
information.
M
ww Machine Learning refers to the application of Artificial Intelligence principles to help system improve their decision-
making capabilities is Machine learning.
ww Management processes measure, monitor and control activities related to business procedures and systems.
ww Master Data is standing or relatively permanent data, not expected to change frequently.
ww M-commerce refers to the Products / Services being purchased and sold through electronic mode with the help of
accessing internet on hand held devices.
ww Mobile – App is an application creating interface for user and vendors to interact.
ww Money Laundering refers to Whosoever directly or indirectly attempts to indulge or knowingly assists or knowingly
is a party or is actually involved in any process or activity connected with the proceeds of crime and projecting it as
untainted property shall be guilty of the offence of money-laundering’
N
ww Non-Integrated Systems are the systems where separate database is maintained by each department.
ww Non-Master Data is the Transaction data or data which is expected to change frequently.
O
ww Operational Processes deal with the core business and value chain.
ww Operational Risk is a risk that could prevent the organization from operating in the most effective and efficient
manner or be disruptive to other operations.
P
ww Payment Gateway is a way user / customers makes payment for an e-commerce/ m-commerce transaction.
ww Payroll Master Data is the master data relating to payroll, i.e. Employee Names, Pay Heads, Salary Structure, Leave
Types, etc.
ww Personal Information is provided by customer such as name, address, phone number, and email, etc.
ww Physical Safety ensures the safety of assets physically, e.g. locking the server room, controlling physical access to
data.
ww Preventive Control is designed to keep errors or irregularities from happening.
ww Process is defined as the sequence of events or steps that uses inputs to produce outputs
R
ww Regulatory (Compliance) Risk is a risk that could expose the organization to fines and penalties from a regulatory
agency due to non-compliance with laws and regulations.
ww Report is the information presented in a proper format.
ww Reputational Risk is a risk that could expose the organization to negative publicity.
ww Risk Analysis is the process of identifying security risks and determining their magnitude and impact on an
organization. Information systems can generate many direct and indirect risks.
ww Risk is any event that may result in a significant deviation from a planned objective resulting in an unwanted negative
consequence. It is the potential harm caused if a threat exploits a vulnerability to cause damage to an asset.
S
ww Server is a sophisticated computer that accepts service requests from different machines called clients.
ww Software Application is a computer program designed to perform a group of coordinated functions, tasks, or
activities for the benefit of the user.
ww Statutory is related to statute or law.
ww Statutory Master Data is master data relating to statute or law, e.g. Rates of taxes, forms, nature of payments, tax
heads.
ww Strategic Risk is a risk that would prevent an organization from accomplishing its objectives (meeting its goals).
ww Supporting processes back core processes and functions within an organization.
ww System is defined as a set of things working together as parts of a mechanism or an interconnecting network; a
complex whole.
T
ww Transaction is a give and take, exchange of benefits.
U
ww Unified Payment Interface (UPI) is a system that powers multiple bank accounts (of participating banks), several
banking services features like fund transfer, and merchant payments in a single mobile application.
ww User is a person using a software programme.
V
ww Validation is the checking of data input by the user for correctness, e.g. Mobile number must contain 10 digits.
ww Voucher is a documentary evidence of transaction. A format of data entry for a transaction.
ww Voucher Type are the types of voucher, e.g. Sales, Purchase, Receipt, Payment, Contra, Journal.
W
ww Web Application are the software application installed on a website and access through a browser application.