Prepare for the IT Auditor Test with Expert Insights!

Comprehensive
Guide to IT Auditing
and Database
Management
Syed Salman Mehdi

BSIT, PGD Software T.
Comprehensive Guide to IT Auditing and Database Management
Chapter 1: IT Auditing Practices
IT Controls and Procedures
In the realm of Information Technology (IT), auditing practices are

indispensable for ensuring the security, reliability, and integrity of
organizational systems. This chapter delves into the fundamental
controls and procedures essential for effective IT auditing.
General Controls: General controls form the bedrock of IT security by

encompassing measures that safeguard the entire IT environment. These
controls ensure consistency and resilience across all organizational
systems.
o Access Controls: Crucial measures such as passwords and biometrics

restrict unauthorized access to sensitive data and systems.
o Physical Controls: Safeguards like locks and security cameras protect
physical IT assets from unauthorized access and damage.
o Environmental Controls: Systems like fire suppression and HVAC
ensure the stability and functionality of IT infrastructure under varying
environmental conditions.
Application Controls: Application controls are tailored to individual

software applications, ensuring the accuracy and reliability of data
processing within these applications.
o Input Controls: Validation checks and error handling mechanisms

ensure accurate and complete data entry into the system.
o Processing Controls: Transaction logging and consistency checks
maintain data integrity throughout processing stages.
o Output Controls: Verification mechanisms such as reconciliation
reports and audit trails validate the accuracy and completeness of data
output.
Page | 2
Audit Procedures: Effective auditing hinges upon meticulous
planning, thorough fieldwork, and comprehensive reporting to address
vulnerabilities and improve system efficacy.
o Audit Planning: Defining the audit scope, objectives, and

methodologies crucial for evaluating IT controls.
o Fieldwork: Gathering data, conducting interviews, and testing controls
to assess their effectiveness.
o Reporting: Documenting audit findings, conclusions, and
recommendations to stakeholders for informed decision-making.
Risk Assessment: An integral part of IT auditing involves identifying

potential risks, evaluating their impact, and implementing mitigation
strategies to safeguard organizational assets.
Compliance and Standards: Frameworks like COBIT, ISO 27001,

and NIST provide guidelines for implementing robust IT governance
and security practices to comply with regulatory requirements and
industry standards.
Chapter 2: Database Management
Database Concepts
Database management is pivotal in organizing and manipulating data

efficiently within organizations. This chapter elucidates the
foundational concepts and practices of relational databases and SQL.
o Relational Databases: Structures data into tables comprising rows

(records) and columns (fields), facilitating efficient data management
and retrieval.
Page | 3
o SQL (Structured Query Language): A standardized language for
managing relational databases, encompassing essential commands such
as SELECT, INSERT, UPDATE, and DELETE for data manipulation.
Database Security
Ensuring the confidentiality, integrity, and availability of data is

paramount in database management, achieved through robust security
measures.
o Encryption: Converts data into a coded format to prevent unauthorized

access and maintain data confidentiality.
o Access Controls: Restricts database access to authorized users through
user roles, permissions, and authentication mechanisms.
o Backup and Recovery: Establishes procedures for regular data
backups and recovery to mitigate the impact of data loss or corruption.
Chapter 3: Business Intelligence
BI Tools
Business Intelligence (BI) tools like Tableau, Power BI, and SAP BI
empower organizations to derive actionable insights from data through
visualization and analysis.
o Tableau and Power BI: Enable interactive data visualization,

dashboard creation, and detailed reporting to facilitate data-driven
decision-making.
o SAP BI: An enterprise-level platform for integrating and analyzing data
from diverse sources, supporting comprehensive business intelligence
and reporting capabilities.
Page | 4
Data Analytics
The process of data collection, analysis, and reporting plays a pivotal

role in BI, enabling organizations to extract meaningful insights and
trends from raw data.
o Data Collection: Gathering data from multiple sources, including

internal databases and external systems.
o Data Analysis: Employing statistical and computational techniques to
identify patterns, correlations, and anomalies within data sets.
o Reporting: Presenting data insights through intuitive dashboards,
reports, and visualizations to support strategic planning and operational
decisions.
Key Metrics and KPIs
Key Performance Indicators (KPIs) serve as benchmarks for evaluating

organizational performance across various business functions and
activities.
Chapter 4: Regulatory Laws
Local Regulations
Understanding local regulatory frameworks such as SECP (Securities

and Exchange Commission of Pakistan) and SBP (State Bank of
Pakistan) is essential for ensuring compliance and governance in
corporate and financial sectors.
International Standards
Page | 5
Compliance with international standards like GDPR (General Data
Protection Regulation) and SOX (Sarbanes-Oxley Act) is crucial for
organizations operating in global markets, ensuring data protection,
privacy, and financial transparency.
Chapter 5: Corporate Accounts
Financial Statements
Financial reporting principles and practices, including balance sheets,

income statements, and cash flow statements, are foundational for
assessing an organization's financial health and performance.
Accounting Principles
Adherence to globally recognized accounting standards such as IFRS

(International Financial Reporting Standards) and GAAP (Generally
Accepted Accounting Principles) ensures transparency, consistency,
and comparability in financial reporting.
Chapter 6: Cybersecurity
Security Frameworks
Implementing robust security frameworks such as ISO 27001 and NIST

Cybersecurity Framework strengthens organizational resilience against
evolving cyber threats.
Threats and Vulnerabilities
Page | 6
Identifying and mitigating cybersecurity threats like phishing, malware,
and ransomware is critical to safeguarding organizational data and
systems from unauthorized access and disruption.
Incident Response
Developing and implementing effective incident response plans ensures

timely detection, containment, eradication, and recovery from security
incidents to minimize operational disruption and data breaches.
Conclusion
This comprehensive guide underscores the importance of IT auditing,

database management, business intelligence, regulatory compliance,
corporate accounting, and cybersecurity in fostering organizational
resilience, integrity, and operational excellence. By adhering to best
practices and regulatory standards, organizations can mitigate risks,
optimize performance, and leverage data-driven insights for strategic
decision-making and sustainable growth.
Feel free to ask for more information or details on any specific topic
covered in this guide!
Page | 7
Access Controls: Security measures that restrict access to systems and
data to authorized users only. Examples include passwords, biometrics,
and multi-factor authentication (MFA).
Application Controls: Controls specific to individual software

applications that ensure the accuracy, completeness, and integrity of
data processing within those applications. Examples include input
controls, processing controls, and output controls.
Audit Planning: The process of defining the scope, objectives, and

methodologies for conducting an audit of IT systems and controls.
Balance Sheet: A financial statement that summarizes an organization's

assets, liabilities, and equity at a specific point in time, providing
insights into its financial position.
BI Tools (Business Intelligence Tools): Software applications that

enable organizations to analyze and visualize data for informed
decision-making. Examples include Tableau, Power BI, and SAP BI.
COBIT (Control Objectives for Information and Related

Technologies): A framework for developing, implementing,
monitoring, and improving IT governance and management practices.
Compliance: Adherence to regulatory requirements, standards, and

internal policies governing organizational operations, data management,
and financial reporting.
Data Analytics: The process of collecting, analyzing, and interpreting

data to uncover meaningful patterns, trends, and insights that support
decision-making.
Encryption: The process of converting data into a coded format to

prevent unauthorized access, ensuring data confidentiality and security.
Page | 8
Fieldwork: The phase of an audit involving data collection, analysis,
and testing of IT controls to assess their effectiveness and compliance
with established standards.
GDPR (General Data Protection Regulation): EU legislation aimed

at protecting the privacy and personal data of individuals within the
European Union and European Economic Area.
IFRS (International Financial Reporting Standards): Globally

accepted accounting standards used for preparing financial statements,
ensuring consistency and comparability across international borders.
Incident Response Plan: A documented strategy outlining procedures

for detecting, responding to, and recovering from security incidents
such as cyber-attacks and data breaches.
ISO 27001: An international standard specifying requirements for

establishing, implementing, maintaining, and continually improving an
information security management system (ISMS).
KPIs (Key Performance Indicators): Quantifiable metrics used to

evaluate the success or performance of an organization, department, or
specific activity against strategic objectives.
Malware: Malicious software designed to disrupt, damage, or gain

unauthorized access to computer systems and networks.
NIST (National Institute of Standards and Technology): Provides

guidelines and standards to promote cybersecurity and resilience in
organizations through frameworks like the NIST Cybersecurity
Framework.
Page | 9
Phishing: A cyber-attack where fraudulent emails, websites, or
communications are used to deceive individuals into divulging sensitive
information or downloading malicious software.
Relational Databases: Organize data into tables (relations) where each

table consists of rows (records) and columns (fields), facilitating
efficient data management and retrieval.
Risk Assessment: The process of identifying, evaluating, and

prioritizing risks to organizational assets, systems, and operations,
followed by implementing measures to mitigate these risks.
SQL (Structured Query Language): A standard language for

managing and manipulating relational databases, including commands
like SELECT, INSERT, UPDATE, and DELETE.
SOX (Sarbanes-Oxley Act): U.S. legislation enacted to protect

shareholders and the general public from accounting errors and
fraudulent practices in financial reporting.
Tableau and Power BI: Business Intelligence tools that enable users to
create interactive visualizations, reports, and dashboards from data to
facilitate data-driven decision-making.
Vulnerability: Weaknesses or gaps in security programs that can be

exploited by threats to gain unauthorized access to systems or data.
Page | 10
Assistant Manager IT – Mockup Test – 2024
To prepare effectively for the Assistant Manager IT test conducted by

NTS for SSGC, you should focus on the following key areas:
1. Understand the Test Format:
 Sections: The test usually includes sections on General

Knowledge, Quantitative Analysis, Verbal Reasoning, and
Subject-specific questions (IT-related).
 Duration and Marks: Check the official notification or
previous year's papers to understand the time allocation and
marks distribution.
2. Study General Knowledge:
 Current Affairs: Read up on the latest national and

international news, government policies, and important events.
 History and Geography: Brush up on basic history, geography,
and important dates.
 General Science: Have a good grasp of basic scientific
concepts.
3. Quantitative Analysis:
 Mathematics: Practice topics like algebra, geometry,

arithmetic, and data interpretation.
 Logical Reasoning: Solve puzzles, series, analogies, and logical
problems.
4. Verbal Reasoning:
 English Language: Focus on comprehension, vocabulary,

grammar, and sentence correction.
Prepared by: Syed Salman Mehdi (+92-333-7011728) Page 1 of 38
 Critical Reasoning: Practice questions that test your ability to

understand and analyze written information.
5. Subject-Specific (IT-related):
 Programming Languages: Refresh your knowledge in

languages like Java, C++, Python, etc.
 Database Management: Understand SQL, data models, and
database design.
 Networks and Security: Study networking concepts, protocols,
cybersecurity principles.
 Software Engineering: Review software development life
cycles, methodologies, and project management basics.
6. Practice Previous Papers:
 Obtain previous years’ question papers and sample tests to get a

sense of the question patterns and difficulty level.
7. Time Management:
 Practice managing your time effectively while solving sample

papers to ensure you can complete the test within the allotted
time.
8. Resources:
 Books: Use standard test prep books for NTS exams.

 Online Resources: Utilize online courses, tutorials, and practice
tests available for IT-related exams.
9. Revision and Mock Tests:

 Regularly revise the topics you have studied.

 Take mock tests to evaluate your preparation and adjust your
study plan accordingly.
Preparation Strategy for IT Audit Section
To excel in the IT Audit section, focus on the following areas:
1. IT Audit Basics:
o Understanding IT audit frameworks (e.g., COBIT)
o Knowledge of IT governance and management
2. Information Systems:
o Basics of information systems and their components
o System development life cycle (SDLC)
3. Risk Management:
o Identifying and managing IT risks
o Risk assessment techniques
4. Control and Compliance:
o IT controls and control objectives
o Compliance requirements (e.g., GDPR, SOX)
5. Security:
o Cybersecurity principles and practices
o Data privacy and protection
6. Audit Procedures:
o Planning and conducting IT audits
o Reporting audit findings
Additional Tips
 Revision: Review all key concepts and practice past papers.

 Mock Tests: Take mock tests to familiarize yourself with the
test format and time management.

 Rest Well: Ensure you get a good night’s sleep before the test
day.
Make sure to arrive at the test center well before the reporting time to
avoid any last-minute hassles. Good luck with your exam preparation!
From the job description and the PDF you shared, I gathered the
following key areas that are likely to be covered in the test for the
Assistant Manager – IT Audit position. The test will likely focus on:
Job Description Key Points
1. Qualifications & Experience:

o BCS / BS / MS / MCS with at least two years post
qualification experience in IT infrastructure, Networks,
Applications, Audit, or Review.
o CISA / CRISC / CISSP or other relevant IS Audit / Risk
Assessment certifications are advantageous.
2. Responsibilities:
o Assist and complete internal IT audit and assurance
assignments.
o Understand IT risks and controls.
o Develop IT audit work programs.
o Execute integrated audits and review key business flows
and information systems.
o Assess IT risks and internal control strengths and
weaknesses.
o Document audit work and conclusions.
o Communicate audit results and provide remediation
advice.
o Participate in special projects and technical
reviews/investigations.

o Perform other duties as assigned by senior management.
PDF Syllabus Key Points
The syllabus from the PDF for officers includes:
1. Subject Ability - Business Intelligence:

o Data Analytics (Descriptive, Predictive, Prescriptive)
o OLAP, Data Warehouses, Data Normalization
2. Subject Ability - Database Management:
o SQL Commands (SELECT, INSERT, UPDATE,
DELETE, CREATE, DROP)
o Database Keys (Primary, Foreign)
o Database Normalization and Indexing
3. Subject Ability - Corporate and Regulatory Laws:
o SECP regulations
o Code of Corporate Governance
o Companies Act, 2017
4. Subject Ability - Income Tax:
o Income Tax Ordinance, 2001
o Definitions and concepts (e.g., resident individual,
withholding tax)
5. Subject Ability - Sales Tax:
o Sales Tax Act, 1990
o Zero-rated supplies, audit of registered persons
6. Subject Ability - Corporate Accounts:
o Financial statements (Balance Sheet, Income Statement,
Cash Flows)
o Depreciation, GAAP
7. Subject Ability - Security:
o Intrusion Detection Systems (IDS)
o Phishing, Risk Management

o Cryptography (Hash Functions)
Relevant Definitions and Explanations
 IT Audit: The process of evaluating the information technology

infrastructure, policies, and operations of an organization to
ensure they are in compliance with regulatory requirements and
to identify any potential risks.
 CISA (Certified Information Systems Auditor): A globally
recognized certification for IS audit control, assurance, and
security professionals.
 CRISC (Certified in Risk and Information Systems
Control): A certification for professionals managing IT risk and
implementing information systems controls.
 CISSP (Certified Information Systems Security
Professional): A certification for professionals in the field of IT
security.
From the information provided, the MCQs for the test would
encompass topics such as IT auditing practices, database management,
business intelligence, regulatory laws, corporate accounts, and
cybersecurity, aligning with both the job responsibilities

General Ability
1. Who was the first Prime Minister of Pakistan?

o a) Liaquat Ali Khan
o b) Muhammad Ali Jinnah
o c) Zulfikar Ali Bhutto
o d) Benazir Bhutto
o Answer: a) Liaquat Ali Khan
2. Which of the following is the largest desert in Pakistan?
o a) Thar Desert
o b) Cholistan Desert
o c) Kharan Desert
o d) Thal Desert
o Answer: a) Thar Desert
3. Who is known as the father of Islamic economics?
o a) Ibn Khaldun
o b) Al-Ghazali
o c) Muhammad Baqir al-Sadr
o d) Abu Yusuf
o Answer: a) Ibn Khaldun
Subject Ability - IT Auditor
4. What does the acronym COBIT stand for in IT governance?

o a) Control Objectives for Information and Related
Technology
o b) Control Over Business and Information Technology
o c) Corporate Objectives for Business and IT
o d) Control of Business and IT Technologies
o Answer: a) Control Objectives for Information and
Related Technology

5. Which layer of the OSI model is responsible for logical

addressing and routing?
o a) Data Link Layer
o b) Transport Layer
o c) Network Layer
o d) Session Layer
o Answer: c) Network Layer
6. What is the primary purpose of a penetration test in
cybersecurity?
o a) To develop security policies
o b) To identify vulnerabilities in a system
o c) To create user accounts
o d) To design a network
o Answer: b) To identify vulnerabilities in a system
Subject Ability - Business Intelligence
7. What is the main purpose of a data warehouse?

o a) To process transactions
o b) To store large amounts of historical data for analysis
o c) To manage email communications
o d) To support real-time data processing
o Answer: b) To store large amounts of historical data
for analysis
8. In OLAP, what does the acronym stand for?
o a) Online Analysis Process
o b) Online Analytical Processing
o c) Online Arithmetic Processing
o d) Online Algebraic Processing
o Answer: b) Online Analytical Processing
9. What is a star schema in the context of a data warehouse?

o a) A type of database design that consists of a single

large table
o b) A design pattern that involves a central fact table
connected to dimension tables
o c) A design that uses only hierarchical data structures
o d) A schema used for storing star-related astronomical
data
o Answer: b) A design pattern that involves a central
fact table connected to dimension tables
Subject Ability - Database Management
10. Which SQL command is used to delete a table and all its
data?
o a) DELETE
o b) DROP
o c) TRUNCATE
o d) REMOVE
o Answer: b) DROP
11. What is the purpose of a database index?
o a) To provide a unique identifier for each row in a table
o b) To improve the speed of data retrieval operations
o c) To ensure data integrity and consistency
o d) To encrypt data stored in the database
o Answer: b) To improve the speed of data retrieval
operations
12. What does DDL stand for in SQL?
o a) Data Definition Language
o b) Data Description Language
o c) Data Deletion Language
o d) Data Distribution Language
o Answer: a) Data Definition Language

Subject Ability - Corporate and Regulatory Laws
13. Which of the following is the main regulatory body for

corporate governance in Pakistan?
o a) State Bank of Pakistan
o b) Securities and Exchange Commission of Pakistan
(SECP)
o c) Ministry of Finance
o d) Pakistan Stock Exchange
o Answer: b) Securities and Exchange Commission of
Pakistan (SECP)
14. What year was the Companies Act last amended in
Pakistan?
o a) 2013
o b) 2015
o c) 2017
o d) 2019
o Answer: c) 2017
15. The Public Procurement Regulatory Authority (PPRA)
Rules were established in which year?
o a) 2002
o b) 2004
o c) 2006
o d) 2008
o Answer: b) 2004
Subject Ability - Income Tax
16. Which section of the Income Tax Ordinance, 2001 deals with
the concept of depreciation?
o a) Section 20
o b) Section 22

o c) Section 24
o d) Section 26
o Answer: b) Section 22
17. What is the main purpose of advance tax under the Income
Tax Ordinance, 2001?
o a) To ensure timely payment of taxes throughout the
year
o b) To penalize late tax filers
o c) To provide tax refunds
o d) To exempt certain incomes from tax
o Answer: a) To ensure timely payment of taxes
throughout the year
18. Which section of the Income Tax Ordinance, 2001 covers the
return of total income?
o a) Section 114
o b) Section 116
o c) Section 118
o d) Section 120
o Answer: a) Section 114
Subject Ability - Sales Tax
19. What is the main objective of zero-rating under the Sales

Tax Act, 1990?
o a) To apply a higher tax rate on certain goods and
services
o b) To exempt specific goods and services from sales tax
o c) To apply a tax rate of zero percent on exports and
certain other supplies
o d) To impose penalties for non-compliance with tax rules
o Answer: c) To apply a tax rate of zero percent on
exports and certain other supplies

20. Which section of the Sales Tax Act, 1990 defines the scope of
tax?
o a) Section 3
o b) Section 4
o c) Section 5
o d) Section 6
21. What is the purpose of debit and credit notes under the
Sales Tax Act, 1990?
o a) To record additional sales tax liabilities and
adjustments
o b) To exempt certain transactions from sales tax
o c) To file annual tax returns
o d) To claim input tax refunds
o Answer: a) To record additional sales tax liabilities
and adjustments
Subject Ability - Corporate Accounts
22. What is the primary objective of IFRS (International

Financial Reporting Standards)?
o a) To provide guidelines for tax reporting
o b) To standardize financial reporting across different
countries
o c) To manage internal corporate governance
o d) To regulate the stock market
o Answer: b) To standardize financial reporting across
different countries
23. Which financial statement provides information about a
company's cash inflows and outflows?
o a) Balance Sheet
o b) Income Statement

o c) Statement of Cash Flows

o d) Statement of Changes in Equity
o Answer: c) Statement of Cash Flows
24. Which ratio is used to measure a company's profitability
relative to its revenue?
o a) Current Ratio
o b) Quick Ratio
o c) Net Profit Margin
o d) Debt-to-Equity Ratio
o Answer: c) Net Profit Margin
Subject Ability - Security
25. What is the purpose of an emergency evacuation plan in

security management?
o a) To train employees in martial arts
o b) To provide procedures for safe and orderly evacuation
during emergencies
o c) To store important documents
o d) To enhance physical fitness of security personnel
o Answer: b) To provide procedures for safe and
orderly evacuation during emergencies
26. Which document classification level indicates the highest
level of sensitivity and security?
o a) Confidential
o b) Secret
o c) Top Secret
o d) Restricted
o Answer: c) Top Secret
27. What is the role of NACTA in Pakistan?
o a) To manage financial audits
o b) To oversee national counter-terrorism efforts

o c) To regulate stock exchanges

o d) To provide guidelines for corporate governance
o Answer: b) To oversee national counter-terrorism
efforts
General Ability
1. Which country is known as the Land of the Rising Sun?

o a) China
o b) South Korea
o c) Japan
o d) Thailand
o Answer: c) Japan
2. What is the capital city of Canada?
o a) Toronto
o b) Vancouver
o c) Montreal
o d) Ottawa
o Answer: d) Ottawa
3. Which planet is known as the Red Planet?
o a) Earth
o b) Mars
o c) Jupiter
o d) Venus
o Answer: b) Mars
4. Which of the following is an example of a network protocol?

o a) HTTP
o b) HTML
o c) CSS

o d) XML
o Answer: a) HTTP
5. What is a firewall used for in a network?
o a) To speed up the network
o b) To store data
o c) To block unauthorized access
o d) To manage user accounts
o Answer: c) To block unauthorized access
6. In information security, what does CIA stand for?
o a) Central Intelligence Agency
o b) Confidentiality, Integrity, Availability
o c) Control, Information, Access
o d) Cybersecurity, Information, Analysis
o Answer: b) Confidentiality, Integrity, Availability
7. What is the purpose of ETL in data processing?

o a) Encrypt, Transform, Load
o b) Extract, Transform, Load
o c) Execute, Transfer, Load
o d) Extract, Transfer, Link
o Answer: b) Extract, Transform, Load
8. Which tool is commonly used for data visualization?
o a) SQL Server
o b) Tableau
o c) Python
o d) C++
o Answer: b) Tableau
9. What is a data mart?
o a) A large repository of data

o b) A subset of a data warehouse focused on a particular

area
o c) A system for online transactions
o d) A software development tool
o Answer: b) A subset of a data warehouse focused on a
particular area
10. Which command in SQL is used to add new data to a table?

o a) INSERT
o b) ADD
o c) CREATE
o d) UPDATE
o Answer: a) INSERT
11. What does ACID stand for in the context of databases?
o a) Automated, Continuous, Instant, Direct
o b) Atomicity, Consistency, Isolation, Durability
o c) Access, Control, Integrity, Dependability
o d) Accuracy, Clarity, Isolation, Durability
o Answer: b) Atomicity, Consistency, Isolation,
Durability
12. What is a foreign key in a database?
o a) A key used to unlock encrypted data
o b) A primary key used in another table to establish a
relationship
o c) A key that is not used frequently
o d) A key that contains duplicate values
o Answer: b) A primary key used in another table to
establish a relationship

13. What is the main purpose of the SECP in Pakistan?

o a) To regulate financial markets and corporate sector
o b) To manage the country's defense
o c) To oversee education policies
o d) To regulate agricultural activities
o Answer: a) To regulate financial markets and
corporate sector
14. Which document governs the operations of public limited
companies in Pakistan?
o a) Companies Act, 2017
o b) Income Tax Ordinance, 2001
o c) Sales Tax Act, 1990
o d) Public Procurement Regulatory Authority Rules, 2004
o Answer: a) Companies Act, 2017
15. What is the main function of the Public Procurement
Regulatory Authority (PPRA)?
o a) To regulate corporate laws
o b) To manage public procurement processes
o c) To oversee tax collection
o d) To enforce labor laws
o Answer: b) To manage public procurement processes
16. Which section of the Income Tax Ordinance, 2001 deals with
exemptions?
o a) Section 53
o b) Section 54
o c) Section 55
o d) Section 56
17. What is a withholding tax?

o a) A tax that is refunded to taxpayers

o b) A tax deducted at source from various payments
o c) A tax applied on exports
o d) A tax paid by companies annually
o Answer: b) A tax deducted at source from various
payments
18. Under which section is the appeal process defined in the
Income Tax Ordinance, 2001?
o a) Section 120
o b) Section 122
o c) Section 127
o d) Section 130
o Answer: c) Section 127
19. What is the sales tax rate in Pakistan (as of 2024)?

o a) 15%
o b) 17%
o c) 18%
o d) 20%
o Answer: b) 17%
20. Which document is issued by the FBR for sales tax
registration?
o a) NTN Certificate
o b) STRN Certificate
o c) GST Certificate
o d) VAT Certificate
o Answer: b) STRN Certificate
21. What is the penalty for late filing of sales tax returns?
o a) 1% of the tax due per day
o b) 2% of the tax due per day

o c) 3% of the tax due per day

o d) 4% of the tax due per day
o Answer: a) 1% of the tax due per day
22. What does IFRS stand for?

o a) International Financial Reporting Standards
o b) International Finance Reporting System
o c) International Fiscal Reporting Standards
o d) International Financial Regulatory Standards
o Answer: a) International Financial Reporting
Standards
23. Which financial statement provides information about a
company's financial position at a specific point in time?
o a) Balance Sheet
o d) Statement of Changes in Equity
o Answer: a) Balance Sheet
24. Which ratio measures a company's ability to pay short-term
obligations?
o a) Current Ratio
o b) Quick Ratio
o c) Debt-to-Equity Ratio
o d) Return on Assets
o Answer: a) Current Ratio
25. What is the purpose of an access control system?

o a) To speed up network connections

o b) To manage user access to resources

o c) To provide internet access
o d) To store large amounts of data
o Answer: b) To manage user access to resources
26. Which type of attack involves intercepting and altering
communications between two parties?
o a) Phishing
o b) Man-in-the-Middle
o c) Denial of Service
o d) Ransomware
o Answer: b) Man-in-the-Middle
27. What is the primary purpose of encryption in information
security?
o a) To store data efficiently
o b) To protect data from unauthorized access
o c) To improve network speed
o d) To manage user accounts
o Answer: b) To protect data from unauthorized access
General Ability
28. Who wrote the famous book "1984"?

o a) George Orwell
o b) Aldous Huxley
o c) J.K. Rowling
o d) Mark Twain
o Answer: a) George Orwell
29. What is the smallest planet in our solar system?
o a) Mercury
o b) Venus
o c) Mars
o d) Pluto

o Answer: a) Mercury
30. What is the chemical symbol for gold?
o a) Au
o b) Ag
o c) Gd
o d) Go
o Answer: a) Au
31. What is the purpose of an audit trail in IT systems?

o a) To enhance system performance
o b) To track changes and activities within the system
o c) To store backup data
o d) To manage user permissions
o Answer: b) To track changes and activities within the
system
32. Which of the following is a type of malware that restricts
access to a computer system until a ransom is paid?
o a) Virus
o b) Worm
o c) Trojan
o d) Ransomware
o Answer: d) Ransomware
33. In IT audit, what does the term 'Segregation of Duties' refer
to?
o a) Dividing responsibilities to prevent fraud and errors
o b) Combining tasks to enhance efficiency
o c) Assigning all tasks to one person
o d) Eliminating redundant processes
o Answer: a) Dividing responsibilities to prevent fraud
and errors

34. What is a dashboard in the context of business intelligence?

o a) A physical control panel
o b) A visual display of key metrics and data points
o c) A type of database
o d) A programming tool
o Answer: b) A visual display of key metrics and data
points
35. Which term describes the process of discovering patterns in
large datasets?
o a) Data Mining
o b) Data Warehousing
o c) Data Modeling
o d) Data Cleansing
o Answer: a) Data Mining
36. What is the main benefit of using real-time data analytics?
o a) Historical analysis
o b) Immediate insights and decision-making
o c) Reduced storage costs
o d) Improved security
o Answer: b) Immediate insights and decision-making
37. Which SQL function is used to count the number of rows in

a result set?
o a) SUM
o b) AVG
o c) COUNT
o d) MAX
o Answer: c) COUNT

38. What is normalization in database design?

o a) A process of denormalizing data
o b) Organizing data to reduce redundancy
o c) Adding more columns to a table
o d) Removing constraints from a database
o Answer: b) Organizing data to reduce redundancy
39. What is a stored procedure in SQL?
o a) A function used to store data
o b) A precompiled collection of SQL statements
o c) A command to create tables
o d) A method to import data
o Answer: b) A precompiled collection of SQL
statements
40. Which of the following is not a feature of a public limited

company?
o a) Limited liability
o b) Shares can be freely transferred
o c) Must be privately owned
o d) Can raise capital from the public
o Answer: c) Must be privately owned
41. What is the primary objective of corporate governance?
o a) Maximizing profits
o b) Ensuring transparency and accountability in business
operations
o c) Reducing taxes
o d) Expanding market share
o Answer: b) Ensuring transparency and
accountability in business operations

42. Which section of the Companies Act, 2017 deals with the
appointment of auditors?
o a) Section 225
o b) Section 245
o c) Section 255
o d) Section 265
43. Which form is used to file an annual income tax return for
individuals in Pakistan?
o a) Form A
o b) Form B
o c) Form C
o d) Form D
o Answer: b) Form B
44. What is the due date for filing income tax returns for
salaried individuals in Pakistan?
o a) 30th June
o b) 31st July
o c) 30th September
o d) 31st December
o Answer: c) 30th September
45. What is the main purpose of tax credits under the Income
Tax Ordinance, 2001?
o a) To reduce the tax payable by an individual or entity
o b) To increase the taxable income
o c) To penalize late filers
o Answer: a) To reduce the tax payable by an
individual or entity

46. Which section of the Sales Tax Act, 1990 deals with the
issuance of tax invoices?
o a) Section 22
o b) Section 23
o c) Section 24
o d) Section 25
47. What is the main purpose of input tax under the Sales Tax
Act, 1990?
o a) To increase the amount of sales tax collected
o b) To reduce the cost of goods sold
o c) To allow businesses to claim credit for the tax paid on
purchases
o d) To exempt certain goods from tax
o Answer: c) To allow businesses to claim credit for the
tax paid on purchases
48. What is a registered person under the Sales Tax Act, 1990?
o a) An individual who has an NTN
o b) A person or entity registered with the FBR for sales
tax purposes
o c) A taxpayer who files annual returns
o d) A business that imports goods
o Answer: b) A person or entity registered with the
FBR for sales tax purposes
49. Which accounting principle requires that expenses be

matched with revenues?
o a) Revenue Recognition Principle

o b) Matching Principle
o c) Consistency Principle
o d) Conservatism Principle
o Answer: b) Matching Principle
50. What is the purpose of a trial balance in accounting?
o a) To record all financial transactions
o b) To prepare financial statements
o c) To verify the accuracy of ledger balances
o d) To assess the financial performance of a company
o Answer: c) To verify the accuracy of ledger balances
51. Which financial statement shows a company's profitability
over a specific period?
o a) Balance Sheet
o d) Statement of Retained Earnings
o Answer: b) Income Statement
52. What is the primary goal of a disaster recovery plan in IT?

o a) To improve system performance
o b) To restore critical business operations after a disaster
o c) To manage user permissions
o d) To reduce data storage costs
o Answer: b) To restore critical business operations
after a disaster
53. Which term describes a software update that fixes security
vulnerabilities?
o a) Patch
o b) Upgrade
o c) Enhancement

o d) Revision
o Answer: a) Patch
54. What is a DDoS attack?
o a) Distributed Denial of Service
o b) Direct Denial of Service
o c) Data Denial of Service
o d) Dynamic Denial of Service
o Answer: a) Distributed Denial of Service
General Ability
55. Who is the current Secretary-General of the United Nations

(as of 2024)?
o a) António Guterres
o b) Ban Ki-moon
o c) Kofi Annan
o d) Boutros Boutros-Ghali
o Answer: a) António Guterres
56. What is the largest organ in the human body?
o a) Liver
o b) Skin
o c) Heart
o d) Brain
o Answer: b) Skin
57. Which element has the chemical symbol 'O'?
o a) Oxygen
o b) Gold
o c) Osmium
o d) Opium
o Answer: a) Oxygen

58. What is the purpose of two-factor authentication?

o a) To simplify the login process
o b) To provide an additional layer of security
o c) To reduce the cost of security measures
o d) To store user data
o Answer: b) To provide an additional layer of security
59. Which type of attack uses multiple compromised systems to
target a single system?
o a) Phishing
o b) SQL Injection
o c) DDoS Attack
o d) Man-in-the-Middle Attack
o Answer: c) DDoS Attack
60. In auditing, what is a control environment?
o a) The set of standards, processes, and structures that
provide the basis for carrying out internal control across
the organization
o b) A system used to store audit logs
o c) A software tool used for conducting audits
o d) A physical location where audits are conducted
o Answer: a) The set of standards, processes, and
structures that provide the basis for carrying out
internal control across the organization
61. What is OLAP in the context of business intelligence?

o a) Online Analytical Processing
o b) Online Application Processing
o c) Offline Analytical Processing
o d) Offline Application Processing
o Answer: a) Online Analytical Processing

62. Which of the following is a key characteristic of big data?

o a) Volume
o b) Velocity
o c) Variety
o d) All of the above
o Answer: d) All of the above
63. What is a data warehouse?
o a) A system used for transaction processing
o b) A centralized repository for integrated data from
various sources
o c) A tool for data visualization
o d) A type of database management system
o Answer: b) A centralized repository for integrated
data from various sources
64. What is the primary key in a database?

o a) A unique identifier for each record in a table
o b) A foreign key used to create relationships
o c) A secondary key for indexing
o d) A composite key for combined attributes
o Answer: a) A unique identifier for each record in a
table
65. Which command is used to remove a table from a database
in SQL?
o a) DROP TABLE
o b) DELETE TABLE
o c) REMOVE TABLE
o d) ERASE TABLE
o Answer: a) DROP TABLE
66. What is a view in SQL?

o a) A virtual table created by a query

o b) A physical table storing temporary data
o c) A system function for data manipulation
o d) A method for user authentication
o Answer: a) A virtual table created by a query
67. Which of the following is not a function of the SECP?

o a) Regulating corporate sector
o b) Overseeing insurance companies
o c) Managing public debt
o d) Regulating securities markets
o Answer: c) Managing public debt
68. What does the Code of Corporate Governance aim to
achieve?
o a) Increase in corporate profits
o b) Enhancement of corporate governance practices
o c) Reduction of corporate taxes
o d) Expansion of market share
o Answer: b) Enhancement of corporate governance
practices
69. Which regulatory body oversees the banking sector in
Pakistan?
o a) SECP
o b) FBR
o c) SBP
o d) PSX
o Answer: c) SBP

70. What is the purpose of advance tax under the Income Tax
Ordinance, 2001?
o a) To defer tax payment
o b) To collect tax before income is earned
o c) To provide tax refunds
o Answer: b) To collect tax before income is earned
71. What is a tax rebate?
o a) A refund of excess tax paid
o b) A penalty for late payment of tax
o c) A reduction in the amount of tax due
o d) An exemption from paying tax
o Answer: c) A reduction in the amount of tax due
72. Under which section is the taxation of non-residents defined
in the Income Tax Ordinance, 2001?
o a) Section 100
o b) Section 101
o c) Section 102
o d) Section 103
73. Which section of the Sales Tax Act, 1990 deals with the
maintenance of records?
o a) Section 24
o b) Section 25
o c) Section 26
o d) Section 27
74. What is a zero-rated supply under the Sales Tax Act, 1990?
o a) Supplies exempt from sales tax

o b) Supplies subject to zero percent sales tax

o c) Supplies subject to reduced sales tax
o d) Supplies with no tax due
o Answer: b) Supplies subject to zero percent sales tax
75. Which section of the Sales Tax Act, 1990 deals with the audit
of registered persons?
o a) Section 26
o b) Section 27
o c) Section 28
o d) Section 29
o Answer: d) Section 29
76. What is the purpose of depreciation in accounting?

o a) To allocate the cost of an asset over its useful life
o b) To increase the value of an asset
o c) To record cash flow from operations
o d) To measure company profitability
o Answer: a) To allocate the cost of an asset over its
useful life
77. Which financial statement reflects the financial performance
of a company over a specific period?
o a) Balance Sheet
o d) Statement of Financial Position
o Answer: b) Income Statement
78. What does GAAP stand for?
o a) Generally Accepted Accounting Principles
o b) Generally Approved Accounting Practices
o c) Globally Accepted Accounting Principles

o d) Government Approved Accounting Procedures

o Answer: a) Generally Accepted Accounting
Principles
79. What is the primary function of an intrusion detection

system (IDS)?
o a) To prevent unauthorized access
o b) To detect and alert about unauthorized access
o c) To manage user accounts
o d) To back up data
o Answer: b) To detect and alert about unauthorized
access
80. What does the term 'phishing' refer to in cybersecurity?
o a) Sending fake emails to steal personal information
o b) Disrupting network services
o c) Scanning for vulnerabilities
o d) Encrypting data for security
o Answer: a) Sending fake emails to steal personal
information
81. What is the primary goal of risk management in information
security?
o a) To eliminate all risks
o b) To identify, assess, and mitigate risks
o c) To increase security spending
o d) To automate security processes
o Answer: b) To identify, assess, and mitigate risks
General Ability
82. Which country is the largest producer of coffee?

o a) Vietnam
o b) Colombia
o c) Brazil
o d) Ethiopia
o Answer: c) Brazil
83. What is the capital city of Australia?
o a) Sydney
o b) Melbourne
o c) Brisbane
o d) Canberra
o Answer: d) Canberra
84. Who developed the theory of relativity?
o a) Isaac Newton
o b) Albert Einstein
o c) Nikola Tesla
o d) Galileo Galilei
o Answer: b) Albert Einstein
85. What is the purpose of an IT governance framework?

o a) To enhance system speed
o b) To align IT strategy with business goals
o c) To reduce the cost of IT infrastructure
o d) To provide technical support
o Answer: b) To align IT strategy with business goals
86. Which type of audit focuses on the reliability and integrity of
financial and operational information?
o a) Compliance Audit
o b) Financial Audit
o c) Operational Audit
o d) Information Systems Audit

o Answer: d) Information Systems Audit

87. What is a hash function used for in cryptography?
o a) To encrypt data
o b) To generate a fixed-size string from input data
o c) To compress data
o d) To create random numbers
o Answer: b) To generate a fixed-size string from input
data
88. Which of the following is not a type of data analytics?

o a) Descriptive Analytics
o b) Predictive Analytics
o c) Prescriptive Analytics
o d) Reflective Analytics
o Answer: d) Reflective Analytics
89. What is the main purpose of data normalization in a data
warehouse?
o a) To increase data redundancy
o b) To ensure data consistency and eliminate redundancy
o c) To create backup copies of data
o d) To speed up data retrieval
o Answer: b) To ensure data consistency and eliminate
redundancy
90. What is the role of a data steward in a business intelligence
environment?
o a) To manage and ensure the quality of data
o b) To design data warehouses
o c) To perform data mining
o d) To visualize data
o Answer: a) To manage and ensure the quality of data

91. Subject Ability - Database Management
91. What is a foreign key in a relational database?

 a) A unique identifier for records in a table
 b) A key used to establish a relationship between
two tables
 c) A secondary key used for indexing
 d) A composite key for combined attributes
 Answer: b) A key used to establish a
relationship between two tables
92. Which command in SQL is used to update existing
records in a table?
 a) MODIFY
 b) UPDATE
 c) CHANGE
 d) INSERT
 Answer: b) UPDATE
93. What is the main function of an index in a database?
 a) To create a new table
 b) To speed up the retrieval of data
 c) To store large amounts of data
 d) To manage user permissions
 Answer: b) To speed up the retrieval of data
94. Which of the following is a key aspect of the

Companies Act, 2017 regarding financial statements?
 a) They must be prepared monthly
 b) They must be audited annually
 c) They are exempt from audit requirements
 d) They must be filed quarterly

 Answer: b) They must be audited annually

95. Under the Companies Act, 2017, what is the
maximum term for an external auditor's
appointment?
 a) 1 year
 b) 3 years
 c) 5 years
 d) 7 years
 Answer: b) 3 years
96. What is the primary purpose of the Public
Procurement Regulatory Authority (PPRA)
Ordinance, 2002?
 a) To oversee corporate governance
 b) To regulate public procurement of goods,
services, and works
 c) To manage tax collection
 d) To enforce labor laws
 Answer: b) To regulate public procurement of
goods, services, and works
97. Which section of the Income Tax Ordinance, 2001

defines the concept of 'Income from Salary'?
 a) Section 10
 b) Section 11
 c) Section 12
 d) Section 13
 Answer: c) Section 12
98. What is the primary objective of the withholding tax
regime?
 a) To defer tax payments

 b) To collect tax at the source of income

 c) To provide tax exemptions
 d) To simplify tax filing
 Answer: b) To collect tax at the source of
income
99. Under the Income Tax Ordinance, 2001, what is a
'resident individual'?
 a) An individual who stays in Pakistan for 90
days
 b) An individual who stays in Pakistan for 183
days or more in a tax year
 c) An individual who stays in Pakistan for 200
days
 d) An individual who stays in Pakistan for 150
days
 Answer: b) An individual who stays in
Pakistan for 183 days or more in a tax year
100. What is the standard rate of sales tax in

Pakistan under the Sales Tax Act, 1990?
 10%
 15%
 17%
 20%
 **Answer: c) 17%
BEST OF LUCK
100 MCQ’s Mockup Test
Assistant Manager – IT Audit

100 multiple-choice questions (MCQs) relevant to
the job description for an Assistant Manager –
IT Audit. The correct answers are highlighted.
IT Audit Basics
1. What is the primary goal of an IT audit?

o A) Increase software sales
o B) Evaluate the adequacy of the system's controls
o C) Train employees on new software
o D) Improve hardware performance
2. Which of the following is a key component of IT audit
planning?
o A) Buying new software
o B) Understanding the activity under audit
o C) Hiring new staff
o D) Marketing the audit services
3. In the context of IT auditing, what does the term 'fieldwork'
refer to?
o A) Working on agricultural projects
o B) Executing audit procedures on site
o C) Managing field trips
o D) Conducting marketing surveys
4. What is a crucial step in developing an IT audit work
program?
o A) Designing new software
o B) Identifying IT risks and controls
o C) Setting up a new network
o D) Selling audit services
5. What should an auditor do after identifying IT risks?
Syed Salman Mehdi - +923337011728 Page 1

o A) Ignore them
o B) Assess internal control strengths and weaknesses
o C) Delete the data
o D) Report them to the media
6. Which of the following is an essential part of documenting
audit work?
o A) Work papers
o B) Financial reports
o C) Marketing materials
o D) Software manuals
7. What is the role of communication in the audit process?
o A) Discussing and presenting audit results to
management
o B) Developing new communication software
o C) Designing marketing campaigns
o D) Conducting surveys
8. What should an auditor do when management does not
accept audit findings?
o A) Ignore it
o B) Provide advice to remediate audit issues
o C) Report them to authorities
o D) Leave the job
9. What kind of projects might an IT auditor participate in
aside from regular audits?
o A) Special projects or technical reviews
o B) Construction projects
o C) Marketing campaigns
o D) Software development
10. What is an audit work program?
o A) A software development plan
o B) A detailed plan of the audit procedures to be
performed

o C) A marketing strategy
o D) A financial report
IT Risks and Controls
11. Which of the following is a common IT risk?

o A) Increased sales
o B) Unauthorized access to systems
o C) High employee turnover
o D) Customer satisfaction
12. What is an internal control?
o A) A marketing strategy
o B) A process to ensure integrity and reliability of
information
o C) A sales technique
o D) A customer feedback mechanism
13. What is the purpose of an IT control?
o A) To increase software sales
o B) To improve customer satisfaction
o C) To ensure the confidentiality, integrity, and
availability of information
o D) To design new hardware
14. Which of the following is a preventive control?
o A) Password policies
o B) Backup procedures
o C) Incident response plans
o D) Audit logs
15. Which of the following is a detective control?
o A) Firewall settings
o B) Intrusion detection systems
o C) Password policies
o D) User training

16. Which of the following is a corrective control?

o A) Firewall configurations
o B) Disaster recovery plans
o C) User access reviews
o D) Security training
17. What is segregation of duties in IT controls?
o A) Combining multiple roles into one
o B) Dividing responsibilities to reduce risk of fraud or
error
o C) Eliminating user roles
o D) Centralizing all IT functions
18. What is a risk assessment?
o A) A marketing survey
o B) The process of identifying and evaluating risks
o C) A software development plan
19. What is a vulnerability assessment?
o A) Evaluating employee performance
o B) Identifying weaknesses in the IT system
o C) Developing new software
o D) Conducting customer surveys
20. What is the purpose of IT governance?
o A) To sell more software
o B) To design marketing strategies
o C) To ensure IT supports the organization's goals and
adds value
o D) To manage employee relations
Audit Procedures
21. What is the first step in the audit process?

o A) Writing the final report

o B) Planning the audit

o C) Conducting interviews
o D) Testing controls
22. Which of the following is a key activity during the planning
phase of an IT audit?
o A) Writing software code
o B) Understanding the business process and systems
o C) Marketing audit services
o D) Conducting exit interviews
23. What is a key deliverable of the planning phase?
o A) Financial statements
o B) Audit work program
o C) Marketing plan
o D) Software design document
24. What is the main focus during the fieldwork phase?
o A) Writing audit reports
o B) Executing audit procedures
o C) Developing software
o D) Marketing the audit
25. What should an auditor do during the fieldwork phase?
o A) Sell audit services
o B) Collect evidence and perform tests
o C) Design marketing materials
o D) Conduct customer surveys
26. Which of the following is part of audit evidence?
o A) Financial reports
o B) Work papers
o C) Marketing materials
o D) Software manuals
27. What is the purpose of an audit conclusion?
o A) To start a new audit
o B) To develop new software

o C) To summarize the findings and provide

recommendations
o D) To create marketing strategies
28. What is an audit report?
o A) A financial statement
o B) A software manual
o C) A document summarizing the audit findings and
recommendations
o D) A marketing plan
29. Why is communication important in the audit process?
o A) To sell more audit services
o B) To design new software
o C) To discuss and present audit results with
management
o D) To create marketing campaigns
30. What should an auditor do after presenting the audit report
to management?
o A) Ignore feedback
o B) Provide advice on remediating audit issues
o C) Report findings to the media
o D) Start a new audit
Integrated Audits
31. What is an integrated audit?

o A) An audit focusing solely on financial statements
o B) A marketing audit
o C) An audit combining IT and non-IT aspects
o D) A customer service audit
32. What is a key benefit of integrated audits?
o A) Higher software sales
o B) Improved marketing strategies

o C) Comprehensive understanding of business

processes and IT systems
o D) Increased customer satisfaction
33. Who typically performs integrated audits?
o A) Software developers
o B) Marketing teams
o C) IT auditors and non-IT auditors together
o D) Customer service representatives
34. What is a key focus in an integrated audit?
o A) Developing new software
o B) Reviewing key business flows and information
systems
o C) Conducting marketing surveys
o D) Increasing sales
35. Which of the following is crucial for the success of an
integrated audit?
o A) High software sales
o B) Effective collaboration between IT and non-IT
audit resources
o C) Strong marketing strategies
36. What should auditors assess in an integrated audit?
o A) Marketing materials
o B) Financial reports
o C) IT risks and internal controls
o D) Software design
37. What is a typical outcome of an integrated audit?
o A) New marketing strategies
o B) Improved software sales
o C) Recommendations for both IT and business
process improvements
o D) Customer feedback

38. What role do IT auditors play in an integrated audit?

o B) Conducting marketing campaigns
o C) Assessing IT risks and controls
o D) Writing financial reports
39. Why are integrated audits valuable to organizations?
o A) They increase software sales
o B) They improve marketing strategies
o C) They provide a holistic view of risks and controls
o D) They enhance customer service
40. What is a common challenge in integrated audits?
o A) High software costs
o B) Poor marketing strategies
o C) Coordinating between IT and non-IT auditors
o D) Low customer satisfaction
IT Audit Techniques and Tools
41. What is a common tool used in IT auditing?

o A) Marketing software
o B) Audit management software
o C) Customer feedback tools
o D) Financial analysis software
42. Which of the following techniques is often used in IT
auditing?
o A) Financial modeling
o B) Data analytics
o C) Marketing surveys
o D) Customer interviews
43. What is the purpose of using data analytics in IT auditing?
o A) To increase software sales

o C) To identify patterns and anomalies in data

o D) To conduct customer surveys
44. Which tool helps in monitoring network security?
o B) Intrusion detection systems (IDS)
o C) Customer relationship management (CRM) software
o D) Financial reporting tools
45. What is the role of audit management software?
o A) To create marketing campaigns
o B) To streamline and manage the audit process
o C) To sell audit services
o D) To develop new software
46. What is a key feature of audit management software?
o A) Marketing automation
o B) Financial reporting
o C) Work paper management
o D) Customer service tracking
47. Why are continuous monitoring tools important in IT
audits?
o A) They increase sales
o B) They improve marketing
o C) They provide real-time insights into IT systems
o D) They enhance customer service
48. Which of the following is an example of a preventive
control?
o A) Firewalls
o B) Audit trails
o C) Incident response plans
o D) User access reviews
49. What is a key benefit of using automated audit tools?
o A) Increased marketing reach
o B) Improved efficiency and accuracy in audits

o C) Enhanced customer feedback

o D) Higher software sales
50. Which tool can help in assessing IT system vulnerabilities?
o A) Marketing analytics software
o B) Financial reporting tools
o C) Vulnerability scanners
o D) Customer relationship management software
Regulatory Compliance
51. What is regulatory compliance in the context of IT auditing?

o A) Designing new software
o B) Adhering to laws and regulations relevant to IT
systems
o C) Conducting marketing campaigns
o D) Improving customer service
52. Which regulation focuses on the protection of personal data
in the EU?
o A) HIPAA
o B) GDPR
o C) SOX
o D) PCI DSS
53. What does SOX stand for in regulatory compliance?
o A) Sarbanes-Oxley Act
o B) System of Operations
o C) Software Optimization
o D) Security of X-systems
54. Which of the following is a key requirement of the Sarbanes-
Oxley Act (SOX)?
o A) Increased software sales
o B) Enhanced marketing strategies
o C) Internal controls over financial reporting

o D) Improved customer satisfaction

55. What is the main focus of PCI DSS?
o A) Marketing strategies
o B) Payment card data security
o C) Customer service
o D) Software development
56. Which regulation is primarily concerned with healthcare
data security in the US?
o A) HIPAA
o B) GDPR
o C) SOX
o D) PCI DSS
57. What is the purpose of IT compliance audits?
o B) To improve marketing reach
o C) To ensure adherence to regulatory requirements
o D) To enhance customer service
58. What is a common outcome of non-compliance with IT
regulations?
o A) Increased software sales
o B) Enhanced marketing
o C) Fines and legal penalties
o D) Improved customer satisfaction
59. Which of the following is a key element of GDPR
compliance?
o C) Data subject rights
o D) Customer relationship management
60. What should an organization do to maintain compliance
with IT regulations?
o A) Ignore regulations

o B) Regularly review and update policies and

procedures
o C) Increase marketing efforts
o D) Focus on software development
Cybersecurity
61. What is the primary goal of cybersecurity in an

organization?
o B) Protect information and systems from cyber
threats
o C) Improve marketing reach
o D) Enhance customer service
62. Which of the following is a common cybersecurity threat?
o A) High employee turnover
o B) Low sales
o C) Phishing attacks
o D) Customer complaints
63. What is malware?
o B) Malicious software designed to harm systems
o C) Customer feedback tool
o D) Financial reporting software
64. What is a firewall used for in cybersecurity?
o A) Conducting marketing surveys
o B) Protecting networks from unauthorized access
o C) Developing new software
o D) Managing customer relationships
65. Which of the following is a type of malware?
o A) Firewall
o B) Antivirus software

o C) Ransomware
o D) Intrusion detection system
66. What is the purpose of encryption?
o B) Enhance marketing strategies
o C) Protect data by converting it into a secure format
67. What is a key aspect of a strong password policy?
o A) Simple and easy-to-remember passwords
o B) Complex and unique passwords
o C) Marketing automation
68. What is the purpose of multi-factor authentication (MFA)?
o B) To add an extra layer of security to the login
process
o C) To improve marketing reach
o D) To enhance customer feedback
69. Which of the following is a common practice to enhance
cybersecurity?
o A) Conducting marketing surveys
o B) Regularly updating software and systems
o C) Increasing sales
70. What is a cybersecurity incident response plan?
o A) A marketing strategy
o B) A financial report
o C) A plan to address and manage security breaches
o D) A software development guide
IT Governance

71. What is IT governance?

o A) A framework to ensure IT supports business goals
o B) A marketing strategy
o C) A software development plan
72. Which of the following is a principle of IT governance?
o A) Increasing software sales
o B) Enhancing marketing reach
o C) Aligning IT strategy with business strategy
73. What is the purpose of IT governance frameworks like
COBIT?
o A) To develop new software
o B) To create marketing campaigns
o C) To provide guidelines for managing IT resources
effectively
o D) To enhance customer relationships
74. Which of the following is a component of IT governance?
o C) Risk management
75. What is the role of the IT steering committee in governance?
o A) Designing marketing campaigns
o B) Writing software code
o C) Providing direction and oversight for IT initiatives
o D) Conducting customer surveys
76. What is an IT governance charter?
o A) A marketing plan
o B) A financial statement
o C) A document outlining the roles, responsibilities,
and structure of IT governance

o D) A software design document

77. Why is IT governance important for organizations?
o B) To improve marketing strategies
o C) To ensure IT investments deliver value and
mitigate risks
78. What is the focus of strategic alignment in IT governance?
o A) Increasing sales
o B) Developing new software
o C) Ensuring IT supports business objectives
o D) Improving customer feedback
79. Which framework is commonly used for IT governance?
o A) ISO 9001
o B) Six Sigma
o C) COBIT
o D) Lean
80. What is the purpose of performance measurement in IT
governance?
o A) To create marketing campaigns
o B) To assess how well IT is supporting business goals
o C) To develop software
o D) To manage customer relationships
Special Projects and Investigations
81. What is a special project in the context of IT auditing?

o A) A marketing campaign
o B) A unique or non-routine audit activity
o C) Software development
o D) Customer service improvement
82. Why might an IT auditor be involved in an investigation?

o A) To increase sales
o C) To uncover fraud or misconduct
83. What is a common trigger for a special investigation?
o A) High sales
o B) Successful marketing campaigns
o C) Suspected fraud or data breach
84. What should be the focus of an IT auditor during a special
investigation?
o A) Writing software code
o B) Conducting marketing surveys
o C) Gathering and analyzing evidence
85. What is a forensic audit?
o A) A marketing analysis
o B) A financial review
o C) An audit focused on detecting and investigating
fraud
o D) A software development process
86. What skills are essential for IT auditors involved in
investigations?
o A) Marketing skills
o B) Analytical and investigative skills
o C) Software development skills
o D) Customer service skills
87. What is a key outcome of a special investigation?
o A) Increased sales
o B) Enhanced marketing reach
o C) Detailed report of findings and recommendations
o D) Improved customer feedback

88. How should IT auditors document their findings during an

investigation?
o A) In marketing materials
o B) In software manuals
o C) In detailed work papers and reports
o D) In customer surveys
89. What is a key challenge in conducting special investigations?
o A) High software costs
o B) Poor marketing strategies
o C) Limited time and resources
o D) Low customer satisfaction
90. What is the role of IT in special investigations?
o B) Conducting marketing campaigns
o C) Providing technical expertise and support
o D) Managing customer relationships
Miscellaneous Duties
91. What are miscellaneous duties for an IT auditor?

o A) Marketing services
o B) Other tasks assigned by senior management
o C) Developing software
o D) Enhancing customer service
92. What is a common reason for assigning miscellaneous
duties?
o A) High sales
o B) Successful marketing
o C) To address unexpected needs or issues
93. How should an IT auditor approach miscellaneous duties?
o A) Ignore them

o B) With the same diligence as regular audit tasks

o C) Outsource them
o D) Report them to the media
94. What is a key skill for handling miscellaneous duties?
o A) Marketing expertise
o B) Financial analysis
o C) Flexibility and adaptability
o D) Customer service
95. Why is it important to document miscellaneous duties?
o A) For marketing purposes
o B) For software development
o C) To provide a clear record of activities and
decisions
o D) For customer service tracking
96. What should an auditor do if they need help with
miscellaneous duties?
o A) Ignore them
o B) Seek guidance from senior management
o C) Report them to authorities
97. How can miscellaneous duties benefit an IT auditor's
career?
o A) Increase sales
o B) Enhance marketing reach
o C) Provide broader experience and skill development
o D) Improve customer satisfaction
98. What is a common type of miscellaneous duty?
o A) Marketing analysis
o C) Technical support
o D) Customer service

99. What is a key consideration when handling miscellaneous

duties?
o A) Increasing sales
o B) Enhancing marketing
o C) Maintaining professionalism and quality
o D) Improving customer feedback
100. What should be the outcome of completing
miscellaneous duties? - A) Increased software sales - B)
Enhanced marketing reach - C) Satisfaction of the
organization’s needs - D) Improved customer service
I hope these questions and answers help you prepare for your test
related to the Assistant Manager – IT Audit position!
Here are summarized notes to help you study for the Assistant Manager
– IT Audit position:
IT Audit Basics
1. Primary Goal: Evaluate system's controls.

2. Planning Component: Understand the activity under audit.
3. Fieldwork: Execute audit procedures on site.
4. Work Program: Identify IT risks and controls.
5. Post-Risk Identification: Assess internal control strengths and
weaknesses.
6. Documentation: Use work papers.
7. Communication: Discuss and present audit results to management.
8. Management Non-Acceptance: Provide advice to remediate issues.

9. Special Projects: Conduct technical reviews/investigations.

10. Work Program: Plan of audit procedures.
IT Risks and Controls
1. Common IT Risk: Unauthorized access to systems.

2. Internal Control: Process ensuring integrity and reliability of
information.
3. Purpose of IT Control: Ensure confidentiality, integrity, availability of
information.
4. Preventive Control: Password policies.
5. Detective Control: Intrusion detection systems.
6. Corrective Control: Disaster recovery plans.
7. Segregation of Duties: Divide responsibilities to reduce fraud/error
risk.
8. Risk Assessment: Identify and evaluate risks.
9. Vulnerability Assessment: Identify weaknesses in IT system.
10. IT Governance Purpose: Ensure IT supports organizational goals and
adds value.
Audit Procedures
1. First Audit Step: Planning the audit.

2. Key Planning Activity: Understand business processes and systems.
3. Planning Deliverable: Audit work program.
4. Fieldwork Focus: Execute audit procedures.
5. Fieldwork Task: Collect evidence and perform tests.
6. Audit Evidence: Work papers.
7. Audit Conclusion Purpose: Summarize findings and provide
recommendations.
8. Audit Report: Document summarizing audit findings and
recommendations.

9. Post-Report Communication: Discuss results and provide

remediation advice.
10. Integrated Audit: Combines IT and non-IT aspects.
Integrated Audits
1. Definition: Combines IT and non-IT aspects.

2. Benefit: Comprehensive understanding of processes and systems.
3. Performers: IT and non-IT auditors together.
4. Focus: Review key business flows and information systems.
5. Success Factor: Collaboration between IT and non-IT auditors.
6. Assessment: IT risks and internal controls.
7. Outcome: Recommendations for IT and business process
improvements.
8. IT Auditors' Role: Assess IT risks and controls.
9. Value: Provides holistic view of risks and controls.
10. Challenge: Coordination between IT and non-IT auditors.
IT Audit Techniques and Tools
1. Common Tool: Audit management software.

2. Technique: Data analytics.
3. Data Analytics Purpose: Identify patterns and anomalies in data.
4. Network Security Tool: Intrusion detection systems (IDS).
5. Audit Management Role: Streamline and manage the audit process.
6. Key Feature: Work paper management.
7. Continuous Monitoring Importance: Real-time insights into IT
systems.
8. Preventive Control Example: Firewalls.
9. Automated Tools Benefit: Improved audit efficiency and accuracy.
10. Vulnerability Assessment Tool: Vulnerability scanners.

Regulatory Compliance
1. Definition: Adhering to IT laws and regulations.

2. EU Data Protection Regulation: GDPR.
3. SOX Definition: Sarbanes-Oxley Act.
4. SOX Requirement: Internal controls over financial reporting.
5. PCI DSS Focus: Payment card data security.
6. US Healthcare Data Security: HIPAA.
7. Compliance Audit Purpose: Ensure regulatory adherence.
8. Non-Compliance Outcome: Fines and legal penalties.
9. GDPR Compliance Element: Data subject rights.
10. Maintain Compliance: Regularly review and update policies.
Cybersecurity
1. Primary Goal: Protect information and systems from cyber threats.

2. Common Threat: Phishing attacks.
3. Malware Definition: Malicious software designed to harm systems.
4. Firewall Purpose: Protect networks from unauthorized access.
5. Malware Type: Ransomware.
6. Encryption Purpose: Protect data by converting it into a secure
format.
7. Password Policy: Complex and unique passwords.
8. MFA Purpose: Extra layer of security for login.
9. Enhance Security: Regularly update software and systems.
10. Incident Response Plan: Address and manage security breaches.
IT Governance
1. Definition: Framework ensuring IT supports business goals.

2. Principle: Align IT strategy with business strategy.
3. COBIT Purpose: Guidelines for managing IT resources.

4. Component: Risk management.

5. Steering Committee Role: Direction and oversight for IT initiatives.
6. Governance Charter: Roles, responsibilities, and structure of IT
governance.
7. Importance: Ensure IT investments deliver value and mitigate risks.
8. Strategic Alignment Focus: IT supports business objectives.
9. Common Framework: COBIT.
10. Performance Measurement: Assess IT support for business goals.
Special Projects and Investigations
1. Special Project: Unique/non-routine audit activity.

2. Investigation Role: Uncover fraud or misconduct.
3. Investigation Trigger: Suspected fraud or data breach.
4. Investigation Focus: Gathering and analyzing evidence.
5. Forensic Audit: Detecting and investigating fraud.
6. Essential Skills: Analytical and investigative skills.
7. Outcome: Detailed report of findings and recommendations.
8. Documentation: Detailed work papers and reports.
9. Challenge: Limited time and resources.
10. Role of IT: Technical expertise and support.
Miscellaneous Duties
1. Definition: Tasks assigned by senior management.

2. Reason: Address unexpected needs or issues.
3. Approach: Same diligence as regular tasks.
4. Key Skill: Flexibility and adaptability.
5. Importance of Documentation: Clear record of activities and
decisions.
6. Seek Help: Guidance from senior management.
7. Career Benefit: Broader experience and skill development.
8. Common Type: Technical support.
9. Key Consideration: Maintain professionalism and quality.

10. Outcome: Satisfy organizational needs.
These notes provide a concise overview of the key concepts and

responsibilities related to the IT Audit position. Use them to guide your
study and ensure you understand each area thoroughly.
Chapter 1: Introduction to IT Auditing
Overview
IT Auditing is the examination and evaluation of an organization's

information technology infrastructure, policies, and operations. IT
audits are conducted to ensure that IT systems are adequately protected,
provide reliable information, and operate efficiently to achieve the
organization’s goals.
Key Concepts
1. Primary Goal: Evaluate the system's controls to ensure they are

effective and efficient.
2. Understanding the Activity: Gain detailed knowledge of the IT
environment and the processes under audit.
3. Fieldwork: On-site activities including gathering evidence, performing
tests, and interviewing personnel.
4. Work Program: A detailed plan outlining the procedures and steps to
be followed during the audit.
Documentation

 Use work papers to document all audit activities, findings, and

conclusions.
 Ensure all documentation is clear, concise, and supports the audit
findings.
Communication
 Regularly interact with management to discuss audit progress,

findings, and recommendations.
 Provide advice and solutions to remediate identified issues.
Chapter 2: IT Risks and Controls
Understanding IT Risks
IT risks refer to the potential negative events or impacts that could

affect an organization’s information systems.
Types of Controls
1. Preventive Controls: Aim to prevent errors or irregularities from

occurring (e.g., firewalls, password policies).
2. Detective Controls: Identify and report the occurrence of errors or
irregularities (e.g., intrusion detection systems, audit trails).
3. Corrective Controls: Correct errors or irregularities that have been
detected (e.g., disaster recovery plans).
Key Activities

1. Risk Assessment: Identify and evaluate the risks to IT systems and

processes.
2. Vulnerability Assessment: Identify weaknesses in IT systems that
could be exploited by threats.
3. Segregation of Duties: Ensure that no single individual has control
over all aspects of a transaction to reduce the risk of fraud and errors.
Chapter 3: Audit Procedures
Planning the Audit
 Initial Steps: Understand the business processes and systems under

audit.
 Developing Work Programs: Outline the specific audit procedures to
be performed.
Fieldwork
 Execution: Perform the audit procedures outlined in the work

program.
 Evidence Collection: Gather and evaluate evidence to support audit
conclusions.
Reporting
 Audit Reports: Summarize findings, conclusions, and

recommendations in a formal report.
 Communication: Discuss results with management and provide
advice on remediation.

Chapter 4: Integrated Audits
Definition
Integrated audits combine IT and non-IT aspects to provide a

comprehensive assessment of business processes and information
systems.
Benefits
 Provides a holistic view of risks and controls.

 Enhances understanding of the interactions between IT systems and
business processes.
Key Activities
1. Collaboration: Work closely with non-IT auditors to execute

integrated audits.
2. Assessment: Evaluate IT risks and controls alongside business
processes.
3. Communication: Coordinate findings and recommendations with
both IT and non-IT management.
Chapter 5: IT Audit Techniques and Tools
Common Tools

 Audit Management Software: Tools to streamline and manage the

audit process.
 Data Analytics: Techniques to analyze data and identify patterns and
anomalies.
 Intrusion Detection Systems (IDS): Tools to monitor network security
and detect unauthorized access.
 Vulnerability Scanners: Tools to identify vulnerabilities in IT systems.
Techniques
 Continuous Monitoring: Real-time monitoring of IT systems to detect

and respond to issues promptly.
 Automated Audit Tools: Enhance efficiency and accuracy in
conducting audits.
Chapter 6: Regulatory Compliance
Overview
Regulatory compliance involves adhering to laws, regulations, and

guidelines relevant to IT systems.
Key Regulations
1. GDPR (General Data Protection Regulation): Focuses on data

protection and privacy in the EU.
2. SOX (Sarbanes-Oxley Act): Mandates internal controls over financial
reporting.
3. PCI DSS (Payment Card Industry Data Security Standard): Ensures
payment card data security.

4. HIPAA (Health Insurance Portability and Accountability Act): Focuses

on healthcare data security in the US.
Compliance Activities
 Compliance Audits: Ensure adherence to regulatory requirements.

 Regular Reviews: Periodically review and update policies and
procedures to maintain compliance.
Chapter 7: Cybersecurity
Goals
Protect information and systems from cyber threats.
Common Threats
 Phishing Attacks: Deceptive attempts to obtain sensitive information.

 Malware: Malicious software designed to harm systems (e.g.,
ransomware).
Key Practices
1. Firewalls: Protect networks from unauthorized access.

2. Encryption: Protect data by converting it into a secure format.
3. Password Policies: Enforce complex and unique passwords.
4. Multi-Factor Authentication (MFA): Add an extra layer of security to
the login process.
5. Regular Updates: Ensure software and systems are up-to-date to
protect against vulnerabilities.

Chapter 8: IT Governance
Definition
IT governance is a framework that ensures IT supports business goals

and delivers value.
Key Frameworks
 COBIT (Control Objectives for Information and Related

Technologies): Provides guidelines for managing IT resources
effectively.
Principles
 Strategic Alignment: Ensure IT strategy aligns with business strategy.

 Risk Management: Identify, evaluate, and mitigate IT risks.
 Performance Measurement: Assess how well IT supports business
goals.
Governance Structures
 IT Steering Committee: Provides direction and oversight for IT

initiatives.
 Governance Charter: Documents roles, responsibilities, and structure
of IT governance.

Chapter 9: Special Projects and Investigations
Special Projects
Unique or non-routine audit activities.
Investigations
 Purpose: Uncover fraud or misconduct.

 Triggers: Suspected fraud or data breaches.
 Forensic Audits: Focus on detecting and investigating fraud.
Key Activities
1. Evidence Gathering: Collect and analyze evidence.

2. Documentation: Maintain detailed work papers and reports.
3. Reporting: Provide a detailed report of findings and
recommendations.
Chapter 10: Miscellaneous Duties
Definition
Tasks assigned by senior management to address unexpected needs or

issues.
Approach
 Handle with the same diligence as regular audit tasks.

 Maintain flexibility and adaptability.
Key Considerations
 Documentation: Provide a clear record of activities and decisions.

 Professionalism: Maintain quality and professionalism in all tasks.
Benefits
 Broadens experience and develops new skills.

 Provides opportunities to address diverse organizational needs.

Syllabus for the advertised positions (officer level) in
National Transmission & Despatch Company Ltd.
Passing Marks
Sr. Part Weightage Details
(minimum)
Pakistan Studies, Islamic Studies
17% 40 %
1. General Ability Ethics/Islamic Studies, General
(17 Questions) (7/17)
Knowledge, Current Affairs
83% 50 % (Syllabus details provided below under

2. Subject Ability
(83 Questions) (42/83) the respective post/title)
Title-wise Syllabus of the Subjective part (as per requirement of the post):
Junior Engineer (BPS-17) (advertised on 09/05/2021)
➢ Fundamentals of Electrical Engineering + Electronics
• Electrical Network
• Linear Control Systems
• Signals and Systems
• Digital Signal Processing & Applications
• Digital Logic Design & Applications
• Microprocessor Systems
• Engineering Mathematics
• Electromagnetic Field Theory
• Electronic Devices & Circuits
• Integrated Electronic Circuits
• Communication Systems
• Analog and Digital Communication Systems
➢ Power / Power Electronics
• Power Generation
• Electrical Power Transmission
• Power Distribution and Utilization
• Power System Analysis
• Power System Protection (For Transmission Line & Substations, Protection
relays etc.)
• Power System Stability & Control
• High Voltage Engineering (Power Equipment & Speciﬁcations)
• Advanced Electrical Machines
• Advanced Electrical Machine Design
• Power Electronics
• Instrumentation and Measurements
• Digital Control Systems
• PLC and Industrial Drives
• Renewable Energy Systems (e.g., Wind, Solar etc.)
*****
Page 1 of 10
Deputy Manager (IT Auditor) (Pay-package)
➢ Governance
➢ Audit Process
➢ Network Technology Basics
➢ Information Systems Life Cycle
➢ System Implantation and Operations
➢ Protecting Information Systems
➢ Business Continuity and Disaster Recovery
➢ Penetration Test
➢ System Compliance
*****
Deputy Manager (Business Intelligence) (Pay-package)
➢ Data Science
➢ Extraction, Transformation & Loading
➢ Data Warehouse & Database management
➢ Data Mining
➢ Dashboards & Data Visualization
➢ Data Mining
➢ Online Analytical Processing (OLAP)
➢ Benchmarking
➢ Decision making techniques
➢ Star Schema
➢ Cubes
➢ Data Marts
➢ OLTP
*****
Deputy Manager (Database Management) (Pay-package)

➢ Data Mining
➢ User Access and Security
➢ Backup, Recovery & Cloning
➢ Data Definition Language (DDL)
➢ Data Manipulation Language (DML)
➢ Restoration and recovery
➢ Performance tuning
➢ Disaster Recovery Setup
➢ Real time mirroring
➢ Stored procedures
➢ Triggers
➢ Cluster and non-cluster index
➢ Functional dependency
➢ Data independence
➢ Data isolation multiple files and format
➢ Redundancy
Page 2 of 10
➢ How do you maintain integrity, disaster recovery plan and archival
➢ VDL and SDL
➢ Differentiate between commands delete truncate drop
➢ DDL, DML and DCL Commands
➢ Types of keys
➢ Auditing
➢ Logging
➢ Security
*****
Assistant Company Secretary (Pay-package)
➢ Corporate and Regulatory Laws (Amended till to date)
• Public Sector Companies (Corporate Governance) Rules 2013
• Companies Act 2017.
• SECP Rules and Regulations
• PPRA Rules 2004.
➢ Other Skills
• English Composition
• MS Office
*****
Deputy Manager (Compliance) (Pay-package)

➢ Corporate and Regulatory Laws (Amended till to date)
• Public Sector Companies (Corporate Governance) Rules 2013
• Companies Act 2017.
• SECP Rules and Regulations
• PPRA Rules 2004.
➢ Other Skills
• English Composition
• MS Office
*****
Deputy Manager (Income Tax) (Pay-package)

Tax Laws
➢ Income Tax Ordinance, 2001 Complete Including Especially
• Definitions
• Concept of Residence and Non-Resident
• Public Company
• Tax on profit on debt
• Salary taxation including concept of valuation of perquisites (rule 5, 3, &4)
• Fee for technical services (Sec 5, 6, and 7)
• Income from business (Sec 20 and 21)
• Concept of Depreciation (Sec 22 to 23)
• Concept of Intangibles (Sec24)
• Concept of records (Sec 174 & Rules 23to 28)
• Concept of tax credit (Sec65)
Page 3 of 10
• Return of Total Income (Sec 114)
• Amendment of assessment (Sec 122)
• Payment of Goods & services (Sec 153)
• Recovery (Sec 140)
• Advance tax (Sec 147)
• Default of tax paid/deducted (Sec 161)
• Filing of Withholding tax statements (Sec 165)
• Part VIII Losses (Sec.56-59)
• Part IX Deductible Allowances (Sec.60)
• Complete Income Tax Rules, 2002 especially o above related topics.
➢ Finance Act, 2020.
Corporate Laws (Basic understanding)

➢ Companies Act 2017.
➢ Corporate Governance rule 2013.
➢ SECP Act and Rules.
Regulatory Laws (Basic Understanding)

➢ PPRA Rules 2004.
*****
Deputy Manager (Sales Tax) (Pay-package)

Tax Laws
➢ Sales Tax Act, 1990 Complete including especially
• Definitions
• Scope of tax (Sec 3)
• Zero rating (Sec 4)
• Change of tax (Sec 5)
• Time of Payment (Sec 6)
• Determination of tax liability (Sec 7)
• Tax Credit not allowed (Sec 8)
• Debit and Credit notes (Sec 9)
• Refund of input tax
• Registration (Sec 14)
• Records (Sec 22)
• Taxable Invoice (Sec 23)
• Transactions between associates (Sec 25 AA)
• Returns (Sec 26)
• Appeals (Sec 45 B)
• Appeals to Appellate Tribunal (Sec 46)
• Reference to the High Court (Sec 47)
• ADR (Sec 47A)
• Recovery ... (Sec 48)
➢ Sales Tax Rules 2006.
➢ Finance Act, 2020.
Page 4 of 10
Corporate Laws (Basic understanding)
➢ Corporate Governance rule 2013.
Regulatory Laws (Basic Understanding)

Provincial Tax Laws / Acts (Basic understanding)

➢ The Punjab Sales Tax on Services Act, 2012.
➢ Sindh Sales Tax on Services Act, 2011.
➢ Khyber Pakhtunkhwa Sales Tax on Services Rules / Regulations, 2013.
➢ Balochistan Sales Tax on Services Act 2015.
➢ Islamabad Capital Territory Tax on Services Ordinance 2001.
*****
Deputy Manager (Corporate Accounts) (BPS-18)

➢ IFRS Introduction plus processes of (IAS 1, IAS 7, IFRS 16)
➢ Preparation and Presentation of Financial Statements
➢ Cost Volume Profit Analysis, Capital Expenditure Planning and Evaluation
➢ Financial Analysis including Ratios, Horizontal Analysis, Vertical Analysis
➢ Budgeting Complete and Differential Analysis
➢ Nature and Functions of Management
➢ Financial Management Decisions, Risk Management
*****
Deputy Manager (Security) (BPS-18)

Staff Duties / Office Management
➢ Basic Functions of Staff.
➢ Essential elements of written staff work.
➢ Security classification of documents.
Security
➢ Various Security Measures, aspects and Procedures.
➢ Emergency Evacuation Plan.
➢ Security of Person. Officials, Documents and Information.
➢ Handling & maintenance of Weapons.
➢ Various SOPs on security matters.
➢ Handling of various contingencies i.e., Strike, Mobs, Terrorist Threat/ attack, protest by
employees etc.
➢ Voice procedure & communication security.
➢ Security of Installations / Transmission Lines.
➢ Points to be considered for security check of installations and security clearance of
Security Staff.
➢ Investigation and interrogation.
➢ Suggested points for Security Standing Orders.
➢ Types of Security Equipment.
Page 5 of 10
Security of Foreigners
➢ Latest SOPs of Govt; of Pakistan.
➢ Security during movement of Foreigners.
➢ Security of Residential Areas.
➢ Coordination with Law Enforcement Agencies required during movement.
➢ Reporting channels of incidents / violation of SOPs.
➢ Regular feedback to NACTA (National Counter Terrorism Authority), Ministry of Interior
(Govt; of Pakistan).
➢ Security / protection of VVIP / VIPs.
Fire Fighting
➢ New trend in Fire Fighting techniques & latest equipment used in Fire.
➢ General information and knowledge about Fire Fighting.
➢ Safety of equipment used in fire services.
➢ Tasks of various officials of Fire Fighting staff and actions to be taken on put break of fire
by each official.
➢ Name of various Rescue Organizations.
*****
Assistant Manager (HR) (BPS-17)
➢ Principles of Management
➢ Fundamentals of Business Management
➢ Business Communication
➢ Public Administration & Management
➢ Human Resource Management
➢ Training & Development
➢ Recruitment & Selection
➢ Compensation & Performance Management
➢ Strategic Human Resource Management
➢ Change Management
➢ Organizational Development
➢ Corporate Governance
➢ Organizational Behaviour
➢ Industrial Relation
➢ Labour Laws
➢ Leadership & Change Management
➢ IT in Business (Computer Applications & ERP)
➢ Fundamentals of Economics
*****
Assistant Manager (Corporate Accounts) (BPS-17)
➢ IFRS Introduction
➢ Preparation and Presentation of Financial Statements
➢ Cost Volume Profit Analysis
➢ Financial Analysis including Ratios, Horizontal and Vertical Analysis
➢ Nature and Functions of Management
Page 6 of 10
*****
Junior Engineer (Civil) (BPS-17)
➢ Civil Engineering Materials
➢ Engineering Drawing
➢ Foundation Design & Engineering
➢ Structural Analysis
➢ Plain & Reinforced Concrete
➢ Construction Engineering
➢ Construction Management
➢ Transportation Planning & Engineering
➢ Surveying & Levelling
➢ Quantity Surveying & Estimation
➢ Soil Mechanics
➢ Fluid Mechanics
*****
Assistant Manager (Desktop / LAN Support) (Pay-package)

➢ Data Communication and Computer Networks
➢ Database Systems
➢ Internet Architecture and Protocol
➢ Microsoft Windows setup
➢ Windows Installation
➢ Desktop/Laptop Troubleshooting
➢ Default Gateway
➢ Inter VLAN Routing
➢ VLSM/ Classless IP/ Subnetting/ Supernetting
➢ LAN Topologies
➢ Operating Systems
➢ Switching Protocols
➢ VPN
➢ Active Directory / Domain Controller
➢ Active Directory Setup
➢ New Desktop / laptop Setup
*****
Assistant Manager (Database Administrator) (Pay-package)
➢ Extraction, Transformation & Loading
➢ Data Warehouse & Database management
➢ Data Mining
➢ Dashboards & Data Visualization
➢ Online Analytical Processing (OLAP)
➢ Database Access
➢ Data Migration
*****
Page 7 of 10
Assistant Manager (Server Engineer- Security) (Pay-package)
➢ VMware management
➢ Multi-site windows environment along with hardware and software configuration
➢ Azure Solutions Architect Expert VMware
➢ Network Security and infrastructure
➢ Management of server migration
➢ Server automation process (by scripts or via third-party solutions)
➢ Linux Server Setup
➢ Windows Server Setup
➢ Linux/Windows Server Troubleshooting
➢ Best defenses against brute force login attack
➢ Attacks Man in the middle attack/ DDOS
➢ IP SEC Phases and its precedence
➢ Difference between IKE Version 1 and IKE Version 2
➢ L2TP vs IPsec
*****
Assistant Manager (Server Engineer -Systems) (Pay-package)
➢ VMware management
➢ Multi-site windows environment along with hardware and software configuration
➢ Azure Solutions Architect Expert VMware
➢ Network Security and infrastructure
➢ Management of server migration
➢ Linux Server Setup
➢ Windows Server Setup
➢ Vagrant/ Ansible Opensource and proprietary
➢ Ports HTTPS SSL etc.
➢ securing your webserver
➢ Port forwarding
➢ SAN
➢ Anti-Hacking Techniques
➢ Granting File permission
➢ RAID
*****
Assistant Manager (Release and Deployment) (Pay-package)
➢ Release Definition
➢ Infrastructure release unit
➢ Application and software release unit
➢ Training and manuals release unit
➢ Rolling application release unit plan
➢ Release and deployment planning
➢ Release build and test
Page 8 of 10
➢ Deployment
➢ Service validation and testing
➢ Build Scripts
➢ Software Development concepts
*****
Assistant Manager (Software Development & Ops.) (Pay-package)
➢ Programming Fundamentals
➢ Object Oriented Programming
➢ Software Development Methodologies
➢ Agile Software Development
➢ SQL Development
➢ Database Systems
➢ Database Design & Management
➢ Enterprise Application Development
➢ Artificial Intelligence
➢ Internet Architecture and Protocol
➢ Execution of full software development life cycle (SDLC)
➢ API
➢ Multithreading/Multitasking
➢ Classes and objects
➢ Exception Handling
➢ Connection Pooling
*****
Junior Executives (Data Support Team) (Pay-package)

➢ Programming Fundamentals
➢ Compilation of data /data handling/management
➢ MS Office (Word / Excel / PowerPoint)
o VLOOKUP
o Pivot
o IF statements
o Conditional formatting
o Data reporting
➢ Report generation
*****
IT Officer (BPS-16)
➢ IT Operations
➢ Computer Networks
➢ LAN, WLAN installation, configuration, troubleshooting
➢ computer maintenance,
➢ server administration
➢ Printer Setup / Troubleshooting
➢ Windows Installation
➢ Network Troubleshooting
➢ Conducting Video Conference Meeting
Page 9 of 10
➢ Active Directory setup
*****
Page 10 of 10
Job / Position Details:
JOB CODE: 8256-01
JOB TITLE LOCATION DEADLINE
Assistant Manager – IT Audit Karachi February 12, 2024
JOB DETAILS:
Qualification & BCS / BS / MS / MCS with at least two years post qualification experience. Experience in IT infrastructure /
Experience: Networks / Applications / Audit / Review.
CISA / CRISC / CISSP or any relevant IS Audit / Risk Assessment certification would add value.
Responsibilities: Responsible for assisting and completing the internal audit and assurance assignments related to Information
Technology.
Develop a detailed understanding of the activity under audit, including IT risks and controls.
Help in developing IT audit work programs.
Perform fieldwork and work with non-IT audit resources to execute integrated audits, review of key business flow and
information systems.
Assess IT risks and internal control strengths and weaknesses.
Execute the work outlined in the audit work program.
Document the work performed and conclusions in work papers.

Interact and communicate with management to discuss and present audit results, gain acceptance and provide advice
to remediate on audit issues.
Participate in special projects by conducting specific and technical review/investigation activities.
Carry out other duties and special assignments as assigned by the Senior Management of Internal Audit.
<< Back
Copyright (c) 2018-2024 Sui Southern Gas Company Limited. All Rights Reserved.

Prepare for the IT Auditor Test with Expert Insights!

Uploaded by

Copyright:

Available Formats

You might also like

Prepare for the IT Auditor Test with Expert Insights!

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Prepare for the IT Auditor Test with Expert Insights!

Uploaded by

Copyright:

Available Formats

Comprehensive

Syed Salman Mehdi

IT Controls and Procedures

In the realm of Information Technology (IT), auditing practices are

General Controls: General controls form the bedrock of IT security by

o Access Controls: Crucial measures such as passwords and biometrics

Application Controls: Application controls are tailored to individual

o Input Controls: Validation checks and error handling mechanisms

o Audit Planning: Defining the audit scope, objectives, and

Risk Assessment: An integral part of IT auditing involves identifying

Compliance and Standards: Frameworks like COBIT, ISO 27001,

Chapter 2: Database Management

Database management is pivotal in organizing and manipulating data

o Relational Databases: Structures data into tables comprising rows

Ensuring the confidentiality, integrity, and availability of data is

o Encryption: Converts data into a coded format to prevent unauthorized

Chapter 3: Business Intelligence

o Tableau and Power BI: Enable interactive data visualization,

The process of data collection, analysis, and reporting plays a pivotal

o Data Collection: Gathering data from multiple sources, including

Key Metrics and KPIs

Key Performance Indicators (KPIs) serve as benchmarks for evaluating

Chapter 4: Regulatory Laws

Understanding local regulatory frameworks such as SECP (Securities

Chapter 5: Corporate Accounts

Financial reporting principles and practices, including balance sheets,

Adherence to globally recognized accounting standards such as IFRS

Implementing robust security frameworks such as ISO 27001 and NIST

Threats and Vulnerabilities

Developing and implementing effective incident response plans ensures

This comprehensive guide underscores the importance of IT auditing,

Application Controls: Controls specific to individual software

Audit Planning: The process of defining the scope, objectives, and

Balance Sheet: A financial statement that summarizes an organization's

BI Tools (Business Intelligence Tools): Software applications that

COBIT (Control Objectives for Information and Related

Compliance: Adherence to regulatory requirements, standards, and

Data Analytics: The process of collecting, analyzing, and interpreting

Encryption: The process of converting data into a coded format to

GDPR (General Data Protection Regulation): EU legislation aimed

IFRS (International Financial Reporting Standards): Globally

Incident Response Plan: A documented strategy outlining procedures

ISO 27001: An international standard specifying requirements for

KPIs (Key Performance Indicators): Quantifiable metrics used to

Malware: Malicious software designed to disrupt, damage, or gain

NIST (National Institute of Standards and Technology): Provides

Relational Databases: Organize data into tables (relations) where each

Risk Assessment: The process of identifying, evaluating, and

SQL (Structured Query Language): A standard language for

SOX (Sarbanes-Oxley Act): U.S. legislation enacted to protect

Vulnerability: Weaknesses or gaps in security programs that can be

To prepare effectively for the Assistant Manager IT test conducted by

1. Understand the Test Format:

 Sections: The test usually includes sections on General

2. Study General Knowledge:

 Current Affairs: Read up on the latest national and

 Mathematics: Practice topics like algebra, geometry,

 English Language: Focus on comprehension, vocabulary,

 Critical Reasoning: Practice questions that test your ability to