it (kl) - mohammed ariful hoque, mba, aca

By: Mohammed Ariful Hoque, MBA, ACA

1 | P a g e https://www.facebook.com/caafterhsc https://caafterhsc.wordpress.com Published by: Tasin Alif (Admin CA After HSC)

IT KNOWLEDGE For

Knowledge Level

By: Mohammed Ariful Hoque, MBA, ACA (Sir)

Bismillahir Rahmanir Rahim



CHAPTER O1

CHAPTER O1 INFORMATION WITHIN ORGANIZATION

01. What is Information Technology? (May’2010)

Information technology is the study, design, development, implementation, management of computer based information system particularly software application and hardware.

02. What is information?

Information is data that has been processed into a form that is meaningful to the recipient and helps to make decision. For example: Data regarding sales.

03. What are the difference between data and information? (Nov’2010)

Data is raw, unanalyzed fact figure and events. Data is unprocessed instruction

On the other hand, Information is the structured format of data that is sensible to human. Information is knowledge of specific events. If data is processed it will become information.

Example: If you had a sum: 123+123(Data)=246(Information)

04. What are the factors determine value of information?

Value of information depends on the following factors: – Accurate. – Clean or readable or jargon free. – Complete. – Timely. – Right quantity. And – Relevant.

05. Importance of information technology.

IT is fundamental to the success of any business. IT may cover - Market trends. - Buying preferences. - Customer profiles. And it must be: - Accurate. - Complete. - Up-to-date.

06. How information systems impact organization and business firm? (May’2011) - IT changes both the relative cost of capital and the cost of information.



CHAPTER O1 - IT can be viewed as substitute for traditional capital and labor. - IT can reduce transaction costs. - IT can help firms lower the cost of market participation.

07. What are the attributes of useful and effective information? (May’2011) Availability: Information should be available. If information is not available at the time of need, it is useless.

Purpose: Information must have purposes at the time it is transmitted to a person or machine, otherwise it is simple date.

Mode and format: The mode of communicating information in business are either visual, verbal and in written form. Format of information should be so designed that is assists in decision making and problem solving.

Decay: Value of information usually decays with time so it should be refreshed from time to time.

Completeness: The information should be as complete as possible.

Reliability: Information should leads to correct decision-making on many occasions.

Frequency: The frequency with which information is transmitted or received affects its value.

Costs benefit analysis: The benefit that is derived from the information must justify the cost incurred in procuring information.

Validity: It measures the closeness of the information to the purpose which it purports to serve.

Transparency: Information should reveal directly what we want to know for decision making.

08. What is an organization? How do organizations differ? An organization is a social arrangement for the controlled performance of collective goals, which has a boundary separating it from its environment. Organization may differ by the following ways:

• Ownership (public or private). • Control (by owner or govt.) • Activity (manufacturing, healthcare or service) • Profit seeking or not for profit seeking. • Size (local or multinational).



CHAPTER O1

• Legal status (company, partnership or sole trader) • Source of finance (borrowing, govt. Funding or share issues).

09. Why organizations do exists?

An organization may exist for the following reasons:

To overcome people’s individual limitations.

To enable people to specialize in what they do best.

To enable people to poll their expertise.

To enable synergy to exceed individual’s output.

To accumulate and share knowledge.

10. What do you mean by system? What are the types of system? System is a collection of some integrated components that works to accomplish a specific task. There are some properties of a good system. Those are as follows:

Consist of several components.

Logical relationship within components.

Components will be controlled to accomplish a specific task.

11. What types of information systems are used at different levels of management in an organization? (May’2011)

– TPS (Transaction Processing System) User: Lower level management.

– MIS, DSS (Management Information System) User: Middle level management.

– EIS (Executive Information System) User: Higher level management.



CHAPTER O1

12. What is a DSS? (Nov’2011) A decision support system can be defined as a system that provides tools to managers to assist them in solving semi structured and un-structured problem. DSS provides managers with a set of capabilities that enables them to generate the information required by them in making decisions.

13. What are the characteristics of DSS? Three properties:

They support unstructured or semi-structured decision-making.

They are easy to use.

They are flexible enough to respond to the changing needs.

14. What are the components of DSS? (Nov’2011) (a) The users:

Usually a manager with an unstructured or semi-structured problem.

(b) Database: DSS include one or more database which contains routine or non-routine data from both internal and external sources.

(c) Planning language:

General purpose planning language (electronic spreadsheet). Special purpose planning language (SAP, SPSS)

(d) Model base:

the brain of DSS because it performs data manipulations and computations.



CHAPTER O1 15. What is TPS? What activities are involved in TPS?

TPS is an information system at the lower level of management that manipulates data from business transactions. i.e sales, purchase, production, delivery, payments or received. A TPS involves the following activities:

Capturing data to organize in files or database.

Processing of file/ database using application software.

Generating information in the form of reports.

Processing of queries from various quarters of the organization.

16. What is MIS? MIS assists managers in decision making and problem solving.

“An integrated user-machine system designed for providing information to support operational control, management control and decision making functions in an organization”.

17. What is EIS?

Sometimes referred to ESS (executive Support System) is a DSS that is designed to meet the special needs of top level managers.

18. What is Knowledge-based system? (Nov’2011) Knowledge based systems are artificial intelligent tools that provide intelligent decisions with justification. Knowledge is acquired and represented using various knowledge representation techniques rules, frames and scripts. The basic advantages offered by such system are documentation of knowledge, intelligent decision support, self learning, reasoning and explanation.

19. What are the types of KBS? (Nov’2011)

There are three different types of KBS. Those are as follows:

Diagnostic: The user interface gives a series of questions, each of which has a limited number of possible answers, each one of which leads to another question. Gradually, the amount of data in the knowledge base is reduced until there is only a small amount of relevant data which must provide the answer to the query.

Advice Giving: An advice giving system is one that follows some process being done and then offers advice on how to proceed if something needs to be done or goes wrong.

Decision making: It is a system which understands what is happening in a system and has been given enough rules to be able to make and carry out decisions without further intervention.

20. Types of information

Internal information: Information that has been generated from the operations of the organizations at various functional areas.

External information: Information that is collected from the external environment of the business organization.



CHAPTER O1 21. What is the different between the passive IS and interactive IS? (Nov’2010)

Passive information systems are systems that will answer queries based on the data that is held within them, but the data is not altered. A simple example would be an electronic encyclopedia where queries can be used to search for data and much valuable information can be learned but the user is not allowed to alter the data.

An interactive system is one that data can be entered for processing which may alter the contents of the database. For examples, stock control system of a super market which shows price and description of the goods as well as updates the number in stock immediately.

22. What is Batch processing?

A batch processing system is used when the output does not have to be produced immediately. For example, credit card bill.

23. What is rapid response processing?

Rapid response processing also known as real time processing referred to a process control system where the results of the process are used to inform the next input. i.e,

Air line booking system.

24. What is financial reporting system? Financial reporting involves all the procedures necessary to ensure that the financial performance of a department is clearly and effectively reported on to the relevant authorities.

25. Write the functions of financial reporting? The functions performed by financial reporting specialists cover the following areas:

Undertaking the monthly closure of accounts.

Compiling quarterly reports.

Undertaking the annual closure of accounts

Compiling overall annual reports.

26. What is objective of any financial accounting system? A primary objective of any financial accounting systems is to provide accurate financial statements on a timely basis.

27. What is ‘Pivot Table’? (Nov’2011)

Pivot Table is one of the most powerful analytical tools that are used in spreadsheets.

28. Discuss the terms ‘Evert Triggered’. Many accounting software products have the ability to alter users to predefined financial condition. With such a feature, a CFO can create simple calculation that the accounting software continuously compares against a present values.

29. Write something about the International Financial Reporting Standards (IFRSs).

IFRSs are standards, interpretations and the framework adopted by the International Accounting Standards Board (IASB).



CHAPTER O1 30. Discuss the structure of IFRS.

International Financial Reporting Standards comprise:

IFRS’s- issued after 1

April 2001.

IAS’s- issued before 1

April 2001.

Interpretation originated from the IFRIC (International Financial Reporting Interpretation Committee)- issued after 1

April 2001.

Standing Interpretation Committee (SIC)- issued before 1

April 2001.

Framework for the preparation and presentation of financial statement.

31. Write the qualitative characteristics of financial statement? Qualitative characteristics of financial statements include:

Relevance.

Reliability.

Understandability. And

Comparability.

32. What is the component of IFRS’s financial statement? IFRS financial statements consist of:

A statement of financial position.

A statement of comprehensive income.

A statement of change in equity.

A statement of cash flows. Note, including a summary of the significant accounting policies.



CHAPTER O2

CHAPTER 02 INFORMATION TECHNOLOGY ARCHITECHTURE

01. What is information system? Classify information system. Information systems are interrelated components working together to collect, process, store and disseminate information to support decision making, coordination, control, analysis and visualization in an organization. (What are the major six types of information processing systems?) Major type of information systems are as follows:

Functional perspective: Constituency perspective:

Sales and marketing system Executive Support Systems (ESS) Manufacturing and production system Decision Support System (DSS) Finance and accounting system Management Information System (MIS) Human resources system Transaction Processing System (TPS)

Office Automation System (OAS) Knowledge Work System (KWS)

02. Discuss characteristics of information processing systems?

Types of

System Information Inputs Processing Information Outputs Users

ESS Aggregate data, external, internal

Graphics, simulations, interactive

Projections, response to queries

Senior managers

DSS Low-volume data, analytic model

interactive, simulations, analysis

Special reports, decision analysis, response to queries

Professionals, staff managers

MIS Summery transaction data, high-volume data, simple models

Routine reports, simple models, low-level analysis

Summery and exception reports

Middle managers

KWS Design specifications, knowledge base

Modeling, simulations Models, graphics Professionals, technical staff

OAS Documents, schedules

Documents, management, scheduling, communication

Documents, schedules, mail

Clerical workers

TPS Transactions, events

Sorting, listing, merging, updating

Detailed reports, lists, summaries

Operations personnel, supervisors



CHAPTER O2 03. What do you mean by information architecture? Information architecture is the particular form that information technology takes in an organization to achieve selected goals or functions. Information architecture includes the extent to which data and processing power are centralize or distributed. 04. What are the challenges of information system that managers should heed? There are five key challenges that managers should heed (pay attention to). Those are as follows:

The strategic business challenge.

The globalization challenge.

The information architecture challenge.

The information systems investment challenge.

The responsibility and control challenge. 05. What is computer system? Computer system is a collection of some integrated components that works to accomplish a specific task. Computer systems will include the computer along with any software and peripheral devices that are necessary to make the computer function. Every computer system, for example, requires an operating system. 06. What are Properties of computer systems? A computer system must satisfy the following properties:

Each system consists of several components

There must be a logical relation between the components.

The components of a system should be controlled in a way such that specific task can be accomplished. 07. What are the components of computer system? Following are the components of computer system:

Hardware Software

Human ware Data/ Information INSIDE THE MACHINE (HARDWARE) Hardware has many parts, but each piece falls into one of four categories:

Processor Memory Input and Output devices Storage devices

Motherboard: A motherboard is the central printed circuit board (PCB) in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple computers, the logic board. It is also sometimes casually shortened to mobo. CPU: The central processing unit (CPU) is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. RAM: Random-access memory (RAM) is a form of computer data storage. Today, it takes the form of integrated circuits that allow stored data to be accessed in any order with a worst case performance of constant time. Strictly speaking, modern types of DRAM are therefore not random access, as data is read in bursts, although the name DRAM / RAM has stuck.

http://en.wikipedia.org/wiki/Printed_circuit_board

http://en.wikipedia.org/wiki/Computer

http://en.wikipedia.org/wiki/Apple_Inc.

http://en.wikipedia.org/wiki/Logic_board


http://en.wikipedia.org/wiki/Instruction_%28computer_science%29

http://en.wikipedia.org/wiki/Computer_program

http://en.wikipedia.org/wiki/Human_brain

http://en.wikipedia.org/wiki/Computer_data_storage

http://en.wikipedia.org/wiki/Integrated_circuit



http://en.wikipedia.org/wiki/Data

http://en.wikipedia.org/wiki/Constant_time

http://en.wikipedia.org/wiki/DRAM




CHAPTER O2 RAM is often associated with volatile types of memory (such as DRAM memory modules), where its stored information is lost if the power is removed. ROM: Read-only memory (ROM) is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware (software that is very closely tied to specific hardware, and unlikely to need frequent updates). PROM: Programmable ROM, can be written to or programmed via a special device called a PROM programmer. Typically, this device uses high voltages to permanently destroy or create internal links within the chip. Consequently, a PROM can only be programmed once. Erasable programmable read-only memory (EPROM) can be erased by exposure to strong ultraviolet light (typically for 10 minutes or longer), then rewritten with a process that again needs higher than usual voltage applied. Electrically erasable programmable read-only memory (EEPROM) is based on a similar semiconductor structure to EPROM, but allows its entire contents (or selected banks) to be electrically erased, then rewritten electrically, so that they need not be removed from the computer (or camera, MP3 player, etc.). BUS: The term bus refers to the paths between components inside a computer, or between computers. There are two main buses in a computer; the data bus and the address bus. The data bus is an electrical path that connects CPU, memory and the other hardware devices on the mother board. The number of wires in the bus affects the speed at which data can travel between hardware components. The address bus is a set of wires similar to the data bus that connects the CPU and RAM and carries the memory addresses. HDD: A hard disk drive (HDD; also hard drive or hard disk) is a non-volatile, random access digital magnetic data storage device. BIOS: The BIOS (basic input/output system) software is built into the PC, and is the first code run by a PC when powered on ('boot firmware'). The primary function of the BIOS is to set up the hardware and load and start a boot loader. When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk drive, optical disc drive and other hardware. 08. What is software? What are the functions of software? Software is the detailed instructions that control the operation of a computer system. Without software, computer hardware could not perform the tasks that human associate with computers. The functions of software are to

Manage the computer resources of the organization.

Provide tools for human beings to take the advantage of these resources, and

Act as an intermediary between organizations and stored information.

http://en.wikipedia.org/wiki/Volatile_memory


http://en.wikipedia.org/wiki/DIMM

http://en.wikipedia.org/wiki/Computer_storage


http://en.wikipedia.org/wiki/Firmware

http://en.wikipedia.org/wiki/Software

http://en.wikipedia.org/wiki/Computer_hardware

http://en.wikipedia.org/wiki/Erasable_programmable_read-only_memory

http://en.wikipedia.org/wiki/Ultraviolet

http://en.wikipedia.org/wiki/Electrically_erasable_programmable_read-only_memory


http://en.wikipedia.org/wiki/Non-volatile_storage

http://en.wikipedia.org/wiki/Random_access

http://en.wikipedia.org/wiki/Magnetic_storage

http://en.wikipedia.org/wiki/Data_storage_device



http://en.wikipedia.org/wiki/Personal_computer

http://en.wikipedia.org/wiki/Boot_loader

http://en.wikipedia.org/wiki/Video_display_card

http://en.wikipedia.org/wiki/Computer_keyboard

http://en.wikipedia.org/wiki/Mouse_%28computer%29

http://en.wikipedia.org/wiki/Hard_disk_drive

http://en.wikipedia.org/wiki/Optical_disc_drive

http://en.wikipedia.org/wiki/Computer_hardware



CHAPTER O2 09. What are the types of software? According to the working principle, software can be classified into two classes:

System software Application software

Generalized programs that manage the resources of the computer such as the central processor, communications links and peripheral devices. i.e, Microsoft OS, UNIX, LINUX, Mac OS, System 7, DOS

Programs written for a specific business application in order to perform functions specified by end users. i.e, word processors, spreadsheets, and database management systems etc.

10. Classify the system software. System software can be broadly classified into three classes:

System Management Software System Support Software System Development Software

Operating system (OS) is a set of programs that manages computer hardware resources, and provides common services for application software. Without an operating system, a user cannot run an application program on their computer. i.e, Linux, unix, Android, iOS, Mac OS X, and Microsoft Windows.

System Utility Software is a kind of system software designed to help, analyze, configure, optimize and maintain the computer. A single piece of utility software is usually called a utility or tool. McAfee Virus Scan, AVG, Norton Antivirus, Symantec.

Compiler is special system software that translates a high level language (source code) into machine language (object code) for execution by the computer. Interpreter is a special translator of source code into machine code that translates each source code statement into machine code and executes it one at a time.

Network Management Software i.e, Admon, Netdisco, Conserver, Opsi, Nagios, Justniffer, Prefix WhoIs.

System Performance Software: Vista Sprint, Error Expert, System Explorer.

Database Management Software: A database management system (DBMS) is a software package with computer programs that control the creation, maintenance, and the use of a database. It allows organizations to conveniently develop databases for various applications by database administrators (DBAs) and other specialists.

System Security Monitor Program: Cisco



CHAPTER O2 11. Write the different type of Application software? Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Some example of application software is sited below:

Word processing software (MS word, WordPad, Notepad)

Database software (MS Access, Oracle)

Multimedia software (Real player, Media player)

Spreadsheet software (MS Excel, Lotus)

Presentation software (MS Power Point) 12. Classify the software according to the commercial perspective. From the commercial perspective software can be classified into three major classes: Commercial software: refers to any software that is designed for sale to serve a commercial need. It is sold in the physical box (CD). Freeware/ Open source software: Freeware is free to use and does not require any payment from the user. Linux, Mozilla, Apache, PERL etc. Shareware software: Shareware is basically ‘try before you buy’ software. 13. What is shareware? The term shareware (also known as trialware or demoware) is proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a periodical such as a newspaper or magazine. 14. What is freeware? Freeware (from "free" and "software") is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, Freeware is a loosely defined category. The term "freeware" is commonly used for closed source or proprietary software, but sometimes also for open source software. Popular example of freeware includes Firefox, 7-Zip and OpenOffice.org. 15. What is firmware? Firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices. Typical examples of devices containing firmware range from end-user products such as remote controls or calculators, through computer parts and devices like hard disks, keyboards, TFT screens or memory cards. Also more complex consumer devices are mobile phones, digital cameras, synthesizers, etc. 16. How firmware works? Firmware boots up computerized or digital devices, as ROM chips are non-volatile, meaning they do not require a power source to hold their contents. The most familiar firmware is the BIOS chip. The BIOS chip on a computer motherboard holds instructions that upon powering up, initialize the hardware, ensure components are working and finally roll out the operating system to take over. 17. Define data structure. Data structures are a particular way of storing and organizing data in a computer so that it can be used efficiently, such as large databases and internet indexing services. Data structures are used in almost every program or software system. Common data structures include: array, linked list, hash-table, graph, heap, Tree (Binary Tree, B-tree, red-black tree, trie), stack, and queue.

http://en.wikipedia.org/wiki/Linked_list

http://en.wikipedia.org/wiki/Hash-table

http://en.wikipedia.org/wiki/Graph_%28data_structure%29

http://en.wikipedia.org/wiki/Heap_%28data_structure%29

http://en.wikipedia.org/wiki/Tree_%28data_structure%29

http://en.wikipedia.org/wiki/Red-black_tree

http://en.wikipedia.org/wiki/Trie

http://en.wikipedia.org/wiki/Stack_%28data_structure%29



CHAPTER O2 18. Write some name of popular programming language. COBOL (COmmon Business Oriented Language) FORTAN (FORmula TRANslator) BASIC (Beginners All-purpose Symbolic Instruction Code) PL/1 Pascal Ada C, C## LISP and Prolog

19. How to choose software/ accounting software? The most important criteria for choosing best software are as follows:

Appropriateness.

Sophistication.

Organizational considerations.

Support.

Efficiency.

20. What is structured and unstructured data? The term structured data refers to data that is identifiable because it is organized in a structure. The most common form of structured data -- or structured data records (SDR) -- is a database where specific information is stored based on a methodology of columns and rows. In contrast, unstructured data has no identifiable structure. The term unstructured data refers to any data that has no identifiable structure. For example, images, videos, email, documents and text are all considered to be unstructured data within a dataset.

21. What do you mean by Data Analysis? Analysis of data is a process of inspecting, cleaning, transforming, and modeling data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making. Data analysis has multiple facets and approaches, encompassing diverse techniques under a variety of names, in different business, science, and social science domains.

22. What is data validation? Discuss the data validation methods. Data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called "validation rules" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system. Followings are the data validation methods:

Allowed character checks Checks that ascertain that only expected characters are present in a field. For example a numeric field may only allow the digits 0-9.

Cardinality check Checks that record has a valid number of related records.

Check digits Used for numerical data.

Consistency checks Checks fields to ensure data in these fields corresponds, e.g., If Title = "Mr.", then Gender = "M".

Cross-system consistency checks Compares data in different systems to ensure it is consistent.

Data type checks Checks the data type of the input and give an error message if the input data does not match with the chosen data type.

Batch totals Checks for missing records.

File existence check Checks that a file with a specified name exists.

Format or picture check Checks that the data is in a specified format

Hash totals This is just a batch total done on one or more numeric fields which appears in every record.



CHAPTER O2 23. What are the features of data validation?

Validation only involves checking the reasonableness (not accuracy) of input data, usually checks of existence, type and range.

Validation is not the same as testing which implies the output is accurate.

Effective validation leads to valuable, reliable output. 24. What is DBMS? Write down the advantages and disadvantages of DBMS? A database management system (DBMS) is simply the software that permits an organization to centralize data, manage them efficiently and provide access to the stored data by application programs. When the application program calls for a data item such as gross pay, the DBMS finds this item in the database and presents it to the application program. Advantages of DBMS:

Access and availability of information can be increased.

It provides data integrity and security.

Easy in data administration of data management.

Flexibility of information system can be greatly enhanced.

Helps to easy recover the data from the crashes.

Data redundancy and inconsistency can be reduced.

Complexity of the organization’s information system environment can be reduced.

Data confusion can be eliminated by providing data definition. Disadvantages of DBMS:

Problem associated with centralization.

Cost of software, hardware and migration.

Complexity of backup and recovery. 25. What is database model? What are the types of database model? A database model is a theory or specification describing how a database is structured and used. Several such models have been suggested. Common models include:

Flat model: The flat model consists of a single, two-dimensional array of data elements, where all members of a given column are assumed to be similar values.

Hierarchical model: data is organized into a tree-like structure, implying a single upward link in each record to describe the nesting.

Network model: The network model organizes data using two fundamental constructs, called records and sets.

Relational model: The relational model was introduced by E.F. Codd in 1970 as a way to make database management systems more independent of any particular application. It is a mathematical model defined in terms of predicate logic and set theory.

Dimensional model: The dimensional model is a specialized adaptation of the relational model used to represent data in data warehouses in a way that data can be easily summarized using OLAP queries.

Object-relational model: These databases attempt to bring the database world and the application programming world closer together, in particular by ensuring that the database uses the same type system as the application program.



CHAPTER O2 26. What is distributed database? Write down advantages and disadvantages? A distributed database is a database in which storage devices are not all attached to a common CPU. It may be stored in multiple computers located in the same physical location, or may be dispersed over a network of interconnected computers. Advantages

Management of distributed data with different levels of transparency.

Increase reliability and availability.

Easier expansion.

Reflects organizational structure

Local autonomy — a department can control the data about them.

Protection of valuable data.

Improved performance.

Economics — it costs less to create a network of smaller computers.

Reliable transactions - Due to replication of database.

Continuous operation.

Distributed Query processing.

Distributed Transaction management. Disadvantages:

Increase complexity in operations.

Increased complexity means extra labor costs.

Less secured.

Difficult to maintain integrity.

Lack of standards.

Database design is more complex.

Additional software is required. 27. What is centralized database? A centralized database has all its data on one place. In centralized database as all the data reside on one place so problem of bottle-neck can occur, and data availability is efficient. 28. What are the types of processing techniques? Write down advantages of each processing techniques? Batch processing is execution of a series of programs ("jobs") on a computer without manual intervention. i.e. Virus scanning, Payroll system, Examination system and billing system. Batch processing has these benefits:

It allows sharing of computer resources among many users.

It shifts the time of job processing to when the computing resources are less busy.

It avoids idling the computing resources.

It better amortizes the cost of a computer, especially an expensive one. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal. i.e Telephone networks, cellular networks, Routing algorithms, World wide web, peer-to-peer networks, Network file systems, Aircraft control system. Advantages:



CHAPTER O2

It allows greater flexibility.

It facilitates quick and better access to data.

It allows multiple processors.

It allows greater use of computer power. In a real time processing, there is a continual input, process and output of data. Data has to be processed in a

small stipulated time period (real time); otherwise it will create problems for the system. For example: assembly

line robots and radar system.

Advantages:

The system is immediately updated.

There will be (in most cases) no processing lag caused by the system. Multiprogramming is the allocation of a computer system and its resources to more than one concurrent application, job or user. Advantages:

It makes efficient use of CPU.

It reduces mean response time.

It increases main memory utilization. Multiprocessing is the use of two or more central processing units (CPUs) within a single computer system. The term also refers to the ability of a system to support more than one processor and/or the ability to allocate tasks between them. Time-sharing is the sharing of a computing resource among many users by means of multiprogramming and multi-tasking. Its introduction in the 1960s, and emergence as the prominent model of computing in the 1970s, represents a major technological shift in the history of computing. 29. What is security control? What are the categories of security control/ how can we provide security? Security controls refers to the policies, procedures and technical measures used to prevent unauthorized access, alteration, theft or physical damage to information systems. Security controls are safeguards or countermeasures to avoid, counteract or minimize security risks. Security controls can also be categorized according to their nature, for example:

Physical controls e.g. fences, doors, locks and fire extinguishers;

Procedural controls e.g. incident response processes, management oversight, security awareness and training;

Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;

Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses. 30. What is malicious software? Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.



CHAPTER O2 31. Discuss the types of malicious software.

Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet, Spyware is programming that is put in someone's computer to secretly gather information about the user.

A virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document.

A worm is a self-replicating virus that does not alter files but duplicates itself. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

A logic bomb is programming code, inserted surreptitiously or intentionally, that is designed to execute under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command.

Trapdoor is a method of gaining access to some part of a system other than by the normal procedure (e.g. gaining access without having to supply a password). Hackers who successfully penetrate a system may insert trapdoors to allow them entry.

A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage.

RATs (Remote Admin Trojans) - are a special form of Trojan Horse that allows remote control over a machine. These programs are used to steal passwords and other sensitive information.

Malware is any program or file that is harmful to a computer user.

Rootkits are a set of software tools used by an intruder to gain and maintain access to a computer system without the user's knowledge. These tools conceal covert running processes, files and system data making them difficult to detect.

32. Discuss the terms Hackers and Cracker. A hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge. A white hat hacker or cracker breaks security for non-malicious reasons, for instance testing their own security system. 33. What is E-commerce? Write down the characteristics of E-commerce. Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online. It also includes the entire online process of developing, marketing, selling, delivering, servicing and paying for products and services. Features of E-commerce:

Ubiquity: Available everywhere, Built into other devices.

Global Reach: technologies enable a business to easily reach across geographic boundaries.

Universal Standards: e-commerce is made possible through hardware (Internet) and software/content (World Wide Web).

Richness: e-commerce can deliver video, audio, animation, etc. much better than other technologies.

Interactivity: Consumer/user can interact with the content.

Information Density: reduces information costs, raises the quality of information.

Personalization/Customization



CHAPTER O2 34. What are the types of e-commerce? B2C: It is the model taking businesses and consumers interaction. The basic concept of this model is to sell the product online to the consumers. B2B: This model defines that Buyer and seller are two different entities. It is similar to manufacturer issuing goods to the retailer or wholesaler. C2C: It helps the online dealing of goods or services among people. M-commerce: The mobile device consumers can interact each other and can lead the business. Mobile Commerce involves the change of ownership or rights to utilize goods and related services. 35. What are the benefits of E-commerce? Benefits of e-commerce are sited below:

Ecommerce allows carrying out businesses without the barriers of time or distance.

Reduction in buyer’s sorting out time.

Ideal for niche products.

Increased opportunities for buying alternative products.

Less time is spent in resolving invoice and order discrepancies.

36. Write the limitation of e-commerce. Following are the limitation of e-commerce:

Technical limitation:

Cost of technical limitation

Insufficient telecommunication bandwidth.

Non-Technical limitation:

Customer expectations unmet.

Lack of trust and user resistance.



CHAPTER O3

CHAPTER 03 MANAGEMENT OF INFORMATION TECHNOLOGY

01. Describe the phases of policy evaluation process?

Policy evaluation process may vary from organization to organization. It depends on the organization’s specific requirements and environments. Broadly, it may have the following phases: (a) Enterprise organizational structure and business process analysis. (b) System requirement analysis. (c) Policy analysis and translation. (d) Policy monitoring and maintenance. (e) Policy definition and specification. (f) Policy distribution and enforcement. (g) Reverse engineering.

02. What are the facet of enterprise organizational structure and business process analysis?

03. What are approaches of organizational management process?

There are three major approaches of organizational management process, each of which has different characteristics and challenges. Those are as follows: (a) Work process. (b) Behavioral process and (c) Change processes.

04. What is work process?

The work process approach has roots in industrial engineering and work measurement, focuses on accomplishing tasks. It starts with a simple but powerful idea: Organizations accomplish their work through linked chains of activities cutting across departments and functional groups. These chains are called processes and can be conveniently grouped into two categories: (1) Processes that create, produce, and deliver products and services that customers want, and (2) Processes that do not produce outputs that customer want, but that are still necessary for running

the business.

05. What is Behavioral process? The behavioral process approach has roots in organization theory and group dynamics, focuses on ingrained behavior patterns. These patterns reflect an organization’s characteristic ways of acting and interacting; decision-making and communication processes. The underlying behavior patterns are normally so deeply embedded and recurrent that they are displayed by most organizational members. As Weick observed, behavioral processes are able to “withstand the turnover of personnel as well as some variation in the actual behaviors people contribute.”

06. What are Change processes?

The change process approach has roots in strategic management, organization theory, social psychology, and business history, focuses on sequences of events over time. These sequences, called processes, describe how individuals, groups, and organizations adapt, develop, and grow. Change processes are explicitly dynamic. Behavioral processes attempt “to catch reality in flight.” Examples of change processes include the organizational life cycle and Darwinian evolution.



CHAPTER O3

07. What are the differences among three processes?

Basis Work process Behavioral process Change process

Definition Sequences of activities that transform inputs into outputs.

Organization’s characteristic ways of acting and interacting; decision-making and communication process.

Describe how individuals, groups, and organizations adapt, develop, and grow.

Roots Industrial engineering and work measurement.

Organization theory and group dynamics.

Strategic management, organization theory, social psychology, and business history

Focuses Accomplishing tasks. Ingrained behavior patterns. Sequences of events over time.

Categories Operational & administrative.

Individual & Interpersonal. Incremental & revolutionary.

Examples New product. Decision making, communication.

Creation, growth.

08. What is formal and informal information system?

Information transmitted by formal communication/information system tends to be presented in a consistent manner. Company reports, for example, will often use the same basic format. This allows the recipient to locate items of interest quickly and easily. In addition, the information transmitted in this way is likely to be accurate and relevant, since it is normally created for a specific purpose.

Informal communication/ information system is always present in an organization, regardless of its size or nature. Perhaps the most common means by which informal communication takes place is by word of mouth. Informal communication tends to offer a high degree of flexibility since there is more freedom to choose how information is structured and presented. Information obtained in this way also tends to be highly detailed, although it may often contain inaccuracies and may not be entirely relevant.

09. What is Computer-based Information System (CBIS)?

A CBIS is an organized integration of hardware and software technologies and human elements designed to produce timely, integrated, accurate and useful information for decision making purposes.

10. What are the basic components of information system?

Information system consists of the following elements:

Hardware: It includes the computer itself, which is often referred to as the central processing unit (CPU), and all of its support equipments.

Software: It refers to computer programs and the manuals (if any) that support them. Computer programs are machine-readable instructions that direct the circuitry within the hardware parts of the CBIS to function in ways that produce useful information from data.

Data: Data are facts that are used by program to produce useful information. Like programs, data are generally stored in machine-readable from on disk or tape until the computer needs them.

Database: is the collection of related files, tables, relations and so on.

Procedures: procedures are the policies that govern the operation of a computer system.



CHAPTER O3

People: Every CBIS needs people if it is to be useful. Probably this component is the most influence the success or failure of information system.

Network: Network is a connecting system that permits the sharing of resources.

11. What are the fundamental roles of Information System in business? There are three vital roles that information system can perform for a business enterprise. Those are as follows: (a) Support to business processes and operations. (b) Support to decision making by organization’s employees and managers, and (c) Support of business strategies for competitive advantage.

12. Discuss the role and efficient use of information technology in business?

Role of IT: Information technology plays major role in reengineering most business process. The speed, information processing capabilities and collectively of computers and internet technologies can substantially increase efficiency of business process. Efficient use of information technology:

Assists to save money, energy.

Save up to 60% power consumptions.

Assists in efficient control in project management.

13. What are the difference between IT infrastructure and IT architecture? An information infrastructure consists of the physical facilities, service and management that support all shared computing resources in an organization. On the other hand, Information technology architecture is a high level plan of the information assets in an organization including the physical design of the building that holds the hardware.

14. What are components of IT infrastructure?

There are major five components of the IT infrastructure. Namely: (a) Computer hardware (d) Software. (b) Network and communication facilities (e) Database, and (c) Information management personnel.

15. What is asset? What are characteristics and classification of asset?

Assets are resource with economic value that an individual, corporation or country owns or controls with the expectation that future economic benefit will flow to the entity or person. Characteristics of assets: (a) Probable future benefit will flow to the entity. (b) The entity can control access to the benefit. (c) The transaction or event giving rise to the entity’s right to or control of, the benefit has already

occurred. Classification of asset: Fixed asset Current assets Intangible assets Tangible assets



CHAPTER O3 16. Discuss the asset life cycle?

Deploy: Process to ensure return on investments. Manage: Process to enhance productivity.

17. What is ITAM? IT Asset Management is an important business practice that involves maintaining an accurate inventory, licensing information, maintenance, and protection of hardware and software assets utilized by an entity.

18. What considerations should be addressed to optimize an ITAM program? To optimize an ITAM program following considerations should be addressed: (a) Link IT to business objectives. (b) Incorporate life-cycle processes and governance. (to ensure long term success) (c) Avoid common mistakes. (Poor communications, failure to analyze data).

19. How does ITAM work? ITAM can help and organization in following ways: (a) Control IT purchases and development. (b) Eliminate unnecessary purchase. (c) Avoid noncompliance and its associated legal risk. (d) Compare its actual needs with contract terms and purchase history. And (e) Determine optimum retirement dates.

20. What are the benefits of ITAM? Followings are the benefit of ITAM: (a) Reduce IT cost. (b) Ensure software compliance. (c) Detect unauthorized and illegal software. (d) Improve productivity. (e) Align IT with business goal to support business decision.

21. How can you evaluate an IT asset management solution? When considering an ITAM solution, look for following: (a) Efficient and accurate discovery of all IT assets. (b) A structured approach to software discovery across the company with application, suite and version,

recognition for both workstation and server. (c) A centralized asset repository that houses the physical, contractual and financial information for

each asset.

01: Plan

02: Aquire

03: Deploy

04: Manage

05: Retire



CHAPTER O3 22. Write down ITAM cycle.

23. What is software? What are the types of software? Software is the programs, routines and symbolic languages that control the functioning of the hardware and directs its operation. Types of software:

System software helps run the computer hardware and computer system.

Programming software provides tools to assist a programmer in writing computer programs.

Application software allows end users to accomplish one or more specific task.

24. What is debugger, linkers and text editors? Debugger is a special program used to find errors (bugs) in other programs. A debugger allows a programmer to stop a program at any point and examine and change the values of variables. A link editor is a systems program that combines independently assembled machine language programs and resolves all undefined labels into an executable file. A text editor is a type of program used for editing plain text files. Text editors are often provided with operating systems or software development packages, and can be used to change configuration files and programming language source code

25. What factor should consider for implementing global ERP?

What are the barriers for implementing global ERP? There are five tips or factor to address the organizational complexities of a global ERP implementation. Those are as follows:

•Impact analysis

•discover gaps

•risk management

•Cost reduction

•Align IT Assets to Financial Assets

•software license

•service agreements

•hardware leases

•maitanence contracts

•Hardware

•software

•Printer

•others

IT AssetsFinancia Assets

Optimize Assets

Correlate Assets

http://www.webopedia.com/TERM/B/bug.html

http://www.webopedia.com/TERM/P/programmer.html

http://en.wikipedia.org/wiki/Software_application

http://en.wikipedia.org/wiki/Text_file

http://en.wikipedia.org/wiki/Operating_system

http://en.wikipedia.org/wiki/Configuration_file

http://en.wikipedia.org/wiki/Programming_language

http://en.wikipedia.org/wiki/Source_code



CHAPTER O3 (a) Business process standardization. Companies with global offices often have very non-standardized

business processes. A global enterprise software implementation provides an opportunity to standardize processes across locations, but it can be very challenging to make that change happen.

(b) Understanding of local needs. Standardization is important to optimize ERP benefits and achieve a positive return on investment. If every local need or want is not addressed via the new system, listening to local needs goes a long way toward securing employee buy-in and support for the new system across the globe.

(c) Localized delivery of employee communication and training. Not everyone speaks English or the preferred language of your corporate headquarters, so it is important to communicate and train in the language most appropriate for each location. New ERP software takes enough time to learn without language barriers, so translation of key messages and training will typically pay dividends in the long run.

(d) Rely on your change agents. Each major office should have a local representative that acts as a change agent for the project team. These change agents typically represent the local interests of their offices, validate how standardized business processes will work with their location, and communicate key process and organizational changes to their respective stakeholders.

(e) Leverage performance measures. Performance measures transcend language and culture in a way that everyone can understand.

(f) Cultural differences. (g) Inter office politics

26. Define codeline, codeline policy, environment and branching.

Codeline: Source code required to produce software. It could be a specific product or even a basic set of code that many internet applications commonly use. Codelines can be used to help manage software version control and change control. Software codelines should have specific purposes. Codeline policy: Each codeline should have its own policy. One codeline may require more stringent testing that another one. A codeline under development will require a policy that does not require stringent testing when code is checked in. Production codeline should have a policy requiring stringent testing. Environment: When discussing code use, the environment is either test (development), Quality Assurance (QA) test, or production. The test or development environment is used for developers to test their code. The QA environment is used by customers to verify business functionality. The production environment is where the software runs for the purpose of customer use. Changes to the production environment must be the most stringent. Branching: The creation of a new codeline based upon a current codeline. Branching should only be done when absolutely necessary.

27. What are requirements to effective software control for changes?

There are several requirements to provide effective software change control.

A Software Version Control (SVC) system or Source Code Management (SCM) tool should be used to control software changes and versions.



CHAPTER O3

The ability to return to earlier states in the code should be built.

Files should be locked while they are being worked on so only one developer may make changes.

All files associated with the code must be under version control.

All developers should have home folders where they can place their own experimental code outside the main project.

Each software change request should be assigned a unique tracking number.

Identify the person(s) who are essential for authorizing changes to software.

Automate the change control process as much as possible

When the software change must be meaningful and useful.

Consider the environment and project phase.

Stakeholders must be aware of production changes.

28. What is problem management? Problem management is a business function comprised of people, process and tools organized and chartered to resolve customer problems. The function has traditionally been the responsibility of and managed by the help desk.

29. Explain the problem management process? The problem management process by dividing it into five core processes which are shown below: (a) Problem Identification.

- Detect the problem. - Can be detected before of after the problem occurs. - Detection of all problems can not be done proactively.

(b) Customer validation.

- Customers value added suggestion must be valued.

(c) Problem logging. - Once a valid request have been received and validated, a record of the request must be

captured.

(d) Service delivery. - Service to be delivered in the predetermined timeframe as cost-effectively as possible.

(e) Knowledge capture and sharing. - The process is intended to gather and share the collective knowledge. - When a new problem and solution identifies, records must be kept.

30. What are key component to review and oversight of the problem management function?

There are three key components of the problem management function: - A plan with measurable objectives to manage the anticipated problem. - Determine which metrics to use for achieving the objectives. - Formal review of these metrics.

31. What are the primary functions of problem management system? The problem management system has four primary functions. Those are as follows: (a) Capture request information. (b) Store information in common locations.



CHAPTER O3 (c) Route and escalate the request as necessary, and (d) Store and report metrics on the entire process.

32. What do you mean by IT and IT management?

Information technology is involved with data processing and management information system (MIS). IT management is the discipline whereby all of the technology resources of a firm are managed in accordance with its needs and priorities. These resources may include tangible investments like computer hardware, software, data, networks and data centre facilities, as well as the staffs who are hired to maintain them. IT management is concerned with exploring and understanding IT as a corporate resource that determines both the strategic and operational capabilities of the firm in designing and developing product and service for maximum customer satisfaction.

33. List IT management discipline?

The below concepts are commonly listed or investigated under the broad term IT Management:

Business/IT alignment

IT governance

IT financial management

IT service management

Sourcing

IT configuration management

34. What are components of traditional data processing model? The traditional data processing model has three main components: (a) Data entry (day-to-day production data entry) (b) Operation (day-to-day maintenance, routine report generation backup etc.), and (c) Application (software development, maintenance and support)

35. What are the roles of an IT manager?

The role of IT manager is effectively managed the planning, design, selection, implementation, use and administration of emerging and converting information and communications technology.

36. Explain briefly IT performance management and control instruments approaches.

There are three methods of IT performance and control instruments approaches. Those are as follows: (a) The historical approaches: The actual IT cost of the past have given way to new IT targets that take

into account changes in quantity structures (number of user etc.) and external factor such as inflation. This approach is more realistic which makes it more acceptable to IT employees and motivates them to achieve the targets set.

(b) The top down approach: Based on targets set by top management, for example, increasing shareholder value or value oriented control variables as many of the quantitative goals as possible are broken down and allocated to IT department. The advantage lies in making IT goals consistent with corporate goals.

(c) The benchmarking approach: In internal and external comparison, best practice values from industry or other business units are ascertained and compared with the company’s own targets.

http://en.wikipedia.org/wiki/Business/IT_alignment

http://en.wikipedia.org/wiki/IT_governance

http://en.wikipedia.org/wiki/Financial_management

http://en.wikipedia.org/wiki/IT_service_management

http://en.wikipedia.org/wiki/Sourcing

http://en.wikipedia.org/wiki/Configuration_management



CHAPTER O3

37. How could you align IT performance management to corporate strategy?

Vision

Strategy

The vision formulates long-term goals for the future of company; the strategy describes how to achieve these goals.

IT Strategy

IT strategy is developed in line with corporate strategy.

IT Aims IT strategy is made concrete in from of detailed IT goals.

Key Performance Indicator (KPI)

Action-oriented performance indicators measure the achievement of IT goals.

38. How could you evaluate IT performance management system of a company?

By analyzing the following points IT performance management system of a company can be evaluate: (a) If implementation of the IT strategy given quantifiable support. (b) If there is a systematic and structured basis for internal and external communication between

business units and users. (c) If performance is measured in terms of goals and KPIs. (d) If it can be easily compared with internal and external benchmarking.

39. What is information security?

Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure.

40. Why is information system security important? Security failures may result in both financial losses/intangible losses such as unauthorized discloser of competitive or sensitive information. Adequate measures for information security help to ensure the smooth functioning of information system and protect the organization from loss or embarrassment caused by as well by organization as physical safeguards.

41. What information is sensitive?

Following information may be considered to be sensitive for any organization: (a) Strategic plan. (b) Business operations, and (c) Finances.

42. What are layer series of technological and non-technological safeguard for physical security measures/ How protection of information could be achieved? The protection achieved through layered series of technological and non-technological safeguards such as physical security measures, user identifiers, password, smart cards, firewalls, etc. The objectives of information system security are the protection of the interests of those relying on information. This can be achieved through: (a) Confidentiality: information is disclosed only to those who have a right to know it. (b) Integrity: information is protected against unauthorized modification. (c) Availability: information is available and usable when required.



CHAPTER O3 43. What factors should considered for establishing better information protection?

The following points may be considered: (a) Not all data has the same value so the information may be handled and protected differently. (b) Know where the critical data resides because each piece of information may require different level

of protection.

44. What kind of threat may arise to information system? /what are the information system threats? Threats to information system may arise from intentional or unintentional acts and may come from internal or external sources. Such as: (a) Technical threats (program bugs, disk crashes) (b) Natural disaster (fire, floods) (c) Environmental threats (electrical surges) (d) Human threats (lack of training, errors and omissions), and (e) Viruses.

45. What are information security objectives?

Information security objectives may include the followings: (a) Implementing the plan. (b) Monitoring logs to verify compliance and identify problem. (c) Measuring the result. (d) Indentify potential improvements. (e) Refining processes and procedures.

46. What are historical information securities?

(a) Data security. (b) IT security. And (c) Computer security.

47. What is “Vulnerability management”?

Vulnerability management is weakness or exposures in IT assets or process that may lead to a business risk or security risk. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This practice generally refers to software vulnerabilities in computing systems.

48. What is “Threat management”?

A threat management includes virus protection, spam control; intrusion detection, and security event management. Virus protection software should be loaded on all workstations and the servers to regularly scan the system for new infection. Sooner or later a virus will find its way into a system.

49. What is “Trust management”? Trust management includes encryption and access control. To ensure cryptography is applied in conformation with sound disciplines, there has to be a formal policy on the use of cryptography that applies the organization.

http://en.wikipedia.org/wiki/Software_vulnerability



CHAPTER O3

50. What is “Identity management”? Identity management is the process used to determine who has access to what in an organization. It is also one of the most difficult areas to manage due to the number of functions that must work together to implement proper controls.

51. What is “IT control and audit”? Integrating all these systems with a common identity management program can be costly and time consuming. Gartner Group recommends implementing identity management over time by first proving success with a single function or application.

52. What is “Security monitoring”? Computer system handling sensitive, valuable or critical information must security logs all significant computer security relevant events. Example of computer security relevant events include password guessing attempts, attempts to use privileges that have not been authorized, modifications to production application software and modification to system software.

53. What is “Incident management”? To deal with security incident that affects the installation in a disciplined manner, security incidents (e.g. malfunctions, loss of power or communications services, overloads and mistakes by user or personnel running the installation, access violations) have to be dealt with in accordance with formal process.

54. What is accounting software? Describe the accounting modules.

Accounting software is application software that records and processes accounting transaction within functional modules such as accounts payable, accounts receivable, payroll and trial balance.

Core modules Non-core modules a) Accounts receivable a) Debt collection b) Accounts payable b) Electronic payment processing c) General ledger c) Expense d) Billing d) Inquiries e) Stock / Inventory e) Payroll f) Purchase order f) Reports g) Sales order g) Timesheet h) Cash book h) Purchase requisition

55. What are the categories of accounting software?

(a) Personal accounting: home users; for simple accounting reconciliation and managing budget. (b) Low end: inexpensive business software. (c) High end: most expensive and complex accounting software. (d) Mid market: support multiple accounting standards. (e) Vertical market: including special features for specific business type. (f) Hybrid solution: features of mid market and high end.

56. What actors should consider at the time of selecting accounting software?

The following factors should consider: a) Ability to drill down from summary general ledger data to individual transactions. b) Ability to import and export data to and from spreadsheet and word processing programs. c) Ability to generate custom report. d) Fast posting of large batches of transactions.



CHAPTER O3 e) Strong security. f) Adequate technical support. g) Retention of historical data and ability to compare current result to past result. h) Ability to allocate indirect cost to individual project. i) Ability to flow data forms the program into tax software.

57. Write some example of different category of accounting software.

Q30. What is direct and indirect risk relating to information system?

Ans: Risk has led to a gap between the need to protect system and the degree of protection applied. This gap is

caused by:

a) Widespread use of technology. b) Interconnectivity of system. c) Eliminate of distance, time and space as

constraints. d) Unevenness of technology changes. e) Devaluation of management and control

Identity management is the process used to determine who has access to what in an organization. It is also one

of the most difficult areas to manage due to the number of functions that must work together to implement

proper controls.



CHAPTER O4

CHAPTER 04 COMMUNICATION AND INFORMATION TECHNOLOGY

01. What is data communication?

Data communication is the function of transporting data from one point to another. Data Communications concerns the transmission of digital messages to devices external to the message source.

02. What are the elements/ components of a communication system?

The following are the basic requirements for working of a communication system. (a) The sender (source) who creates the message to be transmitted. (b) A medium that carries the message. (c) The receiver (sink) who receives the message

03. What are the terms frequently used in communication system?

In data communication four basic terms are frequently used. They are: Data: A collection of facts in raw forms that become information after processing. Signals: Electric or electromagnetic encoding of data. Signaling: Propagation of signals across a communication medium. Transmission: Communication of data achieved by the processing of signals.

04. What are the different types of data transmission mode?

There are three ways for transmitting data from one point to another. Those are as follows: Simplex : In simplex mode the communication can take place in one direction. The receiver receives the signal from the transmitting device. In this mode the flow of information is Uni-directional. Hence it is rarely used for data communication. Half-duplex : In half-duplex mode the communication channel is used in both directions, but only in one direction at a time. Thus a half-duplex line can alternately send and receive data. Full-duplex : In full duplex the communication channel is used in both directions at the same time. Use of full-duplex line improves the efficiency as the line turnaround time required in half-duplex arrangement is eliminated. Example of this mode of transmission is the telephone line.

05. How information is delivered over a network?

Information is delivered over a network by three basic methods. These are as follows: Unicast is a type of transmission in which information is sent only one sender to one receiver. It involves two nodes only. For examples, HTTP; SMTP etc. Broadcast is a type of transmission in which information is sent from just one computer but is received by all the computers connected to the network. Multicast is a type of transmission system where there is only one sender and information sent to multiple selected destinations I.e. video transmission network.

06. What do you mean by digital and analog data?

Data is transmitted from one point to another point by means of electrical signals that may be in digital and analog form. The fundamental differences between analog and digital signals are as follows: In analog signal the transmission power varies over a continuous range with respect to sound, light and radio waves. Analog signal is measured in Volts and its frequency is in Hertz (Hz). On the other hand, a digital signal may assume only discrete set of values within a given range. A digital signal is a sequence of voltage represented in binary form.



CHAPTER O4 07. What is Asynchronous and Synchronous Transmission of data?

Data transmission through a medium can be either asynchronous or synchronous. In asynchronous transmission, data is transmitted character by character as sender go on typing on a keyboard. Hence there are irregular gaps between characters. However, it is cheaper to implement, as sender do not have to save the data before sending. On the other hand, in the synchronous mode, the saved data is transmitted block by block. Each block can contain many characters. Synchronous transmission is well suited for remote communication between a computer and related devices like card reader and printers.

08. What is computer network?

A computer network is interconnection of various computer systems located at different places. In computer network two or more computers are linked together with a medium and data communication devices for the purpose of communication data and sharing resources.

09. What are the different types of computer network?

There are many different types of networks. However, from an end user's point of view there are three basic types: (a) Local-Area Networks (LANs): LAN is a computer network that spans a relatively small area. Most LANs are

confined to a single building or group of buildings. Most LANs connect workstations and personal computers. Each node (individual computer) in a LAN has its own CPU with which it executes programs, but it is also able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distance are limited, and there is also a limit on the number of computers that can be attached to a single LAN.

(b) Metropolitan-Area Network (MANs): is a computer network usually spanning a campus or a city, which typically connect a few local area networks using high speed backbone technologies. A MAN often provides efficient connections to a wide area network (WAN).

(c) Wide-Area Networks (WANs): A WAN is a computer network that spans a relatively large geographical area. Typically, A WAN consists of two or more local-area networks (LANs). Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.

10. What are the features that discriminate LANs, MANs and WANs? Or

What are the differences between LAN & WAN? There are three important features which discriminate LANs, MANs and WANs. Those are as follows:

Features LANs MANs WANs

Size As small as a group of buildings. Covers 5 to 50 km range. Consists of several MANs.

Owned By a single organization. By a consortium of users. World wide users.

Speed High speed than MAN & WAN As a high speed network. Slow in compared to LAN

Cost Cost of transmitting data is negligible.

Relatively high.

Connections Usually nodes are physically connected to each other.

Nodes are not physically connected to each other.

Errors Fewer errors occur because of distance.

Errors rate is high compared to WAN.



CHAPTER O4 11. What are the advantages and disadvantages of LAN?

Advantages:

Workstations can share peripheral devices like printers. This is cheaper than buying a printer for every workstation.

Workstations do not necessarily need their own hard disk or CD-ROM drives which make them cheaper to buy than stand-alone PCs.

User can save their work centrally on the network’s file server.

Users don’t need to go back to the same workstation all the time.

Users can communicate with each other and transfer data between workstations very easily.

One copy of each application package such as a word processor, spreadsheet etc. can be loaded onto the file and shared by all users.

When a new version comes out, it only has to be loaded onto the server instead of onto every workstation.

Disadvantages:

Special security measures are needed to stop users from using programs and data that they should not have access to;

Networks are difficult to set up and need to be maintained by skilled technicians.

If the file server develops a serious fault, all the users are affected.

12. What are the advantages and disadvantages of WAN? Advantages of WAN:

Covers a large geographical area so long distance businesses can connect on the one network.

Shares software and resources with connecting workstations.

Messages can be sent very quickly to anyone else on the network.

Expensive things (such as printers or phone lines to the internet) can be shared by all the computers on the network without having to buy a different peripheral for each computer.

Everyone on the network can use the same data.

Share information/files over a larger area.

Large network cover. Disadvantages of WAN:

Are expensive and generally slow.

Need a good firewall to restrict outsiders from entering and disrupting the network.

Setting up a network can be an expensive and complicated experience.

Security is a real issue when many different people have the ability to use information from other computers.

Protection against hackers and viruses adds more complexity and expense.

Once set up, maintaining a network is a full-time job which requires network supervisors and technicians to be employed.

13. What are the different types of computer network according to structure?

According to the structure, computer network can be classified into the following classes:

(a) Centralized network.

(b) Distributed network, and

(c) Hybrid network.



CHAPTER O4 14. What are the uses of computer network?

Followings are the uses of computer network:

Simultaneous access to programs and data.

Sharing peripherals.

Personal communication using e-mail.

Making back-up of information.

Aiding communication by teleconferencing and video-conferencing.

15. Write short notes on followings:

A router is a device that forwards data packets between computer networks. A router is connected to two or more data lines from different networks. When a data packet comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, it directs the packet to the next network on its journey. Routers perform the "traffic directing" functions on the Internet.

A network switch or switching hub is a computer networking device that connects network devices. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer. A switch is a telecommunication device which receives a message from any device connected to it and then transmits the message only to that device for which the message was meant.

A repeater is an electronic device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances.

Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. A passive hub serves simply as a medium for the data, enabling it to go from one device to another without amplification. Active hubs do perform this amplification. So-called intelligent hubs include additional features that enable an administrator to monitor the traffic passing through the hub and to configure each port in the hub. Intelligent hubs are also called manageable hubs.

16. How do you define network topology? What are the major types of topology?

Network topology is the layout pattern of interconnections of the various elements of a computer or biological network. Network topologies may be physical or logical. Physical topology refers to the physical design of a network including the devices, location and cable installation. Logical topology refers to how data is actually transferred in a network as opposed to its physical design. In general physical topology relates to a core network whereas logical topology relates to basic network. There are six types of network topology. Those are as follows:

Bus Star Ring or circular Mesh Tree Hybrid

17. What is bus topology? What are the advantages and disadvantages of bus topology?

Each computer or server is connected to the single bus cable. A signal from the source travels in both directions to all machines connected on the bus cable until it finds the intended recipient. If the machine address does not match the intended address for the data, the machine ignores the data. Alternatively, if the data matches the machine address, the data is accepted. Since the bus topology consists of only one wire, it is rather inexpensive to implement when compared to other topologies. Advantages:

Easy to implement and extend.

Well suited for temporary networks (quick setup).

Initially less expensive than other topologies.

Cheap

http://en.wikipedia.org/wiki/Data_packet

http://en.wikipedia.org/wiki/Computer_network

http://en.wikipedia.org/w/index.php?title=Data_lines&action=edit&redlink=1

http://en.wikipedia.org/wiki/Internet



CHAPTER O4 Disadvantages:

Difficult to administer/troubleshoot.

Limited cable length.

If there is a problem with the cable, the entire network goes down.

Maintenance costs may be higher in the long run.

Low security (all computers on the bus can see all data transmissions).

One virus in the network will affect all of them.

Proper termination is required. (loop must be in closed path).

If one node fails, the whole network will shut down.

If many computers are attached, the amount of data flowing causes the network to slow down.

18. What is ring topology? What are the advantages and disadvantages of ring topology? A network topology that is set up in a circular fashion in which data travels around the ring in one direction and each device on the right acts as a repeater to keep the signal strong as it travels. Each device incorporates a receiver for the incoming signal and a transmitter to send the data on to the next device in the ring. The network is dependent on the ability of the signal to travel around the ring. Advantages:

Data is quickly transferred without a ‘bottle neck’.

The transmission of data is relatively simple as packets travel in one direction only.

Adding additional nodes has very little impact on bandwidth

It prevents network collisions because of the media access method or architecture required.

Disadvantages:

Data packets must pass through every computer between the senders and recipient therefore this makes it slower.

If any of the nodes fail then the ring is broken and data cannot be transmitted successfully.

It is difficult to troubleshoot the ring.

Because all stations are wired together, to add a station you must shut down the network temporarily.

In order for all computers to communicate with each other, all computers must be turned on.

Total dependence upon the one cable

19. What is star topology? What are the advantages and disadvantages of star topology? Each network host is connected to a central hub with a point-to-point connection. The network does not necessarily have to resemble a star to be classified as a star network, but all of the nodes on the network must be connected to one central device. All traffic that traverses the network passes through the central hub. The hub acts as a signal repeater. The star topology is considered the easiest topology to design and implement. Advantages:

Good performance.

Easy to set up and to expand.

Any non-centralized failure will have very little effect on the network.

Disadvantages:

Expensive to install.

Extra hardware required.



CHAPTER O4 20. Explain Mesh, Tree and Hybrid network topology.

Mesh: Mesh network topology is one of the key network architectures in which devices are connected with many unnecessary interconnections between network nodes such as routers and switches. In a mesh topology if any cable or node fails, there are many other ways for two nodes to communicate. Tree: The type of network topology in which a central 'root' node (the top level of the hierarchy) is connected to one or more other nodes that are one level lower in the hierarchy (i.e., the second level) with a point-to-point link between each of the second level nodes and the second level nodes that are connected to the top level central 'root' node will also have one or more other nodes that are one level lower in the hierarchy (i.e., the third level) connected to it. Hybrid: Hybrid networks use a combination of any two or more topologies in such a way that the resulting network does not exhibit one of the standard topologies (e.g., bus, star, ring, etc.). For example, a tree network connected to a tree network is still a tree network topology. A hybrid topology is always produced when two different basic network topologies are connected. Two common examples for Hybrid network are: star ring network and star bus network.

21. Which matter to be considered for choosing a network topology? Or, What factors do you consider at the time of choosing best alternative network topology? The following factors should be considered at the time of choosing network topology:

Reliability of the entire system.

Expandability of the system.

Cost involvement.

Availability of communication lines.

Delays involved in routing information from one node to another.

22. What are network software/ network operating system software? Network software normally manages and monitors networks of all sizes, from the smallest home networks to the largest enterprise networks. A networking operating system (NOS) is the software that runs on a server and enables the server to manage data, users, groups, security, applications, and other networking functions. The most popular network operating systems are MS Windows Server 2003, MS Windows Server 2008, UNIX, Linux, Mac OS X, and Novell NetWare.

23. What are the functions of network software?

There are several functions of communication software, namely: (a) Access control: establish connection between terminals. (b) Transmission control: send and receive commands, messages, data and programs. (c) Error control: detection and correction of errors. (d) Network management: manage communication in computer network.

24. What is communication protocol? What are the key elements of a protocol?

All communications between devices require that the devices agree on the format of the data. The set of rules defining a format is called a protocol. A protocol may have a formal description. Protocols may include signaling, authentication and error detection and correction capabilities. A protocol definition defines the syntax, semantics, and synchronization of communication; the specified behavior is typically independent of how it is to be implemented. So, the key elements of a protocol are as follows: (a) Syntax: It refers to the structure and format of the data. (b) Semantics: It refers to the meaning of each station of bits. (c) Timing: It refers two characters, when data should be sent and how fast data can be sent.

http://en.wikipedia.org/wiki/Microsoft

http://en.wikipedia.org/wiki/Windows_Server_2008

http://en.wikipedia.org/wiki/UNIX

http://en.wikipedia.org/wiki/Linux

http://en.wikipedia.org/wiki/Mac_OS_X



http://en.wikipedia.org/wiki/Novell_NetWare

http://www.webopedia.com/TERM/C/communications.html

http://www.webopedia.com/TERM/D/device.html

http://www.webopedia.com/TERM/F/format.html

http://www.webopedia.com/TERM/D/data.html

http://www.webopedia.com/TERM/P/protocol.html

http://en.wikipedia.org/wiki/Signalling_%28telecommunications%29

http://en.wikipedia.org/wiki/Authentication

http://en.wikipedia.org/wiki/Error_detection_and_correction

http://en.wikipedia.org/wiki/Syntax

http://en.wikipedia.org/wiki/Semantics



CHAPTER O4 25. What are the roles of communication protocol?

The roles of communication protocol are as follows: (a) Data sequencing: it refers to breaking a long transmission into smaller blocks and maintains control. (b) Data routing: find the most efficient paths between sources and destinations. (c) Flow control: prevents fast sender from overwhelming a slow receiver. (d) Error control: detecting and recovering error by retransmit a block. (e) Connection establishment: (f) Data security: prevents unauthorized access. (g) Log information: it develops log information.

26. What is OSI model? How many layers have in OSI model?

The Open Systems Interconnection (OSI) model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar communication functions are grouped into logical layers. Three are Sever Layers of OSI Model: (a) Application Layer: The application layer provider different services to the application. Examples of services

provided by this layer are file transfer, electronic messaging e-mail, virtual terminal access and network management.

(b) Presentation Layer: The Presentation layer is responsible for protocol conversion, date encryption/decryption, Expanding graphics command and the date compression.

(c) Session Layer: This layer is responsible for establishing the process-to-process communication between the hosts in the network.

(d) Transport Layer: This layer is responsible for end-to-end delivers of messages between the networked hosts. (e) Network Layer: This layer is responsible for translating the logical network address and names into their

physical address. (f) Data Link Layer: Data link layer is responsible for controlling the error between adjacent nodes. (g) Physical Layer: Physical Layer is responsible for transmitting row bit stream over the physical cable.

http://en.wikipedia.org/wiki/Open_Systems_Interconnection

http://en.wikipedia.org/wiki/International_Organization_for_Standardization

http://en.wikipedia.org/wiki/Communications_system

http://en.wikipedia.org/wiki/Abstraction_layer



CHAPTER O5

CHAPTER O5 INTERNAL CONTROL IN COMPUTER BASED BUSINESS SYSTEMS

01. What is internal control? Internal controls are the processes that auditor develop to administer units effectively. They generally include rules and procedures.

02. What are the purpose/objectives of internal control regarding assurance?

Effectiveness and efficiency of operation.

Promote adherence to laws & regulations.

Compliance with applicable laws and regulations.

Safeguard resources against loss due to waste and abuse.

Develop and maintain reliable financial and management data.

03. How to evaluate internal control? The internal control evaluation framework has five key phases required for Sarbanes-Oxley compliance. These are as follows: (a) Define internal control. (b) Organize project team & plan. (c) Evaluate controls at the entity level. (d) Evaluate control at the processes, transaction or application level. (e) Evaluate, improve and monitor.

04. What are the components of internal control?

There are five components that are called standard of internal control environment are as follows: (a) Control environment. (b) Risk assessment. (c) Control activities. (d) Information and communication, and (e) Monitoring.

05. How IT control activities can be categorized?

IT control activities can be categorized as either general or application controls. General controls apply to all computerized information systems- mainframe, minicomputer, network and end user environments. Application controls apply to the processing of data within the application software.

06. What are the components of control activities for Information Technology?

The components of control activities for information technologies are as follows: (a) Personnel. (they need to be competent and trustworthy) (b) Authorized procedures. (thorough review of supporting information to verify the validity of

transaction) (c) Segregation of duties. (d) Physical restrictions. (e) Documentation and record retention. (f) Monitoring operations.



CHAPTER O5 07. What are the limitations of internal control?

The limitations of internal control activities are as follows:

Resource constraint,

Inadequate skill, knowledge or ability,

Faulty judgment,

Degree of motivation by management and employees, and

Unintentional errors.

08. What are the elements of good internal control system? There are 4 elements of good internal control system. Those are as follows: (a) Separation of duties. (b) Authorization. (c) Documentation. (d) Reconciliation.

09. Why organization needs for internal control?

An organization needs internal control to provide greater assurance that they will achieve, operating, financial reporting and compliance objectives. In other words, it helps the organization to succeed in its mission. Internal control ensure that the directions, policies, procedures and practices designed and approve by management and the board are put in place and are functioning as desired.

10. Define the category of IT control.

IT General control: ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable. ITGC includes the followings:

Control environment.

Change management procedures.

Source code version control procedures.

Security policies, standards and processes.

Incident management policies and procedures.

Disaster recovery procedures.

IT Application control: IT application or program control are fully-automated designed to ensure the complete and accurate processing of data, from input though output.

Completeness check.

Validity check.

Identification.

Authentication.

Authorization.

Input controls.



CHAPTER O5 11. What is COBIT?

COBIT was first released in 1996, the current version, COBIT 5 was published in 2012. Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.” COBIT, initially an acronym for 'Control objectives for information and related technology' defines 34 generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.

12. What is COSO?

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of the five private sector organizations (American Accounting Associations, American Institute of CPAs, Financial Executives Internationals, the Institute of Management Accountants, the Institute of Internal Auditors), is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence (avoidance).

13. What are the effects of Information Technology on internal audit?

The impact can be summarized under four main headings: (a) Changes in the audit trail and audit evidence.

Data retention and storage.

Absence of input documents.

Luck of visible audit trail.

Luck of visible output.

Audit evidence.

Legal issues.

(b) Changes in the internal controls environments.

Personnel.

Segregation of duties.

Authorization procedures.

Record keeping.

Access to assets and records.

Management supervision and review.

(c) New opportunities and mechanism for fraud and error and

System generated transaction.

Systematic error.

(d) New audit procedures.

CAATs.



CHAPTER O5 14. What are the main types of IT audit?

The main types of information technology audit can be summarized as below:

Operational computer system audits.

IT installation audits.

Developing system audits.

IT management audits.

IT process audits.

Information security and control audit.

Change management audits.

Certification & other compliance audits.

Special investigations.

IT legal compliance audits.

Disaster contingency, Business continuity planning and IT disaster recovery audits.

15. What are the responsibilities of management for developing and assessing effective internal control? Management is responsible for establishing and maintaining control to achieve the objective of effective and efficient operations and reliable information systems. The information system managers must take systematic and proactive measures to: (a) Develop and implement appropriate, cost-effective internal control for results-oriented

management. (b) Assess the adequacy of internal control in programs and operations. (c) Separately assesses and document internal control over information systems consistent with the

information security policy of the organization. (d) Identify needed improvements. (e) Take corresponding corrective action and (f) Report annually on internal control through management assurance statements.

16. What does complete COBIT package exists?

The complete COBIT package consists of the followings: (a) Executive summary. (b) Governance and control framework. (c) Control objectives. (d) Management guidelines. (e) Implementation guide. And (f) IT assurance guide.

17. What is a COBIT structure?

COBIT covers four domains:

Plan and organize.

Acquire and implement.

Deliver and support.

Monitor and evaluate.



CHAPTER O5 18. What are the auditor’s categories of controls?

Auditors categorize the controls into following four groups: (a) Preventive controls, (b) Detective controls, (c) Corrective controls, and (d) Compensatory controls.

19. What is audit trail?

An audit trail (or audit log) is a security-relevant chronological record, or set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. Audit records typically result from activities such as financial transactions, scientific research and health care data transactions, or communications by individual people, systems, accounts, or other entities.

20. What are the objectives of audit trails?

Audit trails can be used to support security objectives in three ways:

Detecting unauthorized access to the system.

Facilitating the reconstruction of event.

Promoting personal accountability.

21. What is the process of error correction? The processes of error correction are as follows:

Identify all data processing errors that can be identified.

Determine the impact data.

Determine how errors are corrected.

Determine the timeliness of error correction.

Determine if the corrected transactions are authorized.

22. What are key elements of system development and acquisition controls? System development and acquisition control include the following key elements: (a) Strategic master plan. (b) Project controls. (c) Data processing schedule. (d) System performance measurement. (e) Post implementation review.

23. What is system acceptance testing? What its aims?

Acceptance testing is a complete end-to-end test of the operational system including all manual procedures. It aims to provide the system user with confirmation that: a) The user requirement specification. b) End user and operational documentations is accurate, comprehensive and usable. c) Supporting clerical procedures work effectively. d) Help desk and other ancillary support functions operate correctly and as expected. e) Bach-up and recovery procedures work effectively.

24. What factors should be considered when judging the effectiveness of PIR?

The following issues should be considered when judging the effectiveness either of post-implementation review or to from the basis for the auditor to undertake one.

http://en.wikipedia.org/wiki/Financial_transaction

http://en.wikipedia.org/wiki/Communication



CHAPTER O5 a) Interview business users. b) Interview security, operations and maintenance staff. c) User requirement specifications determine. d) Confirm that the previous system has been de-commissioned. e) Review system problem reports and change proposals. f) Confirm that adequate internal control have been built into the system. g) Confirm that an adequate service level agreement has been drawn up and implemented. h) Confirm that the system is being backed up in accordance with user requirements. i) Review the business case and determinations. j) Review trends in trends in transaction throughput and growth.

25. What are the controls over system and program changes?

The controls over system and program changes are following kinds:

Change management controls.

Authorization controls.

Documentation controls.

Testing and quality controls.

26. What tools may we use as control activities for IT? We may use the followings as control tools for IT:

Encryption tools, protocols or similar features of software applications.

Back-up and restore features of software applications.

Virus protection software.

Password that restrict user access to network, data and applications.

27. Why segregation of duties is needed? The segregation of duties is needed for following reasons: a) To protect employees, b) To prevent and detect intentional and unintentional errors and c) To encourage better job performance.

28. What are the components of ITGC?

The followings are the Information Technology General Controls (ITGC): (a) Control activities. (b) Change management procedures. (c) Security polices standard & processes. (d) Change management procedures. (e) Hardware / Software configurations. And (f) Technical support polices and procedures.

29. What are the tools to controls IT Application?

Information Technology application controls are: a) Completeness checks. b) Validity checks. c) Identification. d) Authentication. e) Authorization and f) Input controls.



CHAPTER O5 30. What are the characteristics of the corrective controls?

The characteristics of corrective controls are:

Minimize the impact of the threat,

Identify the cause of the problem,

Remedy problems discovered by detective controls,

Get feedback from preventive and detective controls,

Correct error arising from a problem,

Modify the processing systems to minimize future occurrences of the problem.

31. Why documentation is needed? Documentation is needed for following reasons: a) It provides a record for each event or activity, b) It ensure assets are properly controlled, c) Documents provide evidence of event rally happened, d) It ensures the accounting & completeness transactions.

32. Explain the classification of information.

The classification of information is essential to determine value of data i.e, to differentiate highly sensitive and confidential. The classification of data and information are as follows:

Top secret – Security at this level is the highest possible.

Highly confidential – Security at this level is very high.

Proprietary – Security at this level is controlled but normal.

Public documents – Security at this level is minimal.

33. What is data integrity control? The primary objective of data integrity control techniques is to prevent, detect and correct errors in transactions as they flow through the various stages of a specific data processing program.

34. How could you assess the data integrity controls?

Assessing data integrity control involves evaluating the following critical procedures: a) Virus detection and elimination software is installed and activated. b) Data integrity and validation controls are used to provide assurance that the information has not

been altered and the system functions as intended.



CHAPTER O5 35. Describe different data integrity controls.

There are six categories of data integrity controls which are summarized in following:

Control category

Threat / Risk Controls

Source data control

Invalid, incomplete or inaccurate source data input.

Form design and pre numbered, appropriate authorization, segregation of duties, visual scanning, check-digit verification etc.

Input validation routines

Invalid or inaccurate data in computer processed transaction files

Check key data, sequence, field, sign, validity, limit, range, reasonableness, redundant data and capacity check etc.

On-line data entry controls

Invalid or inaccurate transaction input entered through on-line terminals

Field, limit, range, reasonableness, sign, validity and redundant data checks; user IDs and password, capability test, automatic system data entry, pre formatting, completeness test etc.

Data processing and storage controls

Inaccurate or incomplete data in computer processed master files

Policy and procedures, monitoring and expediting data entry, reconciliation database and account or reports, check data currency, default values, data marching, data security, use labels and write protection mechanism etc.

Output controls Inaccurate or incomplete computer output.

Procedures to ensure that system outputs conform to the organization’s integrity objectives, polices, and standards, visual review of computer output, reconciliation of batch totals etc.

Data transmission on controls

Unauthorized access to data being transmitted or to the system itself; system failures; errors in data transmission

Monitor network to detect weak points, backup computers, design network to handle peak processing, multiple communication paths between network computers, preventive maintenance, data encryption, routing verification etc.

36. What is risk? What are the causes of risk?

A risk is the likelihood that an organization would face a vulnerability being exploited or a threat becoming harmful. These risk lead to a gap between the need to protect systems and the degree of protection applied. The gap is caused by:

Widespread use of technology

Interconnectivity of systems

Elimination of distance, time and space as constraints.

Unevenness of technological changes

Devolution of management and control

Attractiveness of conducting unconventional electronic attacks against organizations

External factors such as legislative, legal and regulatory requirement or technological developments.

37. What is threat and vulnerability?

Threat: A threat is and action, event or condition where there is a compromise in the system, its quality and ability to inflict harm to the organization. Vulnerability: Vulnerability is the weakness in the system safeguards that exposes the system to threats. It may be weakness in an information system, cryptographic system (security system) or other components that could be exploited by a threat.



CHAPTER O5 38. What kind of threat may arise in computerized environment?

A few common threats to the computerized environment may be arises:

Power loss,

Malicious code,

Natural disasters,

Errors,

Communication failure,

Downtime due to technology failure etc

39. What kind of threat may arise due to cyber crimes? Following threat may be arise due to cyber crimes:

Embezzlement.

Theft of proprietary information.

Fraud.

Vandalism.

Denial of service.

Computer virus etc

40. What is risk assessment? Why it is necessary? Risk is a critical step in disaster and business continuity planning. Risk assessment in necessary for developing a well tested contingency plan. Risk assessment is the analysis of threats to resources and the determination of the amount of protection necessary to adequately safeguard the resources.

41. What are the areas to focus for risk assessment purpose?

The areas to be focused upon are: a) Prioritization, b) Identifying critical applications, c) Assessing their impact on the organization, d) Determination recovery time-frame, e) Assess Insurance coverage

42. Explain the risk management process.

The broad process of risk management can be summarized as follows:

Identify the technology related risks.

Assess the identified risks in terms of probability and exposure.

Classify the risks as systematic and unsystematic.

Identify various managerial actions that can reduce exposure to systematic risks and the cost of implementing the same.

Look out for technological solutions available to mitigate unsystematic risks.

Identify the contribution of the technology in reducing the overall risk exposure.

Evaluate the technology risk premium on the available solutions and compare the same with the possible value of loss form the exposure.

Match the analysis with the management policy on risk appetite and decide on induction of the same.



CHAPTER O5 43. What are primary functions of risk assessment?

There are three primary functions regarding risk assessment:

Risk identification,

Risk assessment and

Risk mitigation.

44. What is business continuity and disaster recovery planning? Business continuity focuses on maintaining the operations of an organization, especially the IT infrastructure in face of a threat that has materialized. Disaster recovery, on the other hand, arises mostly when business continuity plan fails to maintain operations and there is a service disruption. This plan focuses on restarting the operation using a prioritized list.

45. Explain business continuity life cycle.

The business continuity life cycle could be broken down into four broad and sequential sections:

Risk assessment.

Determination of recovery alternatives.

Recovery plan implementation.

Recovery plan validation.

46. What are the objectives and goals of business continuity planning? The key objective of the plan should be to: a) Provide for the safety and well-being of people on the premises at the time of disaster. b) Continue critical business operations. c) Minimize the duration of a serious disruption to operations and resources. d) Minimize immediate damage and losses. e) Establish management succession and emergency powers. f) Facilitate effective co-ordination of recovery tasks. g) Reduce the complexity of the recovery effort. h) Identify critical lines of business and supporting functions.

47. What are the phases for developing a business continuity plan?

The methodology for developing a business plan can be sub divided into eight different phases which are given bellow: a) Pre-planning activities (Business continuity plan initiation). b) Vulnerability assessment and general definition of requirements. c) Business impact analysis. d) Detailed definition of requirements. e) Plan development. f) Testing program. g) Maintenance program. h) Initial plan testing and plan implementation.



CHAPTER O5 48. What are different types of business plan?

There are various kinds of business plan may include the following:

Emergency plan.

Back-up plan.

Recovery plan.

Disaster recovery plan. And

Insurance.

49. What are the IS audit standards? Information System audit standards provide audit professionals a clear idea of the minimum level of acceptable performance essential to discharge their responsibilities effectively. Some standards are as follows:

Year Standards

1994 COSO, CoCo

1996 HIPAA

1998 BS 7799

2000 COBIT

50. What are the audit objectives of a computer information system environment?

Audit objectives in a computer system environment are as follows: a) The auditor’s responsibility in gaining sufficient understanding and assurance on the adequacy of

accounting and internal controls. b) The potential impact of auditing in a CIS on the assessment of control and audit risks. c) The extent to which the CIS is used for recording, compiling and analyzing accounting information. d) The system of internal controls relating to the authorized, complete, accurate and valid processing

and reporting procedures. e) The impact of CIS accounting system on the audit trail

51. What is information security? Why information system security is important?

Security relates to the protection of valuable assets against loss, discloser or damage. Security is most important for information system. Adequate information security helps to ensure the smooth functioning of information systems and protect the organization from loss or embarrassment caused by security failures.

52. What subject should be considered to establish better information protection?

To establish better information protection followings should be considered:

Not all data has the same value.

Know where the critical data resides.

Develop an access control methodology.

Protect information stored on media.

Review hardcopy output.

53. What is ERP? What are the benefits of ERP? An Enterprise Resource Planning system is a fully integrated business management system covering functional areas of an enterprise like Logistics, Production, Finance, and Accounting and Human resource.

ERP solutions provide following benefits:



CHAPTER O5

Integrated financial systems.

Standardized processes.

Real-time information 54. What factor should consider in implementing ERP system?

Following factors should be considered at the time of implementing ERP system: a) Corporate culture. b) Process change. c) Enterprise communication. d) Management support. e) ERP project manager competence. f) An ERP team. g) Project methodology. h) Training. i) Institutional commitment to change.

55. What is SAP? What is SAP R/3 system? How many layer of the SAP R/3 system architecture?

SAP stands form “Systems and Application Products”. The SAP system is a collection of software performs standard business functions for corporations. The system has become very popular because it provides a complete solution to standard business. The SAP R/3 code is written in an interpretive language called ABAP. ABAP is a German acronym that loosely translated means “Advance Business Application Programming”. ABAP is very similar to COBOL in its syntax. The SAP R/3 system architecture has three layers: a) Presentation layer. b) Application layer. c) Database layer.



CAATs

(CAATs) COMPUTER ASSISTAED AUDIT TECHNIQUES

01. What are the types of IT audit?

Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit: Technological innovation process audit: This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets.

Innovative comparison audit: This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products.

Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".

Others describe the spectrum of IT audits with five categories of audits: Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.

Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.

Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.

Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

02. What is CAAT?

Computer Assisted Audit Techniques (CAATS) or Computer Aided Audit Tools or Computer Assisted Audit Tools and Techniques (also sometimes referred to as CAATTs) are becoming more popular throughout accounting profession. Now more than ever before, these tools are being used throughout the industry to assist internal auditors in their search for irregularities in data files, to help internal accounting departments with more detailed analysis. Simply put, CAATS are used to simplify or automate the data analysis process.

http://en.wikipedia.org/wiki/Systems_development_life_cycle



http://en.wikipedia.org/wiki/Information_processing

http://en.wikipedia.org/wiki/Telecommunications

http://en.wikipedia.org/wiki/Computer_network



CAATs 03. Define types of CAATs?

There are two types of CAATs. Those are as follows:

Audit software: comprises computer programs used for audit purposes to process data audit significance from the client accounting system. It is used by the auditor to examine the entity’s computer files and may be used during both test of control and substantive testing of transactions.

Test data: Audit test data is data submitted by the auditor for processing by the clients computer based accounting system in order to test the operation of the enterprise’s computer programs. It may be processed during a normal production run (running test data live) or during a special run at a point in time outside the normal cycle (running the test data dead). Test data could be held in the form of a batch of documents that is captured into the system to test both the manual and computer controls (applications and programmed controls).

04. Explain different types of audit programs.

Generalized packaged programs: however they need to be tailored to each specific case by defining the format of the files to be interrogated by specifying the parameters required and the form of that output.

Purpose written programs: these are specially written programs where it is not possible to adapt a package program because of the type of machine, processing or file organization used.

Utility programs: used by the entity to perform data processing functions such as sorting and printing of files e.g. excel.

05. What are the uses of audit software?

Following works can be done by audit software:

Calculation checks: e.g. program gives the total amount of individual entries in purchases day book in a particular period.

Detecting system violation rule: e.g. program checks that no customer has balance above specified credit limit.

Detecting unreasonable items: programs checks that no customer has discount of 50% or sales ledger balance (i.e. debtors balance) is more than the amount of sales made to that customer.

New calculation and analysis: e.g. statistical analysis of inventory movements to identify slow moving items.

Selecting items for audit testing: e.g. obtaining a stratified sample of sales ledger balances to be used as a basis for a circularization of debtors.

Completeness checks: e.g. checking continuity of sales invoices to ensure that they are all accounted for.

06. List and briefly explain four advantages of CAATs

What are the advantages of CAAT to the auditor? The most important advantages of CAAT are as follows:

Test programmed controls: in a computer based accounting system, there are large volumes of transactions which the auditor will have to audit. The auditor will have to check if the programmed controls are functioning correctly. The only effective way of testing programmed controls is through CAAT.

Test on large volume of data: CAAT enable auditors to test large amount of data quickly and accurately and therefore increase the confidence they have in their opinion.



CAATs Test on source location of data: CAAT enables auditors to test the accounting systems and its

records (e.g. disk files) at its source location rather than testing the printouts of what they believe to be a copy of those records.

Cost effective: once set up CAAT are likely to be cost effective way of obtaining audit evidence year after year provided that the client does not change the accounting system regularly.

Comparison: allows results from using CAAT to be compared to traditional testing. Where the two results agree this increase the overall audit confidence.

07. List and briefly explain some of the difficulties of using audit software?

Set up cost is high: set up cost is high as initially client procedures need to be investigated and understood thoroughly prior to the audit software can be used to access and interrogate those files.

Changes are costly: if there are changes to client system, this will require costly alterations to the audit soft wares.

Not suitable for small installations: Client accounting system documentation may be incomplete so that it is difficult to identify all procedures. The cost of writing specific audit software to test those systems may be difficult to justify against the possible benefit on the audit or possibility of recovering the cost of the software.

Over elaboration: tendency to produce over elaborate enquiry programs which are expensive to develop, time consuming in processing and reviewing. Hence audit cost goes up.

Quantities of output: it may arise that output is too large either due to poor design of the software or using inappropriate parameters on a test.

Live database: the audit program need to be run on the live database (i.e. actual files) of the client because the auditor is testing the actual system of the client. Some clients may be unwilling to let auditors run the audit program on the live/actual files as this need to be fully tested that it won’t corrupt the actual database files.

08. What procedures can be performed through CAATs?

CAATs may be used in performing various auditing procedures, including the following:

tests of details of transactions and balances, for example, the use of audit software for recalculating interest or the extraction of invoices over a certain value from computer records;

analytical procedures, for example, identifying inconsistencies or significant fluctuations;

tests of general controls, for example testing the set-up or configuration of the operating system or access procedures to the program libraries or by using code comparison software to check that the version of the program in use is the version approved by management ;

sampling programs to extract data for audit testing;

tests of application controls, for example, testing the functioning of a programmed control; and

reperforming calculations performed by the entity’s accounting systems.

09. What are the programs normally used in CAATs? A brief description of the programs commonly used is given below:

Package Programs are generalized computer programs designed to perform data processing functions, such as reading data, selecting and analyzing information, performing calculations, creating data files and reporting in a format specified by the auditor.

Purpose-Written Programs perform audit tasks in specific circumstances. These programs may be developed by the auditor, the entity being audited or an outside programmer hired by the auditor. In some cases, the auditor may use an entity’s existing programs in their original or modified state because it may be more efficient than developing independent programs.



CAATs

Utility Programs are used by an entity to perform common data processing functions, such as sorting, creating and printing files. These programs are generally not designed for audit purposes, and therefore may not contain features such as automatic record counts or control totals.

System Management Programs are enhanced productivity tools that are typically part of a sophisticated operating systems environment, for example, data retrieval software or code comparison software. As with utility programs these tools are not specifically designed for auditing use and their use requires additional care.

10. What factors an auditor should consider in determining the use of CAATs?

When planning an audit, the auditor may consider an appropriate combination of manual and computer assisted audit techniques. In determining whether to use CAATs, the factors to consider include:

the IT knowledge, expertise and experience of the audit team;

the availability of CAATs and suitable computer facilities and data;

the impracticability of manual tests;

effectiveness and efficiency; and

time constraints.

11. What are the steps to be undertaken by the auditor for the use of CAATs? The major steps to be undertaken by the auditor in the application of CAAT are to:

(a) set the objective of CAAT application; (b) determine the content and accessibility of the entity’s files; © identify the specific files or databases to be examined; (d) understand the relationship between the data tables where a database is to be examined; (e) define the specific tests or procedures and related transactions and balances affected; (f) define the output requirements; (g) arrange with the user and IT departments, if appropriate, for copies of the relevant files or

database tables to be made at the appropriate cut off date and time; (h) identify the personnel who may participate in the design and application of CAAT; (i) refine the estimates of costs and benefits; (j) ensure that the use of CAAT is properly controlled; (k) arrange the administrative activities, including the necessary skills and computer facilities; (l) reconcile data to be used for CAAT with the accounting and other records; (m) execute CAAT application; (n) evaluate the results; (o) document CAATs to be used including objectives, high level flowcharts and run instructions; (p) assess the effect of changes to the programs/system on the use of CAAT.

Certified Information Systems Auditor (CISA) is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. ISACA got its start in 1967. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves. Today, ISACA’s membership—more than 95,000 strong worldwide—is characterized by its diversity. Members live and work in more than 160 countries and cover a variety of professional IT-related positions—to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor.

http://en.wikipedia.org/wiki/Information_Technology_Audit



http://en.wikipedia.org/wiki/ISACA



CAATs Certified Information Security Manager (CISM) Designed for experienced information security managers, the CISM designation is a ground breaking credential earned by more than 18,000 professionals since it was established in 2002. To earn the CISM designation, candidates are required to successfully pass the CISM examination, which is offered twice annually in three languages, adhere to ISACA’s Code of Professional Ethics and agree to comply with the CISM Continuing Education Policy. More than 4,900 candidates registered for the CISM examination in 2010. CISM retention each year consistently remains at 93 percent.

Certified in the Governance of Enterprise IT (CGEIT) The CGEIT is designed for professionals who manage, provide advisory and/or assurance services, and/or who otherwise support the governance of an enterprise’s IT and wish to be recognized for their IT governance-related experience and knowledge. Introduced in 2007, the CGEIT designation is the third certification offered by ISACA. Designed for professionals who manage, provide advisory and/or assurance services, and/or otherwise support the governance of an enterprise’s IT and wish to be recognized for their IT governance-related experience and knowledge.

Certified in Risk and Information Systems Control (CRISC) The CRISC was designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of appropriate IS controls. Introduced in 2010, the CRISC designation is a new certification offered by ISACA and is based on the association’s intellectual property, independent market research and the input of subject matter experts from around the world. More than 16,000 professionals have earned the CRISC designation since inception.

http://www.isaca.org/cism

http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Maintain-Your-CISM/Pages/default.aspx

http://www.isaca.org/cgeit

http://www.isaca.org/crisc



Important Questions

Important Questions

At a Glance



Important Questions

CHAPTER O1 INFORMATION WITHIN ORGANIZATION

33. What is information? What is Information Technology? 34. What are the difference between data and information? 35. What are the factors determine value of information? 36. How information systems impact organization and business firm? 37. What are the attributes of useful and effective information? 38. What do you mean by system? What are the types of system? 39. What types of information systems are used at different levels of management in an organization? 40. What is a DSS? What are the characteristics of DSS? What are the components of DSS? 41. What is TPS? What activities are involved in TPS? 42. What is MIS? What is EIS? 43. What is Knowledge-based system? What are the types of KBS? 44. What is the different between the passive IS and interactive IS? 45. What is Batch processing and rapid response processing? 46. What are ‘Pivot Table’ and ‘Evert Triggered’?

CHAPTER 02 INFORMATION TECHNOLOGY ARCHITECHTURE

01. Discuss characteristics of information processing systems? 02. What do you mean by information architecture? What are the challenges of information system that managers should heed? 03. What are Properties of computer systems and components of computer system? 04. What is software? What are the functions of software? 05. What are the types of software/ Write the software tree? 06. Classify the software according to the commercial perspective. 07. What are the differences among shareware, freeware, and firmware? 08. Define data structure. What is structured and unstructured data? 09. Write some name of popular programming language. 10. How to choose software/ accounting software? 11. What do you mean by Data Analysis? 12. What is data validation? Discuss the data validation methods. What are the features of data validation? 13. What is DBMS? Write down the advantages and disadvantages of DBMS? 14. What is database model? What are the types of database model? 15. What is distributed database? Write down advantages and disadvantages? 16. What is centralized database? 17. What are the types of processing techniques? Write down advantages of each processing techniques? 18. What is security control? What are the categories of security control/ how can we provide security? 19. What is malicious software? Discuss the types of malicious software. 20. Discuss the terms Hackers and Cracker. 21. What is E-commerce? Write down the characteristics of E-commerce. 22. What are the types of e-commerce? What are the benefits and limitation of e-commerce?



Important Questions CHAPTER 03

MANAGEMENT OF INFORMATION TECHNOLOGY 58. Describe the phases of policy evaluation process? 59. What are approaches of organizational management process? 60. What are the work process, Behavioral process and Change processes? 61. What are the differences among three processes? 62. What is formal and informal information system? 63. What is Computer-based Information System (CBIS)? 64. What are the basic components of information system? What are the fundamental roles of Information

System in business? 65. Discuss the role and efficient use of information technology in business? 66. What are the difference between IT infrastructure and IT architecture? 67. What are components of IT infrastructure? 68. What is asset? What are characteristics and classification of asset? 69. Discuss the asset life cycle? 70. What is ITAM? What are the benefits of ITAM? Write down ITAM cycle. 71. What considerations should be addressed to optimize an ITAM program? 72. How can you evaluate an IT asset management solution? 73. What is debugger, linkers and text editors? 74. What factor should you consider for implementing global ERP? What are the barriers for implementing

global ERP? 75. Define codeline, codeline policy, environment and branching. 76. What are requirements to effective software control for changes? 77. What is problem management? What are the primary functions of problem management system? Explain

the problem management process? 78. What are key component to review and oversight of the problem management function? 79. What do you mean by IT management? List IT management discipline? 80. What are components of traditional data processing model? 81. What are the roles of an IT manager? 82. Explain briefly IT performance management and control instruments approaches. 83. How could you align IT performance management to corporate strategy? 84. How could you evaluate IT performance management system of a company? 85. What is information security? Why do you think information system security important? 86. What information is sensitive? What factors should be considered for establishing better information

protection? 87. What are layer series of technological and non-technological safeguard for physical security measures/ how

protection of information could be achieved? 88. What kind of threat may arise to information system? /what are the information system threats? 89. What are information security objectives? What are historical information securities? 90. Write notes on the followings:

Vulnerability management Threat management Trust management Identity management IT control and audit Security monitoring Incident management

91. What is accounting software? Describe the accounting modules. What are the categories of accounting software?

92. What actors should consider at the time of selecting accounting software? 93. Write some example of different category of accounting software. 94. What is direct and indirect risk relating to information system?



Important Questions

CHAPTER 04 COMMUNICATION AND INFORMATION TECHNOLOGY

27. What is data communication? What are the elements/ components of a communication system? 28. What are the different types of data transmission mode? 29. How information is delivered over a network? 30. What do you mean by digital and analog data? 31. What is Asynchronous and Synchronous Transmission of data? 32. What is computer network? What are the different types of computer network? 33. What are the features that discriminate LANs, MANs and WANs? Or

What are the differences between LAN & WAN? 34. What are the advantages and disadvantages of LAN and WAN? 35. What are the different types of computer network according to structure? 36. How do you define network topology? What are the major types of topology? 37. What is bus topology? What are the advantages and disadvantages of bus topology? 38. What is ring topology? What are the advantages and disadvantages of ring topology? 39. What is star topology? What are the advantages and disadvantages of star topology? 40. Explain Mesh, Tree and Hybrid network topology. 41. Which matter to be considered for choosing a network topology? Or,

What factors do you consider at the time of choosing best alternative network topology? 42. What are network software/ network operating system software? 43. What are the functions of network software? 44. What is communication protocol? What are the key elements of a protocol? 45. What are the roles of communication protocol? 46. What is OSI model? How many layers have in OSI model?

CHAPTER 05 INTERNAL CONTROL IN COMPUTER BASED BUSINESS SYSTEMS

56. What is internal control? What are the purpose/objectives of internal control regarding assurance? 57. How to evaluate internal control? What are the components of internal control? 58. How IT control activities can be categorized? What are the components of control activities for Information

Technology? 59. What are the limitations of internal control? 60. What are the elements of good internal control system? 61. Define the category of IT control. 62. What are COBIT and COSO? 63. What are the effects of Information Technology on internal audit? 64. What are the main types of IT audit? 65. What are the responsibilities of management for developing and assessing effective internal control? 66. What does complete COBIT package consists? 67. What is a COBIT structure? 68. What is audit trail? What are the objectives of audit trails? 69. What is the process of error correction? 70. What are key elements of system development and acquisition controls?



Important Questions

71. What is system acceptance testing? What its aims? 72. What factors should be considered when judging the effectiveness of PIR? 73. What are the controls over system and program changes? 74. What tools may we use as control activities for IT? 75. What are the components of ITGC? 76. What are the tools to controls IT Application? 77. What are the characteristics of the corrective controls? 78. What is data integrity control? How could you assess the data integrity controls? Describe different data

integrity controls. 79. What is risk? What are the causes of risk? 80. What is threat and vulnerability? 81. What kind of threat may arise in computerized environment? 82. What kind of threat may arise due to cyber crimes? 83. What is risk assessment? Why it is necessary? What are primary functions of risk assessment? 84. What are the areas to focus for risk assessment purpose? 85. Explain the risk management process. 86. What is business continuity and disaster recovery planning? 87. Explain business continuity life cycle. 88. What are the objectives and goals of business continuity planning? 89. What are the phases for developing a business continuity plan? 90. What are the IS audit standards? 91. What are the audit objectives of a computer information system environment? 92. What subject should be considered to establish better information protection? 93. What is ERP? What are the benefits of ERP? 94. What factor should consider in implementing ERP system? 95. What is SAP? What is SAP R/3 system? How many layer of the SAP R/3 system architecture?

CAATs

COMPUTER ASSISTAED AUDIT TECHNIQUES

12. What is CAAT? Define types of CAATs? 13. Explain different types of audit programs. 14. What are the uses of audit software? 15. List and briefly explain four advantages of CAATs/ What are the advantages of CAAT to the auditor? 16. List and briefly explain some of the difficulties of using audit software? 17. What procedures can be performed through CAATs? 18. What are the programs normally used in CAATs? 19. What factors an auditor should consider in determining the use of CAATs? 20. What are the steps to be undertaken by the auditor for the use of CAATs? 21. Write short notes on:

CISA CISM CGEIT CRISC

it (kl) - mohammed ariful hoque, mba, aca

Documents

cost of information

value of information

format of information

effective information

procuring information

may2010 information

nov2010 data

mohammed ariful hoque