1

REVISION QUESTIONS FOR ISCA MAY 2013

CA. RISHABH PUGALIA | ISCANOTES.COM
CHAP 1 INFORMATION SYSTEM CONCEPTS 1. 2. 3. 4. Factors on which information requirements of executives depend [includes Programmed decisions vs. Non-Programmed decisions AND 3-levels of Management] DSS Characteristics and Components OR What do you understand from the term database? How is it implemented in three different levels? Short Notes: a) Knowledge Acquisition Subsystem (KAS), b) Decomposition, c) TPS, d) Computer-based Information Systems (CBIS) Describe a practical set of principles to guide the design of measures and indicators to be included in an Executive Information System (EIS).

CHAP 2 SYSTEM DEVELOPMENT LIFE CYCLE METHODOLOGY 5. 6. 7. 8. 9. Why organizations fail to achieve their systems development objectives; explain in brief. Strengths and weaknesses of the Waterfall model, Incremental Model, RAD Basic principles of Prototyping Model Discuss various important factors to be kept in mind while designing an Input from an information system. [similar to output] Explain different conversion strategies used for conversion from manual to computerized system. Enumerate the advantages and disadvantages of each strategy.

10. Explain different activities involved in conversion from manual system to computerized system. 11. Short Notes: a) Black Box testing vs. White Box testing, b) Program debugging, c) Data flow diagrams, d) Fact finding techniques, e) Integration testing, f) Systems requirement specifications (SRS), g) Agile technology 12. Describe any five functional areas of a system which needs to be analysed by system analyst for detailed investigation of the present system 13. Feasibility Studies 14. Discuss various categories of tests that a programmer should typically perform on a program unit. (Sol - Parallel, Structural, Performance, Functional, Stress) CHAP 3 CONTROL OBJECTIVES 15. Short notes: Key elements in System Development and Acquisition Control 16. Short Notes: Preventive Controls, Detective Controls & Corrective Controls 17. Firewalls & its types 18. Briefly explain the formal change management policies, and procedures to have control over system and program changes. 19. Short Notes: a) Time Bomb & Logic Bomb, b) Public Key Infrastructure (PKI), c) Fire Suppression System, d) Financial Control Techniques, e) Spooling, f) Service Level agreements (SLA), g) Intrusion Detection Systems (IDS), h) Asynchronous Attacks, i) Information Classification, j) Boundary control techniques 20. Discuss the three processes of Access Control Mechanism, when an user requests for resources 21. There are a number of general questions that an auditor will need to consider for quality control. Explain those questions in brief.

About the Author/Trainer: Rishabh Pugalia is a qualified Chartered Accountant. After having worked for KPMG (Assurance) & J.P. Morgan (Debt Capital Markets), he founded ExcelNext in December 2009. - His super-popular training program on Advanced Excel for Finance, CAAT and MIS Reporting is available at CAclubindia.com - http://www.caclubindia.com/coaching/excel.asp - His ISCA Notes has been downloaded 30,000+ times since its launch in mid-2011. His book can be found at http://www.edzonex.com/best-ca-final-isca-book

www.iscanotes.com

CA. Rishabh Pugalia

www.excelnext.in

2
CHAP 4 TESTING GENERAL AND AUTOMATED CONTROLS 22. Short Notes: a) SCARF, b) Integrated Test Facility ITF c) Multi-Year testing plans 23. An Auditor identifies control techniques and determines the effectiveness of controls at various levels. Explain those levels in brief. CHAP 5 RISK ASSESSMENT METHODOLOGIES AND APPLICATIONS 24. Risk Classification [Systematic. vs. Unsystematic. Risks] 25. Risk management Process [incl. 4 Strategies to manage the risk or Risk management strategies] 26. Considerations in analyzing Risk 27. Common risk mitigation techniques 28. Insurance Coverage CHAP 6 BUSINESS CONTINUITY PLANNING & DISASTER RECOVERY PLANNING 29. Briefing vs. Debriefing Session 30. Audit tools & techniques to ensure that DRP is in order 31. Short Notes: a) Business Impact Analysis, b) Vulnerability assessment 32. Single Point of Failure 33. Disaster recovery Procedural plan / Disaster Recovery and Planning Document CHAP 7 AN OVERVIEW OF ENTERPRISE RESOURCE PLANNING 34. Organizations face several new business risks when they migrate to real-time, integrated ERP systems. What are those risks? 35. Benefits of ERP 36. SAP Modules a) Enterprise Controlling [inter-company transaction], b) Treasury 37. You are entrusted with the duty of implementing an ERP in your office. You have taken care of all the preparations during the implementation. However, during post implementation, there will be a need for course correction many times. What can be the reasons for them? 38. Describe the general guidelines, which are to be followed before starting the implementation of an ERP package. 39. Explain the various criteria used for evaluation of the ERP packages OR Explain the process of evaluation of various ERP packages 40. ERP implementation Fears and Expectations

CA. Rishabh Pugalias ISCA Notes

His ISCA Notes has been downloaded 30,000+ times since its launch in mid-2011. His book can be found at http://www.edzonex.com/best-ca-final-isca-book Key Features: Exhaustive questions from RTP, Past Year Examinations along with Case Studies All questions answers linked to Paragraph references Bold and Underlined keywords Summarized sentences in bullet points

www.iscanotes.com

CA. Rishabh Pugalia

www.excelnext.in

3
CHAP 8 INFORMATION SYSTEMS AUDITING STANDARDS, GUIDELINES, BEST PRACTICES 41. Briefly explain Asset Classification and Control under Information Security Management Systems. (including FAR) 42. CMM & its 5 levels 43. Sys Trust and Web Trust Services 44. Security policy involves a thorough understanding of the organization business goals and its dependence on information security. What are the areas which should be covered under this policy? Also mention its controls and objectives CHAP 9 DRAFTING OF IS SECURITY POLICY, AUDIT POLICY, IS AUDIT REPORTING- A PRACTICAL PERSPECTIVE 45. What purpose the information system audit policy will serve? Briefly describe the scope of information system audit. 46. Suppose an audit policy is required, how will you lay down the responsibility of audit? 47. What do you mean by information security? What are the objectives of information security? 48. Permanent and Current Audit file 49. Types of Information Security Policies and their Hierarchy CHAP 10 INFORMATION TECHNOLOGY (AMENDED) ACT, 2008 50. Section 3, 3A, 11, 12, 13, 18, 25, 35, 38, 41, 58, 66A, 70B, 79, 87 51. E-Governance

Tips for writing answers in the examination

Headings in CAPITAL LETTERS and keywords of sub-bullet points in Underline Use Bullet points instead of jumbled paragraphs Attempt full 100 marks Read the questions carefully. E.g. Answers differ for Features of MIS vs. Characteristics of MIS

Other publications of CA. Rishabh Pugalia

He founded ExcelNext Training Solutions in December 2009. Under its umbrella, he has trained more than 2,000 professionals across 11+ cities on Advanced Excel for Finance, CAAT and MIS Reporting. His clientele include two of the Big Four Accounting firms. His Online Training program is available for subscription at CAclubindia.com http://www.caclubindia.com/coaching/excel.asp Co-authored a Technical Guide on Data Analytics and Continuous Control Monitoring - published by the ICAI (Oct 2012). ICAI Download Link: http://220.227.161.86/iasb17282.rar The video of his LIVE webcast on Using Excel for Continuous Controls Monitoring at the ICAI (Nov 2012) has been uploaded at http://spotforge.net/live/icai091112 [38th minute onwards] Co-organized seminar on Data Analytics and Continuous Control Monitoring, IASB, The Institute of Chartered Accountants of India (ICAI) in New Delhi (Jun 2012) & Chennai (Jul 2012) His training sessions on Advanced Excel & Presentation Skills, at various CA Study Circle meetings, Institute LIVE Webcast, CPE Seminars and GMCS programs have received overwhelming response

www.iscanotes.com

CA. Rishabh Pugalia

www.excelnext.in