Chapter 1
Information within Organization
Q.1) What is information?
Information
is data that has been processed into a form that is meaningful to the recipient.
Data
---->
Data transformation ----> Information
Q.2) What are the difference between
data and information?
|
SL. No.
|
Data
|
Information
|
|
1
|
Raw, unanalyzed fact figure and
events
|
Useful knowledge derived from the
data
|
|
2
|
Unprocessed instruction
|
If data is processed will become your
information
|
|
3
|
Example: If you had a sum,
123+123(data)=246(information)
|
Q.3) How information system impact
organization and business firm?
Information
systems have become integral, online interactive tools deeply involved in the
minute to minute operations and decision making of large organization.
Q.4) What is Organization?
A
social arrangement for the controlled performance of collective goals, which
has a boundary it from its environment.
Q.5) Write the quality of high value
information?
Information
only high value information if it is –
·
Relevant
·
Reliable
·
Clear
·
Complete
·
Timely
·
Right
Quality.
Q.6) Why Information is key resource
in organization?
Or, Discuss the importance of
Information.
Information
is key resource in an organization because information is fundamental to the
success of any business.
Q.7) What is important attributes of
useful and effective information?
The
important attribute of useful and effective information are as follows:
·
Availability
·
Purpose
·
Decay
·
Frequency
·
Completeness
·
Reliability
·
Cost
beneficial
·
Validity
·
Transparency
·
Value of
information
Q.8) Why does organization exist?
Organization
exist because they-
·
Overcome
people’s individual limitations.
·
Enable people
to specialize
·
Accumulate
and share knowledge.
·
Enable people
to poll their expertise.
Q.9) How does organization differ?
Organization
differs in many ways, such as:
·
Ownership
·
Control
·
Activity
·
Size
·
Source of
finance
Q.10) What is DSS (Decision Support
System)?
A
decision support system can be defined as a system that provides tools to
managers to assist them in solving semi structured and un-structured.
Q.11) What is characteristics /
properties of DSS?
The
DSS are characteristics by at least three properties-
o
The support
semi-structured and unstructured decision making
o
They are
flexible enough
o
They are easy
to use
Q.12) What is component of DSS?
A
decision support system has four basic components. Namely-
·
The user
·
One of more
database
·
A planning
language
·
The model
base
·
Q.13) Give some example of DSS in
Accounting.
Following
are the examples of DSS in accounting:
·
Cost
Accounting system
·
Capital
Budgeting system
·
Budget
variance analysis system
·
General
decision support system
Q.14) What type of information
systems are used at different levels of management in an organization?
Used
of information systems at different levels of management in an organization is
sited below:
|
Management level
|
Used information system
|
|
Top level management
|
EIS,MIS,DSS
|
|
Middle level management
|
MIS,DSS
|
|
Lower level management
|
TPS
|
Q.15) What activities are involved
in TPS?
A
TPS involves the following activities:
Ø
Computing
data to organization in files or database
Ø
Processing of
files/ database using application software
Ø
Generating
information in the form of reporting
Ø
Processing of
queries from various quarters of the organization.
Q.16) Discuss the type of
information?
Information,
broadly can be divided into two different types-
v
Internal
information
v
External
information
Q.17) What is the different between
the passive IS & interactive IS?
|
Passive
information systems
|
Interactive
information systems
|
|
Passive information systems are
systems that will answer queries based on the data that is held within them,
but the data is not altered.
|
An interactive system is one that
data can be entered for processing which may alter the contents of the
database.
|
Q.18) What is management system?
A
management information system is software that allows the managements with in a
company to access and analyze data.
Q.19) What is knowledge based
systems (KBS)?
A
is knowledge based system is a system where all the expert human knowledge
covering a particular topics is bought together and made available to the user
through a computer.
Q.20) Discuss the types of is
knowledge based system?
There
are three types of is knowledge based system, namely-
·
Diagnostic
·
Advice giving
·
Decision
making
Q.21) What is financial reporting
system?
Financial
reporting involves all the procedures necessary to ensure that the financial
performance of a department is clearly and effectively reported on to the
relevant authorities.
Q.22) Write the function of
financial reporting?
The
function performed by financial reporting specialists cover the following
areas:
·
Undertaking
the monthly closure of accounts
·
Compiling quarterly
reports
·
Undertaking
the annual closure of accounts
·
Compiling
overall annual reports
Q.23) What is objective of any
financial accounting system?
A
primary objective of any financial accounting system is to provide accurate
financial statements on a timely basis
Q.24) What is “Pivot Table”?
Pivot
table is one of the most powerful analytical tools that are used in
spreadsheets.
Q.25) Discuss the terms “Event
Triggered”?
Many
accounting software products have ability to alert users to predefined financial
condition. With such a feature, a CFO can create simple calculation that the
accounting software continuously compares against a present values.
Q.26) Write something about the
International Financial Reporting Standards (IFRS).
IFRS’s
are standards, interpretations and the framework adopted by the International
Accounting Standards Board (IASB).
Q.27) Discuss the structure of IFRS?
ü
IFRS’s-
issued after 1st April 2001
ü
IAS’a Issued
before 1st April 2001
ü
Interpretation
originated from the IFRIC (International Financial Reporting Interpretation
Committee)- issued after 1st April 2001
ü
Standing
Interpretation Committee (SIC) Issued before 1st April 2001
ü
Framework for
the preparation and presentation of financial statements.
Q.28) Write the qualitative characteristics
of financial statement?
A
qualitative characteristic of financial statements includes:
Ø
Relevance
Ø
Reliability
Ø
Understandability
Ø
Comparability
Q.29) What is framework?
The
framework for the preparation and presentation of financial statements state
basic principles for IFRS’s
Q.30) Write the element of financial
statement.
The
elements of financial statement include:
1.
Assets
2.
Liability
3.
Equity
Q.31) Write the elements of income
statement.
The
element of income statements includes:
1.
Income
2.
Expenses
Q.32) What is the component of
IFRS’s financial statement?
IFRS
financial statements consists of:
A statement
of financial position
A statement
of comprehensive income
A statement
of change in equity
A statement
of cash flows
Note,
including a summary of the significant accounting policies.
Q.33) Define the term ‘Business
owner, System owner, Technical owner, System administrator &
application administrator?
Business
owner:
The
business owner is the business executive or leader who is accountable for the
primary business functions performance by the Critical Financial Reporting
System (SFRS).
System
owner:
The
system owner is the functional unit leader who is responsible for the Critical
Financial Reporting System (SFRS).
Technical
owner:
Technical
owner is the individual who is responsible for ensuring that the technical
information technology components of the CFRS are properly implemented and
manage effectively.
System
administrator:
System
administrator is the individual who is responsible for proper operational
configuration management and functioning of one or more information technology
components of the CFRS are properly implemented and mange effectively.
Application
administrator:
Application
administrator is the individual who is responsible for proper operational
configuration management and functioning of one or more CFRS applications.
Chapter-2
Information Technology Architecture
Q. 1)
What is information system? Classify information system.
Information systems:
Information systems is a mechanism that helps
people to collect, store, organize & use information.
Types of information system:
Major type of information systems are:
1.System from a functional perspective:
- Sales and marketing system
- Manufacturing and production system
- Finance and accounting system
- Human resources system
2.
Systems from a constituency perspective:
- Executive Support System (ESS)
- Decision Support System (DSS)
- Management Information System (MIS)
- Transaction Processing System (TPS)
Q. 2)
What is Computer system?
Computer system is a collection of some integrated
components that woks to accomplish a specific task.
Q. 3)
What is Properties of computer system?
A computer system must satisfy the following
properties:
- Each system consists of several components.
- There must be a logical relation between the
components.
- The components of a system should be
controlled in a way such that specific task can be accomplished.
Q. 4)
What are the components of computer system?
Following are the components of computer system:
- Hardware
- Software
- Human ware
- Date/ Information
Q. 5)
What is software? Classify the software according to working principal.
Software:
Software is the collection of computer programs
procedures and documentation that performs different tasks on a computer
system.
Classification of Software:
According to the working principal, software can
be classified into two classes:
Q. 6)
Classify the system software:
System software can be broadly classified into
three classes
Ø
System
management software
Ø
System
support software
Ø
System
development software
Q 7.
Write the different type of application software
Some example of application software is sited
below
Ø
Word
processing software
Ø
Database
Software
Ø
Multimedia
software
Ø
Presentation
Software
Ø
Enterprise Software. Etc
Q 8.
Classify the software according to the commercial perspective.
From the commercial perspective software can be
classified into three major classes:
Ø
Commercial
software – refers to any software that is designed for sale to serve a
commercial need .
Ø
Freeware/Open
source software- freeware is free to use and dose not require any payment from
the user
Ø
Shareware
Software- Shareware is basically “try before you buy” software
Q 9.
What is shareware?
Shareware is basically “try before you buy”
software.
Shareware is software that is distributed free on
a trail basis with the understanding the user may need or want to pay for it
alters.
Q 10.
Write down the different between shareware and freeware.
Shareware is basically “try before you buy”
software. Shareware may just be offering free access for a limited period of
time. On the other hand freeware is free to use and dose not repair and payment
form the user.
Q 11.
What is firmware?
In a computing firmware is software that is
embedded in a hardware device. Firmware is defined as: “The computer program in
a read only memory (ROM) integrated circuit”.
Q 12.
Write the some example of firmware?
Some example of firmware is sited below:
Ø
The BIOS
found in IBM- compatible personal computers.
Ø
RTAS
(Run-Time Abstraction Services).
Ø
ARCS, used in
computers from silicon graphics.
Q. 13
Define data structure?
Data may be organized in many different ways: the
logical or mathematical model of a particular organization of data is called a
data structure. Such as Array and Record.
Q.14
What do you mean by Data Analysis?
Data analysis is a process in which raw data is
ordered and organized so that useful information can be extracted from it.
Q.15
What is data validation? Discuss the validation methods?
Data validation is the process of ensuring that a
program operates on clean, correct and useful data.
Method of data
validation:
Following are data validation methods:
Ø
Allowed
character cheek
Ø
Consistency
cheek
Ø
Control
totals
Ø
Data types
cheek
Ø
Format or picture
cheek
Ø
Limit cheek
Ø
Logic cheek
Ø
Missing data
test
Ø
Rang cheek
Q.16 What
is DBMS? Write down the features of DBMS?
Database Management System (DBMS):
DBMS is a special data processing system or part
of a data processing system which aids in the storage, manipulation, reporting,
management and control of data.
Features of DBMS:
Feature of DBMS are sited below:
Ø
Query
ability.
Ø
Backup and
replication.
Ø
Rule
enforcement.
Ø
Security.
Ø
Computation.
Ø
Change and
access logging.
Ø
Automated
optimization.
Q.17
What are the different between multiprogramming and multiprocessing?
Multiprogramming:
Multiprogramming is the name given to the
interleaved execution of two or more different and independent programs by the
same computer.
Multiprocessing:
The term multiprocessing is used to describe
interconnected computer configurations or computers with two or more
independent CPU’s that have the ability to simultaneously execute several
programs.
Q. 18
What is security control?
Security refers to the policies, procedures &
technical measures used to prevent unauthorized
access, alteration, theft or physical damage to information system.
Q. 19
How can we provide security?
Ø
We can
provide security by –
Ø
Access
control
Ø
Firewalls
Ø
Intrusion
detection system (IDS).
Ø
Antivirus
software
Q. 20
What is malicious software?
Malicious software programs are referred to as
malware & include a variety of threats, such as computer viruses, worms,
and Trojan horses.
Q.21
Discuss the term Hackers & Crackers.
A Hacker is an individual who intents to gain
unauthorized access to a computer system. Within the hacking community, the
term cracker is typically used to denote a hacker with criminal intent.
Q. 22
What is E-Commerce? Write down the characteristics of E-commerce.
E-commerce: E-commerce which is short for
electronic commerce. E-commerce is the process used to distribute, buy, sell or
market goods and services and the transfer of funds on online, through
electronic communications or networks:
Characteristics of E-commerce:
Ø
Business
oriented
Ø
Convenient
service
Ø
System
extendable
Ø
Online safety
Ø
Co-ordination
Q. 23
What is the benefit of E-commerce
Benefits of e-commerce are sited below;
Ø
Increase sale
Ø
Decrease cost
Ø
Provide price
quotes
Ø
Increase
profit
Q: 24
write the limitation of e-commerce
Following are the limitation of e-commerce
1. Technical limitation:
Ø
Cost of
technical limitation
Ø
Insufficient
telecommunication bandwidth
2. Non-technical limitation:
Ø
customer
expectation unmet
Ø
Lack of trust
and user resistance.
Q 25.
Write the short Note on:
A) Batch
processing: Batch processing is a
system that takes a set (a batch) or commands jobs executes them and returns
the result all without human intervention.
B)
Distribute processing: A distributed system consists of multiple
autonomous computers that communicate through a computer network.
C) Real
time processing: In a real time
processing there is a continual input, process and output of data. Data has to be processed in a small
stimulated time period (real time), otherwise it will create problem for the
system
D) Time
sharing: Time sharing refers to
the allocation of computer resources in a time dependent fashion to several
programs simultaneously.
E)
Virus: Virus is malicious
software which is a piece of self-replicating code attached to some other code.
F)
Backdoor or Trapdoor: Backdoor is
a secret entry point into a program allows those who know access bypassing usual security procedures.
G)
Zombie: Zombie is a program which
secretly takes over another networked computer.
H) D Dos
attack: D Dos stand for
distributed denial of service in a D Dos attack, hackers flood a network server
or web server with many thousands of false communication or requests for
services to crash network.
I) Worms: A program
that can replicate itself and send copies from computer to computer across
network connections.
J)
Trojan Horse: Trojan horse is a
malicious program when invoked performs some unwanted or harmful functionality.
Chapter - 3
Management of IT
Q 1. Describe the phases of policy
evaluation Process.
The
phases of policy evaluation process are given below;
Ø
Enterprise organizational structure and business process analysis
Ø
System
requirement analysis
Ø
Policy
analysis and translation
Ø
Policy
distribution and enforcement
Ø
Policy monitoring
and maintenance
Ø
Reverse
engineering
Q 2. What are approaches of
organizational management process?
Scholars
have developed three major approaches to organizational process namely
Ø
Working
process
Ø
Behavioral
process and
Ø
change
processes
Q 3. What is information system?
Explain formal informal and CBIS System.
Information system: an information system collect, process, stores,
analyze and disseminates information for specific purpose.
Formal information system: formal information system includes agreed- upon
procedures standard input and output and fixed definition. For example. A
company, accounting system
Informal Information system: Informal information system takes many shapes,
ranging form an office gossip network to a group of friend exchanging letter
electronically etc.
Q4. What is the basic components of
information system
The
basic components of information system are:
Hardware- a set of devices such as monitor, keyboard and
printer
Software- a set of programs that instruct the hardware to
process data
Database- a Collection of related files, tables, relation
and so on
Network- A connecting system that permits the sharing of
resources by different computers
Procedure- A set of instruction about how to combine the
above components in order to process information and generate the desired
output.
People-those individual who work with the system
Q5. what are the fundamental roles
of information system in business;
There
are three vital roles that information system can perform for a business enterprise
Ø
Support of
its business processes and operations
Ø
Support of
decision making by its employees and managers
Ø
Support of
its strategies for competitive advantage
Q6. Discuss about role and efficient
use of information technology
Information
technology plays major role in re engineering most business technologies can
substantially increase efficiency of business process.
Efficient
use of information technology:
a)
Efficient IT
assist with saving money, saving energy, save on cooling, reduces long term
hardware spend, reduce carbon omissions, save space, and avoid infrastructure
upgrades
b)
Save 60% of
PC power consumption by having screen and disk power management , sleep and or
hibernate enable and shutdown at the end of the day etc.
Q7. Describe about information
system infrastructure and architecture.
Infrastructure: an information infrastructure consists of the
physical facilities, service and management that support all shared computing
resources in an organization.
IT architecture: Information technology architecture is a high
level map or plan of the information assets in a organization including the
physical design of the building that holds the hardware.
Q08.
What are components of IT infrastructure?
There
are major four components of the IT infrastructure namely
Ø
Computer
hardware
Ø
Network and
communication facilities
Ø
Data based
and
Ø
Information
management personnel
Q09. What is asset? What are the
characteristics and classification of asset?
A
resource with economic value that an individual, corporation or country owns of
controls with the expectation that it will provide future benefit.
Asset
Characteristics;
Ø
The probable
preset benefit involves a capacity, singly or combination with the other asset
Ø
The entity
can control access to the benefit
Ø
The transaction
or event giving rise to the entity’s right to or control of the benefit has
already occurred.
Q10. What is ITAM? What are
considerations that should be addressed to optimize an ITAM program?
ITAM
(Information technology asset management) is a process to control the day to
day to operation and utilization of IT asset, ensuring that an organization
realizes maximum efficiency from these asset.
To optimize an ITAM program following
consideration should be addressed:
Ø
Link IT to
business objective
Ø
Incorporate
life-cycle process and governance
Ø
Avoid common
mistakes
Q11. How
does ITAM work? What are the benefits of ITAM?
ITAM can help and organization in following ways;
Ø
Control IT
purchases and development
Ø
Eliminate
unnecessary purchase
Ø
Avoid
noncompliance and its associate legal risk
Ø
Compare its
actual with contract terms and purchase history
ITAM benefits:
Ø
reduce IT
Cost
Ø
Ensure
software compliance
Ø
Detect
unauthorized and illegal software
Ø
Improve
productivity
Ø
Align IT with
business goal to support business decision
Q 12. How can you evaluate an IT
management solution?
When
considering an ITAM solution looks for following:
Ø
Efficient and
accurate discovery of all IT assets
Ø
A structured
approach to software discovery across the company with application, suite and
version, recognition for both workstation and server
Q13. What is software? Wjat are the types of software?
Software
involves he collection of computer programs and related data that provide the
instructions telling a computer what to do.
Types of software;
Ø
System software – helps run the computer hardware and computer system
Ø
Programming software- usually provide tools to assist a programmer in
writing computer program
Ø
Application software- allows end user to accomplish one or more
specific task.
Q14. What factor should consider for
implementation regarding global ERP?
There
are five tips or factor to address the organizational complexities of a global
ERP implementation
Ø
Business
process standardization
Ø
Understanding
of local needs
Ø
Rely on your
change agents
Ø
Leverage
performance measures
Ø
Localized
delivery of employee communication and training
Q. 15 What are the barriers for
implementing global ERS?
The
barriers of implementing global ERS are:
- Culture differences
- Inter office polities
- Language barriers and
- Organization complexities
Q. 16 Define code line, code line
policy, environment and branching?
Code line: Source line required to produce software. It
could be a specific product or even a
basic set of code that many of your interest application commonly use.
Code line Policy: A set of instruction, direction and standard for
creation and application of code line. One code line require more stringent
testing.
Environment : The environment is test (development), quality
Assurance (QA) test or production. The test or development environment is used
for developers to test their code.
Branching : The creation of a new code line based upon a
current code line. Branching should only be done when absolutely necessary.
Q. 17 What are requirements to effective
software control for changes?
There
are several requirements to provide effectives software changes control:
- A software version Control (SVC) system or
Source Code Management (SVM)
- Ability to return to earlier states.
- Files should be locked to prevent overwriting
of work
- All developers should have home folder where
they can place their own experimental code outside the main project.
- Each software change request should be
assigned a unique tracking number.
- Stakeholder must be aware of production changes
etc.
Chapter 4
Communication and IT
Q. What is data communication?
Data
communication is the function of transporting from one point to another.
Q.
What is elements/ components of communication systim.
There
are three elements/ components of communication system are sited below. A
sender (source ) which create the message to the transmitted.
A
media which carries the massage.
A
receiver ( destination) which receives the massage.
Q.Classify
data transmission mode.
Or What
is the different data transmission mode.
There are three ways of mode , for transmitting data one point to
another. They are
1.Simplex.
2 Half duplex
3.Full duplex
Q. Define the terms ‘Simplex’ Half
duplex’. Full duplex’.
Simplex: Simplex transmission is one where communication
can take place in only one direction.
Half duplex’ : A half duplex system can transmit data in both
directions but only one direction at a time.
Full duplex: Full duplex system is used that allows
information to flow simultaneously in both directions on the transmission path.
Q. How information is delivered over
a network.
Information
is delivered over a network by three basis methods.
Unicast
.
Broadcast.
Multicast.
Q
Define Unicast Broadcast .and Multicast.
Unicast: Unicast is the type of transmission in which information is sent
only one sender to one receiver.
Broadcast: Broadcast is a type of transmission in which information is sent
from just one computer but is received by all the computers connected to the network.
Multicast: Multicast is the type of transmission system
where there is only one sender and information sent multiple destinations.
Q. What is computer network ?
Ans:
A group to computers and other devices connected together is called computer
network.
Q. Write the classification of
network under geographical area.
Ans: According to geographical area there are
three type of computer network-
Local Area Network (LAN)
Metropolitan Area Network (MAN)
Wide Area Network (WAN)
Q. Define the terms LAN, MAN, WAN.
LAN: LAN stands for Local Area Network. It provides
high speed communication in a
limited area, typically with in a building, like college.
MAN: MAN stands for Metropolitan Area Network. Is
covers a large city or metropolitan area. A MAN typically covers an area
between 5 to 50 KM areas.
WAN: WAN stands for wide are network. It is type of
communication network that covers a wide geographical area such as state or
country.
Q. How computer network can be
classified under structure?
According
to the structure, computer network can be classified in to following three
ways.
- Centralized network
- Distributed network.
- Hybrid network.
Q What are
the benefit of computer network?
Ans:
Computer network provides us many benefits , namely
- Simultaneous access to programs and data.
- Sharing hardware and software .
- Personal communication using e-mail.
- Making back up of information.
- Keep information reliable up to data.
Q. Write down the various devices
used in the network.
Router: A router is a device that forwards data packets
along networks. A router is connected to at least two networks commonly LANs or
WANs and IPS Network.
Switch: A switch is a hardware device that joins multiple
computers together within one local area network.
Repeater: A repeater
is a device that receives a digital signal on an electromagnetic or local area
network
Bridge: A device that connects two LAN or two
segments of the same LAN.
Hub:
A hub is a device where all the entire connecting mediums come together.
Q. How many types of hub are there in?
Ans:
There are three types of hub, namely
- Passive hub
- Active hub
- Intelligent hub.
Q .Write the difference between the
Passive hub ,Active hub, Intelligent hub.
Difference between the Passive hub ,
Active hub, Intelligent hub are sited below.
1. Passive hub do not amplify the electrical
signal.
2.
On the other hand, active hub can perform the amplification of cicatricle.
3.
Intelligent hubs add extra feature to an active hub that
are particular importance to business.
Q .Define Network topology.
Ans:
A network topology is a method to connect various devices such a computer
printer, over a network.
Q. Write down the main type of
topology.
Ans:
There are six different common topology, these are sited below-
1.
Liner bus topology
2.
Ring topology
3.
Star topology
4.
Tree topology
5.
Hierarchical topology
6.
Mesh topology
Q. Define various topologies with
two advantage and disadvantage.
.
Liner bus topology: Liner bus topology
consists of a main run of cable with a terminator at each end. All nodes are
connected to all liner bus.
Advantage:
1. Easy to setup
2. Required less cable than another topology.
Disadvantage:
1.
Entire network shuts down if there is a break in the main cable.
2.
Different to identify the problem if the entire network shuts down.
Ring topology:
Ring
topology is a topology where all devices are connected in a circle which has on
terminator.
Advantage:
- More reliable than star topology
- No data collision
Disadvantage:
- Hardly used now a days
- Slow and need more cable
Star topology
Star
topology is a topology where all devices are connected to a central hub.
Advantage:
- Easy to setup/install.
- One cable can’t crash network.
Disadvantage:
- Need more cable.
- if host computer fails, the entire network
fails.
Tree topology
It
consist of groups star configured workstations connected to a liner bus
backbone cable.
Advantage:
- Point to point wiring for individual
segments.
- Supporting by several hardware and software
venders.
Disadvantage:
- Overall length of each segment is limited by
the type of cabling used.
- If the backbone line breaks the entire
segment goes down.
Hierarchical topology:
The
hierarchical topology is much like the star topology, except that it doesn’t
use a central node.
Mesh topology:
In
a mesh topology cash device is connected to other device in the network by its
own cable.
Advantage:
- Data will always be delivered.
- Much speedy
Disadvantage:
- Very expensive
- Very difficult to setup for small enterprise.
Q. Which matter to be considered for
choosing topology?
The
following matter to be considered before
selecting a topology:
- Reliability of the entire system
- Expendability of the system
- Cost involved
- Availability to communication line
Q. What is network software?
Network
software is data communication software that is responsible for holding all
data communication systems together.
Q. What are the functions of network
software?
There
are several functions of communication software, namely-
- Access control
- Transmission control
- Network management
- Error control
- Security management
Q. What is communication protocol?
In
a data communication, a protocol is set of rules & procedures established
to control transmission between two points so that the receiver a properly
interpret the bit stream transmitted by the sender.
Q. Make a checklist for selecting
accounting software.
Checklist
of questions and key features are:
- Ability to drill down from summary general
ledger data to individual transactions?
- Ability to import & export data to and
from spreadsheet and word processing programs?
- Ability to generate custom report?
- Fast posting of large batches of
transactions?
- Strong security?
- Adequate technical support?
- Retention of historical data and ability to
compare current result to past result?
- Ability to allocate indirect cost to
individual project?
- Ability to flow data forms the program into
your tax software?
Write
some example of different category of accounting sofware/ small business/
personal accounting software:
|
a)ePeachtree
(Best software)
|
b)MYOB
plus for windows (MYOB software)
|
|
c)Quickbooks
online (Intuit)
|
d)Peachtree
complete accounting (Beast software)
|
|
e)Small
business Manager (Microsoft)
|
|
Low
end accounting software:
|
A)Business
Vision 32 (Best software)
|
B)MAS
90 & MAS 200 (Best software)
|
|
C)Quick
books pro 2003 (Intuit)
|
D)CCPAC
pro series(ACCPAC international
|
|
E)Vision
point 2000 (Best software)
|
|
Middle
Market Software
|
a)
ACCPAC Advantage serious Corporate Edition ( Best Software)
|
|
b)
Great Plains (Microsoft) MAS90 & MAS 200 (Best Software)
|
|
c)
Navision (Microsoft)
|
|
d)
South Ware Excellence Serious (South Ware)
|
|
e)
SYSPRO (Suspro USA)e)
|
High
End Accounting Software
|
a)
Axapta ( Microsoft)
|
|
b)
E-Business Suite (Oracle)
|
|
c)
MAS 500 (Best Software)
|
|
d)
Solomon (Microsoft)
|
|
e)
ACCPAC Advantage Series Enterprise Edition (Best Software)
|
Chapter -5
Internal control in computer based business system
Q. 1. What is
internal control?
Internal
control is the processes. It is developed by two auditors to administer unit
effectively. They generally include rules and procedures.
Q. 2. What are the objectives of
internal control regarding assurance?
The
internal control objectives are:
Effectiveness
and efficiency of operation.
Reliability
with applicable laws & regulations.
Compliance
with applicable laws & regulations.
Q.3. what are the processes of
internal control?
The
processes of internal control are:
a.
Provide adherence to laws, regulations and controls
b.
Develop and maintain reliable financial and management data.
c.
Present data accounting in timely reports.
Q.4. How to evaluate internal
control?
To
evaluate internal control they need to establish a framework. This framework
has five key phases required for Sarbanes – Oxley compliance. These are:
1. Define internal control.
2. Organize project team & plan.
3. Evaluate controls at the entity level.
4. Evaluate control at the processes, transaction
and application level.
5. Evaluate, improve & monitor.
Q.5. What are the components of internal control?
There
are five components that are called standard of internal control.
1. Control environment.
2. Risk assessment.
3. Control
4. Information and communication.
5. Review and monitor.
Q.6. How IT control activities can
be categorized?
IT
control activities can be categorized as either general or application
controls. General controls apply to all computerized information
systems-mainframe, minicomputer, network and end user environments. Application
controls apply it the processing of data within the application software.
Q.7. what are the components of
control activity?
The
components of control activity are:
·
Personnel.
·
Authorization
procedures.
·
Segregation
of duties.
·
Physical
restrictions.
·
Documentation
and record retention.
·
Monitoring
operations.
Q.8. what are the limitations of
infernal control?
The
limitations of internal control are.
Ø
Resource
constraint.
Ø
Inadequate
skill, knowledge of ability
Ø
Faulty
judgment.
Ø
Unintentional
errors.
Ø
Degree of
motivation by management and employees.
Q.9. what are the elements of
internal control system?
The
elements of internal control are:
Ø
Separation of
duties.
Ø
Authorization.
Ø
Documentation.
Ø
Reconciliation.
Q.10. why organization needs for
internal control?
An
organization needs internal control to provide greater assurance that they will
achieve, operating, financial reporting and compliance objectives.
Q.11. what is IT control?
IT
controls are specific activities performed by persons of system designed to
ensure that business objectives are met.
Q.12. Define the category of IT
control.
IT
General control: ITGC represent the foundation of the IT control structure.
They help ensure the reliability of data generated by IT systems and support
the assertion that systems operate as intended and that output is reliable.
IT
Application control: IT application or program control are fully-automated
(i.e. performed automatically by the system) designed to ensure the complete
and accurate processing of data, from input though output.
Q.13. what is COBIT?
Control
Objective for Information Technology (COBIT) is a widely-utilized framework
containing best practices for both ITGC and application controls. IT consist of
domains and processes. The four major domains are: plan and organize, acquire
and implement, deliver and support, and monitor and evaluate. It also
recommends best practices and methods of evaluation of an enterprise’s IT
controls.
Q.14. what is COSO?
The
Committee of Sponsoring Organizations of the Tread way Commission (COSO)
identifies five components of internal control: control environment, risk
assessment, control activities, information and communication and monitoring
that need to be in place to achieve financial reporting and disclosure
objective.
Q.15. what are the effects of IT on
internal audit?
The
effects of IT on internal control are:
Changes in
the audit trail and audit evidence.
Changes in
the internal controls environment
New
opportunities and mechanism for fraud and error and
New audit
procedures.
Q.16. what are the main types of IT
audit?
The
main types of IT audit are:
|
a)
Operational computer system audits
|
b)
IT installation audits
|
|
c)
Developing system audits
|
d)
IT management audits
|
|
e)
IT process audits
|
f)
Change management audits
|
|
g)
Information security and control audit
|
h)
IT legal compliance audits
|
|
i)
Certification &other compliance audits
|
j)
IT strategy audits
|
|
k)
Special investigations
|
l)
Disaster contingency, Business continuity planning and IT disaster recovery
audits.
|
Q.17. what is Computer Aided Audit
Techniques (CAATs)?
CAATs
are tools/utilities to help auditors select, gather, analyze and report audit
findings. Starting with the basics, many computer applications have useful
built-in data analysis/audit facilities.
Q.18. what are the responsibility of
management for developing and assessing effectiveness of internal control?
Management
is responsible for establishing and maintaining control to achieve the
objective of effective and efficient operations and reliable information
systems. The information system managers must take systematic and proactive measures
to
v
Develop and
implement appropriate, cost-effective internal control for results-oriented
management.
v
Assess the
adequacy of internal control in programs and operations.
v
Identify
needed improvements.
v
Take
corresponding corrective action and
v
Report
annually on internal control through management assurance statements.
Q.19. Explain the COBIT framework.
COBIT
is a framework of generally applicable information systems security and control
practices for IT control. The framework allows:
Ø
Management to
benchmark the security and control practices of IT environments.
Ø
Users of IT
services to be assured that adequate security and control exist, and
Ø
Auditors to
substantiate their opinions on internal control and to advice on IT security
and control maters.
Q20. What does complete COBIT
package exists?
The
complete COBIT package consists of:
|
a)
Executive summary.
|
b)
Governance and control framework.
|
|
c)
Control objectives.
|
d)
Management guidelines.
|
|
e)
Implementation guide.
|
f)
IT assurance guide.
|
Q. 21 What are the COBIT structures?
COBIT
covers four domains:
Ø
Plan &
Organize
Ø
Acquire &
implement
Ø
Deliver &
support
Ø
Monitor &
evaluate
Q. 22
What are component of information system (IS) internal control?
Information system (IS) internal controls are most
familiar with:
Ø
Accounting
controls
Ø
Operational
controls
Ø
Administrative
controls
Q.23 What are the auditors
categories of controls?
Auditors
categorize the controls into following four groups:
Ø
Preventive
controls
Ø
Detective
controls
Ø
Corrective
controls
Ø
Compensatory
controls
Q. 24 What is audit trail?
Audit
trails are logs that can be designed to record activity at the system,
Application & user level. When properly implemented, audit trails provide
& important detective control to help accomplish security policy
objectives.
Q. 25 What are the objectives of
audit trails?
Audit
trails can be used to support security objectives in three ways:
Ø
Detecting
unauthorized access to the system
Ø
Facilitating
the reconstruction of event
Ø
Promoting
personal accountability
Q. 26 What is the process of error
correction?
The process of error correction is
Identify
all data processing errors that can be identified.
Ø
Determine the
impact data.
Ø
Determine how
errors are corrected.
Ø
Determine the
timeliness of error correction.
Ø
Determine if
the corrected transactions are authorized.
Q. 27 what are key elements of
system development and acquisition controls?
System
development and acquisition control include the following key element:
Ø
Strategic
master plan.
Ø
Project
controls.
Ø
Data
processing schedule.
Ø
System
performance measurements.
Ø
Post-implementation
review.
Q.28 What is system acceptance
testing? What its aims?
Acceptance
testing is a complete end-to-end test of the operational system including all
manual procedures. It aims to provide the system user with confirmation that:
Ø
The user
requirement specification
Ø
End user and
operational documentations is accurate, comprehensive and usable.
Ø
Supporting
clerical procedures work effectively
Ø
Help desk and
other ancillary support functions operate correctly and as expected.
Ø
Back up and
recovery procedures work effectively.
Q. 29 What considerations should be
considered when judging the effectiveness of PIR?
The
following issues should be considered when judging the effectiveness either of
post-implementation review or to from the basis for the auditor to undertake
one.
Ø
Interview
business users
Ø
Interview
security, operations and maintenance staff.
Ø
User
requirement specification determine
Ø
Confirm that
the previous system has been de-commissioned.
Ø
Review system
problem reports and changes proposals.
Ø
Confirm that
adequate internal control have been built into the system.
Ø
Confirm that
an adequate service level agreement has been drawn up and implemented.
Ø
Confirm that
the system is being backed up in accordance with user requirements.
Ø
Review the
business case and determinations.
Q. 30 What are the controls over
system and program changes?
The
controls over system and program changes are following kinds:
Ø
Change
management controls.
Ø
Authorization
controls.
Ø
Documentation
controls.
Ø
Testing and
quality controls.
Q. 31 What may used for control
activities for IT?
We
may use for control activities for IT are following:
Ø
Encryption
tools , protocols or similar features of software application
Ø
Virus
protection software
Ø
Password that
restrict user access to network, data & applications
Q. 32 Why segregation of duties is
needed?
The
segregation of duties is needed for following reasons:
Ø
To protect
employees
Ø
To prevent
& detect intentional & unintentional errors &
Ø
To encourage
better job performance
Q. 33 What are the controls of ITGC?
Information
technology general controls (ITGC) are:
Ø
Control
activities
Ø
Change
management procedure
Ø
Security
polices, standard & processes
Ø
Hardware /
Software configurations
Ø
Technical
support policies & procedures.
Ø
Disaster/
Back-up recovery procedures.
Q. 34 What are the controls of IT
Application?
Information
Technology application controls are:
Ø
Completeness
checks
Ø
Validity
checks
Ø
Identification
Ø
Authentication
Ø
Authorization
Ø
Input
Controls
Q.35 what are the characteristics of
the corrective controls?
The
characteristics of corrective controls are “
Ø
Minimize the
impact of the threat
Ø
Identify the
cause of problem
Ø
Correct error
arising from a problem.
Q. 36 why documentation is needed?
Documentation
is needed for following reasons:
Ø
It provides a
record for each event or activity.
Ø
It ensures
assets are properly controlled.
Ø
Documents
provide evidence of event rally happened.
Ø
It ensures
the accounting & completeness transactions.
Q. 37 what are the authorized
documents for non-payment transactions?
The
following documents are authorized non-payment transactions
Ø
Journal
voucher
Ø
Spread sheet
Ø
Original
entry requiring corrections
Ø
Request for
comments (RFCs).
Q .38 what are authorized documents
for leave and payroll?
The
following documents for leave and payroll:
Ø
Timesheets
Ø
Leave
requests.
Ø
Overtime
authorization.
Ø
Personal
action form (PAF).
Ø
Attendance
calendar.
Q .39. How post implementation
review will complete?
The
post implementation review will be completed by checking following manner:
Ø
Business
objective
Ø
User
expectations
Ø
Technical
requirements
Ø
Timing
Ø
The PIR team
Q .40 what are the controls over
system and program changes?
The
controls over system and program changes are:
Ø
Change
management control
Ø
Authorization
control
Ø
Documentation
control
Ø
Testing and
quality control (Quality control, Quality review)
Q .41 Explain the classification of
information?
The
classification of information is essential if one has to differentiate between
that which is of little value and that which is highly sensitive and
confidential. The classification of data and information are following:
Ø
Top secret-
Security at this level is the highest possible.
Ø
Highly
confidential- Security at this level is very high.
Ø
Proprietary-
Security at this level is controlled but normal.
Ø
Public
documents- Security at this level is minimal.
Q .42 what is data integrity
control?
The
primary objective of data integrity control techniques is to prevent, detect
and correct errors in transactions as they flow through the various stages of a
specific data processing program.
Q.43 Describe different data
integrity controls.
There
are six categories of data integrity controls which are summarized on
following:
|
Control
category
|
Threat/Risk
|
Controls
|
|
Source
data control
|
Invalid,
incomplete or inaccurate source data input
|
Form
design and pre numbered, appropriate authorization, segregation of duties,
visual scanning, check-digit verification etc.
|
|
Input
validation routines
|
Invalid
or inaccurate data in computer processed transaction files.
|
Check
key data, sequence, field, sign, validity, limit, range, reasonableness,
redundant data and capacity check etc.
|
|
On-line
data entry controls
|
Invalid
or inaccurate transaction input entered through on-line terminals.
|
Field,
limit, range, reasonableness, sign, validity and redundant data checks; user
IDs and password, capability test, automatic system data entry, pre
formatting, completeness test etc.
|
|
Data
processing and storage controls
|
Inaccurate
or incomplete data in computer processed master files.
|
Policy
and procedures, monitoring and expediting data entry, reconciliation database
and account or reports, check data currency, default values, data marching,
data security, use labels and write protection mechanism etc.
|
|
Output
controls
|
Inaccurate
or incomplete computer output.
|
Procedures
to ensure that system outputs conform to the organization’s integrity
objectives, polices, and standards, visual review of computer output,
reconciliation of batch totals etc.
|
|
Data
transmission on controls
|
Unauthorized
access to data being transmitted or to the system itself; system failures;
errors in data transmission
|
Monitor
network to detect weak points, backup computers, design network to handle
peak processing, multiple communication paths between network computers,
preventive maintenance, data encryption, routing verification etc.
|
Q.44 How assesses the data integrity
controls?
Assessing
data integrity control involves evaluating the following critical procedures:
Ø
Virus
detection and elimination software is installed and activated.
Ø
Data
integrity and validation controls are used to provide assurance that the
information has not bee altered and the system functions as intended.
Q.45. what is risk? Write the causes
of risk?
A
risk is the likelihood that an organization would face a vulnerability being
exploited or a threat becoming harmful. These risk lead to a gap between the
need to protect systems and the degree of protection applied. The gap is caused
by:
Ø
Widespread
use of technology
Ø
Interconnectivity
of systems
Ø
Elimination
of distance, time and space as constraints
Ø
Unevenness of
technological changes
Ø
Devolution of
management and control
Ø
Attractiveness
of conducting unconventional electronic attacks against organizations
Ø
External
factors such as legislative, legal and regulatory requirement or technological
developments.
Q.46. what is threat and
vulnerability?
Threat: A threat is and action, event or condition where
there is a compromise in the system, its quality and ability to inflict harm to
the organization.
Vulnerability: Vulnerability is the weakness in the system
safeguards that exposes the system to threats. It may be weakness in an
information system, security system or other components that could be exploited
by a threat.
Q.47. what kind of threat to the
computerized environment may arise?
A
few common treats to the computerized environment may be arises:
|
a)
Power loss
|
b)
Communication failure
|
|
c)
Disgruntled employees
|
d)Errors
|
|
e)
Malicious code
|
f)
Abuse of access privileges by employee
|
|
g)
Natural disasters
|
h)
Theft or destruction of computing resources
|
|
i)
Downtime due to technology failure
|
Fire,
etc.
|
Q.48. what kind of threat may arise
due to cyber crimes?
Following
threat may be arise due to cyber crimes:
|
a)
Embezzlement
|
b)
Fraud
|
|
c)
Theft of proprietary information
|
d)
Denial of service
|
|
e)
Vandalism or sabotage
|
f)
Computer virus
|
|
g)
Other
|
|
Q.49. what is risk assessment? Why
it is necessary?
Risk
is a critical step in disaster and business continuity planning. Risk
assessment in necessary for developing a well tested contingency plan. Risk
assessment is the analysis of threats to resources and the determination of the
amount of protection necessary to adequately safeguard the resources.
Q.50. what are the areas to focus
for risk assessment purpose?
The
areas to be focused upon are:
Ø
Prioritization.
Ø
Identifying
critical applications.
Ø
Assessing
their impact on the organization.
Ø
Determination
recovery time-frame.
Ø
Assess
insurance coverage.
Q.51. Explain the risk management
process.
The
board process of risk management will be as follows:
1.
Identify the technology related risks under the range of operational risks.
2.
Assess the identified risks in terms of probability and exposure.
3.
Classify the risks as systematic and unsystematic
4.
Identify various managerial actions that can reduce exposure to systematic
risks and the cost of implementing the same.
5.
Look out for technological solutions available to mitigate unsystematic risks.
6.
Identify the contribution of the technology in reducing the overall risk
exposure.
7.
Evaluate the technology risk premium on the available solutions and compare the
same with the possible value of loss form the exposure.
8.
Match the analysis with the management policy on risk appetite and decide on
induction of the same.
Q.52. Explain the risk management
cycle.
It
is a process involving the following steps:
- Identifying assets.
- Vulnerabilities and threats.
- Assessing the risks.
- Developing a risk management plan.
- Implementing risk management actions.
- Re-evaluating the risks.
Q.53. what are primary functions of
risk assessment?
- Risk identification.
- Risk assessment.
- Risk mitigation.
Q.54. what is business continuity
and disaster recovery planning?
Business
continuity focuses on maintaining the operations of an organization, especially
the IT infrastructure in face of a threat that has materialized.
Disaster
recovery, on the other hand, arises mostly when business continuity plan fails
to maintain operations and there is a service disruption. This plan focuses on
restarting the operation using a prioritized list.
Q.55. what are the areas that
business covers?
Business
continuity covers the following areas:
- Business resumption planning.
- Disaster recovery planning.
- Crisis management.
Q.56 Explain business continuity
life cycle.
The
business continuity life cycle is broken down onto four broad and sequential
sections:
- Risk assessment.
- Determination of recovery alternatives.
- Recovery plan implementation.
- Recovery plan validation.
Q.57.
what are the objectives and goals of business continuity planning?
The
key objective of the plan should be to:
Ø
Provide for
the safety and well-being of people on the premises at the fime of disaster.
Ø
Continue
critical business operations.
Ø
Minimize the
duration of a serious disruption to operations and resources.
Ø
Minimize
immediate damage and losses.
Ø
Establish
management succession and emergency powers.
Ø
Facilitate
effective co-ordination of recovery tasks.
Ø
Reduce the
complexity of the recovery effort.
Ø
Identify
critical lines of business and supporting functions.
Q.58. what are the phases for
developing a business continuity plan?
The
methodology for developing a business plan can be sub divided into eight
different phases which are given bellow:
Ø
Pre-planning
activities (Business continuity plan initiation)
Ø
Vulnerability
assessment and general definition of requirements.
Ø
Business
impact analysis.
Ø
Detailed
definition of requirements.
Ø
Plan development.
Ø
Testing
program.
Ø
Maintenance
program.
Ø
Initial plan
testing and plan implementation.
Q.59. what are different types of
business plan?
There
are various kinds of plan that need to be designed. They include the following:
Ø
Emergency
plan.
Ø
Back-up plan.
Ø
Recovery
plan.
Ø
Disaster
recovery plan.
Ø
Insurance.
Q.60. what are the IS audit
standards?
Information
system audit standards provide audit professionals a clear idea of the minimum
level of acceptable performance essential to discharge their responsibilities
effectively. Some standards are as follows:
|
Year
|
Standards
|
|
1994
|
COSO, coco
|
|
1996
|
HIPAA
|
|
1998
|
BS7799
|
|
2000
|
COBIT
|
Q.61 What are the audit objectives of a computer
information system environment?
Audit
objectives in a computer system environment and elaborates on the following:
Ø
The auditor’s
responsibility in gaining sufficient understanding and assurance on the
adequacy of accounting internal controls.
Ø
The potential
impact of auditing in a CIS on the assessment of control and audit risks.
Ø
The extent to
which the CIS is used for recording, compiling and analyzing accounting
information.
Ø
The system of
internal controls relating it the authorized, complete, accurate and caked
processing and reporting procedures.
Ø
The impact of
CIS accounting system on the audit trail.
Q.62 what is information security?
Why information system security is important?
Security
relates to the protection of valuable assets against loss, discloser or damage.
Security is most important for information system. Adequate information
security helps to ensure the smooth functioning of information systems and
product the organization from loss or embarrassment caused by security
failures.
Q.63 what are the objectives of
information security?
Information
security objective are following-
1.
Confidentiality
2.
Intergrity
3.
Acailability
Q.64 what is information sensitive?
Following
information is sensitive –
Ø
Information
in relation with strategic plans.
Ø
Information
in relation with business operation.
Ø
Information
in relation with Finance.
Q.65
what subject should be considered to establish better information protection?
To establish better information protection
considered followings:
Ø
Not all data
has the same value.
Ø
Know where
the critical data resides.
Ø
Develop an
access control methodology
Ø
Protect
information stored on media.
Ø
Review
hardcopy output.
Q.66
what is ERP?
An Enterprise Resource Planning system is a fully
integrated business management system covering functional areas of an
enterprise like Logistics, Production, Finance,
Accounting and Human resource.
Q.67
what are the benefits of ERP?
ERP solution provide following benefits:
Ø
Integrated
financial systems.
Ø
Standardized
processes.
Ø
Real time
information.
Q.68.
what factor should consider implementing ERP system?
Ans: Where integration and implementation issues
often pop up in these projects includes:
- Corporate culture.
- Process change.
- Enterprise communication.
- Management support.
- Project methodology.
- An ERP team.
- Training.
Q.69.
What is SAP?
Ans: SAP stands for “Systems and Application
Products”. The SAP system is a collection of software performs standard
business functions for corporations. The system has become very popular because
it provides a complete solution to standard business.
Q. 70.
What is SAP R/3 system? How many layer of the SAP R/3 system architecture?
Ans: The SAP R/3 code is written on an
interpretive language called ABAP. ABAP is a German acronym that loosely
translated means “Advance Business Application Programming”. ABAP is very similar
to COBOL in its syntax.
The SAP R/3 system architecture has three layers:
- Presentation layer.
- Application layer.
- Database layer.
