sohelworld: January 2015

Chapter 1

Information within Organization

Q.1) What is information?

Information is data that has been processed into a form that is meaningful to the recipient.

Data ----> Data transformation ----> Information

Q.2) What are the difference between data and information?

SL. No.	Data	Information
1	Raw, unanalyzed fact figure and events	Useful knowledge derived from the data
2	Unprocessed instruction	If data is processed will become your information
3	Example: If you had a sum, 123+123(data)=246(information)

Q.3) How information system impact organization and business firm?

Information systems have become integral, online interactive tools deeply involved in the minute to minute operations and decision making of large organization.

Q.4) What is Organization?

A social arrangement for the controlled performance of collective goals, which has a boundary it from its environment.

Q.5) Write the quality of high value information?

Information only high value information if it is –

· Relevant

· Reliable

· Clear

· Complete

· Timely

· Right Quality.

Q.6) Why Information is key resource in organization?

Or, Discuss the importance of Information.

Information is key resource in an organization because information is fundamental to the success of any business.

Q.7) What is important attributes of useful and effective information?

The important attribute of useful and effective information are as follows:

· Availability

· Purpose

· Decay

· Frequency

· Completeness

· Reliability

· Cost beneficial

· Validity

· Transparency

· Value of information

Q.8) Why does organization exist?

Organization exist because they-

· Overcome people’s individual limitations.

· Enable people to specialize

· Accumulate and share knowledge.

· Enable people to poll their expertise.

Q.9) How does organization differ?

Organization differs in many ways, such as:

· Ownership

· Control

· Activity

· Size

· Source of finance

Q.10) What is DSS (Decision Support System)?

A decision support system can be defined as a system that provides tools to managers to assist them in solving semi structured and un-structured.

Q.11) What is characteristics / properties of DSS?

The DSS are characteristics by at least three properties-

o The support semi-structured and unstructured decision making

o They are flexible enough

o They are easy to use

Q.12) What is component of DSS?

A decision support system has four basic components. Namely-

· The user

· One of more database

· A planning language

· The model base

Q.13) Give some example of DSS in Accounting.

Following are the examples of DSS in accounting:

· Cost Accounting system

· Capital Budgeting system

· Budget variance analysis system

· General decision support system

Q.14) What type of information systems are used at different levels of management in an organization?

Used of information systems at different levels of management in an organization is sited below:

Management level	Used information system
Top level management	EIS,MIS,DSS
Middle level management	MIS,DSS
Lower level management	TPS

Q.15) What activities are involved in TPS?

A TPS involves the following activities:

Ø Computing data to organization in files or database

Ø Processing of files/ database using application software

Ø Generating information in the form of reporting

Ø Processing of queries from various quarters of the organization.

Q.16) Discuss the type of information?

Information, broadly can be divided into two different types-

v Internal information

v External information

Q.17) What is the different between the passive IS & interactive IS?

Passive information systems	Interactive information systems
Passive information systems are systems that will answer queries based on the data that is held within them, but the data is not altered.	An interactive system is one that data can be entered for processing which may alter the contents of the database.

Q.18) What is management system?

A management information system is software that allows the managements with in a company to access and analyze data.

Q.19) What is knowledge based systems (KBS)?

A is knowledge based system is a system where all the expert human knowledge covering a particular topics is bought together and made available to the user through a computer.

Q.20) Discuss the types of is knowledge based system?

There are three types of is knowledge based system, namely-

· Diagnostic

· Advice giving

· Decision making

Q.21) What is financial reporting system?

Financial reporting involves all the procedures necessary to ensure that the financial performance of a department is clearly and effectively reported on to the relevant authorities.

Q.22) Write the function of financial reporting?

The function performed by financial reporting specialists cover the following areas:

· Undertaking the monthly closure of accounts

· Compiling quarterly reports

· Undertaking the annual closure of accounts

· Compiling overall annual reports

Q.23) What is objective of any financial accounting system?

A primary objective of any financial accounting system is to provide accurate financial statements on a timely basis

Q.24) What is “Pivot Table”?

Pivot table is one of the most powerful analytical tools that are used in spreadsheets.

Q.25) Discuss the terms “Event Triggered”?

Many accounting software products have ability to alert users to predefined financial condition. With such a feature, a CFO can create simple calculation that the accounting software continuously compares against a present values.

Q.26) Write something about the International Financial Reporting Standards (IFRS).

IFRS’s are standards, interpretations and the framework adopted by the International Accounting Standards Board (IASB).

Q.27) Discuss the structure of IFRS?

ü IFRS’s- issued after 1^st April 2001

ü IAS’a Issued before 1^st April 2001

ü Interpretation originated from the IFRIC (International Financial Reporting Interpretation Committee)- issued after 1^st April 2001

ü Standing Interpretation Committee (SIC) Issued before 1^st April 2001

ü Framework for the preparation and presentation of financial statements.

Q.28) Write the qualitative characteristics of financial statement?

A qualitative characteristic of financial statements includes:

Ø Relevance

Ø Reliability

Ø Understandability

Ø Comparability

Q.29) What is framework?

The framework for the preparation and presentation of financial statements state basic principles for IFRS’s

Q.30) Write the element of financial statement.

The elements of financial statement include:

1. Assets

2. Liability

3. Equity

Q.31) Write the elements of income statement.

The element of income statements includes:

1. Income

2. Expenses

Q.32) What is the component of IFRS’s financial statement?

IFRS financial statements consists of:

A statement of financial position

A statement of comprehensive income

A statement of change in equity

A statement of cash flows

Note, including a summary of the significant accounting policies.

Q.33) Define the term ‘Business owner, System owner, Technical owner, System administrator & application administrator?

Business owner:

The business owner is the business executive or leader who is accountable for the primary business functions performance by the Critical Financial Reporting System (SFRS).

System owner:

The system owner is the functional unit leader who is responsible for the Critical Financial Reporting System (SFRS).

Technical owner:

Technical owner is the individual who is responsible for ensuring that the technical information technology components of the CFRS are properly implemented and manage effectively.

System administrator:

System administrator is the individual who is responsible for proper operational configuration management and functioning of one or more information technology components of the CFRS are properly implemented and mange effectively.

Application administrator:

Application administrator is the individual who is responsible for proper operational configuration management and functioning of one or more CFRS applications.

Chapter-2

Information Technology Architecture

Q. 1) What is information system? Classify information system.

Information systems:

Information systems is a mechanism that helps people to collect, store, organize & use information.

Types of information system:

Major type of information systems are:

1.System from a functional perspective:

Sales and marketing system
Manufacturing and production system
Finance and accounting system
Human resources system

2. Systems from a constituency perspective:

Executive Support System (ESS)
Decision Support System (DSS)
Management Information System (MIS)
Transaction Processing System (TPS)

Q. 2) What is Computer system?

Computer system is a collection of some integrated components that woks to accomplish a specific task.

Q. 3) What is Properties of computer system?

A computer system must satisfy the following properties:

Each system consists of several components.
There must be a logical relation between the components.
The components of a system should be controlled in a way such that specific task can be accomplished.

Q. 4) What are the components of computer system?

Following are the components of computer system:

Hardware
Software
Human ware
Date/ Information

Q. 5) What is software? Classify the software according to working principal.

Software:

Software is the collection of computer programs procedures and documentation that performs different tasks on a computer system.

Classification of Software:

According to the working principal, software can be classified into two classes:

System Software.

Application Software.

Q. 6) Classify the system software:

System software can be broadly classified into three classes

Ø System management software

Ø System support software

Ø System development software

Q 7. Write the different type of application software

Some example of application software is sited below

Ø Word processing software

Ø Database Software

Ø Multimedia software

Ø Presentation Software

Ø Enterprise Software. Etc

Q 8. Classify the software according to the commercial perspective.

From the commercial perspective software can be classified into three major classes:

Ø Commercial software – refers to any software that is designed for sale to serve a commercial need .

Ø Freeware/Open source software- freeware is free to use and dose not require any payment from the user

Ø Shareware Software- Shareware is basically “try before you buy” software

Q 9. What is shareware?

Shareware is basically “try before you buy” software.

Shareware is software that is distributed free on a trail basis with the understanding the user may need or want to pay for it alters.

Q 10. Write down the different between shareware and freeware.

Shareware is basically “try before you buy” software. Shareware may just be offering free access for a limited period of time. On the other hand freeware is free to use and dose not repair and payment form the user.

Q 11. What is firmware?

In a computing firmware is software that is embedded in a hardware device. Firmware is defined as: “The computer program in a read only memory (ROM) integrated circuit”.

Q 12. Write the some example of firmware?

Some example of firmware is sited below:

Ø The BIOS found in IBM- compatible personal computers.

Ø RTAS (Run-Time Abstraction Services).

Ø ARCS, used in computers from silicon graphics.

Q. 13 Define data structure?

Data may be organized in many different ways: the logical or mathematical model of a particular organization of data is called a data structure. Such as Array and Record.

Q.14 What do you mean by Data Analysis?

Data analysis is a process in which raw data is ordered and organized so that useful information can be extracted from it.

Q.15 What is data validation? Discuss the validation methods?

Data validation is the process of ensuring that a program operates on clean, correct and useful data.

Method of data validation:

Following are data validation methods:

Ø Allowed character cheek

Ø Consistency cheek

Ø Control totals

Ø Data types cheek

Ø Format or picture cheek

Ø Limit cheek

Ø Logic cheek

Ø Missing data test

Ø Rang cheek

Q.16 What is DBMS? Write down the features of DBMS?

Database Management System (DBMS):

DBMS is a special data processing system or part of a data processing system which aids in the storage, manipulation, reporting, management and control of data.

Features of DBMS:

Feature of DBMS are sited below:

Ø Query ability.

Ø Backup and replication.

Ø Rule enforcement.

Ø Security.

Ø Computation.

Ø Change and access logging.

Ø Automated optimization.

Q.17 What are the different between multiprogramming and multiprocessing?

Multiprogramming:

Multiprogramming is the name given to the interleaved execution of two or more different and independent programs by the same computer.

Multiprocessing:

The term multiprocessing is used to describe interconnected computer configurations or computers with two or more independent CPU’s that have the ability to simultaneously execute several programs.

Q. 18 What is security control?

Security refers to the policies, procedures & technical measures used to prevent unauthorized access, alteration, theft or physical damage to information system.

Q. 19 How can we provide security?

Ø We can provide security by –

Ø Access control

Ø Firewalls

Ø Intrusion detection system (IDS).

Ø Antivirus software

Q. 20 What is malicious software?

Malicious software programs are referred to as malware & include a variety of threats, such as computer viruses, worms, and Trojan horses.

Q.21 Discuss the term Hackers & Crackers.

A Hacker is an individual who intents to gain unauthorized access to a computer system. Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent.

Q. 22 What is E-Commerce? Write down the characteristics of E-commerce.

E-commerce: E-commerce which is short for electronic commerce. E-commerce is the process used to distribute, buy, sell or market goods and services and the transfer of funds on online, through electronic communications or networks:

Characteristics of E-commerce:

Ø Business oriented

Ø Convenient service

Ø System extendable

Ø Online safety

Ø Co-ordination

Q. 23 What is the benefit of E-commerce

Benefits of e-commerce are sited below;

Ø Increase sale

Ø Decrease cost

Ø Provide price quotes

Ø Increase profit

Q: 24 write the limitation of e-commerce

Following are the limitation of e-commerce

1. Technical limitation:

Ø Cost of technical limitation

Ø Insufficient telecommunication bandwidth

2. Non-technical limitation:

Ø customer expectation unmet

Ø Lack of trust and user resistance.

Q 25. Write the short Note on:

A) Batch processing: Batch processing is a system that takes a set (a batch) or commands jobs executes them and returns the result all without human intervention.

B) Distribute processing: A distributed system consists of multiple autonomous computers that communicate through a computer network.

C) Real time processing: In a real time processing there is a continual input, process and output of data. Data has to be processed in a small stimulated time period (real time), otherwise it will create problem for the system

D) Time sharing: Time sharing refers to the allocation of computer resources in a time dependent fashion to several programs simultaneously.

E) Virus: Virus is malicious software which is a piece of self-replicating code attached to some other code.

F) Backdoor or Trapdoor: Backdoor is a secret entry point into a program allows those who know access bypassing usual security procedures.

G) Zombie: Zombie is a program which secretly takes over another networked computer.

H) D Dos attack: D Dos stand for distributed denial of service in a D Dos attack, hackers flood a network server or web server with many thousands of false communication or requests for services to crash network.

I) Worms: A program that can replicate itself and send copies from computer to computer across network connections.

J) Trojan Horse: Trojan horse is a malicious program when invoked performs some unwanted or harmful functionality.

Chapter - 3

Management of IT

Q 1. Describe the phases of policy evaluation Process.

The phases of policy evaluation process are given below;

Ø Enterprise organizational structure and business process analysis

Ø System requirement analysis

Ø Policy analysis and translation

Ø Policy distribution and enforcement

Ø Policy monitoring and maintenance

Ø Reverse engineering

Q 2. What are approaches of organizational management process?

Scholars have developed three major approaches to organizational process namely

Ø Working process

Ø Behavioral process and

Ø change processes

Q 3. What is information system? Explain formal informal and CBIS System.

Information system: an information system collect, process, stores, analyze and disseminates information for specific purpose.

Formal information system: formal information system includes agreed- upon procedures standard input and output and fixed definition. For example. A company, accounting system

Informal Information system: Informal information system takes many shapes, ranging form an office gossip network to a group of friend exchanging letter electronically etc.

Q4. What is the basic components of information system

The basic components of information system are:

Hardware- a set of devices such as monitor, keyboard and printer

Software- a set of programs that instruct the hardware to process data

Database- a Collection of related files, tables, relation and so on

Network- A connecting system that permits the sharing of resources by different computers

Procedure- A set of instruction about how to combine the above components in order to process information and generate the desired output.

People-those individual who work with the system

Q5. what are the fundamental roles of information system in business;

There are three vital roles that information system can perform for a business enterprise

Ø Support of its business processes and operations

Ø Support of decision making by its employees and managers

Ø Support of its strategies for competitive advantage

Q6. Discuss about role and efficient use of information technology

Information technology plays major role in re engineering most business technologies can substantially increase efficiency of business process.

Efficient use of information technology:

a) Efficient IT assist with saving money, saving energy, save on cooling, reduces long term hardware spend, reduce carbon omissions, save space, and avoid infrastructure upgrades

b) Save 60% of PC power consumption by having screen and disk power management , sleep and or hibernate enable and shutdown at the end of the day etc.

Q7. Describe about information system infrastructure and architecture.

Infrastructure: an information infrastructure consists of the physical facilities, service and management that support all shared computing resources in an organization.

IT architecture: Information technology architecture is a high level map or plan of the information assets in a organization including the physical design of the building that holds the hardware.

Q08. What are components of IT infrastructure?

There are major four components of the IT infrastructure namely

Ø Computer hardware

Ø Network and communication facilities

Ø Data based and

Ø Information management personnel

Q09. What is asset? What are the characteristics and classification of asset?

A resource with economic value that an individual, corporation or country owns of controls with the expectation that it will provide future benefit.

Asset Characteristics;

Ø The probable preset benefit involves a capacity, singly or combination with the other asset

Ø The entity can control access to the benefit

Ø The transaction or event giving rise to the entity’s right to or control of the benefit has already occurred.

Q10. What is ITAM? What are considerations that should be addressed to optimize an ITAM program?

ITAM (Information technology asset management) is a process to control the day to day to operation and utilization of IT asset, ensuring that an organization realizes maximum efficiency from these asset.

To optimize an ITAM program following consideration should be addressed:

Ø Link IT to business objective

Ø Incorporate life-cycle process and governance

Ø Avoid common mistakes

Q11. How does ITAM work? What are the benefits of ITAM?

ITAM can help and organization in following ways;

Ø Control IT purchases and development

Ø Eliminate unnecessary purchase

Ø Avoid noncompliance and its associate legal risk

Ø Compare its actual with contract terms and purchase history

ITAM benefits:

Ø reduce IT Cost

Ø Ensure software compliance

Ø Detect unauthorized and illegal software

Ø Improve productivity

Ø Align IT with business goal to support business decision

Q 12. How can you evaluate an IT management solution?

When considering an ITAM solution looks for following:

Ø Efficient and accurate discovery of all IT assets

Ø A structured approach to software discovery across the company with application, suite and version, recognition for both workstation and server

Q13. What is software? Wjat are the types of software?

Software involves he collection of computer programs and related data that provide the instructions telling a computer what to do.

Types of software;

Ø System software – helps run the computer hardware and computer system

Ø Programming software- usually provide tools to assist a programmer in writing computer program

Ø Application software- allows end user to accomplish one or more specific task.

Q14. What factor should consider for implementation regarding global ERP?

There are five tips or factor to address the organizational complexities of a global ERP implementation

Ø Business process standardization

Ø Understanding of local needs

Ø Rely on your change agents

Ø Leverage performance measures

Ø Localized delivery of employee communication and training

Q. 15 What are the barriers for implementing global ERS?

The barriers of implementing global ERS are:

Culture differences
Inter office polities
Language barriers and
Organization complexities

Q. 16 Define code line, code line policy, environment and branching?

Code line: Source line required to produce software. It could be a specific product or even a basic set of code that many of your interest application commonly use.

Code line Policy: A set of instruction, direction and standard for creation and application of code line. One code line require more stringent testing.

Environment : The environment is test (development), quality Assurance (QA) test or production. The test or development environment is used for developers to test their code.

Branching : The creation of a new code line based upon a current code line. Branching should only be done when absolutely necessary.

Q. 17 What are requirements to effective software control for changes?

There are several requirements to provide effectives software changes control:

A software version Control (SVC) system or Source Code Management (SVM)
Ability to return to earlier states.
Files should be locked to prevent overwriting of work
All developers should have home folder where they can place their own experimental code outside the main project.
Each software change request should be assigned a unique tracking number.
Stakeholder must be aware of production changes etc.

Chapter 4

Communication and IT

Q. What is data communication?

Data communication is the function of transporting from one point to another.

Q. What is elements/ components of communication systim.

There are three elements/ components of communication system are sited below. A sender (source ) which create the message to the transmitted.

A media which carries the massage.

A receiver ( destination) which receives the massage.

Q.Classify data transmission mode.

Or What is the different data transmission mode.

There are three ways of mode , for transmitting data one point to another. They are

1.Simplex.

2 Half duplex

3.Full duplex

Q. Define the terms ‘Simplex’ Half duplex’. Full duplex’.

Simplex: Simplex transmission is one where communication can take place in only one direction.

Half duplex’ : A half duplex system can transmit data in both directions but only one direction at a time.

Full duplex: Full duplex system is used that allows information to flow simultaneously in both directions on the transmission path.

Q. How information is delivered over a network.

Information is delivered over a network by three basis methods.

Unicast .

Broadcast.

Multicast.

Q Define Unicast Broadcast .and Multicast.

Unicast: Unicast is the type of transmission in which information is sent only one sender to one receiver.

Broadcast: Broadcast is a type of transmission in which information is sent from just one computer but is received by all the computers connected to the network.

Multicast: Multicast is the type of transmission system where there is only one sender and information sent multiple destinations.

Q. What is computer network ?

Ans: A group to computers and other devices connected together is called computer network.

Q. Write the classification of network under geographical area.

Ans: According to geographical area there are three type of computer network-

Local Area Network (LAN)

Metropolitan Area Network (MAN)

Wide Area Network (WAN)

Q. Define the terms LAN, MAN, WAN.

LAN: LAN stands for Local Area Network. It provides high speed communication in a limited area, typically with in a building, like college.

MAN: MAN stands for Metropolitan Area Network. Is covers a large city or metropolitan area. A MAN typically covers an area between 5 to 50 KM areas.

WAN: WAN stands for wide are network. It is type of communication network that covers a wide geographical area such as state or country.

Q. How computer network can be classified under structure?

According to the structure, computer network can be classified in to following three ways.

Centralized network
Distributed network.
Hybrid network.

Q What are the benefit of computer network?

Ans: Computer network provides us many benefits , namely

Simultaneous access to programs and data.
Sharing hardware and software .
Personal communication using e-mail.
Making back up of information.
Keep information reliable up to data.

Q. Write down the various devices used in the network.

Router: A router is a device that forwards data packets along networks. A router is connected to at least two networks commonly LANs or WANs and IPS Network.

Switch: A switch is a hardware device that joins multiple computers together within one local area network.

Repeater: A repeater is a device that receives a digital signal on an electromagnetic or local area network

Bridge: A device that connects two LAN or two segments of the same LAN.

Hub: A hub is a device where all the entire connecting mediums come together.

Q. How many types of hub are there in?

Ans: There are three types of hub, namely

Passive hub
Active hub
Intelligent hub.

Q .Write the difference between the Passive hub ,Active hub, Intelligent hub.

Difference between the Passive hub , Active hub, Intelligent hub are sited below.

1. Passive hub do not amplify the electrical signal.

2. On the other hand, active hub can perform the amplification of cicatricle.

3. Intelligent hubs add extra feature to an active hub that are particular importance to business.

Q .Define Network topology.

Ans: A network topology is a method to connect various devices such a computer printer, over a network.

Q. Write down the main type of topology.

Ans: There are six different common topology, these are sited below-

1. Liner bus topology

2. Ring topology

3. Star topology

4. Tree topology

5. Hierarchical topology

6. Mesh topology

Q. Define various topologies with two advantage and disadvantage.

. Liner bus topology: Liner bus topology consists of a main run of cable with a terminator at each end. All nodes are connected to all liner bus.

Advantage:

1. Easy to setup

2. Required less cable than another topology.

Disadvantage:

1. Entire network shuts down if there is a break in the main cable.

2. Different to identify the problem if the entire network shuts down.

Ring topology:

Ring topology is a topology where all devices are connected in a circle which has on terminator.

Advantage:

More reliable than star topology
No data collision

Disadvantage:

Hardly used now a days
Slow and need more cable

Star topology

Star topology is a topology where all devices are connected to a central hub.

Advantage:

Easy to setup/install.
One cable can’t crash network.

Disadvantage:

Need more cable.
if host computer fails, the entire network fails.

Tree topology

It consist of groups star configured workstations connected to a liner bus backbone cable.

Advantage:

Point to point wiring for individual segments.
Supporting by several hardware and software venders.

Disadvantage:

Overall length of each segment is limited by the type of cabling used.
If the backbone line breaks the entire segment goes down.

Hierarchical topology:

The hierarchical topology is much like the star topology, except that it doesn’t use a central node.

Mesh topology:

In a mesh topology cash device is connected to other device in the network by its own cable.

Advantage:

Data will always be delivered.
Much speedy

Disadvantage:

Very expensive
Very difficult to setup for small enterprise.

Q. Which matter to be considered for choosing topology?

The following matter to be considered before selecting a topology:

Reliability of the entire system
Expendability of the system
Cost involved
Availability to communication line

Q. What is network software?

Network software is data communication software that is responsible for holding all data communication systems together.

Q. What are the functions of network software?

There are several functions of communication software, namely-

Access control
Transmission control
Network management
Error control
Security management

Q. What is communication protocol?

In a data communication, a protocol is set of rules & procedures established to control transmission between two points so that the receiver a properly interpret the bit stream transmitted by the sender.

Q. Make a checklist for selecting accounting software.

Checklist of questions and key features are:

Ability to drill down from summary general ledger data to individual transactions?
Ability to import & export data to and from spreadsheet and word processing programs?
Ability to generate custom report?
Fast posting of large batches of transactions?
Strong security?
Adequate technical support?
Retention of historical data and ability to compare current result to past result?
Ability to allocate indirect cost to individual project?
Ability to flow data forms the program into your tax software?

Write some example of different category of accounting sofware/ small business/ personal accounting software:

a)ePeachtree (Best software)	b)MYOB plus for windows (MYOB software)
c)Quickbooks online (Intuit)	d)Peachtree complete accounting (Beast software)
e)Small business Manager (Microsoft)

Low end accounting software:

A)Business Vision 32 (Best software)	B)MAS 90 & MAS 200 (Best software)
C)Quick books pro 2003 (Intuit)	D)CCPAC pro series(ACCPAC international
E)Vision point 2000 (Best software)

Middle Market Software

a) ACCPAC Advantage serious Corporate Edition ( Best Software)

b) Great Plains (Microsoft) MAS90 & MAS 200 (Best Software)

c) Navision (Microsoft)

d) South Ware Excellence Serious (South Ware)

e) SYSPRO (Suspro USA)e)

High End Accounting Software

a) Axapta ( Microsoft)

b) E-Business Suite (Oracle)

c) MAS 500 (Best Software)

d) Solomon (Microsoft)

e) ACCPAC Advantage Series Enterprise Edition (Best Software)

Chapter -5

Internal control in computer based business system

Q. 1. What is internal control?

Internal control is the processes. It is developed by two auditors to administer unit effectively. They generally include rules and procedures.

Q. 2. What are the objectives of internal control regarding assurance?

The internal control objectives are:

Effectiveness and efficiency of operation.

Reliability with applicable laws & regulations.

Compliance with applicable laws & regulations.

Q.3. what are the processes of internal control?

The processes of internal control are:

a. Provide adherence to laws, regulations and controls

b. Develop and maintain reliable financial and management data.

c. Present data accounting in timely reports.

Q.4. How to evaluate internal control?

To evaluate internal control they need to establish a framework. This framework has five key phases required for Sarbanes – Oxley compliance. These are:

1. Define internal control.

2. Organize project team & plan.

3. Evaluate controls at the entity level.

4. Evaluate control at the processes, transaction and application level.

5. Evaluate, improve & monitor.

Q.5. What are the components of internal control?

There are five components that are called standard of internal control.

1. Control environment.

2. Risk assessment.

3. Control

4. Information and communication.

5. Review and monitor.

Q.6. How IT control activities can be categorized?

IT control activities can be categorized as either general or application controls. General controls apply to all computerized information systems-mainframe, minicomputer, network and end user environments. Application controls apply it the processing of data within the application software.

Q.7. what are the components of control activity?

The components of control activity are:

· Personnel.

· Authorization procedures.

· Segregation of duties.

· Physical restrictions.

· Documentation and record retention.

· Monitoring operations.

Q.8. what are the limitations of infernal control?

The limitations of internal control are.

Ø Resource constraint.

Ø Inadequate skill, knowledge of ability

Ø Faulty judgment.

Ø Unintentional errors.

Ø Degree of motivation by management and employees.

Q.9. what are the elements of internal control system?

The elements of internal control are:

Ø Separation of duties.

Ø Authorization.

Ø Documentation.

Ø Reconciliation.

Q.10. why organization needs for internal control?

An organization needs internal control to provide greater assurance that they will achieve, operating, financial reporting and compliance objectives.

Q.11. what is IT control?

IT controls are specific activities performed by persons of system designed to ensure that business objectives are met.

Q.12. Define the category of IT control.

IT General control: ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable.

IT Application control: IT application or program control are fully-automated (i.e. performed automatically by the system) designed to ensure the complete and accurate processing of data, from input though output.

Q.13. what is COBIT?

Control Objective for Information Technology (COBIT) is a widely-utilized framework containing best practices for both ITGC and application controls. IT consist of domains and processes. The four major domains are: plan and organize, acquire and implement, deliver and support, and monitor and evaluate. It also recommends best practices and methods of evaluation of an enterprise’s IT controls.

Q.14. what is COSO?

The Committee of Sponsoring Organizations of the Tread way Commission (COSO) identifies five components of internal control: control environment, risk assessment, control activities, information and communication and monitoring that need to be in place to achieve financial reporting and disclosure objective.

Q.15. what are the effects of IT on internal audit?

The effects of IT on internal control are:

Changes in the audit trail and audit evidence.

Changes in the internal controls environment

New opportunities and mechanism for fraud and error and

New audit procedures.

Q.16. what are the main types of IT audit?

The main types of IT audit are:

a) Operational computer system audits	b) IT installation audits
c) Developing system audits	d) IT management audits
e) IT process audits	f) Change management audits
g) Information security and control audit	h) IT legal compliance audits
i) Certification &other compliance audits	j) IT strategy audits
k) Special investigations	l) Disaster contingency, Business continuity planning and IT disaster recovery audits.

Q.17. what is Computer Aided Audit Techniques (CAATs)?

CAATs are tools/utilities to help auditors select, gather, analyze and report audit findings. Starting with the basics, many computer applications have useful built-in data analysis/audit facilities.

Q.18. what are the responsibility of management for developing and assessing effectiveness of internal control?

Management is responsible for establishing and maintaining control to achieve the objective of effective and efficient operations and reliable information systems. The information system managers must take systematic and proactive measures to

v Develop and implement appropriate, cost-effective internal control for results-oriented management.

v Assess the adequacy of internal control in programs and operations.

v Identify needed improvements.

v Take corresponding corrective action and

v Report annually on internal control through management assurance statements.

Q.19. Explain the COBIT framework.

COBIT is a framework of generally applicable information systems security and control practices for IT control. The framework allows:

Ø Management to benchmark the security and control practices of IT environments.

Ø Users of IT services to be assured that adequate security and control exist, and

Ø Auditors to substantiate their opinions on internal control and to advice on IT security and control maters.

Q20. What does complete COBIT package exists?

The complete COBIT package consists of:

a) Executive summary.	b) Governance and control framework.
c) Control objectives.	d) Management guidelines.
e) Implementation guide.	f) IT assurance guide.

Q. 21 What are the COBIT structures?

COBIT covers four domains:

Ø Plan & Organize

Ø Acquire & implement

Ø Deliver & support

Ø Monitor & evaluate

Q. 22 What are component of information system (IS) internal control?

Information system (IS) internal controls are most familiar with:

Ø Accounting controls

Ø Operational controls

Ø Administrative controls

Q.23 What are the auditors categories of controls?

Auditors categorize the controls into following four groups:

Ø Preventive controls

Ø Detective controls

Ø Corrective controls

Ø Compensatory controls

Q. 24 What is audit trail?

Audit trails are logs that can be designed to record activity at the system, Application & user level. When properly implemented, audit trails provide & important detective control to help accomplish security policy objectives.

Q. 25 What are the objectives of audit trails?

Audit trails can be used to support security objectives in three ways:

Ø Detecting unauthorized access to the system

Ø Facilitating the reconstruction of event

Ø Promoting personal accountability

Q. 26 What is the process of error correction?

The process of error correction is

Identify all data processing errors that can be identified.

Ø Determine the impact data.

Ø Determine how errors are corrected.

Ø Determine the timeliness of error correction.

Ø Determine if the corrected transactions are authorized.

Q. 27 what are key elements of system development and acquisition controls?

System development and acquisition control include the following key element:

Ø Strategic master plan.

Ø Project controls.

Ø Data processing schedule.

Ø System performance measurements.

Ø Post-implementation review.

Q.28 What is system acceptance testing? What its aims?

Acceptance testing is a complete end-to-end test of the operational system including all manual procedures. It aims to provide the system user with confirmation that:

Ø The user requirement specification

Ø End user and operational documentations is accurate, comprehensive and usable.

Ø Supporting clerical procedures work effectively

Ø Help desk and other ancillary support functions operate correctly and as expected.

Ø Back up and recovery procedures work effectively.

Q. 29 What considerations should be considered when judging the effectiveness of PIR?

The following issues should be considered when judging the effectiveness either of post-implementation review or to from the basis for the auditor to undertake one.

Ø Interview business users

Ø Interview security, operations and maintenance staff.

Ø User requirement specification determine

Ø Confirm that the previous system has been de-commissioned.

Ø Review system problem reports and changes proposals.

Ø Confirm that adequate internal control have been built into the system.

Ø Confirm that an adequate service level agreement has been drawn up and implemented.

Ø Confirm that the system is being backed up in accordance with user requirements.

Ø Review the business case and determinations.

Q. 30 What are the controls over system and program changes?

The controls over system and program changes are following kinds:

Ø Change management controls.

Ø Authorization controls.

Ø Documentation controls.

Ø Testing and quality controls.

Q. 31 What may used for control activities for IT?

We may use for control activities for IT are following:

Ø Encryption tools , protocols or similar features of software application

Ø Virus protection software

Ø Password that restrict user access to network, data & applications

Q. 32 Why segregation of duties is needed?

The segregation of duties is needed for following reasons:

Ø To protect employees

Ø To prevent & detect intentional & unintentional errors &

Ø To encourage better job performance

Q. 33 What are the controls of ITGC?

Information technology general controls (ITGC) are:

Ø Control activities

Ø Change management procedure

Ø Security polices, standard & processes

Ø Hardware / Software configurations

Ø Technical support policies & procedures.

Ø Disaster/ Back-up recovery procedures.

Q. 34 What are the controls of IT Application?

Information Technology application controls are:

Ø Completeness checks

Ø Validity checks

Ø Identification

Ø Authentication

Ø Authorization

Ø Input Controls

Q.35 what are the characteristics of the corrective controls?

The characteristics of corrective controls are “

Ø Minimize the impact of the threat

Ø Identify the cause of problem

Ø Correct error arising from a problem.

Q. 36 why documentation is needed?

Documentation is needed for following reasons:

Ø It provides a record for each event or activity.

Ø It ensures assets are properly controlled.

Ø Documents provide evidence of event rally happened.

Ø It ensures the accounting & completeness transactions.

Q. 37 what are the authorized documents for non-payment transactions?

The following documents are authorized non-payment transactions

Ø Journal voucher

Ø Spread sheet

Ø Original entry requiring corrections

Ø Request for comments (RFCs).

Q .38 what are authorized documents for leave and payroll?

The following documents for leave and payroll:

Ø Timesheets

Ø Leave requests.

Ø Overtime authorization.

Ø Personal action form (PAF).

Ø Attendance calendar.

Q .39. How post implementation review will complete?

The post implementation review will be completed by checking following manner:

Ø Business objective

Ø User expectations

Ø Technical requirements

Ø Timing

Ø The PIR team

Q .40 what are the controls over system and program changes?

The controls over system and program changes are:

Ø Change management control

Ø Authorization control

Ø Documentation control

Ø Testing and quality control (Quality control, Quality review)

Q .41 Explain the classification of information?

The classification of information is essential if one has to differentiate between that which is of little value and that which is highly sensitive and confidential. The classification of data and information are following:

Ø Top secret- Security at this level is the highest possible.

Ø Highly confidential- Security at this level is very high.

Ø Proprietary- Security at this level is controlled but normal.

Ø Public documents- Security at this level is minimal.

Q .42 what is data integrity control?

The primary objective of data integrity control techniques is to prevent, detect and correct errors in transactions as they flow through the various stages of a specific data processing program.

Q.43 Describe different data integrity controls.

There are six categories of data integrity controls which are summarized on following:

Control category	Threat/Risk	Controls
Source data control	Invalid, incomplete or inaccurate source data input	Form design and pre numbered, appropriate authorization, segregation of duties, visual scanning, check-digit verification etc.
Input validation routines	Invalid or inaccurate data in computer processed transaction files.	Check key data, sequence, field, sign, validity, limit, range, reasonableness, redundant data and capacity check etc.
On-line data entry controls	Invalid or inaccurate transaction input entered through on-line terminals.	Field, limit, range, reasonableness, sign, validity and redundant data checks; user IDs and password, capability test, automatic system data entry, pre formatting, completeness test etc.
Data processing and storage controls	Inaccurate or incomplete data in computer processed master files.	Policy and procedures, monitoring and expediting data entry, reconciliation database and account or reports, check data currency, default values, data marching, data security, use labels and write protection mechanism etc.
Output controls	Inaccurate or incomplete computer output.	Procedures to ensure that system outputs conform to the organization’s integrity objectives, polices, and standards, visual review of computer output, reconciliation of batch totals etc.
Data transmission on controls	Unauthorized access to data being transmitted or to the system itself; system failures; errors in data transmission	Monitor network to detect weak points, backup computers, design network to handle peak processing, multiple communication paths between network computers, preventive maintenance, data encryption, routing verification etc.

Q.44 How assesses the data integrity controls?

Assessing data integrity control involves evaluating the following critical procedures:

Ø Virus detection and elimination software is installed and activated.

Ø Data integrity and validation controls are used to provide assurance that the information has not bee altered and the system functions as intended.

Q.45. what is risk? Write the causes of risk?

A risk is the likelihood that an organization would face a vulnerability being exploited or a threat becoming harmful. These risk lead to a gap between the need to protect systems and the degree of protection applied. The gap is caused by:

Ø Widespread use of technology

Ø Interconnectivity of systems

Ø Elimination of distance, time and space as constraints

Ø Unevenness of technological changes

Ø Devolution of management and control

Ø Attractiveness of conducting unconventional electronic attacks against organizations

Ø External factors such as legislative, legal and regulatory requirement or technological developments.

Q.46. what is threat and vulnerability?

Threat: A threat is and action, event or condition where there is a compromise in the system, its quality and ability to inflict harm to the organization.

Vulnerability: Vulnerability is the weakness in the system safeguards that exposes the system to threats. It may be weakness in an information system, security system or other components that could be exploited by a threat.

Q.47. what kind of threat to the computerized environment may arise?

A few common treats to the computerized environment may be arises:

a) Power loss	b) Communication failure
c) Disgruntled employees	d)Errors
e) Malicious code	f) Abuse of access privileges by employee
g) Natural disasters	h) Theft or destruction of computing resources
i) Downtime due to technology failure	Fire, etc.

Q.48. what kind of threat may arise due to cyber crimes?

Following threat may be arise due to cyber crimes:

a) Embezzlement	b) Fraud
c) Theft of proprietary information	d) Denial of service
e) Vandalism or sabotage	f) Computer virus
g) Other

Q.49. what is risk assessment? Why it is necessary?

Risk is a critical step in disaster and business continuity planning. Risk assessment in necessary for developing a well tested contingency plan. Risk assessment is the analysis of threats to resources and the determination of the amount of protection necessary to adequately safeguard the resources.

Q.50. what are the areas to focus for risk assessment purpose?

The areas to be focused upon are:

Ø Prioritization.

Ø Identifying critical applications.

Ø Assessing their impact on the organization.

Ø Determination recovery time-frame.

Ø Assess insurance coverage.

Q.51. Explain the risk management process.

The board process of risk management will be as follows:

1. Identify the technology related risks under the range of operational risks.

2. Assess the identified risks in terms of probability and exposure.

3. Classify the risks as systematic and unsystematic

4. Identify various managerial actions that can reduce exposure to systematic risks and the cost of implementing the same.

5. Look out for technological solutions available to mitigate unsystematic risks.

6. Identify the contribution of the technology in reducing the overall risk exposure.

7. Evaluate the technology risk premium on the available solutions and compare the same with the possible value of loss form the exposure.

8. Match the analysis with the management policy on risk appetite and decide on induction of the same.

Q.52. Explain the risk management cycle.

It is a process involving the following steps:

Identifying assets.
Vulnerabilities and threats.
Assessing the risks.
Developing a risk management plan.
Implementing risk management actions.
Re-evaluating the risks.

Q.53. what are primary functions of risk assessment?

Risk identification.
Risk assessment.
Risk mitigation.

Q.54. what is business continuity and disaster recovery planning?

Business continuity focuses on maintaining the operations of an organization, especially the IT infrastructure in face of a threat that has materialized.

Disaster recovery, on the other hand, arises mostly when business continuity plan fails to maintain operations and there is a service disruption. This plan focuses on restarting the operation using a prioritized list.

Q.55. what are the areas that business covers?

Business continuity covers the following areas:

Business resumption planning.
Disaster recovery planning.
Crisis management.

Q.56 Explain business continuity life cycle.

The business continuity life cycle is broken down onto four broad and sequential sections:

Risk assessment.
Determination of recovery alternatives.
Recovery plan implementation.
Recovery plan validation.

Q.57. what are the objectives and goals of business continuity planning?

The key objective of the plan should be to:

Ø Provide for the safety and well-being of people on the premises at the fime of disaster.

Ø Continue critical business operations.

Ø Minimize the duration of a serious disruption to operations and resources.

Ø Minimize immediate damage and losses.

Ø Establish management succession and emergency powers.

Ø Facilitate effective co-ordination of recovery tasks.

Ø Reduce the complexity of the recovery effort.

Ø Identify critical lines of business and supporting functions.

Q.58. what are the phases for developing a business continuity plan?

The methodology for developing a business plan can be sub divided into eight different phases which are given bellow:

Ø Pre-planning activities (Business continuity plan initiation)

Ø Vulnerability assessment and general definition of requirements.

Ø Business impact analysis.

Ø Detailed definition of requirements.

Ø Plan development.

Ø Testing program.

Ø Maintenance program.

Ø Initial plan testing and plan implementation.

Q.59. what are different types of business plan?

There are various kinds of plan that need to be designed. They include the following:

Ø Emergency plan.

Ø Back-up plan.

Ø Recovery plan.

Ø Disaster recovery plan.

Ø Insurance.

Q.60. what are the IS audit standards?

Information system audit standards provide audit professionals a clear idea of the minimum level of acceptable performance essential to discharge their responsibilities effectively. Some standards are as follows:

Year	Standards
1994	COSO, coco
1996	HIPAA
1998	BS7799
2000	COBIT

Q.61 What are the audit objectives of a computer information system environment?

Audit objectives in a computer system environment and elaborates on the following:

Ø The auditor’s responsibility in gaining sufficient understanding and assurance on the adequacy of accounting internal controls.

Ø The potential impact of auditing in a CIS on the assessment of control and audit risks.

Ø The extent to which the CIS is used for recording, compiling and analyzing accounting information.

Ø The system of internal controls relating it the authorized, complete, accurate and caked processing and reporting procedures.

Ø The impact of CIS accounting system on the audit trail.

Q.62 what is information security? Why information system security is important?

Security relates to the protection of valuable assets against loss, discloser or damage. Security is most important for information system. Adequate information security helps to ensure the smooth functioning of information systems and product the organization from loss or embarrassment caused by security failures.

Q.63 what are the objectives of information security?

Information security objective are following-

1. Confidentiality

2. Intergrity

3. Acailability

Q.64 what is information sensitive?

Following information is sensitive –

Ø Information in relation with strategic plans.

Ø Information in relation with business operation.

Ø Information in relation with Finance.

Q.65 what subject should be considered to establish better information protection?

To establish better information protection considered followings:

Ø Not all data has the same value.

Ø Know where the critical data resides.

Ø Develop an access control methodology

Ø Protect information stored on media.

Ø Review hardcopy output.

Q.66 what is ERP?

An Enterprise Resource Planning system is a fully integrated business management system covering functional areas of an enterprise like Logistics, Production, Finance,

Accounting and Human resource.

Q.67 what are the benefits of ERP?

ERP solution provide following benefits:

Ø Integrated financial systems.

Ø Standardized processes.

Ø Real time information.

Q.68. what factor should consider implementing ERP system?

Ans: Where integration and implementation issues often pop up in these projects includes:

Corporate culture.
Process change.
Enterprise communication.
Management support.
Project methodology.
An ERP team.
Training.

Q.69. What is SAP?

Ans: SAP stands for “Systems and Application Products”. The SAP system is a collection of software performs standard business functions for corporations. The system has become very popular because it provides a complete solution to standard business.

Q. 70. What is SAP R/3 system? How many layer of the SAP R/3 system architecture?

Ans: The SAP R/3 code is written on an interpretive language called ABAP. ABAP is a German acronym that loosely translated means “Advance Business Application Programming”. ABAP is very similar to COBOL in its syntax.

The SAP R/3 system architecture has three layers:

Presentation layer.
Application layer.
Database layer.

sohelworld

Thursday, January 8, 2015

IT Knowledge Hand Note

About Me