Beruflich Dokumente
Kultur Dokumente
com
questions, the author gives NO ASSURANCE OR
SURETY that any of these questions will be asked in
the exams. Students are advised to cover the entire
syllabus thoroughly to maximize their prospects of
IMPORTANT QUESTIONS scoring well in this subject.
I take this opportunity to wish you All The Very
CA FINAL ‐ ISCA Best!!
Applicable for November 2019 exams ‐ CA Nikunj Shah
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Faith in yourself
Trust in Him
Hope for the best
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 2 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Prologue
My dear students,
It’s your trust and confidence in me that motivates me to take the time and effort to publish “ISCA Important
Question” year after year, for every single attempt. I am indeed grateful for this trust and confidence of
yours. I am happy to share that this is my 12th continuous publication of “ISCA Important Questions” and
the whole journey has been extremely satisfying.
This time, I have only identified and published the ‘descriptive type’ questions that students are required to
answer in the Part B of their question paper. You’ll can be rest assured that these questions are selected
with the same care that I have been doing all these years.
.
For Multiple Choice Questions (MCQs) I have already shared a question bank in ‘Part A’ of “ISCA Important
Questions – May 2019”. Students may continue to refer the same.
Also I must say that May 2019 (immediately previous attempt) was an exception, since limited questions
from “ISCA Important Questions – May 2019” were asked in that exam.
I shall be indeed happy to know of your success. Until then, prepare well, pray hard and above all, have
unshakeable faith in your own self.
And yes, in case you aspire to make a career in professional practice, especially forensic audit & data
analytics, feel free to get in touch with me. I do look forward to welcome you on board as ‘My dear
professional colleague”!
Good Luck & God Bless!!
Warm wishes,
CA Nikunj Shah
Mumbai
November 3, 2019
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 3 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 19 (Immediate Previous Examination)
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 4 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Most likely & likely question sets
Legends:
(**) – Most Likely
(*) – Likely
CH – 1
(**)
Q: What are the sample areas of GRC for Review by Internal Auditors listed by the IIA? (6 Marks)
Q: You are appointed as a member of the IT Steering Committee for IT implementation and deployment
in a large company. What are the major functions of this committee? (6 Marks)
Q: What are the key Governance practices for Risk management in COBIT 5? (5 Marks)
(*)
Q: Short Note: Five principles of COBIT (4 Marks)
Q: Explain key benefits of IT Governance achieved at the highest level in an organization (4 Marks)
Q: What are the common strategies to manage risks / Risk Management Strategies (6 Marks)
Q: Explain the following terms: (2 Marks each)
‐ Vulnerability, Threat, Exposure, Risk, Residual Risk, Counter measure
CH – 2
(**)
Q: ‘MIS supports the managers at different levels to take decisions to fulfill the organizational goals.
Explain the major characteristics of MIS to achieve these goals.’ (6 Marks)
Q: What are the important characteristics of a Computer Based Information Systems (CBIS)? (6 Marks)Q:
Explain any four features of electronic mail (4 Marks)
Q: Briefly describe components of ERP Model? (5 Marks)
Q: There is a practical set of principles to guide the design of measures and indicators to be included in an
EIS. Explain those principles in brief. (6 Marks)
(*)
Q: Briefly discuss components of DSS. How is database implemented at three different levels? (6 Marks)
Q: What are the features of TPS (4 Marks)
Q: Short Note: Knowledge Management Systems (4 Marks)
Q: In what ways does an EIS differ from the Traditional Information System? (5 Marks)
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 5 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
CH – 3
(**)
Q: What do you understand by classification of information? Explain different classification of information.
(6 Marks)
Q: As an IS auditor, what are the output controls required to be reviewed with respect to application
controls? (6 Marks)
Q: What do you understand by financial controls? Explain with examples various financial control techniques
(6 Marks)
Q: Explain briefly the two categories of controls classified on the basis of “Audit Functions” (4 Marks)
Q: What are the major impacts of cyber frauds on an enterprise? (4 Marks)
(*)
Q: Discuss five interrelated components of Internal Control (5 Marks)
Q: What do you understand by Boundary Controls? Explain major Boundary Control techniques in brief (6
Marks)
Q: Do you consider corrective controls as a part of Internal controls? Describe the characteristics of
corrective controls (6 Marks)
Q: What is meant by information security policy? Discuss various types of IS policies and their hierarchies.
(6 Marks)
CH – 4
(**)
Q: What are the objectives of performing BCP tests (4 Marks)
Q: Backup option sites for ALTERNATE PROCESSING FACILITY ARRANGEMENTS.
Q: What is BCM Policy? What are its objectives? (4 Marks)
Q: List out major activities to be carried out in the implementation of a Business continuity Plan (4 Marks)
Q: Briefly explain various types of systems back‐up for the system and data together. (6 Marks)
(*)
Q: Discuss the objectives and goals of Business Continuity planning. (5 Marks)
Q: How an auditor will determine whether the Disaster recovery plan was developed using a sound and
robust methodology (6 Marks)
Q: What are the various components of a Disaster Recovery Plan? (6 Marks)
Q: What is Business Continuity Planning? What are the three areas covered under Business continuity (6
Marks)
Q: Short Note: Business Impact Analysis (4 Marks)
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 6 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
CH – 5
(**)
Q: Explain major strengths and weakness of Spiral model (6 Marks)
Q: From the perspective of IS audit, what are the advantages of system development life cycle? (4 Marks)
Q: Discuss Basic Principles / Advantages / Disadvantages of Rapid Application Development (6 Marks)
Q: Distinguish between Black box testing / Whit Box testing / Grey Box testing (4 Marks)
Q: A variety of tasks during the SDLC are performed by special teams / Individuals. Define in brief the roles
of (i) Systems analyst, (ii) Programmer (iii) Database Administrator (iv) Domain specialists (v) IS Auditor (vi)
Quality Assurance ( 6 Marks)
(*)
Q: Explain the different conversion / changeover strategies used for conversion from a manual to a
computerized system. (5 Marks)
Q: Discuss various stages through which an in‐house creation of programs has to pass (6 marks)
Q: Discuss in detail how analysis of present system is made by the system analyst. (4 Marks)
Q: What is unit testing? Explain five categories of tests that a programmer typically performs on a
program unit (6 Marks)
Q: Many‐a‐times organizations fail to achieve their Systems Development Objectives. Justify the statement
bringing out the reasons (6 Marks)
CH – 6
(**)
Q: Integrated Test Facility (ITF) is one of the continuous audit tool. Explain how ITF is used in continuous
audit by an auditor (6 Marks)
Q: What are the six stages in IS Audit OR You have been appointed as an IS Auditor of a Company. Can you
please explain different steps involved in the conduct of your Information System Audit? (6 Marks)
Q: IS Auditors review risks relating to IT Systems and processes. Briefly discuss these risks (4 Marks)
Q: Discuss various accounting audit trails and operations audit trails of Input controls (6 Marks)
Q: Short Notes: Objectives of IS Audit (4 Marks)
(*)
Q: You have been appointed as an IS Auditor of a Company. Can you please explain different steps involved
in the conduct of your Information System Audit (6 Marks)
Q: ABC is looking for a suitable IS Auditor. Please send an introductory note to ABC Ltd. Explaining your
suitability by describing the skill set and competence you possess for the job other than your qualification.
(4 Marks)
Q: Describe major advantages of continuous audit techniques (4 Marks)
Q: Short Note: Audit Trails (4 Marks)
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 7 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
CH – 7
(**)
Q: Explain the provision related to protection of personal data under ITAA, 2008 (4 Marks)
Q: Explain ‘Authentication of Electronic Records’ with reference to S.3A of ITAA, 2008 (4 Marks)
Q: Describe the power to make rules by central government in respect of electronic signature in the light
of S. 10 of the IT Act (4 Marks)
Q: Define: (i) Affixing digital signature (ii) Asymmetric crypto system (iii) Computer resource (iv) Private and
Public keys (v) Secure system (vi) Computer Networks (6 Marks)
Q: Discuss the provisions related to retention of electronic records as per IT Act, 2008? (6 Marks)
(*)
Q: Describe the ‘Tampering with computer source documents’ in the light of S. 65 of the IT Act (4 Marks)
Q: Discuss the provisions related to punishment for publishing or transmitting "obscene material" in e‐form
(5 Marks)
Q: What are the sample areas that need to be reviewed in an IS Audit assignment as per the requirement
of RBI for Systems Controls and Audit (6 Marks)
Q: What are the requirements of SEBI for systems controls and audit (6 Marks)
Q: What is a “Protected System” under the IT Act? (4 Marks)
CH – 8
(**)
Q: What is cloud computing? What are its characteristics? (6 Marks)
Q: Discuss best practices of Green IT. (4 Marks)
Q: What are the components of Web 2.0 for social networks (6 Marks)
Q: Management wants to know the major challenges in using Cloud Computing technology for running new
web application. Write any five challenges. (5 Marks)
Q: The cloud computing architecture comprises of two parts. Briefly describe these two parts. (4 Marks)
(*)
Q: State some of the well‐identified issues with cloud computing (4 Marks)
Q: State some of the pertinent objectives in order to achieve the goals of cloud computing (4 Marks)
Q: Write Short Note: Cloud v/s. Grid computing (4 Marks)
Q: Describe the various types of Cloud Computing models (6 Marks)
*** Good Luck & God Bless!! ***
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 8 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – Nov. 18
Chapter No. Question in ISCA Important Questions – Nov. 18 Q. No. & Marks asked
for in Nov. 18
Q. No. Marks
1 COBIT 5 has a specific process “MEA02 Monitor, Evaluate 5(a) 6 marks
and Assess the system of Internal Controls.” Discuss in brief
any 6 key practices for assessing and evaluating the system
of Internal Control in an enterprise based on this process.
1 What goal & metrics can be used to measure specific success 2(b) 6 marks
of a GRC program?
1 Discuss the Key Management Practices for Aligning IT 4(b) 6 marks
Strategy with Enterprise Strategy?
3 What do you understand by asynchronous attacks? Briefly 6(c) 4 marks
explain some forms of asynchronous attacks.
3 Explain the major kinds of cyber‐attacks? 3(a) 6 marks
6 State some of the critical factors which should be considered 2(a) 6 marks
by an IS Auditor as a part of his / her preliminary review of
audit environment during an IS Audit
7 Explain ‘Authentication of Electronic Records’ with 4(a) 6 marks
reference to S.3A of ITAA, 2008
8 What is BYOD? Explain it’s advantages and threats 7(c) 4 marks
Total Marks asked for out of ISCA Important Questions – Nov. 18 44 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 9 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 18
Chapter No. Question in ISCA Important Questions – May 18 Q. No. & Marks asked
for in May 18
Q. No. Marks
1 What are the benefit of COBIT 5? 3(a) 6 marks
3 Discuss five interrelated components of Internal Control 1(c) 5 marks
3 Briefly explain major data integrity policies 5(a) 6 marks
4 What are the objectives of performing BCP tests 6(c) 4 marks
6 Short Note ITF 3(b) 6 marks
[Integrated Test Facility (ITF) is one of the continuous audit
tool. Explain how ITF is used in continuous audit by an
auditor]
6 What are the six stages in IS Audit 2(a) 6 marks
[You have been appointed as an IS Auditor of a Company.
Can you please explain different steps involved in the
conduct of your Information System Audit]
7 Explain the provision related to protection of personal data 3(b) 2 marks
under ITAA, 2008
8 Discuss components of mobile computing 5(b) 6 marks
Total Marks asked for out of ISCA Important Questions – May 18 41 Marks
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 10 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – Nov. 17
Chapter No. Question in ISCA Important Questions – Nov. 17 Q. No. & Marks asked
for in Nov 17
Q. No. Marks
1 What are the sample areas of GRC for Review by Internal 3(a) 6 marks
Auditors listed by the IIA?
2 Explain any four features of electronic mail 2 (c) 4 marks
3 As an IS auditor, what are the output controls required to 6 (c) 4 marks
be reviewed with respect to application controls?
4 What is Business Continuity Planning? What are the three 5 (c) 4 marks
areas covered under Business continuity
5 Discuss in detail how analysis of present system is made by 1 (a) 5 marks
the system analyst.
5 Discuss Basic Principles / Advantages / Disadvantages of 6 (a) 6 marks
Rapid Application Development
7 Define: (i) Affixing digital signature (ii) Asymmetric crypto 4 (b) 6 marks
system (iii) Computer resource (iv) Private and Public keys
(v) Secure system (vi) Computer Networks
Total Marks asked for out of ISCA Important Questions – Nov 17 35 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 11 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 17
Chapter No. Question in ISCA Important Questions – May 17 Q. No. & Marks asked
for in May 17
Q. No. Marks
1 You are appointed as a member of the IT Steering 2(a) 6 marks
Committee for IT implementation and deployment in a
large company. What are the major functions of this
committee?
8 The Cloud computing Architecture comprises of two parts. 2(c) 4 marks
Briefly describe these two parts
4 List out the major activities to be carried out in the 3(c) 4 marks
implementation of a Business Continuity Plan
6 Describe the categories of Information Systems Audit 4(a) 6 marks
6 IS Auditors review risks to IT systems and processes. Briefly 4(c) 4 marks
discuss these risks.
7 Discuss “Authentication of Electronic Records” with 5(a) 6 marks
reference to the IT Act.
7 What is a “Protected System” under the IT Act? 5(c) 4 marks
Total Marks asked for out of ISCA Important Questions – May 17 46 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 12 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – Nov. 16
Chapter No. Question in ISCA Important Questions – Nov. 16 Q. No. & Marks asked
for in Nov. 16
Q. No. Marks
5 What are the characteristics of a good program code? 3(a) 6 marks
6 Discuss the ways Audit trails can be used to support security 3(b) 6 marks
objectives. [Short Note: Audit Trails]
2 Briefly describe the characteristics of the types of 4(a) 6 marks
information used in Executive Decision making.
1 Explain key benefits of IT Governance achieved at the 4(b) 6 marks
highest level in an organization
5 A variety of tasks during the SDLC are performed by special 6(b) 6 marks
teams / Individuals. Define in brief the roles of (i) Systems
analyst, (ii) Programmer (iii) Database Administrator (iv)
Domain specialists (v) IS Auditor (vi) Quality Assurance [Role
of Domain Specialist in Systems Development]
4 What are the various types of Backups? 7(a) 4 marks
Total Marks asked for out of ISCA Important Questions – Nov. 16 34 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 13 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 16
Chapter No. Question in ISCA Important Questions – May 16 Q. No. & Marks asked
for in May 16
Q. No. Marks
7 What are the various sample areas that need to be reviewed 1(c) 5 marks
by IS Audit assignment as per the requirement of RBI for
Systems controls and Audit? (6 Marks)
6 ABC is looking for a suitable IS Auditor. Please send an 3(b) 6 marks
introductory note to ABC Ltd. Explaining your suitability by
describing the skill set and competence you possess for the
job other than your qualification.
3 State various types of Application Subsystem and briefly 4(a) 6 marks
describe those.
(Describe how application controls and their audit trail are
categorized)
8 Describe the major components of Web 2.0 for social 4(c) 4 marks
networks.
6 As an IS auditor of a company, you want to use SCARF 5(a) 6 marks
technique for collecting some information, which you want
to utilize, for discharging some of your functions. Briefly
describe the type of information that can be collected
through the use of SCARF technique.
5 Feasibility study is an important aspect of System 5(c) 4 marks
Development Life Cycle (SDLC). Explain the dimensions,
which are evaluated for this study.
Total Marks asked for out of ISCA Important Questions – May 16 43 Marks
Analysis of ISCA Important Questions – Nov. 15
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 14 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Chapter No. Question in ISCA Important Questions – Nov. 15 Q. No. & Marks asked
for in Nov. 15
Q. No. Marks
8 If the employees of the company are allowed to use Q:1 (a) 5 Marks
personal device, such as laptop, smartphones, tablets, etc.,
to connect and access the data, what could be the security
risks involved? Classify and elaborate such risks.
Q: What are the various BYOD Threats
8 What are the advantages of using Cloud Computing Q:1 (b) 5 Marks
environment?
6 In this company, what are your functions as an IS auditor? Q:1 (c) 5 Marks
Q: What are the risks relating to IT systems and processes
reviewed by the IT auditors?
2 ‘MIS Supports the managers at different levels to take Q:2 (a) 6 Marks
decisions to fulfill the organizational goals. Explain the major
characteristics of MIS to achieve these goals.’
Q: What is MIS? Describe any six characteristics of an
effective MIS
4 Explain the various plans that need to be designed for Q: 2 (b) 6 Marks
Business Continuity Management?
Q: What are the various components of a Disaster Recovery
Plan?
1 Briefly describe the key management practices provided by Q:3 (c) 4 Marks
COBIT 5 for ensuring IT compliances.
3 As a member of IS Steering committee, how do you classify Q: 4 (c) 4 Marks
the information for better integrity and security?
Q: What do you understand by classification of information?
Explain different classification of information
3 What is meant by Information Security policy? Q:5 (a) 3 Marks
Q: Short Note: Information Security Policy
7 Describe the service strategy of ITIL framework Q: 6 (c) 4 Marks
Q: Short Notes: Any one Book of ITIL
6 Short Notes: Objectives of IS Audit Q: 7 (a) 4 Marks
2 Short Notes: Components of ERP Model? Q: 7 (e) 4 Marks
Total Marks asked for out of ISCA Important Questions – Nov. 15 50 Marks
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 15 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 15
Chapter No. Question in ISCA Important Questions – May 15 Q. No. & Marks asked for
in May 15
Q. No. Marks
4 What are the tasks that you will undertake to ensure that Q:1 (b) 5 Marks
BCM program is place while assessing the BIA
8 Management wants to know the major challenges in using Q:1 (c) 5 Marks
Cloud Computing technology for running new web
application. Write any five challenges.
5 Many‐a‐times organizations fail to achieve their Systems Q:3 (a) 6 Marks
Development Objectives. Justify the statement bringing out
the reasons
3 Do you consider corrective controls as a part of Internal Q:4 (a) 6 Marks
controls? Describe the characteristics of corrective controls
6 Different auditors go about IS auditing in different ways. Q:4 (b) 6 Marks
Despite this, IS Audit process can be categorized into broad
categories. Discuss the statement explaining broad steps
involved in the process
1 Discuss the Key Management Practices for Aligning IT Q: 6 (a) 6 Marks
Strategy with Enterprise Strategy?
1 Short Note: Five principles of COBIT Q:7 (a) 4 Marks
4 Short Note: Backup option sites for ALTERNATE PROCESSING Q: 7 (c) 4 Marks
FACILITY ARRANGEMENTS.
Total Marks asked for out of ISCA Important Questions – May 15 42 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 16 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – Nov. 14
Chapter Question in ISCA Important Questions – Nov. 14 Q. No. & Marks asked for
No. in Nov. 14
Q. No. Marks
1 What is IT Governance? What are the benefits of IT Q:3 (c) 4 Marks
governance?
6 As an IS auditor, what are the output controls required to be Q:4 (a) 6 Marks
reviewed with respect to application controls?
1 What are the key management practices for assessing and Q:4 (b) 6 Marks
evaluating internal controls per “MEA 02 Monitor, Evaluate
and Assess the System of Internal Control”
7 What are the four phases of implementation of ISMS? Q: 4 (c) 4 Marks
3 What are the repercussions of cyber frauds on an enterprise? Q: 5 (c) 4 Marks
6 Compared to traditional audit, evidence collection has Q: 6 (a) 6 Marks
become more challenging with the use of computers to the
auditors. What arethe issues which affect evidence collection
and understanding the reliability of controls in financial
audit?
3 Short Note: Internal Controls as per COSO Q:7 (b) 4 Marks
1 Short Note: Risk, Vulnerability and Threat Q:7 (c) 4 Marks
4 Short Note: Types of backups Q:7 (d) 4 Marks
5 Short Note: Design of Database Q:7 (e) 4 Marks
Total Marks asked for out of ISCA Important Questions – Nov. 14 46 Marks
Disclaimer: Past performance may not be repeated.
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 17 of 18
ISCA Important Questions – November 2019 CA Nikunj Shah – shahnikunjca@gmail.com
Analysis of ISCA Important Questions – May 14
Chapter Question in ISCA Important Questions – May 14 Q. No. & Marks asked for
No. in May 14
(per old Q. No. Marks
syllabus)
2 Q: Write short note: “Systems Requirement Specifications Q: 1(a) 5 Marks
(SRS)”
5 Explain the threats due to cyber crimes Q:4(a) 6 Marks
1 Describe the main pre‐requisites of a Management Q:5(a) 6 Marks
Information System which makes it an effective tool.
10 Explain the provisions that restrict liabilities of Network Q:5(c) 4 Marks
service providers (Intermediaries) in the ITAA, 2008
3 Explain with examples various financial control techniques Q:6(a) 6 Marks
4 Define and explain the SCARF / CIS methodology Q:7(a) 4 Marks
5 Short Note: Risk Assessment Q:7(c) 4 Marks
8 Short Note: COBIT Enablers Q:7(6) 4 Marks
Total Marks asked for out of Important Questions – ISCA May 14 39 Marks
Disclaimer: Past performance may not be repeated.
*** Good Luck & God Bless!! ***
Data Analytics & Forensic Audit | www.dafi.in |Training & Consulting
Page 18 of 18