ISA822S - INFORMATION SYSTEMS AUDIT - 2ND OPP - JULY 2025 :: NUST past examination papers between 2021 and 2025

Expand document

Collapse document

ISA822S - INFORMATION SYSTEMS AUDIT - 2ND OPP - JULY 2025

1 Page 1

2 Page 2

3 Page 3

4 Page 4

5 Page 5

6 Page 6

7 Page 7

ISA822S - INFORMATION SYSTEMS AUDIT - 2ND OPP - JULY 2025

1 Page 1

▲back to top

n Am I BI A u n IVER s ITY

OFSCIEnCEAno TECHnOLOGY

QUALIFICATION: POSTGRADUATE CERTIFICATE IN INFORMATICS (INFORMATION SYSTEMS

AUDIT)

QUALIFICATION CODE: 08PGIN

LEVEL: 8

COURSE: INFORMATION SYSTEMS AUDIT

COURSE CODE: ISA822S

DATE: JULY 2025

SESSION: THEORY

DURATION: 3 HOURS

MARKS: 70

SECOND OPPORTUNITY/ SUPPLEMENTARY EXAMINATION QUESTION PAPER

EXAMINER:

Ms. Sinte Mutelo

MODERATOR:

Mr. Paduleni Ndilula

THIS QUESTION PAPER CONSISTS OF 7 PAGES

{Including this front page)

INSTRUCTIONS:

1. Answer ALL the questions.

2. Write clearly and neatly.

3. Number the answers.

PERMISSIBLE MATERIALS:

1. Examination paper.

2. Examination script.

2 Page 2

▲back to top

SECTIONA MULTIPLECHOICE

[20]

1. When developing a risk-based audit strategy, an IS auditor should conduct a risk

assessment to ensure that.

A. Controls needed to mitigate risk are in place

B. Business processes are completed

C. Business rules are achieved

D. Business strategies are in place

2. This is a framework which is developed by ISACA, provides a comprehensive framework

that assists enterprises in achieving their objectives for the governance and management of

enterprise IT

A. COBIT 2019

B. SLA

C. DRP

D. ISACA

3.What is the first step in performing a risk assessment?

A. Risk treatment

B. Risk evaluation

C. Risk response

D. Risk identification

4.The IS scope should outline the:

A. The findings identified by the Auditor

B. The systems in scope, controls to be tested, timelines and objective of the audit

C. The authority of the IS audit function

D. The IS auditors CV

5.What is the outcome of an audit engagement? select the BESTanswer

A. Management comments

3 Page 3

▲back to top

B. Client acceptance letter with an agreement between parties

C. An audit report

D. A follow-up audit

6.The waterfall software development model is appropriate when:

A. Requirements are well defined and do not change.

B. Requirements are constantly changing.

C. Unit tests are performed in iterations.

D. Prototypes are not required.

7.Who should approve the implementation of a system?

A. The receptionist.

B. The CEO.

C. Board members.

D. Project steering committee

8.Which of the following is an example of social engineering?

A. Penetration testing

B. Tailgating

C. VPN

D. Logging

9.Raised floors, fire suppression systems, and air-cooling systems are examples?

A. Access control.

B. Change management.

C. Environmental controls.

D. Voice over IP (VoIP).

10.Which of the following is an outcome of a BIA. Choose the best answer?

A. Backup policy.

4 Page 4

▲back to top

B. Business continuity policy.

C. Risk assessment

D. Recovery strategy

11.A processes and stores sensitive business data.

A. Data centre

B. Data processing

C. CCTV

D. Computer Processor

12.What is considered the MOST critical element for the successful implementation of an

information security program?

A. An effective enterprise risk management (ERM) framework

B. Senior management commitment

C. An adequate budgeting process

D. Meticulous program planning

13.The recovery point objective pertains to?

A. Permissible data loss

B. Service delivery objectives.

C. How long a site can stay down

D. Input thresholds.

14.These are detailed steps and actions that support the policy objectives

A. Procedure

B. Guidelines

C. Standards

D. Policies

15. This is obtained from the audit committeeof the board.

5 Page 5

▲back to top

A. Approval

B. Plan

C. Authentication

D. Budget

16.The procedures performed by an auditor when testing a control should be documented

in a:

A. Working paper

B. Audit charter

C. Management letter

D. None of the above

17.Top management is resonsibile for imolemnting a ............that support efficient and

effective internal control processes.

A. Culture

B. Controls

C. Risks

D. Obectoives

18.An is an overarching document that covers the entire scope of an audit activities in an

entity.

A. Audit Charter

B. Engagement letter

C. Service Level Agreement

D. Data implementation

19.Risk assessment should identify, quantify and prioritise risk agaist criteria for risk ...........

and objectives relevant fo the organisation.

A. appittite

B. scenarios

6 Page 6

▲back to top

C. acceptance

D. None of the above

20.A challenge commonly associated with the Agile development model is

A. Lack of communication.

B. Lack of documentation.

C. Lack of testing.

D. Lack of resources.

7 Page 7

▲back to top

STRUCTURED QUESTIONS

[SO)

QUESTION 2

2.1 List the stages included in the business process flowchart for an IS Audit

[6]

2.2 Distinguish Detective control from Preventative control.

[4]

2.3 Describe the four main types of Controls

[8]

2.4 What are the consequences of IT control Failure

(5]

2.5 What does an IS auditor need to consider while planning an individual audit assignment? [S]

2.6 Discuss what is an Audit process and use a diagram to summarise the input and output

elements of the audit process

(10]

2.7 List and describe some of the benefits of successful implementation of IT Governance

Enterprise in your organsiation.

[6]

2.8 Analyse the activities an IS Auditor plays during auditing the business continuity plan. [6]

End of Examination