 FINAL LIST FOR JUNE-2019

 Read all heading carefully even alternate headings given in this list.
 Don’t take tension we are best (JAAN LAGA DENA).
 Try to write minimum 3 lines in points in own language.
 Read text of these question minimum 3 Times.
 Don’t take tension we are best and thanks for love and respect.
 Jai mata di & jai hind jai bharat.

Concept of Governance and Management of Information Systems

1. As an internal auditor, what shall be your perspective while
evaluating IT Governance of an enterprise? Or Guidance is from
internal and it perspective as issued by The Institute of Internal
Auditors (IIA).
2. Short note on corporate governance.
3. Write short notes on the following with reference to
Governance Dimensions:
 Conformance or Corporate Governance Dimension
 Performance or Business Governance Dimension
4. Seven enablers in COBIT 5 or COBIT 5 enabler
5. Principles of COBIT 5.
6. Sample areas of review for assessing and managing risks.
7. As an IT consultant, elaborate on the major benefits of Governance
to the Management of an enterprise. (It’s not IT governance (u are
IT consultant) Or benefits of governance.
8. The Management of IT related risks is a key part of Enterprise
Governance. Name the key management practices to achieve this
objective. Or Describe key management practices for implementing
risk management. (principle danda baccha)
9. What are the key governance practices that are required to
implement GEIT in an enterprise? (P-7 Text Book)
10.Briefly describe the key management practices provided by COBIT for
ensuring IT compliances. Or what you understand by COBIT and its
practices. Or Key Management Practices of IT Compliance. (PM 18)
11.Discuss the key governance practices for evaluating risk
management. (P-21 Text Book)
12. Explain the key benefits of IT Governance achieved at highest level
in an organization or ‘IT has to provide critical inputs to meet the
information needs of all the stakeholders.’ Define IT Governance
and list out its benefits.
13.The enterprise XYZ limited establishes an IT Steering Committee and
expects the committee to perform certain role. Can you explain the
role of IT Steering committee? Or explain the key functions of IT
Steering Committee in brief.
14.What is the role of IT in enterprise and Discuss different levels of
managerial activity that are carried out in an enterprise? (PM-17)
15.What do you understand by GEIT? Also explain its key benefits of
GEIT.
16.Strategic planning
17.Explain various Risk Management Strategies.

18.Explain the following terms with reference to information Systems:

o Risk
o Threat
o Vulnerability
o Exposure
o Attack
o Countermeasure
o Residual risk
o Likelihood of threat
19.How can we say that COBIT 5 can be customized as per enterprise’s specific
requirement?
20.What do you understand by “Information Systems Risks”? Discuss broadly the
characteristics of risk. RTP MAY 18
21.Discuss the areas, which should be reviewed by Internal Auditors as a part of the
review of Governance, Risk and Compliance (GRC).
22.Discuss COBIT and its components in brief.
23.Status of IT Governance
24. “The success of the process of ensuring business value from the use of IT can be
measured by evaluating the benefits realized from IT enabled investments and services
portfolio and how transparency of IT costs, benefits and risks is implemented.” Explain
some of the key metrics which can be used for such evaluation.
 Information Systems Concepts
1. What is EIS? Explain major characteristics of an EIS. or There is a
practical set of principles to guide the design of measures and
indicators to be included in an EIS’. Explain those principle in brief.
2. What do you understand by MIS? Discuss major characteristics of an
effective MIS. Or ‘There are various constraints, which come in
the way of operating an MIS’. Explain any four such constraints
in brief.
3. Office Automation Systems (OAS) related 3 questions. (Read heading
in memory book carefully) or What are the types of operations into
which the different office activities can be broadly grouped under
office automation systems?
4. What is Decision Support System (DSS)? Explain the key
characteristic of a DSS in brief. (DSS related 3 questions) or “Decision
support systems are widely used as part of an Organization’s
Accounting Information system”. Give examples to support this
statement. OR Discuss various examples of DSS in Accounting. Or
“Decision support systems are widely used as part of an
Organization’s Accounting Information system”. Give examples to
support this statement.
5. What is ERP & it’s Benefits? Or the management of an enterprise
PQR is in lookout of an integrated information system that combines
most of information systems and designed to produce information
and support decision making for different levels of management and
business functions. Suggest the solution and also list its benefits. Or
Discuss different components of ERP (Enterprise Resource Planning)
and its benefits.
6. Describe the major prerequisites of a Management Information
System to make it an effective tool.
7. Briefly describe five major characteristics of the types of information
used in Executive Decision making.
8. Discuss different information system that serve different
organization level. Or Different types of information system.
9. Impact of IT on information systems for different sectors.
10. Discuss various applications of Data Mining.
11. Advantages of information system in business. Or What are the
advantages and important implications of the proposed Information
System for the Company?
12. Explicit and Tacit Knowledge
13. Discuss major areas of Computer-based applications.
14. Differentiate between DSS and Traditional MIS.
15. Differentiate between EIS and Traditional information systems.
16. An owner of a small local store is currently using manual system for
his day to day business activities viz. purchase, sales, billing,
payments receipts etc. In the last few years, turnover of the store is
increased manifold and now it has become increasingly difficult to
handle all these activities manually. You being an IT expert and his
auditor, are requested to suggest which operation support system
will be the most suitable for him. Also, advise him what activities can
be performed by the proposed system and what are the major
limitations of it? (MOCK TEST MAY 17-24B or MAY 14-6B) or What do
you mean by a Transaction Processing System (TPS)? Explain
important features of a TPS. Or What do you understand by
Transaction Processing System (TPS)? Briefly discuss the key activities
involved in a TPS. Or Features & Components of TPS
17. Types of system. Or Closed and open systems
18. Components of information system and activities carried out by
information system.
19. Explain the major points for evaluation of effectives Management
Information System (MIS).
20. Discuss the impact of IT on Information Systems for different
sectors.
21. Briefly explain some of the properties that potential
applications should possess to qualify for an expert system
development. Or Business application of expert system.
22. What do you mean by the term “Information”? Discuss different
attributes of it.
23. Discuss different types of Information Systems.
24. Discuss some IT tools that may prove to be crucial for the
company’s business growth.
25. Core Banking System
 Protection of Information Systems

1. Classification of control on the basis of objective of control.

2. What are the steps involved in ‘Access Control Mechanism’ for Real
time Memory an Virtual time Memory.
3. Five types of information security policy and their hierarchy
relationship. Or discuss various types of Information Security Policies
and their hierarchy. OR Give the hierarchy of information Security
Policies and discuss each one of them.
4. What do you understand by Financial Controls? Explain major financial
control techniques in brief.
5. Objective of control (page 69) (Discuss some of the critical controls
required in a computerized environment.) (it’s just objective of control
so student are advised not to mix this with Classification of control on
the basis of objective of control, both are separate topics) (POP walla)
6. Issues to address or The information Security Policy of an organization
has been defined and documented as given below: “Our organization is
committed to ensure Information Security through established goals
and principles. Responsibilities for implementing every aspects of
specific applicable proprietary and general principles, standards and
compliance requirements have been defined. This is reviewed at least
once a year for continued suitability with regard to cost and
technological changes.” Or Discuss the issues to addressed in ‘Access
control’ under information security policy . (also refer case study in PM)
7. Impact/repercussion of cyber fraud on enterprise.
8. Attributes/Objective of information system security. Or What are
three major attributes of information security? Out of these
attributes, which attribute will be having the highest priority while
developing web based examination portal?
9. Impact of IT on Internal Control. Or Segregation of duty’s. (in impact of it
on internal control.) or What do you understand by the term
“Segregation of Duties”?
10.Discuss Application and Monitoring System Access Controls, in brief. Or
Operating System Access Control mechanism or User access resource
management control.
11.Difference between physical access control and logical access control.
(RTP N-17 Q-23(c))
12.Processing/Communication control/Database (Briefly explain major
 update and report controls with reference to database controls in
brief) required to be reviewed with respect to application controls?
(Application Control also known as user control)
13. ‘Crimes are committed by using computers and can damage the
reputation, morale and even the existence of an organization’. What are
the problems do you think that any organization can face with the result
of computer crimes? Or Computer crime exposure
14.Discuss the Internetworking devices (Bridge, Router and Gateway).
15.Discuss the need for control in IS. (refer august-16 mock test 4 (c) )
16.Write brief about managerial control.
17.Information Technology General Controls (ITGC)
18.What do you understand by classification of information? Explain
different classifications of information. Or As a member of IS steering
committee, how do you classify the information for better integrity and
security.
19.Discuss different means of controlling physical access in an organization.
(complete physical access control i.e. 5 star, reception, bolt, logging of
access) or Locks on doors
20.What are the key components/Content of good security policy?
21.Technical exposure
22.Logical access violator.
23.IS resources from perspective of environment exposures and control?
(RTP N-17 Q-8)
24.You are selected by UVW Limited to review and strengthen Software
Access Control mechanism for their Company. Prepare a report on the
need of boundary controls enlisting major boundary control techniques
to be implemented by them. (MAY 15) OR What do you understand by
Boundary Controls? Explain major boundary control techniques in brief.
25.Field interrogation and data coding control
26.Discuss output controls with reference to Application Control in brief.
27.What is ‘Data Integrity’? Explain six categories of integrity controls in
brief.
28.Major function of senior manager while performing information systems
functions in the organizations.
29. Briefly explain major Data Integrity Policies.
30. What are the ways that can be used for controlling of the remote and distributed data
processing applications?
31. Why is there a need for Quality Assurance Management Controls in enterprises? Or
“Data Resource Management Controls” under Managerial Controls. Or Backup Control
or Security Management Controls
 Business Continuity Planning and Disaster Recovery Planning
1. Backup options or Back-up option sites for Alternate processing facility
arrangements.
2. Explain the various general components of Disaster Recovery Plan. Or Out
of various types of plan are used in business continuity planning. Or
explain the various plans that need to be designed for Business Continuity
Management. Or Types of Plan or Explain the various plans that need to
be designed for business continuity management?
3. Types of backup or backup techniques.
4. Describe contents/document/area of a Disaster Recovery Procedural
Plan Document that the company should possess. Or describe
content of a Disaster Recovery Planning Document. Or Discuss the
major areas that form a part of Disaster Recovery Planning (DRP)
Document.
5. List down the key objectives and goals of Business Continuity
Planning.
6. Describe the methodology of developing a Business Continuity Plan.
Also enumerate its eight phases. Or Name the different phases of
methodology for developing a Business Continuity Plan. What are the
major points on which methodology mainly emphasis on? (Both-Ladki &
Laden) or Discuss all the phases involved in a methodology for
developing a Business Continuity Plan (BCP) (only eight phases).
7. Components of BCM or Stages of BCM process. Or Discuss various
components of Business Continuity Management (BCM) process
8. What do you understand by the term “BCP Manual”? RTP N-17 Q-22 (a)
9. What is the significance of a Business Impact Analysis? Enumerate the
tasks to be undertaken in this analysis. Or what are the tasks you will
undertake to ensure that BCM program is in place, while assessing BIA?
(refer module)
10.What are the elements to be included in the methodology for the
development of Disaster Recovery/ Business Resumption Plan? OR How
an auditor will determine whether the disaster recovery plan was
developed using a sound and robust methodology? Explain. (self in book
P-145)
11.Why documentation is required in Business Continuity Management
(BCM)? Which documents are classified as being part of the BCM system?
12.Discuss the maintenance tasks undertaken in the development of a BCP in
brief. (PM)
13.BCM Implementation
14.While auditing a Disaster Recovery Plan (DRP) for information
technology (IT) assets, what concerns are required to be addressed?
Briefly explain.
15.Objective of BCM (Self from book P-123 or PM 11)
16.Risk assessment or Risk assessment in term of network security.
(P-133 Book)
17.Discuss BCP and it steps with regards to Building, Utilities and
Transportation.
18.Competencies required or developed with training and awareness for
effective BCM
19.Explain the advantages of Business Continuity Management (BCM).
20.An enterprise XYZ implemented a Business Continuity Plan and decided to
get its plan audited. What factors should be verified while auditing or self-
assessment of the enterprise’s Business Continuity Management (BCM)
program?
21.While developing a Business Continuity Plan, what are the key tasks that
should be covered in the second phase ‘Vulnerability Assessment and
General definition of Requirement’?
22.What are the audit tools and techniques used by an IS auditor to ensure
that disaster recovery plan is in order?
 Acquisition, Development and Implementation of Information Systems

1. Explain two primary methods, which are used for the analysis of the
scope of a project in SDLC. (PM 11)
2. Bring out the reasons as to why organization fail to achieve their System
Development Objectives? Or Explain the various user related issues in
achieving the system development objectives. Or What can be the major
Developer-related issues and challenges in achieving the System
Development objectives?
3. Explain ‘Unit Testing’ and its categories that a programmer will
perform on a program unit of the proposed system. Or testing a
program unit is essential before implementing it. Name any four
categories of test; a programmer typically performs on a
programmable unit.
4. What are the major objectives of system requirements analysis phase in
the SDLC? Or List the activities to be performed during the phase of
System Requirement Analysis or List the activities to be performed
during the phase of System Requirement Analysis. (both case (objective
& activity’s) kejriwal election wala )
5. Design of database.
6. As a part of system development team, the system analyst prepare a
document called the System Requirement Specification (SRS).
Describe the contents of SRS for a typical software development. Or
Sections/content SRS
7. As a consultant, suggest the validation methods that may be adopted by
the management of ABC Mall to validate the vendor’s proposal. Or what
may be the major validation methods for validating the vendors’
proposal for developing the Portal?
8. Describe accountants’ involvement in development work in brief. Or
What are the various cost factors that are involved in software
development.
9. Regression testing & integration testing.
10.Explain different changeover strategies used for conversion from old
system to new system. (CS PILOT) or Explain the different conversion
strategies used for conversion from a manual to a computerized system.
OR Describe various strategies for change over from manual system to
computerized system. (PM 19)
11.The top management of company has decided to develop a
computer information system for its operations. Is it essential to
conduct the feasibility study of system before implementing it? If
 answer is yes, state the reasons. Also discuss three different angles
through which feasibility study of the system is to be conducted.
(Write technical, economical and operational. Refer pm q.no. 7) or
difference between economical and operational study.
12.“Feasibility Study is the considered as a backbone of System
Development Life Cycle (SDLC).” Considering this statement; list out
various dimensions of Feasibility Study in SDLC. Or Dimension of
feasibility study (PM 27).
13.What issues you would like to raise during the technical feasibility of new
proposed system?
14.What do you understand by Operational Feasibility? Describe the
questions, which help in testing the operational feasibility of a project.
15.Describe briefly four categories of major tools that are used for system
development.
16.When the existing information system is to be converted into a new
system, what are the activities involved in the conversion process? Or
What activities are involved in system conversion? Explain them briefly.
Or Conversion activity (PM 20)
17.Discuss major strengths/Weakness of ANY Model. or As a person in-
charge of System Development Life Cycle, you are assigned a job of
developing a model for a new system, which combines the FEATURES of
a prototyping model and the waterfall model. Which will be the model
of your choice and what are its strengths and weaknesses? (Answer:-
SPIRAL MODEL if word features use/ incremental in word element use)
18.Discuss important factors that should be considered by the system
analyst while designing user input/output forms of a user-interface. Or
Discuss various issues that should be considered while designing
systems input.
19.Explain the following testing techniques:
a. Black Box Testing
b. White Box Testing
c. Gray Box Testing
20.State and briefly explain the stages of System Development Life Cycle
(SDLC). Or Discuss the activities involved during the System Designing
phase under SDLC (Systems Development Life Cycle).
21.Discuss in detail, how the analysis of present system is made by the
system analyst? or What areas are required to be studied in order to
know about the present system? Write the problems that the ABC Udyog
is presently facing.
22.From the perspective of IS audit, what are the advantages of System
Development Life Cycle?
23.Fact finding techniques
24.Discuss Final Acceptance Testing in brief.
25.Mention different functions of steering Committee under SDLC.
26.According to you as an IS Auditor, what are the validation methods for
approving the vendors‟ proposals?
27.What are the popular implementation strategies that may be used to
convert an old system into new system?
28.Discuss Final Acceptance Testing in brief.
29.Discuss the roles of the following with reference to SDLC: (i) Steering
Committee (ii) System Analyst (iii) Database Administrator (iv) IS
Auditor
30. “A System Development Methodology is a formalized, standardized,
well-organized and documented set of activities used to manage a
system development project.” Prepare a list of the common
characteristics that all these system methodologies will have.
31.Discuss the design principles that are applied to develop the Physical
design of Information Systems.
 Auditing of Information Systems
1. PQR Ltd. is looking for a suitable IS Auditor. Please send an introductory note to
PQR Ltd. explaining your suitability by describing the skill set and the
competence you possess for the job other that your qualification. Or Explain the
set of skills that is generally expected of an IS auditor. Or The company wants to
appoint an IS auditor to conduct audit of the existing Information System. What
are the skill-set that the company generally may lookout in the candidature for
hiring an IS auditor?
2. IS auditors review risks relating to IT systems and processes. Briefly discuss these risks.
Or As an IS auditor, what are the risks reviewed by you relating to IT systems and
processes as part of your functions? Or What are the various functions performed by
an Information Systems’ Auditor?
3. Compared to traditional audit, evidence collection has become more challenging with
the use of computers to the auditors. What are the issues which affect evidence
collection and understanding the reliability of controls in financial audit? (Only
advocate wala) or Discuss the issues relating to the performance of evidence collection
and understanding the reliability of controls. Or Discuss the issues relating to the
performance of evidence collection and understanding the reliability of controls. Or
“Existence of an Audit Trail is a key financial audit requirement since without an audit
trail, the auditor may have extreme difficulty in gathering sufficient, appropriate audit
evidence to validate the figures in the client’s accounts.” Determine the issues through
which the performance of evidence collection and reliability of controls can be
understood?
4. Discuss the points relating to legal considerations and audit standards to be
considered by an IS auditor as a part of his/her preliminary review. Or Let Mr. X is
appointed as an IS auditor of PQR Ltd. and is assigned a task to perform preliminary
review of audit environment. What are the legal considerations and Audit Standards
that he should consider as a part of his preliminary investigation?
5. Explain major types of is audits in brief. Or discuss different categories of information
system audit.
6. Application control & their audit trail (P.M-18)
7. Discuss the Accounting and Operations Audit Trails with respect to
Communication/Input/Processing/Output/Boundary/Database Controls. Or
Discuss the Accounting and Operations Audit Trails of Input Controls under
Application Controls. Or Discuss Boundary Controls and their Audit Trails under
Application Controls. Or Discuss the Accounting and Operations Audit Trails of
Input Controls under Application Controls. Or Discuss the Accounting and
Operations Audit Trails with respect to Communication Controls.
8. Discuss the role of auditors in evaluating the implementation of Security
Management Controls and Operations Management Controls.
9. Objectives of IS audit. or What are the main objectives that an organization can
achieve through Information Systems Auditing?
10. Basic Plan with reference to IS Audit (PM)
11. Management control & their audit trail (P.M-13)
12. Define and elaborate categories of risks that affect a system and taken into
 consideration at the time of assessment or audit of information system.
13. Being an IS Auditor, what are the critical factors that you will consider as a part of your
preliminary review which are going to be critical for your effective audit review? Or
Preliminary review.
14. Discuss Audit Trail. How can it be used to support enterprises’ security objectives?
15. What are the key steps that can be followed for risk based approach to make an
audit plan? Explain in brief. Or “Risk assessment is considered as a critical and
inherent part of the IS Auditor’s planning and audit implementation”. What are
the steps that can be followed by an IS Auditor for a risk based approach while
preparing an audit plan?
16. Discuss the major concerns that an auditor should address in evaluating the
implementation of Programming Management Controls.
17. As an auditor, what do you think are the advantages of using Continuous Audit
Techniques?
18. As an auditor, what do you think are the disadvantages and limitations of using
Continuous Audit Techniques?
19. Steps of IS Audit.
 Information Technology Regulatory Issues

1. Enterprise needs to take various steps to ensure that they comply with
the Cyber Laws of India. List out the steps that they must take to ensure
the compliance. (Super important)
2. What are major provisions on Retention of Electronic Records’ with
reference to Information Technology Act 2000? Explain in brief. (SEC 7) or
to retain their electronic records for specified period, what are the
conditions laid down by Section 7, Chapter III of Information Technology
Act, 2000? Or Or ABC Ltd not aware of importance of and requirement
related to Retention of Electronic Records as per IT act 2008 Please
enlighten them of this. (PM 20)
3. Explain ‘Authentication of Electronic Records’ with reference to Section
3 of Information Technology Act 2000. Or How does the Information
Technology Act 2000 enable the authentication of records using digital
signatures? (PM 3)
4. Discuss Information Technology Infrastructure Library (ITIL) Service
Lifecycle. Or ITIL ALL PARTS
5. Requirements of SEBI for System Controls & Audit (RBI, SEBI, RBI)
(Book page 240-242). (SEBI MOST IMPORTANT)
 ABC Ltd. is a security market intermediary, providing depository
services. Briefly explain the relevant requirements with respect to
annual systems audit mandated by SEBI in this regard. (PM-16)
 The manner of selecting auditors builds confidence among various
stakeholders. Describe SEBI norms for selecting an auditor. (PM 18)
 What are the suggested system controls that should be covered under
IS audit as per the requirement of the Reserve Bank of India?
 Discuss the Audit Report norms set up by SEBI for System Controls and
Audit.
 What are the information that an IS auditor is expected to obtain at
the audit location before proceeding with the IS audit as per the
provision of IRDA?
6. Discuss the main provisions provided in Information Technology
Act 2000 to facilitate e- Governance. (PM 4)
7. What are the provisions given in Information Technology
(Amendment) Act, 2008 for the retention and audit of documents
etc. in electronic form?
8. Phase of ISMS or PDCA cycle or ISO 27001
9. Discuss the provision given in IT (Amendment) Act 2008 that gives
“Power to make rules by Central Government in respect of Electronic
Signature sec 10 of IT act”.
10.How does Information Technology Act, 2000 define the term
Electronic Signature? State under what conditions any electronic
Signature or Electronic Authentication technique shall be considered
reliable as per Section 3A of Information Technology Act, 2000.
11.Discuss Penalty for publishing Electronic Signature Certificate false
in certain particulars under section 73 of Information Technology
Act 2000. (SEC 73) (PM 10)
12. SA 402
13. What is the vision of National Cyber Security Policy 2013? Also explain its major objectives.
14. Describe the ‘Tampering with Computer Source Documents’ in the light of Section 65
of Information Technology Act 2000. (PM 7)
15. Discuss ‘Power of Controller to give directions’ under section 68 of Information
Technology Act 2000. (SEC 68)
16. Discuss Power to issue directions for interception or monitoring or decryption of any
information in any computer resource under Section 69 of Information Technology Act
2000.
17. Section 25 and 26 suspension of license to issue electronic signature certificate?
18. Discuss the provision given in IT (Amendment) Act 2008 that gives power to issue
directions for blocking for public access of any information through any computer
resource?
19. Discuss the provision given in IT (Amendment) Act, 2008 that gives “Penalty for breach
of confidentiality and privacy”.
 Emerging Technologies

1. Discuss “Community Cloud” and its characteristics under Cloud

Computing environment.
2. Limitation/Issues/Security issues in mobile Computing. Or Discuss major
limitations of Mobile Computing.
3. Life cycle of social network.
4. Categories of social network or types
5. What do you understand by the term “Web 3.0”? Discuss its
components, in brief.
6. Implementation issues in cloud computing.
7. Application of Web 2.0
8. Discuss some of the pertinent objectives in order to achieve the goals of
cloud computing. Or discuss the major goals of cloud computing in brief.
9. Cloud computing service model. Or Characteristic of IaaS, PaaS, SaaS or
Different instances of Software as a Service (SaaS) Services or Discuss
different instances of Infrastructure as a Service (IaaS) model in Cloud
Computing.
10.Cloud security issues/Challenge or discuss any four challenges to Cloud
Computing in brief.
11.Advantages of cloud computing.
12.Components of web 2.0 for social network. Or if you consider Web 2.0 as
an ideal platform for implementing and helping social networks to grow,
what are the major components of Web 2.0?
13.What do you understand by Hybrid cloud/Community? Also discuss its
major advantages & characteristic in brief. Or difference between on
premise and outsource private cloud.
14.Discuss the similarities and differences between Cloud Computing and
Grid Computing.
15.What are the emerging threats under “Bring Your Own Device (BYOD)”?
16.Discuss Green Computing Best Practices, in brief.
17.Discuss Cloud Computing architecture.