Solved Scanner App endix - sauda.com Syllabus... · Therefore, there is near immediate input...

SolvedScanner Appendix

CS Professional Programme M - II (New Syllabus)

(Solutions of December - 2014)

Paper - 4: Information Technology and Systems Audit

Chapter - 1: Information Technology Law2014 - Dec [1] (a)Digital signatures are data block appended to a file or message (or acomplete encrypted file or message) such that the recipient can authenticatethe file or message contents and/or prove that it could only have originatedwith the purported sender.A digital signature is a technique used to validate the authenticity andintegrityof a message, software or digital document. It is the equivalent to ahandwritten signature or stamped seals in digital form, but offers far moreinherent security. It is intended to solve the problem of tampering andimpersonation in digital communications.Certifying Authority has been granted license to issue a Digital SignatureCertificate under section 24 of Information Technology Act.A Certifying Authority may revoke a Digital Signature Certificate issued by it:(a) where the subscriber or any other person authorized by him makes a

request of that effect; or (b) upon the death of the subscriber, or(c) upon the dissolution of the firm or winding up of the company where the

subscriber is a firm or a company.Certifying Authority may also revoke a Digital Signature Certificate which hasbeen issued by it any time, if it is of opinion that:(a) a material facts represented in the Digital Signature Certificate is salse

or has been concealed;(b) a requirement for issuance of the Digital Signature Certificate was not

satisfied;

Solved Scanner Appendix CS Prof. Prog. M-II Paper-4 (New Syllabus) 2

(c) the Certifying Authority’s private key or security system wascompromised in a manner materially affecting the Digital SignatureCertificate’s reliability;

(d) the subscriber has been declared insolvent or dead or where asubscriber is a firm or a company, which has been dissolved, wound-upor otherwise ceased to exist.

2014 - Dec [2] (a) (i), (ii)(i) Section 2(1)(j) defines ‘Computer network’ as the interconnection of

one or more computers through -C The use of satellite, microwave, terrestrial line or other

communication media; andC Terminals or a complex consisting of two or more interconnected

computers whether or not the interconnection is continuouslymaintained.

(ii) As per section 61 of the Information Technology Act, 2000, no courtshall have jurisdictions to entertain any suit or proceeding in respectof any mater which an adjudicating officer appointed under this Act orthe Cyber Appellate Tribunal (CAT) constituted under this Act isempowered by or under this Act. Further, no injuction shall be grantedby any court or other authority in respect of any action taken or to betaken in pursuance of any power conferred by or under this Act.As per section 62 of the Information Technology Act, any personaggrieved by any decision or order of the Cyber Appellate Tribunalmay file an appeal to the High Court within sixty days from the date ofcommunication of the decision or order of the Cyber Appellate Tribunalto him, on any question of fact or law arising out of such order.Provided that the High Court may, if it is satisfied that the appellantwas prevented by sufficient cause from filing the appeal within the saidperiod, allow the appeal to be filed within a further period notexceeding sixty days.

2014 - Dec [2] (b) (i), (ii)(i) Compensation for failure to protect data: As per Section 43A of IT

Act, 2000 as amended, where a body corporate, possessing, dealingor handling any sensitive personal data or information in a computer


resource which it owns, controls or operates, is negligent inimplementing and maintaining reasonable security practices andprocedures and thereby causes wrongful loss or wrongful gain to anyperson, such body corporate shall be liable to pay damages by way ofcompensation to the person so affected.

(ii) Punishment for Violation of privacy: As per Section 66E of the ITAct, 2000 as amended whoever, intentionally or knowingly captures,publishes or transmits the image of a private area of any personwithout his or her consent, under circumstances violating the privacyof that person, shall be punished with imprisonment which may extendto three years or with fine not exceeding ` 2 lakh, or with both.

2014 - Dec [3A] (Or) (i)The Cyber Appellate Tribunal shall have, for the purposes of discharging itsfunctions under this Act, the same powers as are vested in a Civil Courtunder the Code of Civil Procedure, 1908, while trying a suit, in respect of thefollowing matters, namely:(a) summoning and enforcing the attendance of any person and examining

him on oath;(b) requiring the discovery and production of documents or other electronic

records;(c) receiving evidence on affidavits;(d) issuing commissions for the examination of witnesses of documents;(e) reviewing its decisions;(f) dismissing an application for default or deciding it ex-parte; (g) any other matter which may be prescribed.Chapter - 2: Information Systems2014 - Dec [1] (b)Generally human, financial, physical and knowledge factors that provide acorporate the means to perform its business processes are considered ascorporate resources.Information can be considered as the raw material used in producing eachand every decision taken in an organization. Organizations need to decideregularly on what objectives to be achieved, what actions to be taken toachieve these objectives, how and when these actions are to be taken and


the resources to be used for all these activities. These decisions are takenby all the people in the organization who work at different level oforganizational hierarchy and handle different aspect of the organizationalwork.The exact decision that in individual takes varies from person to person andfrom time to time, depending on nature of organizational tasks beingperformed. Also some people need to do more of decision making ascompared to implementing the decisions. But everyone in the organizationneeds has to takes some decisions for which availability of adequateinformation is critical.Information is also required to convey decisions taken to the peopleresponsible for implementing the decisions taken and for monitoring theactual results achieved as the work progresses. In want of information manydecisions cannot be taken and in some cases it results into poor decisions.Therefore information is acting as a resource, which should be managed, sothat needy people may get it in time when required. In this way informationplays a role of corporate resource in every organization. Like any otherresource it need to be formalized, must have some identified andsystematize way of generation and dissemination.2014 - Dec [2A] (Or) (iv)Transaction Processing Systems (TPS)As the name implies, Transaction Processing Systems (TPS) are designedto process routine transactions efficiently and accurately. A business willhave several (sometimes many) TPS; for example: Billing systems to sendinvoices to customers. Systems to calculate the weekly and monthly payrolland tax payments, Production and purchasing systems to calculate rawmaterial requirements, Stock control systems to process all movements into,within and out of the business etc.Management Information Systems (MIS)An organized approach to the study of the information needs of anorganization’s management at every level in making operational, tactical andstrategic decisions. Its objective is to design and implement procedures,processes and routines that provide suitably detailed reports in an accurate,consistent and timely manner.


It is mainly concerned with internal sources of information. MIS usually takedata from the transaction processing systems and summarize it into a seriesof management reports. MIS reports tend to be used by middle managementand operational supervisors.Executive Support Systems (EIS)An executive information system (EIS) is a type of management informationsystem intended to facilitate and support the information anddecision-making needs of senior executives by providing easy access to bothinternal and external information relevant to meeting the strategic goals ofthe organization. It is commonly considered as a specialized form of decisionsupport system (DSS).2014 - Dec [3A] (Or) (ii)It is a group of software development methods based on iterative andincremental development, where requirements and solutions evolve throughcollaboration between self-organizing, cross-functional teams. It promotesadaptive planning, evolutionary development and delivery, a time-boxediterative approach and encourages rapid and flexible response to change. Itis a conceptual framework that promotes foreseen interactions throughoutthe development cycle. Agile technology is being widely used by theorganization in developing information system now a days and it is resultingin various advantages.Agile methods break tasks into small increments with minimal planning anddo not directly involve long-term planning. Iterations are short time frames(time boxes) that typically last from one to four weeks. Each iteration involvesa team working through a full software development cycle, includingplanning, requirements analysis, design, coding, unit testing and acceptancetesting when a working product is demonstrated to stakeholders.This minimizes overall risk and allows the project to adapt to changesquickly. Stakeholders produce documentation as required. Iteration might notadd enough functionality to warrant a market release, but the goal is to havean available release (with minimal bugs) at the end of iteration. Multipleiterations might be required to release a product or new features.Team is usually cross-functional and self-organizing and members takeresponsibility for tasks that deliver the functionality iteration requires. Theydecide individually how to meet iteration’s requirements.


Chapter - 4: Computer Software – An Overview2014 - Dec [2A] (Or) (i)Batch processing is execution of a series of programs (“jobs”) on a computerwithout manual intervention. Jobs are set up so they can be run tocompletion without manual intervention. So, all input data are preselectedthrough scripts, command-line parameters, or job control language. This isin contrast to “online” or interactive programs which prompt the user for suchinput. A program takes a set of data files as input, processes the data andproduces a set of output data files. This operating environment is termed as“batch processing” because the input data are collected into batches of filesand are processed in batches by the program.Online processing means users directly enter information online (usually,online, in this case, means online to a central processor, rather than itsmodern connotation of the Internet, but it could mean both!), it is validatedand updated directly onto the master file. No new file is created in this case.Therefore, there is near immediate input process and output. Imagine a cashdispenser transaction or booking a holiday at travel agents or over theInternet. Compared with batch processing the number of transactions will befew.Real time processing is usually found in systems that use computer control.This processing method is used when it is essential that the input request isdealt with quickly enough so as to be able to control an output properly. Forexample, the computer inside the Engine Control Unit in a car has to managethe engine at every moment based on what the driver wants to do.Real time processing has to be programmed very carefully to ensure that noinput events are missed.2014 - Dec [6] (c)There are three major characteristics of good software, these are:1. Operational Characteristics: These are functionality based factors and

are related to ‘exterior quality of software’. Various operationalcharacteristics of software are: correctness, usability, integrity, reliability,efficiency, security and safety.

2. Transition Characteristics: These are related to integration andadaption of software, some of the transition characteristics areinteroperability, reusability and probability.


3. Revision Characteristics: These engineering based factors of thesoftware related to ‘interior quality’ of the software like efficiency,documentation and structure. Various revision characteristics of softwareare: maintainability, flexibility, scalability, testability, extensibility.

Chapter - 5: Database Management2014 - Dec [1] (c)A data warehouse is a database that is designed for query and analysisrather than processing transactions. It usually contains historical data derivedfrom transaction data. It separates analysis efforts from transaction effortsi.e. separate repository for analysis and deriving out useful information.For example data warehouse of Future Value Retail would contain data fromall the billing machines of their retail outlets and enhance the usability of thecustomer date by the organization in the following manner.

(i) Maintain purchase history of buyers, goods purchased, returned,scrapped across multiple geographies over a period.

(ii) Maintain a centralized history of data from all the stores and billingcounters.

(iii) Improve the quality of data by enhancing its consistency across allstores irrespective of language, currency etc.

(iv) Restructure the data in the form of tables and views so that it makessense to the business users.

(v) This will help in Data mining, analytical processing and marketresearch.

Data mining is a process of extracting hidden predictive information fromlarge database. It involves the use of various data analysis tools to discovernew facts, valid patterns and relationships in large data sets. For example,data mining in Future Retail Group would assist in the following:

(i) It would help the company in focussing on the most importantinformation in the data warehouse; this could be related to ticket size,sales pattern etc.

(ii) It facilities in extracting meaningful patterns like on which weekdaysales is maximum.

(iii) It helps in analysis like which brand is doing better, which product isbeing sold most etc.

(iv) It assists in prediction of monthly sales, inventory to be ordered etc.


(v) It assists in designing marketing, pricing and operational strategics likewhether to run discount or loyalty programme, etc.

(vi) It also helps in understanding various other factors such as buyerbehavior across brands, product performance, market predictions,performance of advertising campaigns, shelf space allocations.

2014 - Dec [2A] (Or) (ii)S.

No.Basis Data Definition

LanguageData Manipulation

Language1 Meaning D a t a d e f i n i t i o n

language is the linkbetween the logical andphysical structure of thedatabase.

Da ta man ipu la t io nl a n g u a g e p r o v i d et e c h n i q u e s f o rprocessing the database.

2 Used for It is used to define thephysical characteristicsof each record.

It is used to performoperations on data suchas retrieval, sorting anddisplay.

3 Independence Physical and logicalindependence providedby it.

It provides for independ-ence of programminglanguages.

4 PhysicalStorage

It takes care as how thedata is maintained inphysical storage.

It separates the userfrom physical storage.

5 Descriptionand Process-ing

It describes the schemaand sub-schemas.

It enables the user andapplication programs toprocess data on asymbolic logic basisrather than on physicallocation basis.

2014 - Dec [3A] (Or) (iii)There are a number of characteristics that distiguish the database approachwith the file-based approach. Some of these are:Sr.No.

Basis ofDifference

Database system File Based System

1 S e l f -Desc r i bin g Database System Data definition is a part


Nature contains not only thedatabase itself but alsothe descriptions of datas t r u c t u r e a n dconstraints in the formof meta-data

of application programs.

2 Insulation betweenProgram and Data

The data structure isstored in the systemcatalogue not in theprograms. Therefore,one change is all that’sneeded.

The structure of the datafiles is defined in theapplication programs soif a user wants to changethe structure of a file, allthe programs that accessthat file need to bechanged.

3 Support multipleviews of data

Multiple users in thesystem might havedifferent views of thesystem.

This is not possible in filebased system.

4 Redundancy R e d u n d a n c y i scontrolled

Data is often redundant.

5 Data sharing The integration of thewhole data in anorganization leads tothe ability to producemore information.

This is not possible in filebased system.

6 Enforcing IntegrityConstraints

Can enforce certainconstrains like datatype, data uniquenessetc.

Such constraints couldnot be enforced,

7 R e s t r i c t i n gU n a u t h o r i z e dAccess

Not all users of thesystem have the sameaccessing privileges, itprovides a securitysubsystem to createand control the user

This is not possible in filebased system


accounts.8 Data Independence S y s t e m d a t a

d e s c r i p t i o n s a reseparated from theapplication programs.

Data definition is a partof application programs.

Chapter - 6: Programming – An Overview2014 - Dec [2] (c)Assembler: Assembler is a computer program which is used to translateprogram written in Assembly Language in to machine language. Thetranslated program is called as object program. Assembler checks eachinstruction for its correctness and generates diagnostic messages, if thereare mistakes in the program.Compiler: A compiler is a program that translates a programme written inHLL to executable machine language. The process of transferring HKKsource program in to object code is a lengthy and complex process ascompared to assembling. Compilers have diagnostic capabilities and promptthe programmer with appropriate error message while compiling a HLLprogram. The corrections are to be incorporated in the program, wheneverneeded and the program has to be recompiled. The process is repeated untilthe program is mistake free and translated to an object code.Interpreter: The basic purpose of interpreter is same as that of compiler. Incompiler, the program is translated completely and directly executableversion is generated. Whereas interpreter translates each instruction,executes it and then the next instruction is translated and this goes on untilend of the program. In this case, object code is not stored and reused. Everytime the program is executed, the interpreter translates each instructionfreshly. It also has program diagnostic capabilities.

2014 - Dec [3A] (Or) (iv)Some of the Programming methodologies are stated below: 1. Procedural Programming: A procedural program is a series of steps,

each of which performs a calculation, retrieves input, or produces output.Concepts like assignments, loops, sequences and conditional


statements are the building blocks of procedural programming. Majorprocedural programming languages are COBAL, FORTRAN, C, ANDC++.

2. Functional Programming: A functional program is a collection ofmathematical functions, each with an input (domain) and a result(range). Interaction and combination of functions is carried out byfunctional compositions, conditionals and recursion. Major functionalprogramming languages are Lisp, Scheme, Haskell and ML.

3. Logic (Declarative) Programming: A logic programme is a collectionof logical declarations about what outcome a function should accomplishrather than how that outcome should be accomplished. Logicprogramming provides a natural vehicle for expressing non-determinism,since the solutions to many problems are often not unique but manifold.The major logic programming language is Prolog.

4. Object-Oriented (OO) Programming: The OO program is a collectionof objects that interact with each other by passing messages thattransform their state. The fundamental building blocks of OOprogramming are object modelling, classification and inheritance. Majorobject-oriented languages are C++, Java etc.

5. Event Driven Programming: An event driven program is a continuousloop that responds to events that are generated in an unpredictableorder. These events originate from user actions on the screen (mouseclicks or keystrokes, for example), or else from other sources (likereadings from sensors on a robot). Major event-driven programminglanguages include Visual basic and Java.

6. Concurrent Programming: A concurrent program is a collection ofcooperating processes, sharing information with each other from time totime but generally operating asynchronously. Concurrent programminglanguages include SR, Linda and High performance FORTRAN.

2014 - Dec [4] (c)The required flowchart is shown as below


Chapter - 7: Internet and Other Technologies2014 - Dec [2] (d)Electronic Payment Portal: Payment portal or Payment gateway is ane-commerce application service provider service that authorizes paymentsfor e-businesses, online retailers, bricks and clicks, or traditional brick andmortar. It is the equivalent of a physical point of sale terminal located in mostretail outlets. Payment gateways protect credit card details by encryptingsensitive information, such as credit card numbers, to ensure thatinformation is passed securely between the customer and the merchant andalso between merchant and the payment processor.The Benefits of Electronic Payments1. Speed: Sending cash or cheques by post for goods is slow and has

security and currency conversion implications.2. Convenience: Electronic payments ensure that your store is open for

business globally, 24-hours a day, seven days a week.

3. Efficiency: The following points contribute to its efficiency.


(a) Electronic payment systems leave behind an electronic documentedaudit trail, streamlining your auditing and accountancy processes.

(b) Bank wires are cumbersome and expensive.(c) Accepting payments online streamlines the buying cycle. By making

your order, stock, purchase, payment and dispatch processeselectronic, from website to back office, you don't have to re-keyorder data.

(d) Shopping site software can be easily integrated with popular backoffice packages, such as Sage, to automate ordering, stock control,invoicing and accounting systems.

4. Reduced costs: Accepting online payments means that many bankingprocesses become automatic.

5. Increased customer base: Online payments take advantage of impulsebuyers. 95 per cent of electronic purchases are by credit card. If yourwebsite doesn't offer payment by credit cards as an option, you couldlose out on this market.

2014 - Dec [2A] (Or) (iii)Internet: The Internet is a global system of interconnected computernetworks. It is a network of networks that consists of millions of private,public, academic, business and government networks, of local to globalscope, that are linked by a broad array of electronic, wireless and opticalnetworking technologies.The Internet carries an extensive range of information resources andservices, such as the inter-linked hypertext documents of the World WideWeb (WWW) and the infrastructure to support email. It uses the standardInternet protocol suite (TCP/IP) to serve billions of users worldwide.Intranet: It refers to a private network which is designed to meet the internalinformation needs of the employees. It is accessible only by authorisedemployees, contractors and customers.The need for intranet is the result of many factors such as:(a) Cost effectiveness.(b) Prompt availability of information to company and users.(c) Less expensive means of communication to remain in touch with

employees located in scattered offices.(d) Custom support.


Extranet: It refers to private network which operates similarly to an intranetbut is directed at customers or suppliers (people outside the organization)rather than at employees. An extranet is a computer which allows controlledaccess from the outside, for specific business or educational purposes. In abusiness-to-business context, an extranet can be viewed as an extension ofan organization's internet that is extended to users outside the organization,usually partners, vendors and suppliers, in isolation from all other Internetusers.2014 - Dec [4] (a)M-commerce i.e. Mobile-commerce is a term that is used to refer to thegrowing practice of conducting financial and promotional activities with theuse of a wireless handheld device like cell phones, personal digital assistantsand other hand held devices.The salient features of m-commerce include:1. Fast processing2. Reduced business costs3. Little need for maintenance4. They follow wherever you go principleSupporting technologies for m-commerce includes the following:1. Network technology: The data is transmitted via mobile

telecommunication network which may be 2G, 3G or wireless networklike Wi-Fi and Bluetooth etc.

2. Mobile phones: These are end user devices which may be smartphones, PDAs etc. each device has certain characteristics like memory,network connectivity, bandwidth etc. that influences its usability.

3. Payment mechanisms: m-payment mechanisms are used for m-commerce they facilitate payments over mobile network.

4. Transport layer security measures: M-commerce involves the partiesoutside the access network. Thus these security measures ensure end-to-end security over mobile network and thereby support m-commerce.

2014 - Dec [4] (d)Electronic Data Interchange (EDI) is the transmission of documents from onecomputer to another over a network. Today, EDI plays a vital role inelectronic commerce. The role of EDI for an e-commerce websitewww.alibaba.com that functions on B2B model is discussed below:

http://www.alibaba.com


1. The manufacturer may use EDI for Ship-from-warehouse order and tella warehouse to ship product to a retalier. ‘Ship-to’ address, a ‘bill-to’address, and a list of product numbers along with quantities is used.

2. EDI could be used for standardizing “inbound” documents. It validatesthat whether the trading partner, the structure of the file, and theindividual fields of information conform to the agreed upon standards.The inbound documents for a manufacturer could be quotations,proposals, invoice etc.

3. EDI also helps in standardizing “outbound” documents by transformingthe file to the appropriate format then “validating” the EDI file to be sentto ensure that it meets the standard agreed upon by the trading partnerand subsequently sending the file to the trading partner. Outbounddocuments for the manufacturer could be RFQ, Tenders, and PurchasesOrders for raw materials etc.

4. EDI also helps in tracking and auditing the transaction. For example: incase of a wholesaler sending a Purchase Order to a manufacture, if thePurchase Order is “lost” anywhere in the business process, the effectcould be devastating to both businesses. EDI helps in reducing thisdevastating impact.

2014 - Dec [6] (d)Electronic funds transfer is one of the oldest electronic payment systems.EFT is the groundwork of the cash-less and check-less culture where andpaper bills, cheques, envelopes, stamps are eliminated. EFT is used fortransferring money from one bank account directly to another without anypaper money changing hands. The most popular application of EFT is thatinstead of getting a pay-check and putting it into a bank account, the moneyis deposited to an account electronically. EFT is considered to be a safe,reliable and convenient way to conduct business.The advantages of EFT contain the following:

(i) Simplified accounting(ii) Improved efficiency(iii) Reduced administrative costs(iv) Improved security.

Chapter- 8: Management Information Systems – An Overview


2014 - Dec [3] (a)Database is consolidation of many files, which contain the data of theorganization. The data in a database is organized in such a way that accessto the data is improved and data redundancy is reduced. It also increases thedata integrity.The main feature of database is that all subsystems will utilize the samedatabase kept in different files. The other important features of databasesare:I. Avoiding uncontrolled data redundancy and inconsistency:

Application shares the data stored in a database, rather than owningprivate files that would often store redundant data. This reduces thestorage costs; there is no need to update multiple copies of the samedata. This prevents the possibility that inconsistent data will reside inmultiple files.

II. Program-Data Independence: When the database is managed by aDBMS, programs can be written independent of the actual physicallayout of the data or even of the total logical structure of the data. DBMSknows these structures; it thus provides the mapping from a logical viewof the data in a given application to the actual physical layout of the dataon the storage device.

III. Flexible Access to shared data: The database approach has openeddata for access to users and applications. Query languages enable endusers to access data directly. Applications can be written to use any datastored in corporate databases, rather than to rely only on speciallycreated files.

IV. Reliability: The reliability of the stored data is ensured by the DBMSmanaged databases themselves, rather than by special programming.A variety of relationships between entities may be rather easily defined.

2014 - Dec [6] (a)Expert Systems: It is a knowledge intensive computer program thatcaptures the expertise of a human in a limited domain of knowledge andexperience. It helps in organization’s value added work. The users of anexpert system are the people who do value added work which requires aspecial skill or expertise. It provides tools, information and structuredmethods for decision making. It stores and provides expert knowledge tosupport decisions in specific areas.Limitations of Expert system:


(i) Expert systems are sometimes overrated.(ii) Expert systems can be expensive to develop and maintain.(iii) It is difficult to elicit the knowledge of experts(iv) It lacks common sense(v) Expert system cannot learn.(vi) The validation of expert systems can be difficult.

Chapter - 9: Enterprise Resource Management2014 - Dec [5] (b)Enterprise Resource Planning (ERP) is not only concerned with computingsystems rather it involves the organization of computing systems, businessprocesses and procedures under one umbrella and is designed to improvebusiness efficiency.It is a result of the modern organization attitude towards how informationsystems are to be configured to the new business focuses. Enterpriseresource planning (ERP) help integrate management, staff, and equipment,all aspects of business into one system in order to facilitate every elementof the business process. Typical ERP system modules include features andfunctions for accounting, human resources (HR), manufacturingmanagement, customer relationship management (CRM), and otherbusniess functions. Although ERP was originally designed for manufacturingorganization; however, it is now available for a wide range of industries,including financial services companies and companies focused on customerservice. In the past, ERP system were designed for very large organizationbut today ERPs are also used by small and medium-sized businesses.ERP systems are being very large organizations but today ERPs are alsoused by small and medimum-sized businesses.ERP systems are being implemented by most of the organisation forinnumerable benefits. Some of them are as given:Benefits of ERP! ERP helps in integration and reduction of operational costs by enhancing

coordination.! It controls accuracy as well as redundancy of data and data entry.! It replaces multiple, disconnected database with a single system,

incorporate different applications and data sources.! It also aims to lower help desk support and marketing cost.


! ERP is an ideal application to improve the cooperation betweendepartments and employees as well as communication with prospectsand customers.

! It Standardizes processes and saves time, increases productivity, andreduces head count.

! It promotes a sense of fairness among the workforce as well asstreamlines the company as a whole.

! Repeatable process also reduce the risk of a key employee leaving withhis or her knowledge of how a job is done.

! Standardizing these processes also results in lower training costs.! Performance of the organization can be more easily analyzed and

optimized.! ERP systems improves and customizes reporting.! An ERP system enables to access real time data and increase self-

service of critical information.! ERP system not only improves data integirty and security but also

enhances the data restrictions, allowing you to keep your customerinformation and company data safe and secure.

! ERP system reduces the manual paperwork and efforts thereby reducingthe overall operational costs.

! Users can generate reports as required using set parameters.Chapter - 10: E-Governance in India2014 - Dec [3] (d)Interactive-Service model is a consolidated model of the earlier models andopens up avenues for direct participation of individuals in the governanceprocesses. Fundamentally, ICT have the potential to bring in every individualin a digital network and enable two-way/interactive flow of informationamongst them. The potential of ICT for the governance is fully leveraged inthis model and leads to greater participation, efficiency and transparency infunctioning of the government as well as savings in time and costs relatingto decision-making.This model could be applied in the following possible ways:

(i) To establish an interactive communication channel with keyPolicy-makers and planners.


(ii) To conduct electronic ballots for the election of government officialsand other office bearers.

(iii) To conduct public debates/opinion polls on issues of wider concernbefore formulation of policies and legislative frameworks.

(iv) Filling of grievances, feedback and reports by citizens with theconcerned government body.

(v) Establishing decentralized forms of governance.(vi) Performing governance functions online such as revenue collection,

filing of taxes, governmental procurement, payment transfer etc.2014 - Dec [5] (a)The objectives of the NSDG are1. To act as a core infrastructure for achieving standards-based

interoperability between various e-Government applications implementedat various levels and geographically dispersed locations.

2. To evolve Gateway messaging standards and build a government ownedCentral Gateway based on these standards.

3. Act as a catalyst in enabling the building of Standards basede-Governance applications with Gateway as the middleware to ensureinteroperability.

4. Enable integration across Centre, State or Local Governments there byenabling Integrated Service Delivery and a Service Oriented Architecture(SOA) leading to joined up government.

5. Help protect the legacy investments in software and hardware by easilyintegrating them with other technology platforms and softwareimplementations.

6. De-link the back-end departments/Service Providers (SP) from thefront-end Service Access Providers thereby:(a) Ensuring separation of concerns of service access from the service

implementation i.e. separates the Portal, CSC, Kiosks etc. from thegovernment services which reside in the backend departments.

(b) Encouraging competition at the front-end by allowing independentservice access providers to provide services with varying levels ofcomplexity, cost and service quality levels.

7. Enable adding of shared services on to the core services as and whenrequired, as special common services of the Gateway without affecting


the core functionality of the Gateway, thereby providing flexibility andmodularity:(a) encourage back-end services to be plugged into the infrastructure

as and when they are ready.8. Reduce the cost of e-Governance Projects by rationalizing, distributing

and optimizing the services framework.9. Use PKI infrastructure for secure transactions. Provision exists for

encryption of department payload to ensure confidentiality of departmentdata. The gateway provides digital signature and certificates to allstakeholders interacting with the gateway for identification,authentication and authorization. Transaction and audit logs help trackgovernment data.

10. Use PKI infrastructure for secure transactions. Provision exists forencryption of department payload to ensure confidentiality of departmentdata. The gateway provides digital signature and certificates to allstakeholders interacting with the gateway for identification,authentication and authorization. Transaction and audit logs help trackgovernment data.

Chapter - 11: Systems Audit – An Overview2014 - Dec [1] (d)Test pack is a deck of punch cards that contains both computer program andtest data for carrying out a test run of the program. It is a type of ComputerAssisted Audit Technique which is used in conducting audit procedures byentering data (e.g., a sample of transactions) into the computer system, andcomparing the results obtained with predetermined results.This enables to ascertain, whether the controls in the hardware andprograms are operating correctly or not. Thus, it services the purpose ofensuring the correctness of the application programs in processing the dataand generating desired results as if it is a manual process. It also ensuresexceptional handing and generates error messages wherever required. Thistest pack is generally exhaustive and comprehensive enough to ensure thatthe logic of the program is checked extensively.2014 - Dec [3] (b), (c)(b) The security threats to information systems may impact hardware,

software, data information or services. The threats that are generatedfrom outside the organization are known as internal threats and those


that are generated from outside the organization are known as externalthreats. Some of these are listed below:

Internal Threats(i) Employees are the internal stakeholders who may pose security threat

to the information Systems. Those employees who either due to somegrudges against the company maliciously creates a situation adverseto business operations or who, accidently due to lack of training, orfailure to follow SOPs, commit some mistake pose a threat a businessoperations.

(ii) An intruder who has penetrated into networks of the organization andgained unauthorized access becomes an internal threat to theorganization.

(iii) Looking at video of file-sharing websites, playing games or using socialmedia websites may result in downloading of malicious internetcontent in the internal network.

(iv) Information leakage is another internal threat. There are certainconfidential information which could be leaked out by a CD-ROM, adigital camera or USB data stick.

(v) Misuse/loss of security keys, passwords providing unauthorizedaccess to sensitive information.

External ThreatsSome of the external security threats to the information systems of anorganization include:

(i) Viruses, including worms, trojans, spyware, adware(ii) Phishing, pharmjng and greyware(iii) Sniffer program, Backdoor, Spoofing(iv) Denial-of-service(v) Social Engineering(vi) Spamming(vii) Pirating(viii) Cyber sqvatting(ix) Hacking

(c) To approach an information system, a plan has to be developed, similarto the ones used in financial auditing.Some of the tasks involved are as follows:(i) Definition of scope and objectives.


(ii) Analysis and understanding of standard procedures.(iii) Evaluation of system and internal controls.(iv) Audit procedures and documentation of evidence.(v) Analysis of facts encountered.(vi) Formation of opinion over the controls.(vii) Presentation of report and recommendations.

2014 - Dec [4] (b)Change management is considered to be one of the most importantaspectsof software lifecycle. It is considered to be essential to managechange because of following factors:1. Since, change has several dimensions which could be driven by external

as well as internal factors, the organizations may not be able to controlthem.

2. Human is an important angle involved in managing change and theygenerally resist to change.

3. Change often involves many departments thus requiring coordinationand ensuring unified approach.

4. Taking ownership for change is again a major issue, changemanagement helps in establishing ownership for the initiation of change.

5. There needs to be a formal process for making changes, particularly toinformation systems which is provided by change management.

6. Change management is essential from system audit perspective. 7. Change management ensures that requirements are fully understood

and accurate specifications are identified.8. Business rules change frequently for example Income Tax, Corporate

Tax, Excise Duty laws, Sales tax laws and other laws pertaining to otherlevies such as Octroi etc., change with each budget in the CentralGovernment and several State Governments. Sometimes, theincorporation of new rules necessitates altering the structure of thedatabase tables and the associated programs

9. Controls have to be built in to ensure that the processing is complete,correct and accurate.

10. If the changes are temporary they have to be rolled back. Changemanagement ensures that proper authority has been established to takecare of this.


Because of the aforementioned reasons, change management is anessential aspect and organizations need to have proper changemanagement processes in place. The framework consists of:

(i) Setting up a change control authority in the organization with aconstitution that can do justice to the subject

(ii) Setting up Change Initiation, Change Review and ChangeAuthorization mechanism.

(iii) Setting up change implementation process (iv) Setting up a Documentation Standard that permits complete and

correct capture of the proceedings the entire change managementprocess

(v) Setting up Technology renewal process.2014 - Dec [6] (b)Systems documentation could be descriptive, diagrammatic or a combinationof the both. These are discussed below:1. Descriptive: Under descriptive type the documentation is in the form of

narrative report giving the complete picture of the system. It provides adetailed record of the system under audit and taken together with otherforms of system records. The descriptive documentation containsinformation such as system objectives and targets, links and interfaceswith other systems.

2. Flowchart: Flowcharting is a diagrammatic method of recording anddescribing a system, which shows the flow of documents or informationand the related internal controls within a system. It is considered to bemost effective if a logical, top-down approach is taken by starting with anoverview or summary flowchart, followed by detailed flowcharts ofspecific

3. Organisation Charts: The organisational structure relating to thesystem under audit should be recorded. An up-to-date organisation chartwill show details of the information flow, relationships in the organizationand responsibilities. It is also useful in identifying staff and decidingwhere audit testing needs to be done. Information systems auditors may use different method for documentingthe procedures and documentation guidelines based upon the policies.However, systems documentation should be clear, correct and complete.


Further, in each system there are certain items, which should beincluded on-every system file. These are:

1. Examples of documents describing their purpose and use;2. Examples of reports describing their purpose and use;3. Details of the number of transactions passing through the system;4. Understanding of the context of the system in relation to the overall

activities of the entity;5. The number of employees or a stratifications of the transaction by value

or age to assits in the evaluation of risk when a weakness is highlighted;6. Version history;7. Finding and deviations observed in case of other audits such as financial

audits.

Shuchita Prakashan (P) Ltd.25/19, L.I.C. Colony, Tagore Town,

Allahabad - 211002Visit us: www.shuchita.com

�

Date post:	02-Sep-2019
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

Solved Scanner App endix - sauda.com Syllabus... · Therefore, there is near immediate input...

Documents