Information Technology

Chapter 01: Information within Organization Q1. What is information? Information is data that has been processed into a form that is meaningful to the recipient. Q2. What are the difference between data and information? SL. No 1 Data Raw, unanalyzed fact figure and events. Data is unprocessed instruction Information Useful knowledge derived from the data If data is processed will become your information.

Example: If you had a sum: 123+123(Data)=246(Information)

Q3. How information systems impact organization and business firm? Information systems have become integral, online interactive tools deeply involved in the minute to minute operations and decision making of large organization. Q4. What is an organization? A social arrangement for the controlled performance of collective goals, which has a boundary it from its environment. Q5. Write the quality of high value information? Information only high value information if it is1.Relevant 2. Reliable 3. Clear 4. Complete 5. Timely 6. Right quality

Q6. Why organization is key resource in organization? Or. Discuss the importance of information. Information is key resource in an organization because information is fundamental to the success of any business. Q7. What is important attributes of useful and effective information? The important attribute of useful and effective information are as follows: 1.Availability 7.Reliability 2.Purpose 3.Mode and format 8.Cost beneficial 9.Validity 4.Decay 5.Frequency 6.Completeness 10.Transparency 11.Value of information.

Q8. Why does organization exist? Organization exist because they- 1. Overcome peoples individual limitations 2.Enable people to specialize 3.Accumulate and share knowledge 4.Enable people to poll their expertise.

Moheuddin Shohag, ACNABIN

Page 1

Information Technology
Q9. How does organization differ? Organization differ in many ways, such as1.Ownership 2.Control 3.Activity 4.Size 5.Source of finance

Q10. What is a DSS (Decision Support Systems)? A decision support system can be defined as a system that provides tools to managers to assist them in solving semi structured and un-structure problem. Q11. What are the characteristics/ properties of DSS? The DSS are characteristics by at least three properties The support semi-structured and unstructured decision making. They are flexible enough They are easy to use

Q12. What is component of a DSS? A decision support system has four basic components, namely1.The user 2.One of more database 3.A planning language 4.The mode base

Q13. Give some example of DSS in Accounting. Following are the examples of DSS in accounting: 1.Cost accounting systems 3. Budget variance analysis system 2.Capital budgeting system 4.General decision support system.

Q14. What type of information systems are used at different levels of management in an organization? Used of information system at different levels of management in an organization is sited below: Management level Top level management Middle level management Lower level of management Used information system EIS, MIS, DSS MIS, DSS TPS

Q15. What activities are involved in TPS? A TPS involves the following activities: Computing data to organization in files or database Processing of file/ database using application software Generating information in the form of reporting

Moheuddin Shohag, ACNABIN

Page 2

Information Technology
Processing of queries from various quarters of the organization Q16. Discuss the type of information. Information, broadly can be divided into two different types1.Internal information 2.External information

Q17. What is the different between the passive IS and interactive IS? Passive information systems: Passive information systems are systems that will answer queries based on the data that is held within them, but the data is not altered. Interactive information systems: An interactive system is one that data can be entered for processing which may alter the contents of the database. Q18. What is management system? A management information system is software that allows the managements within a company to access and analyze data. Q19. What is knowledge based systems (KBS)? A knowledge based system is a system where all the expert human knowledge covering a particular topic is brought together and made available to the user through a computer. Q20. Discuss the type of knowledge based systems. There are three different types of knowledge based system, namely1.Diagnostic 2.Advice giving Q21. What is financial reporting system? Financial reporting involves all the procedures necessary to ensure that the financial performance of a department is clearly and effectively reported on to the relevant authorities. Q22. Write the functions of financial reporting. The functions performed by financial reporting specialists cover the following areas: Undertaking the monthly closure of accounts. Compiling quarterly reports. Undertaking the annual closure of accounts Compiling overall annual reports. 3.Decision making

Q23. What is objective of any financial accounting system? A primary objective of any financial accounting systems is to provide accurate financial statements on a timely basis. Q24. What is Pivot Table? Pivot Table is one of the most powerful analytical tools that are used in spreadsheets.

Moheuddin Shohag, ACNABIN

Page 3

Information Technology
Q25. Discuss the terms Evert Triggered. Many accounting software products have the ability to alter users to predefined financial condition. With such a feature, a CFO can create simple calculation that the accounting software continuously compares against a present values. Q26. Write something about the International Financial Reporting Standards (IFRSs). IFRSs are standards, interpretations and the framework adopted by the International Accounting Standards Board (IASB). Q27. Discuss the structure of IFRS. International Financial Reporting Standards comprise: IFRSs- issued after 1 April 2001 IASs- issued before 1 April 2001. Interpretation originated from the IFRIC (International Financial Reporting Interpretation Committee)- issued after 1 April 2001.
st st st

Standing Interpretation Committee (SIC)- issued before 1 April 2001. Framework for the preparation and presentation of financial statements. Q28. What is framework? The framework for the preparation and presentation of financial statements state basic principles for IFRSs. Q29. Write the qualitative characteristics of financial statement? Qualitative characteristics of financial statements include: Relevance Reliability Understandability Comparability. Q30. Write the element of financial statement. The elements of financial statement include: 1.Assets 3.Equity Q31. Write the elements of income statement. The element of financial statements includes: 1.Income 2.Liability

st

2.Expenses

Q32. What is the component of IFRSs financial statement? IFRS financial statements consist of: A statement of financial position A statement of comprehensive income A statement of change in equity A statement of cash flows Note, including a summary of the significant accounting policies.

Moheuddin Shohag, ACNABIN

Page 4

Information Technology
Q33. Define the term Business owner, System owner, Technical owner, System administrator and Application administrator. Business owner: The business owner is the business executive or leader who is accountable for the primary business functions performance by the Critical Financial Reporting System (SFRS). System owner: The system owner is the functional unit leader who is responsible for the Critical Financial Reporting System (SFRS). Technical owner: Technical owner is the individual who is responsible for ensuring that the technical information technology components of the CFRS are properly implemented and manage effectively. System administrator: System administrator is the individual who is responsible for proper operational configuration management and functioning of one or more information technology components of the CFRS ensuring that the technical information technology components of the CFRS are properly implemented and manage effectively. Application administrator: Application administrator is the individual who is responsible for proper operational configuration management and functioning of one or more CFRS applications.

Chapter 02: Information Technology Architecture Q1. What is information system? Classify information system. Information systems: An information system is a mechanism that helps people to collect, store, organize and use information. Type of information system: Major type of information systems are: 1. System from a functional perspective: 2. Systems from a constituency perspective: Sales and marketing system Manufacturing and production system Finance and accounting system Human resources system Executive Support Systems (ESS) Decision Support System (DSS) Management Information System (MIS) Transaction Processing System (TPS)

Q2. What is computer system? Computer system is a collection of some integrated components that works to accomplish a specific task. Q3. What is Properties of computer system? A computer system must satisfy the following properties: Each system consists of several components There must be a logical relation between the components. The components of a system should be controlled in a way such that specific task can be accomplished.

Moheuddin Shohag, ACNABIN

Page 5

Information Technology

Q4. What are the components of computer system? Following are the components of computer system: Hardware Software Human ware Data/ Information Q5. What is software? Classify the software according to working principle. Software: Software is the collection of computer programs procedures and documentation that performs different tasks on a computer system. Classification of software: According to the working principle, software can be classified into two classes: System software Application software Q6. Classify the system software. System software can be broadly classified into three classes: System Management Software System Support Software System Development software. Q7. Write the different type of Application software. Some example of application software is sited below: Word processing software Database software Multimedia software Presentation software Enterprise software etc Q8. Classify the software according to the commercial perspective. From the commercial perspective software can be classified into three major classes: 1. Commercial software: refers to any software that is designed for sale to serve a commercial need. 2. Freeware/ Open source software: Freeware is free to use and does not require any payment from the user. 3. Shareware software: Shareware is basically try before you buy software. Q9. What is shareware? Shareware is basically try before you buy software. Shareware is software that is distributed free on a trial basis with the understanding the user may need or want to pay for it later. Q10. Write down the different between shareware and freeware. Shareware is basically try before you buy software. Shareware may just be offering free access for a limited period of time. On the other hand, freeware is free to use and does not require any payment from the user. Q11. What is firmware? In a computing firmware is software that is embedded in a hardware device. Firmware is defined as: the computer program in a read only memory (ROM) integrated circuit.

Moheuddin Shohag, ACNABIN

Page 6

Information Technology
Q12. Write the some example of firmware. Some example of firmware is sited below: The BIOS found in IBM- compatible personal computers. RTAS (Run-Time Abstraction Services). ARCS, used in computers from silicon graphics. Q13. Define data structure. Data may be organized in many different ways: the logical or mathematical model of a particular organization of data is called a data structure. Such as, Array and Record. Q14. What do you mean by Data Analysis? Data analysis is a process in which raw data is ordered and organized so that useful information can be extracted from it. Q15. What is data validation? Discuss the data validation methods. Data validation: is the process of ensuring that a program operates on clean, correct and useful data. Method of data validation: Following are the data validation methods: Allowed character cheek Consistency cheek Control totals Data types cheek Format or picture cheek Limit cheek Logic cheek Missing data test Rang cheek Q16. What is DBMS? Write down the features of DBMS? Database Management System (DBMS): DBMS is a special data processing system, or part of a data processing system which aids in the storage, manipulation, reporting, management and control of data. Features of DBMS: Features of DBMS are sited below: Query ability Backup and replication Rule enforcement Security Computation Change and access logging Automated optimization Q17. What are the differences between multiprogramming and multiprocessing? Multiprogramming: Multiprogramming is the name given to the interleaved execution of two or more different and independent programs by the same computer. Multiprocessing: The term Multiprocessing is used to describe interconnected computer configurations or computers with two or more independent CPUs that have the ability to simultaneously execute several programs. Q18. What is security control? Security refers to the policies, procedures and technical measures used to prevent unauthorized access, alteration, theft or physical damage to information systems. Q19. How can we provide security? We can provide security by-

Moheuddin Shohag, ACNABIN

Page 7

Information Technology
Access control Firewalls Intrusion Detection System (IDS). Antivirus software. Q20. What is malicious software? Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms and Trojan horses. Q21. Discuss the terms Hackers and Cracker. A hacker is an individual who intends to gain unauthorized access to a computer system. Within the hacking community, the tern cracker is typically used to denote a hacker with criminal intent. Q22. What is E-commerce? Write down the characteristics of E-commerce. E-commerce: E-commerce which is short for electronic commerce. E-commerce is the process used to distribute, buy, sell or market goods and services and the transfer of funds on online, through electronic communications or networks: Characteristics of E-commerce: Business oriented Convenient service System extendable Online safety Co-ordination. Q23. What is the benefit of E-commerce? Benefits of e-commerce are sited below: Increase sale Decrease cost Provide price quotes Increase profit Q24. Write the limitation of e-commerce. Following are the limitation of e-commerce: 1. Technical limitation: Cost of technical limitation Insufficient telecommunication bandwidth. 2. Non-Technical limitation: Customer expectations unmet. Lack of trust and user resistance. Q25. Write the following short notes 1. Batch processing 2. Distributed processing 4. Time sharing 5. Virus 7. Zombie 8. D Dos attack Trojan Horse 3. Real time processing 6. Backdoor or Trapdoor 9. Worms 10.

1. Batch processing: Batch processing is a system that takes a set (a batch) or commands or jobs executes them and returns the results all without human intervention. 2. Distributed processing: A distributed system consists of multiple autonomous computers that communicate through a computer network. 3. Real time processing: In a real time processing, there is a continual input, process and output of data. Data has to be processed in a small stipulated time period (real time), otherwise it will create problem for the system.

Moheuddin Shohag, ACNABIN

Page 8

Information Technology
4. Time sharing: Time sharing refers to the allocation of computer resources in a time dependent fashion to several programs simultaneously. 5. Virus: Virus is malicious software which is a piece of self-replicating code attached to some other code. 6. Backdoor or Trapdoor: Backdoor is a secret entry point into a program allows those who know access bypassing usual security procedures 7. Zombie: Zombie is a program which secretly takes over another networked computer. 8. D Dos attack: D Dos stands for distributed denial of service in a D Dos attack, hackers flood a network server or web server with many thousands of false communications or requests for services to crash network. 9. Worms: A program that can replicate itself and send copies from computer to computer across network connections. 10. Trojan Horse: Trojan horse is a malicious program, when invoked perform some unwanted or harmful functionality. Chapter 03: Management of IT Q1. Describe the phases of policy evaluation process. Ans: The phases of policy evaluation process are given below: a) Enterprise organizational structure and business process analysis b) System requirement analysis c) Policy definition and specification d) Policy analysis and translation e) Policy distribution and enforcement f) Policy monitoring and maintenance g) Reverse engineering Q2. What are approaches of organizational management process? Ans: Scholars have developed three major approaches to organizational process, namely: a) Working process b) Behavioral process and c) Change processes (See the Table 3.1 Management process summary, Page no 131) Q3. What is information system? Explain formal, informal and CBIS system. Ans: Information System: An information system (IS) collect, process, stores, analyze and disseminates information for specific purpose. Formal Information System: Formal information system includes agreed upon procedures, standard input and output and fixed definitions. For example: A companys accounting system. Informal Information System: Informal information system takes many shapes, ranging from an office gossip network to a group of friends exchanging letter electronically etc. Computer-based Information System (CBIS): CBIS is an information system that uses computer technology to perform some or its entire intended task. Q4. What are the basic components of information system? Ans: The basic components are: a) Hardware- A set of devices such as monitor, keyboard and printer. b) Software- A set of programs that instruct the hardware to process data. c) Database- A collection of related files, tables, relation and so on. d) Network- A connecting system that permits the sharing of resources by different computers. e) Procedure- A set of instruction about how to combine the above components in order to process information and generate the desired output. f) People- Those individual who work with the system. Q5. What are the fundamental roles of Information System in business? Ans: There are three vital roles that information system can perform for a business enterprise. a) Support of its business processes and operations.

Moheuddin Shohag, ACNABIN

Page 9

Information Technology
b) Support of decision making by its employees and managers. c) Support of its strategies for competitive advantage. Q6. Discuss about role and efficient use of information technology. Ans: Role of information technology: Information technology plays major role in reengineering most business process. The speed, information processing capabilities and collectively of computers and internet technologies can substantially increase efficiency of business process. Efficient use of information technology: a) Efficient IT assist with saving money, saving energy, save on cooling, reduces long term hardware spend, reduce carbon emissions, save space and avoid infrastructure upgrades. b) Save~60% of PC power consumption by having screen and disk power management, sleep and/or hibernate enable and shutdown at the end of the day etc. Q7. Describe about information system infrastructure and architecture. Ans: Infrastructure: An information infrastructure consists of the physical facilities, service and management that support all shared computing resources in an organization. IT Architecture: Information technology architecture is a high level map or plan of the information assets in an organization including the physical design of the building that holds the hardware. Q8. What are components of IT infrastructure? Ans: There are major five components of the IT infrastructure. Namely: a) Computer hardware b) Software c) Network and communication facilities d) Database and e) Information management personnel Q9. What is asset? What are characteristics and classification of asset? Ans: Asset: A resource with economic value that an individual, corporation or country owns of controls with the expectation that it will provide future benefit. Asset Characteristics: a) The probable present benefit involves a capacity, singly or combination with the other asset. b) The entity can control access to the benefit. c) The transaction or event giving rise to the entitys right to or control of, the benefit has already occurred. Classification of Asset: a) Fixed Asset b) Current Asset Q10. What is ITAM? What are considerations that should be addressed to optimize an ITAM program? Ans: ITAM (Information Technology Asset Management) is a process to control the day to day operation and utilization of IT asset, ensuring that an organization realizes maximum efficiency from these asset. To optimize an ITAM program following considerations should be addressed: a) Link IT to business objectives b) Incorporate life-cycle processes and governance c) Avoid common mistakes Q11. How does ITAM work? What are the benefits of ITAM? Ans: ITAM can help and organization in following ways: a) Control IT purchases and development. b) Eliminate unnecessary purchase. c) Avoid noncompliance and its associated legal risk. d) Compare its actual needs with contract terms and purchase history. ITAM benefits: a) Reduce IT cost. b) Ensure software compliance. c) Detect unauthorized and illegal software. d) Improve productivity. e) Align IT with business goal to support business decision.

Moheuddin Shohag, ACNABIN

Page 10

Information Technology
Q12. How can you evaluate an IT asset management solution? Ans: When considering an ITAM solution, look for following: a) Efficient and accurate discovery of all IT assets. b) A structured approach to software discovery across the company with application, suite and version, recognition for both workstation and server. c) A centralized asset repository that houses the physical, contractual and financial information for each asset. Q13. What is software? What are the types of software? Ans: Software involves the collection of computer programs and related data that provide the instructions telling a computer what to do. Type of software: a) System software helps run the computer hardware and computer system. b) Programming software usually provide tools to assist a programmer in writing computer program. c) Application software allows end user to accomplish one or more specific task. Q14. What factor should consider for implementation regarding global ERP? Ans: There are five tips or factor to address the organizational complexities of a global ERP implementation: a) Business process standardization. b) Understanding of local needs. c) Rely on your change agents. d) Leverage performance measures. e) Localized delivery of employee communication and training. Q15. What are the barriers for implementing global ERP? Ans: The barriers of implementing global ERP are: a) Cultural differences b) Inter office politics c) Language barriers and d) Organization complexities. Q16. Define codeline, codeline policy, environment and branching. Ans: Codeline: Source code required to produce software. It could be a specific product or even a basic set of code that many of your internet application commonly use. Codeline Policy: A set of instruction, direction and standard for creation and application of codeline. One codline require more stringent testing. Environment: The environment is test (development), Quality Assurance (QA) test or production. The test or development environment is used for developers to test their code. Branching: The creation of a new codeline based upon a current codeline. Branching should only be done when absolutely necessary. Q17. What are requirements to effective software control for changes? Ans: There are several requirements to provide effective software changes control: a) A Software Version Control (SVC) system or Source Code Management (SVM) b) Ability to return to earlier states. c) Files should be locked to prevent overwriting of work. d) All developers should have home folder where they can place their own experimental code outside the main project. e) Each software change request should be assigned a unique tracking number. f) Stakeholder must be aware of production changes etc. Q18. What is problem management? Explain the problem management process.

Moheuddin Shohag, ACNABIN

Page 11

Information Technology
Ans: Problem management is a business function comprised of people, process and tools organized and chartered to resolve customer problems. The problem management process by dividing it into five core processes which are shown below: a) Problem identification. b) Customer validation c) Problem logging d) Service delivery e) Knowledge capture and sharing. Q19. What are key component to review and oversight of the problem management function? Ans: There are three key components to management review and oversight of the problem management function: a) A plan with measurable objectives b) Metrics c) Formal review of those metrics. Q20. What are the primary functions of problem management system? Ans: The problem management system has four primary functions: a) Capture request information b) Store information in common locations. c) Route and escalate the request as necessary d) Store and report metrics on the entire process. Q21. What are IT, IT management and IT management discipline? Ans: IT (Information Technology): Information technology is involved with data processing and management information system (MIS). IT Management: IT management is concerned with exploring and understanding IT as a corporate resource that determines both the strategic and operational capabilities of the firm in designing and developing product and service for maximum customer satisfaction. IT management discipline: IT management discipline concept comprises following: a) Business / IT alignment. b) IT Governance c) IT Financial management Q22.What is components of traditional data processing model? Ans: The traditional data processing model has three main components: a) Data entry b) Operation and c) Application Q23. What is the IT managers role? Ans: The role of IT manager is effectively managed the planning, design, selection, implementation, use and administration of emerging and converting information and communications technology. Q24. Explain IT performance management and control instruments approaches. Ans: The historical approach: The actual IT cost of the past have given way to new IT targets that take into account changes in quantity structures (number of user etc.) and external factor such as inflation. The top down approach: Based on targets set by top management, for example, increasing shareholder value or value oriented control variables as many of the quantitative goals as possible are broken down and allocated to IT department. The benchmarking approach: In internal and external comparison, best practice values from industry or other business units are ascertained and compared with the companys own targets. Q25. Explain IT performance to corporate strategy. Ans: The vision formulates long-term goals for the future of company; the strategy describes how to achieve these goals. IT strategy is developed in line with corporate strategy. IT strategy is made concrete in from of detailed IT goals.

Moheuddin Shohag, ACNABIN

Page 12

Information Technology
Action-oriented performance indicators measure the achievement of IT goals.

Q26. Write the approach of IT goal, KPI and corporate strategy. Ans: The approaches of IT goal, KPI and corporate strategy are: a) A consistent framework b) The top down c) The bottom up approach d) The instrument-related approach Q27. What are perspectives of IT scorecard? Ans: In practice, six perspectives for the IT scorecard have proven to be very useful: a) Personnel b) Projects c) Customers and market d) Infrastructures e) Operations f) Finance and cost Q28. Provide / list / mention the checklist that evaluates IT performance management system. Ans: Checklist for evaluation IT PMS are following: a) Is the implementation of the IT strategy given quantifiable support? b) Is there a systematic and structured basis for internal and external communication between business units and users? c) Are the measures for goal achievement stipulated and measured in terms of goals and KPIs? d) Do the business units swap experience on best practice? Q29. Why is information system security important? Ans: Security failures may result in both financial losses/intangible losses such as unauthorized discloser of competitive or sensitive information. Adequate measures for information security help to ensure the smooth functioning of information system and protect the organization from loss or embarrassment caused by as well by organization as physical safeguards. Q30. What is direct and indirect risk relating to information system? Ans: Risk has led to a gap between the need to protect system and the degree of protection applied. This gap is caused by: a) Widespread use of technology. b) Interconnectivity of system. c) Eliminate of distance, time and space as constraints. d) Unevenness of technology changes. e) Devaluation of management and control Q31. What kind of threat may arise to information system? Ans: Threats to information system may arise from intentional or unintentional acts and may come from internal or external sources. Such as: a) Technical conditions (program bugs, disk crashes) b) Natural disaster (fire, floods) c) Environmental condition (electrical surges) d) Viruses e) Human factor (lack of training, errors and omissions)

Q32. What are layer series of technological and non-technological safeguard for physical security measures? Ans: The protection achieved through layered series of technological and non-technological safeguards such as physical security measures are: a) Security objective b) Confidentiality c) Integrity

Moheuddin Shohag, ACNABIN

Page 13

Information Technology
d) Availability Q33. What information is sensitive? Ans: The sensitive information are: a) Strategic plan b) Finance c) Business operation

Q34. What factor should considered for establishing better information protection? Ans: To establish better information protection following factor should considered: a) Value of data b) Critical data resource Q35. What are information security objectives? Ans: Information security objectives include: a) Implementing the plan b) Monitoring logs to verify compliance and identify problem c) Measuring the result d) Indentify potential improvements e) Refining processes and procedures. Q36. What are historical information securities? Ans: Historical information security has been called a number of different things such as: a) Data security b) IT security c) Computer security Q37. Write following notes: a) Vulnerability management c) Trust management e) IT control and audit g) Incident management b) Threat management d) Identity management f) Security monitoring

Ans: Vulnerability management: Vulnerability management is weakness or exposures in IT assets or process that may lead to a business risk or security risk. As of February 2008, the national vulnerability database had documented over 29,000 vulnerabilities and was adding 15 new vulnerabilities a day. Threat management: A threat management includes virus protection, spam control; intrusion detection, and security event management, virus protection software should be loaded on all workstations and the servers to regularly scan the system for new infection. Trust management: Trust management includes encryption and access control. To ensure cryptography is applied in conformation with sound disciplines, there has to be a formal policy on the use of cryptography that applies the organization. Identity management: Identity management is the process used to determine who has access to what in an organization. It is also one of the most difficult areas to manage due to the number of functions that must work together to implement proper controls. IT Control and audit: Integrating all these systems with a common identity management program can be costly and time consuming. Gartner Group recommends implementing identity management over time by first proving success with a single function or application.

Moheuddin Shohag, ACNABIN

Page 14

Information Technology
Security management: Computer system handling sensitive, valuable or critical information must security logs all significant computer security relevant events. Example of computer security relevant events include password guessing attempts, attempts to use privileges that have not been authorized, modifications to production application software and modification to system software. Incident management: To deal with security incident that affects the installation in a disciplined manner, security incidents (e.g. malfunctions, loss of power or communications services, overloads and mistakes by user or personnel running the installation, access violations) have to be dealt with in accordance with formal process. Q38. What is accounting software? Describe the accounting modules. Ans: Accounting software is application software that records and processes accounting transaction within functional modules such as accounts payable, accounts receivable, payroll and trial balance. Core modules a) Accounts receivable b) Accounts payable c) General ledger d) Billing e) Stock / Inventory f) Purchase order g) Sales order h) Cash book Q39. What are categories of accounting software? Ans: Categories of accounting software are: a) Low end b) Mid market c) High end solution Q40. List the type of vertical accounting software. Ans: Some important types of vertical accounting software are: a) Banking b) Construction c) medical f) Daycare accounting 41. Make a Checklist for selecting accounting software. d) Nonprofit e) Point of sale (Retail) d) Vertical market e) Hybrid Non-core modules a) Debt collection b) Electronic payment processing c) Expense d) Inquiries e) Payroll f) Reports g) Timesheet h) Purchase requisition

Ans: Checklist of questions and key features are: a) Ability to drill down from summary general ledger data to individual transactions? b) Ability to import and export data to and from spreadsheet and word processing programs? c) Ability to generate custom report? d) Fast posting of large batches of transactions? e) Strong security? f) Adequate technical support? g) Retention of historical data and ability to compare current result to past result? h) Ability to allocate indirect cost to individual project? i) Ability to flow data forms the program into your tax software? 42. Write some example of different category of accounting software/ Ans: Small business / Personal accounting software: a) ePeachtree (Best Software)

Moheuddin Shohag, ACNABIN

Page 15

Information Technology
b) MYOB Plus for Windows (MYOB Software) c) QuickBooks Online (Intuit) d) Peachtree Complete Accounting (Beast Software e) Small Business Manager (Microsoft) Low-End Accounting Software: a) BusinessVision 32 (Best Software) b) MAS 90 & MAS 200 (Best Software) c) QuickBooks Pro 2003 (Intuit) d) CCPAC Pro Series (ACCPAC International e) Vision Point 2000 (Best Software) Middle-Market Accounting Software: a) ACCPAC Advantage Series Corporate Edition (Best Software) b) Great Plains (Microsoft) MAS 90 & MAS 200 (Best Software) c) Navision (Microsoft) d) SouthWare Excellence Series (SouthWare) e) SYSPRO (SysproUSA) High-End Accounting ERP Market: a) Axapta (Microsoft Software) b) e-Business Suite (Oracle) c) MAS 500 (Best Software) d) Solomon (Microsoft) e) ACCPAC Advantage Series Enterprise Edition (Best Software) Chapter 04: Communication and IT Q1. What is data communication? Data communication is the function of transporting data from one point to another. Q2. Write the elements/ components of communication system. There are three elements/ components of communication system are sited below: A sender (source) which create the message to be transmitted. A medium which carries the message. A receiver (destination) which receives the message.

Q3. Classify data transmission mode. Or, what is the different data transmission mode? There are three ways, or mode, for transmitting data from one point to another. They are Simplex Half- duplex Full- duplex. Q4. Define the terms Simplex, Half-duplex, Full-duplex. Simplex: Simplex transmission is one where communication can take place in only one direction.

Moheuddin Shohag, ACNABIN

Page 16

Information Technology
Half- duplex: A half-duplex system can transmit data in both directions but only in one direction at a time. Full- duplex: Full-duplex system is one that allows information to flow simultaneously in both directions on the transmission path. Q5. How information is delivered over a network? Information is delivered over a network by three basic methods Unicast. Broadcast. Multicast. Q6. Define the term Unicast, Broadcast and Multicast. Or, Write the different between the Unicast, Broadcast and Multicast. Unicast: Unicast is a type of transmission in which information is sent only one sender to one receiver. Broadcast: Broadcast is a type of transmission in which information is sent from just one computer but is received by all the computers connected to the network. Multicast: Multicast is a type of transmission system where there is only one sender and information sent multiple destinations. Q7. What is computer network? A group to computers and other devices connected together is called computer network. Q8. Write the classification of network under geographical area. According to geographical area there are three type of computer network Local Area Network (LAN). Metropolitan Area Network (MAN). Wide Area Network (WAN) Q9. Define the terms LAN, MAN & WAN. Or, what is the different between LAN, MAN & WAN? LAN: LAN stands for Local Area Network. It provides high speed communication in a limited area, typically within a building, like college. MAN: MAN stands for Metropolitan Area Network. Is covers a large city or metropolitan area. A MAN typically covers an area between 5 to 50 km areas. WAN: WAN stands for Wide Area Network. It is a type of communication network that covers a wide geographical area such as state or country.

Q10. How computer network can be classified under structure? According to the structure, computer network can be classified into following three ways Centralized network. Distributed network. Hybrid network. Q11. What are the benefits of computer network? Computer network provides us many benefits, namely Simultaneous access to programs and data. Sharing hardware and software. Personal communication using e-mail.

Moheuddin Shohag, ACNABIN

Page 17

Information Technology
Making back-up of information. Keep information reliable up to date.

Q12. Write down the various devices used in the network. Or, Define the terms Router, Switch, Repeater, Bridge, Hub. Router: A router is a device that forwards data packets along networks. A router is connected to at least two networks commonly two LANs or WANs. Switch: A switch is a small hardware device that joints multiple computers together within one local area network. Repeater: A repeater is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium. Bridge: A device that connects two LAN or two segments of the same LAN. Hub: A hub is a device where all the entre connecting mediums come together. Q13. How many types of hub are there? There are three types of hub, namely Passive hub Active hub Intelligent hub

Q14. Write the different between the passive hub, active hub and intelligent hub. Different between the passive hub, active hub and intelligent hub are sited below: Passive hubs do not amplify the electrical signal. On the other hand, active hub can perform the amplification of electrical signal. Intelligent hubs add extra feature to an active hub that are particular importance to business.

Q15. Define network topology. A network topology is a method to connect various devices such as computer printer, over a network

Q16. Write down the main type of topology. There are six different common topology, these are sited below Linear bus topology Ring topology Star topology Tree topology Hierarchical topology Mesh topology.

Q17. Define various topologies with two advantage and disadvantage.

Moheuddin Shohag, ACNABIN

Page 18

Information Technology
Linear bus topology: A linear topology consists of a main run of cable with a terminator at each end. All nodes are connected to the linear bus. Advantage: Easy to setup Required less cable than other topologies.

Disadvantage: Entire network shuts down if there is a break in the main cable. Difficult to identify the problem if the entire network shuts down.

Ring topology: Ring topology is a topology where all devices are connected in a circle which has on terminator. Advantage: More reliable than star topology No data collisions

Disadvantage: Hardly used now a days Slow and need more cable

Star topology: Stare topology is a topology where all devices are connected to a central hub. Advantage: Easy to setup/ install. One cable cant crash network.

Disadvantage: Need more cable. If host computer fails, the entire network fails.

Tree topology: It consists of groups star-configured workstations connected to a liner bus backbone cable.

Advantage: Point to point wiring for individual segments Supported by several hardware and software venders.

Disadvantage: Overall length of each segment is limited by the type of cabling used.

Moheuddin Shohag, ACNABIN

Page 19

Information Technology
If the backbone line breaks, the entire segment goes down.

Hierarchical topology: The hierarchical topology is much like the star topology, except that it doesnt use a central node. Mesh topology: In a mesh topology each device is connected to other device in the network by its own cable Advantage: Data will always be delivered. Much speedy

Disadvantage: Very expensive. Very difficult to set-up for small enterprise.

Q18. Which matter to be considered for choosing topology? The following matter to be considered before selecting a topology: Reliability of the entire system Expandability of the system Cost involved Availability to communication lines

Q19. What is network software? Network software is data communication software that is responsible for holding all data communication systems together. Q20. What are the functions of network software? There are several functions of communication software, namely Access control Transmission control Network management Error control, and Security management.

Q21. What is communication protocol? In a data communication, a protocol is a set of rules and procedures established to control transmission between two points so that the receiver a property interpret the bit stream transmitted by the sender. Q22. What are the key elements of a protocol? The key elements of a protocol are as follows-

Moheuddin Shohag, ACNABIN

Page 20

Information Technology
Syntax: The term syntax refers to the structure and format of the data. Semantics: The semantics refers to the meaning of each station of bits. Timing: It refers to characteristics When data should be sent, and How fast they can be sent.

Q23. What are the roles of protocol? The role of protocol in the communication systems are Data sequencing Data routing Flow control Error control Data security Log information

Q24. What is OSI model? How many layers have in OSI model? Open system Interconnection (OSI) models is a reference models developed by ISO (International Organization for Standardization) in 1984, as a conceptual framework of standards for communication in the network across different equipment and application by different vendors. Q25. How many layers have in OSI model? OSI have seven layers are sited below: 1. Application layer 4. Transport layer 7. Physical layer 2. Presentation layer 5. Network layer 3. Session layer 6. Data link layer.

Chapter 05: Internal Control in Computer Based Business Systems Q1. What is internal control? Ans: Internal controls are the processes. It is developed by two auditors to administer unit effectively. They generally include rules and procedures. Q2. What are the objectives of internal control regarding assurance?

Moheuddin Shohag, ACNABIN

Page 21

Information Technology
Ans: The internal control objectives are: a) Effectiveness and efficiency of operation b) Reliability with applicable laws & regulations c) Compliance with applicable laws and regulations Q3. What are the processes of internal control? Ans: The internal control processes are: a) Provide adherence to laws, regulations and controls b) Develop and maintain reliable financial and management data. c) Present data accounting in timely reports. Q4. How to evaluate internal control? Ans: To evaluate internal control they need to establish a framework. This framework has five key phases required for Sarbanes-Oxley compliance. These are: a) Define internal control b) Organize project team & plan c) Evaluate controls at the entity level d) Evaluate control at the processes, transaction and application level e) Evaluate, improve and monitor. Q5. What are the components of internal control? Ans: There are five components that are called standard of internal control. a) Control environment c) Control activities b) Risk assessment d) Information and communication

Q6. How IT control activities can be categorized? Ans: IT control activities can be categorized as either general or application controls. General controls apply to all computerized information systems- mainframe, minicomputer, network and end user environments. Application controls apply to the processing of data within the application software.

Q7. What are the components of control activity? Ans: The components of control activity are: a) Personnel c) Segregation of duties e) Documentation and record retention b) Authorization procedures d) Physical restrictions f) Monitoring operations

Moheuddin Shohag, ACNABIN

Page 22

Information Technology
Q8. What are the limitations of internal control? Ans: The limitations of internal control are: a) Resource constraint c) Faulty judgment b) Inadequate skill, knowledge or ability d) Unintentional errors

e) Degree of motivation by management and employees. Q9. What are the elements of internal control system? Ans: The elements of internal control are: a) Separation of duties c) Documentation Q10. Why organization needs for internal control? Ans: An organization needs internal control to provide greater assurance that they will achieve, operating, financial reporting and compliance objectives. In other words, to help the organization succeed in its mission. Internal control helps ensure that the directions, policies, procedures and practices designed and approve by management and the board are put in place and are functioning as desired. Q11. What is IT control? Ans: IT controls are specific activities performed by persons or system designed to ensure that business objectives are met. Q12. Define the category of IT control. Ans: a) IT General control: ITGC represent the foundation of the IT control structure. They help ensure the reliability of data generated by IT systems and support the assertion that systems operate as intended and that output is reliable. b) IT Application control: IT application or program control are fully-automated (i,e performed automatically by the system) designed to ensure the complete and accurate processing of data, from input though output. Q13. What is COBIT? Ans: Control Objective for Information Technology (COBIT) is a widely-utilized framework containing best practices for both ITGC and application controls. In consist of domains and processes. The four major domains are: plan and organize, acquire and implement, deliver and support, and monitor and evaluate. It also recommends best practices and methods of evaluation of an enterprises IT controls. Q14. What is COSO? Ans: The Committee of Sponsoring Organizations of the Tread way Commission (COSO) identifies five components of internal control: control environment, risk assessment, control activities, information and communication and monitoring that need to be in place to achieve financial reporting and disclosure objective. Q15. What are the effects of IT on internal audit? b) Authorization d) Reconciliation

Moheuddin Shohag, ACNABIN

Page 23

Information Technology
Ans: The effects of IT on internal control are: a) Changes in the audit trail and audit evidence c) Changes in the internal controls environments d) New opportunities and mechanism for fraud and error and Q16. What are the main types of IT audit? Ans: The main types of IT audit are: a) Operational computer system audits b) IT installation audits c) Developing system audits d) IT management audits e) IT process audits f) Change management audits g) Information security and control audit h) IT legal compliance audits i) Certification & other compliance audits j) IT strategy audits k) Special investigations l) Disaster contingency, Business continuity planning and IT disaster recovery audits. Q17. What is Computer Aided Audit Techniques (CAATs)? Ans: CAATs are tools / utilities to help auditors select, gather, analyze and report audit findings. Starting with the basics, many computer applications have useful built-in data analysis / audit facilities. Q18. What are the responsibility of management for developing and assessing effectiveness of internal control? Ans: Management is responsible for establishing and maintaining control to achieve the objective of effective and efficient operations and reliable information systems. The information system managers must take systematic and proactive measures to a) Develop and implement appropriate, cost-effective internal control for results-oriented management. b) Assess the adequacy of internal control in programs and operations. c) Separately assesses and document internal control over information systems consistent with the information security policy of the organization. d) Identify needed improvements e) Take corresponding corrective action and f) Report annually on internal control through management assurance statements. Q19. Explain the COBIT framework. Ans: COBIT is a framework of generally applicable information systems security and control practices for IT control. The framework allows a) Management to benchmark the security and control practices of IT environments b) Users of IT services to be assured that adequate security and control exist, and c) Auditors to substantiate their opinions on internal control and to advice on IT security and control matters. Q20. What does complete COBIT package exists? b) New audit procedures.

Moheuddin Shohag, ACNABIN

Page 24

Information Technology
Ans: The complete COBIT package consists of: a) Executive summary c) Control objectives e) Implementation guide Q21. What are the COBIT structures? Ans: COBIT covers four domains: a) Plan and organize c) Deliver and support b) Acquire and implement d) Monitor and evaluate b) Governance and control framework d) Management guidelines f) IT assurance guide.

Q22. What are component of Information System (IS) internal control? Ans: Information System (IS) internal controls are most familiar with: a) Accounting controls b) Operational controls c) Administrative controls

Q23. What are the auditors categories of controls? Ans: Auditors categorize the controls into following four groups: a) Preventive controls c) Corrective controls Q24. What is audit trail? Ans: Audit trails are logs that can be designed to record actively at the system, application, and user level. When properly implemented, audit trails provide and important detective control to help accomplish security policy objectives. Q25. What are the objectives of audit trails? Ans: Audit trails can be used to support security objectives in three ways: a) Detecting unauthorized access to the system b) Facilitating the reconstruction of event c) Promoting personal accountability Q26. What is the process of error correction? Ans: The process of error correction is a) Identify all data processing errors that can be identified. b) Determine the impact data c) Determine how errors are corrected d) Determine the timeliness of error correction e) Determine if the corrected transactions are authorized. Q27. What are key elements of system development and acquisition controls? Ans: System development and acquisition control include the following key elements: b) Detective controls d) Compensatory controls

Moheuddin Shohag, ACNABIN

Page 25

Information Technology
a) Strategic master plan c) Data processing schedule e) Post-implementation review b) Project controls d) System performance measurements

Q28. What is system acceptance testing? What its aims? Ans: Acceptance testing is a complete end-to-end test of the operational system including all manual procedures. It aims to provide the system user with confirmation that: a) The user requirement specification b) End user and operational documentations is accurate, comprehensive and usable. c) Supporting clerical procedures work effectively d) Help desk and other ancillary support functions operate correctly and as expected. e) Bach-up and recovery procedures work effectively. Q29. What considerations should be considered when judging the effectiveness of PIR? Ans: The following issues should be considered when judging the effectiveness either of postimplementation review or two from the basis for the auditor to undertake one. a) Interview business users b) Interview security, operations and maintenance staff. c) User requirement specification determine d) Confirm that the previous system has been de-commissioned. e) Review system problem reports and change proposals f) Confirm that adequate internal control have been built into the system. g) Confirm that an adequate service level agreement has been drawn up and implemented. h) Confirm that the system is being backed up in accordance with user requirements. i) Review the business case and determinations j) Review trends in trends in transaction throughput and growth. Q30. What are the controls over system and program changes? Ans: The controls over system and program changes are following kinds: a) Change management controls c) Documentation controls Q31. What may use for control activities for IT? Ans: We may use for control activities for IT are following a) Encryption tools, protocols or similar features of software applications b) Back-up and restore features of software applications. c) Virus protection software. d) Password that restrict user access to network, data and applications. Q32. Why segregation of duties is needed? Ans: The segregation of duties is needed for following reasons: b) Authorization controls d) Testing and quality controls

Moheuddin Shohag, ACNABIN

Page 26

Information Technology
a) To protect employees b) To prevent and detect intentional and unintentional errors and c) To encourage better job performance. Q33. What are the controls of ITGC? Ans: Information Technology General Controls (ITGC) are: a) Control activities c) Security polices, standard & processes e) Hardware / Software configurations Q34. What are the controls of IT Application? Ans: Information Technology application controls are: a) Completeness checks c) Identification e) Authorization b) Validity checks d) Authentication f) Input controls b) Change management procedures d) Technical support policies and procedures f) Disaster / Back-up recovery procedures

Q35. What are the characteristics of the corrective controls? Ans: The characteristics of corrective controls are: a) Minimize the impact of the threat b) Identify the cause of the problem c) Remedy problems discovered by detective controls d) Get feedback from preventive and detective controls e) Correct error arising from a problem f) Modify the processing systems to minimize future occurrences of the problem Q36. Why documentation is needed? Ans: Documentation is needed for following reasons: a) It provides a record for each event or activity b) It ensure assets are properly controlled c) Documents provide evidence of event rally happened d) It ensures the accounting & completeness transactions Q37. What are the authorized documents for non-payment transactions? Ans: The following documents are authorized non-payment transaction. a) Journal Voucher c) Original entry requiring corrections b) Spread sheet d) Request for comments (RFCs)

Q38. What are authorized documents for leave and payroll? Ans: The following documents for leave and payroll: a) Timesheets c) Overtime authorization e) Attendance calendar b) Leave requests d) Personnel action form (PAF)

Moheuddin Shohag, ACNABIN

Page 27

Information Technology
Q39. How post-implementation review will complete? Ans: The post-implementation review will be completed by checking following manner: a) Business objectives c) Technical requirements e) The PIR (Post-implementation review) team b) User expectations d) Timing

Q40. What are the controls over system and program changes? Ans: The controls over system and program changes are: a) Change management control c) Documentation control Q41. Explain the classification of information. Ans: The classification of information is essential if one has to differentiate between that which is of little value and that which is highly sensitive and confidential. The classification of data and information are following: a) Top secret Security at this level is the highest possible. b) Highly confidential Security at this level is very high. c) Proprietary Security at this level is controlled but normal. d) Public documents Security at this level is minimal. Q42. What is data integrity control? Ans: The primary objective of data integrity control techniques is to prevent, detect and correct errors in transactions as they flow through the various stages of a specific data processing program. Q43. How assesses the data integrity controls? Ans: Assessing data integrity control involves evaluating the following critical procedures: a) Virus detection and elimination software is installed and activated. b) Data integrity and validation controls are used to provide assurance that the information has not been altered and the system functions as intended. Q44. Describe different data integrity controls. Ans: There are six categories of data integrity controls which are summarized in following: b) Authorization control d) Testing and quality control i) Quality control ii) Quality review

Control category Source data control

Threat / Risk Invalid, incomplete or inaccurate source data input.

Controls Form design and pre numbered, appropriate authorization, segregation of duties, visual scanning, check-digit verification etc.

Moheuddin Shohag, ACNABIN

Page 28

Information Technology
Input validation routines On-line data entry controls Data processing and storage controls Output controls Invalid or inaccurate data in computer processed transaction files Invalid or inaccurate transaction input entered through on-line terminals Inaccurate or incomplete data in computer processed master files Inaccurate or incomplete computer output. Unauthorized access to data being transmitted or to the system itself; system failures; errors in data transmission Check key data, sequence, field, sign, validity, limit, range, reasonableness, redundant data and capacity check etc. Field, limit, range, reasonableness, sign, validity and redundant data checks; user IDs and password, capability test, automatic system data entry, pre formatting, completeness test etc. Policy and procedures, monitoring and expediting data entry, reconciliation database and account or reports, check data currency, default values, data marching, data security, use labels and write protection mechanism etc. Procedures to ensure that system outputs conform to the organizations integrity objectives, polices, and standards, visual review of computer output, reconciliation of batch totals etc. Monitor network to detect weak points, backup computers, design network to handle peak processing, multiple communication paths between network computers, preventive maintenance, data encryption, routing verification etc.

Data transmission on controls

Q45. What is risk? Write the causes of risk? Ans: A risk is the likelihood that an organization would face a vulnerability being exploited or a threat becoming harmful. These risk lead to a gap between the need to protect systems and the degree of protection applied. The gap is caused by: a) Widespread use of technology b) Interconnectivity of systems c) Elimination of distance, time and space as constraints. d) Unevenness of technological changes e) Devolution of management and control f) Attractiveness of conducting unconventional electronic attacks against organizations g) External factors such as legislative, legal and regulatory requirement or technological developments. Q46. What is threat and vulnerability? Ans: Threat: A threat is and action, event or condition where there is a compromise in the system, its quality and ability to inflict harm to the organization. Vulnerability: Vulnerability is the weakness in the system safeguards that exposes the system to threats. It may be weakness in an information system, cryptographic system (security system) or other components that could be exploited by a threat.

Q47. What kind of threat to the computerized environment may arise? Ans: A few common threats to the computerized environment may be arises:

Moheuddin Shohag, ACNABIN

Page 29

Information Technology
a) Power loss c) Disgruntled employees e) Malicious code g) Natural disasters i) Downtime due to technology failure b) Communication failure d) Errors f) Abuse of access privileges by employee h) Theft or destruction of computing resources j) Fire, etc

Q48. What kind of threat may arise due to cyber crimes? Ans: following threat may be arise due to cyber crimes: a) Embezzlement c) Theft of proprietary information e) Vandalism or sabotage g) Other Q49. What is risk assessment? Why it is necessary? Ans: Risk is a critical step in disaster and business continuity planning. Risk assessment in necessary for developing a well tested contingency plan. Risk assessment is the analysis of threats to resources and the determination of the amount of protection necessary to adequately safeguard the resources. Q50. What are the areas to focus for risk assessment purpose? Ans: The areas to be focused upon are: a) Prioritization c) Assessing their impact on the organization e) Assess Insurance coverage Q51. Explain the risk management process. Ans: The broad process of risk management will be as follows: a) Identify the technology related risks under the range of operational risks. b) Assess the identified risks in terms of probability and exposure. c) Classify the risks as systematic and unsystematic d) Identify various managerial actions that can reduce exposure to systematic risks and the cost of implementing the same e) Look out for technological solutions available to mitigate unsystematic risks. f) Identify the contribution of the technology in reducing the overall risk exposure. g) Evaluate the technology risk premium on the available solutions and compare the same with the possible value of loss from the exposure h) Match the analysis with the management policy on risk appetite and decide on induction of the same. b) Identifying critical applications d) Determination recovery time-frame b) Fraud d) Denial of service f) Computer virus

Q52. Explain the risk management cycle.

Moheuddin Shohag, ACNABIN

Page 30

Information Technology
Ans: It is a process involving the following steps: a) Identifying assets c) Assessing the risks e) Implementing risk management actions b) Vulnerabilities and threats d) Developing a risk management plan f) Re-evaluating the risks

Q53. What are primary functions of risk assessment? Ans: There are three primary functions regarding risk assessment: a) Risk identification b) Risk assessment c) Risk mitigation

Q54. What is business continuity and disaster recovery planning? Ans: Business continuity focuses on maintaining the operations of an organization, especially the IT infrastructure in face of a threat that has materialized. Disaster recovery, on the other hand, arises mostly when business continuity plan fails to maintain operations and there is a service disruption. This plan focuses on restarting the operation using a prioritized list. Q55. What are the areas that business covers? Ans: Business continuity covers the following areas: a) Business resumption planning Q56. Explain business continuity life cycle. Ans: The business continuity life cycle is broken down into four broad and sequential sections: a) Risk assessment c) Recovery plan implementation b) Determination of recovery alternative d) Recovery plan validation b) Disaster recovery planning c) Crisis management

Q57. What are the objectives and goals of business continuity planning? Ans: The key objective of the plan should be to: a) Provide for the safety and well-being of people on the premises at the time of disaster b) Continue critical business operations c) Minimize the duration of a serious disruption to operations and resources d) Minimize immediate damage and losses e) Establish management succession and emergency powers f) Facilitate effective co-ordination of recovery tasks g) Reduce the complexity of the recovery effort h) Identify critical lines of business and supporting functions Q58. What are the phases for developing a business continuity plan? Ans: The methodology for developing a business plan can be sub divided into eight different phases which are given bellow: a) Pre-planning activities (Business continuity plan initiation b) Vulnerability assessment and general definition of requirements c) Business impact analysis d) Detailed definition of requirements

Moheuddin Shohag, ACNABIN

Page 31

Information Technology
e) Plan development f) Testing program g) Maintenance program h) Initial plan testing and plan implementation Q59. What are different types of business plan? Ans: There are various kinds of plan that need to be designed. They include the following: a) Emergency plan c) Recovery plan e) Insurance Q60. What are the IS audit standards? Ans: Information System audit standards provide audit professionals a clear idea of the minimum level of acceptable performance essential to discharge their responsibilities effectively. Some standards are as follows: Year 1994 1996 1998 2000 Standards COSO, CoCo HIPAA BS 7799 COBIT b) Back-up plan d) Disaster recovery plan

Q61. What are the audit objectives of a computer information system environment? Ans: Audit objectives in a computer system environment and elaborates on the following: a) The auditors responsibility in gaining sufficient understanding and assurance on the adequacy of accounting and internal controls. b) The potential impact of auditing in a CIS on the assessment of control and audit risks c) The extent to which the CIS is used for recording, compiling and analyzing accounting information. d) The system of internal controls relating to the authorized, complete, accurate and valid processing and reporting procedures e) The impact of CIS accounting system on the audit trail Q62. What is information security? Why information system security is important? Ans: Security relates to the protection of valuable assets against loss, discloser or damage. Security is most important for information system. Adequate information security helps to ensure the smooth functioning of information systems and protect the organization from loss or embarrassment caused by security failures. Q63. What are information security objectives? Ans: Information security objectives are following: a) Confidentiality Q64. What information are sensitives? Ans: following information is sensitive; a) Strategic plans b) Business operation c) Finances b) Integrit c) Availability

Moheuddin Shohag, ACNABIN

Page 32

Information Technology
Q65. What subject should be considered to establish better information protection? Ans: To establish better information protection considered followings: a) Not all data has the same value c) Develop an access control methodology e) Review hardcopy output Q66. What is ERP? Ans: An Enterprise Resource Planning system is a fully integrated business management system covering functional areas of an enterprise like Logistics, Production, Finance, and Accounting and Human resource. Q67. What are the benefits of ERP? Ans: ERP solutions provide following benefits: a) Integrated financial systems b) Standardized processes c) Real-time information b) Know where the critical data resides d) Protect information stored on media

Q68. What factor should consider implementing ERP system? Ans: Where integration and implementation issues often pop up in these projects includes: a) Corporate culture c) Enterprise communication e) ERP project manager competence g) Project methodology i) Institutional commitment to change Q69. What is SAP? Ans: SAP stands for Systems and Application Products. The SAP system is a collection of software performs standard business functions for corporations. The system has become very popular because it provides a complete solution to standard business. Q70. What is SAP R/3 system? How many layer of the SAP R/3 system architecture? Ans: The SAP R/3 code is written in an interpretive language called ABAP. ABAP is a German acronym that loosely translated means Advance Business Application Programming. ABAP is very similar to COBOL in its syntax. The SAP R/3 system architecture has three layers: a) Presentation layer b) Application layer c) Database layer b) Process change d) Management support f) An ERP team h) Training

Moheuddin Shohag, ACNABIN

Page 33