

 Navigate Content

Enterprise Information Systems and Strategic Management
Automated Business Processes | Mock Test Papers | May 2022

Question 1

In any Information System; various controls are implemented to prevent, detect, and facilitate the correction of several risks. Describe various
levels at which implementation of these controls are required to be examined in computer system.               (6 Marks March ’22)

Answer 1

In computer systems, controls should be checked at three levels namely Configuration, Masters, and Transaction level. These are discussed below:

i. Configuration: Configuration refers to the way a software system is set up. Configuration is the methodical process of defining options that
are provided. When any software is installed, values for various parameters should be set up (configured) as per policies and business
process work-flow and business process rules of the enterprise. The various modules of the enterprise such as Purchase, Sales, Inventory,
Finance, User Access etc. must be configured. Configuration will define how software will function and what menu options are displayed.
Some examples of configuration are Mapping of accounts to front end transactions like purchase and sales, User activation and
deactivation, User Access and privileges - Configuration and its management and Password Management.

i. Masters: Masters refer to the way various parameters are set up for all modules of software, like Purchase, Sales, Inventory, and Finance
etc. These drive how the software will process relevant transactions. The masters are set up first time during installation and these are
changed whenever the business process rules or parameters are changed. Examples are Vendor Master, Customer Master, Material
Master, Accounts Master, Employee Master etc. Any changes to these data have to be authorized by appropriate personnel and these are
logged and captured in exception reports. The way masters are set up will drive the way software will process transactions of that type.
For example - The Customer Master will have the credit limit of the customer. When an invoice is raised, the system will check against the
approved credit limit and if the amount invoiced is within the credit limit, the invoice will be created, if not the invoice will be put on “credit
hold” till proper approvals are obtained.
ii. Transactions: Transactions refer to the actual transactions entered through menus and functions in the application software, through which
all transactions for specific modules are initiated, authorized, or approved. For example - Sales transactions, Purchase transactions, Stock
transfer transactions, Journal entries and Payment transactions. Implementation or review of specific business process can be done from
risk or control perspective. In case of risk perspective, we need to consider each of the key sub-processes or activities performed in a
business process and look at existing and related control objectives and existing controls and the residual risks after application of
controls. The residual risk should be knowingly accepted by the management.

2.

iii.

iv. Choose the correct value of S.

(a)      100

(b)      200

(c)      300

(d)      0  (1 Mark March ’22)

Question 2

Below are some definitions related to automated environment in an organization.

i. Extent of loss an enterprise has to face when a risk materializes.

 ii. An action, device, procedure, technique, or other measure to reduce the weakness of a system.

 Navigate Content
 iii. Estimation of the probability that the threats will succeed in achieving an undesirable event.
iv. Events that may result in significant deviation from a planned object resulting in negative consequence.

The terms for above definitions are as follows:

I. Likelihood
II. Risk
III. Exposure
IV. Countermeasure

Choose the correct match of terms and its definition related to automated environment in an organization:

(a)     (i) – (II), (ii) – (IV), (iii) – (III), (iv) – (I)

(b)     (i) – (IV), (ii) – (II), (iii) – (II), (iv) – (I)

(c)     (i) – (III), (ii) – (IV), (iii) – (I), (iv) – (II)

(d)     (i) – (I), (ii) – (II), (iii) – (III), (iv) – (IV)  (1 Mark April 22)

Answer 2 : (c)      (i) – (III), (ii) – (IV), (iii) – (I), (iv) – (II)

Question 3

Describe the Section 66F of IT Act, 2000 related to punishment for cyber terrorism.   (4 Marks April 22)

Answer 3

The description of Section 66F of IT Act, 2000 related to Punishment for cyber terrorism is:

1. Whoever -
A. with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by
–
i. denying or cause the denial of access to any person authorized to access computer resource; or
ii. attempting to penetrate or access a computer resource without authorization or exceeding authorized access; or
iii. introducing or causing to introduce any computer contaminant,

and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing
that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information
infrastructure specified under section 70; or

B. knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by
means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State
or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or
computer

database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State,
friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to
the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

2. Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for
life.

Question 4

Internal Control System, no matter how effective, can provide an entity with only reasonable assurance and not absolute assurance about
achieving an entity’s objectives due to certain limitations. Discuss those limitations.                 (6 Marks April 22)

Answer 4

The limitations of Internal Control System are as follows:

Management’s consideration that the cost of an internal control does not exceed the expected benefits to be derived.
 The fact that most internal controls do not tend to be directed at transactions of unusual nature, the reasonable potential for human error

 such as –Content
Navigate
 due to carelessness, distraction, mistakes of judgment and misunderstanding of instructions.
The possibility of circumvention of internal controls through collusion with employees or with parties outside the entity.
The possibility that a person responsible for exercising an internal control could abuse that responsibility, for example, a member of
management overriding an internal control.
Manipulations by management with respect to transactions or estimates and judgments required in the preparation of financial statements.

Previous Page Next Page



 Navigate Content


 Navigate Content
