Skip to main content

Suggested answers November 2018 - EIS

Novemeber 2018 EIS answers

1(a)

Data Flow Diagrams – Processes are identified to functional departments. Data Flow Diagrams (DFD) show the flow of data or information from one place to another. DFDs describe the processes showing how these processes link together through data stores and how the processes relate to the users and the outside world.

1(b)

Data Analytics is the process of examining data sets to draw conclusions about the information they contain, increasingly with the aid of specialized systems and software. Data analytics technologies and techniques are widely used in commercial industries to enable organizations to make more-informed business decisions and by scientists and researchers to verify or disprove scientific models, theories and hypotheses.

1(c)

Cryptography: It deals with programs for transforming data into cipher text that are meaningless to anyone, who does not possess the authentication to access the respective system resource or file. A cryptographic technique encrypts data (clear text) into cryptograms (cipher text) and its strength depends on the time and cost to decipher the cipher text by a cryptanalyst. Three techniques of cryptography are transposition (permute the order of characters within a set of data), substitution (replace text with a key-text) and product cipher (combination of transposition and substitution).

1(d)

Digital Library: A Digital Library is a special library with a focused collection of digital objects that can include text, visual material, audio material, video material, stored as electronic media formats (as opposed to print, microform, or other media), along with means for organizing, storing, and retrieving the files and media contained in the library collection. Digital libraries can vary immensely in size and scope, and can be maintained by individuals, organizations, or affiliated with established physical library buildings or institutions, or with academic institutions. The digital content may be stored locally, or accessed remotely via computer networks. An electronic library is a type of information retrieval system.

1(e)

A Proxy Server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services. A client connects to the proxy server, and then requests a connection, file, or other resource available on a different server. The proxy provides the resource either by connecting to the specified server or by serving it from a cache. In some cases, the proxy may alter the client’s request or the server’s response for various purposes.

2(a)

ERM provides enhanced capability to do the following:
  1. Align risk appetite and strategy: Risk appetite is the degree of risk, on a broadbased level that an enterprise (any type of entity) is willing to accept in pursuit of its goals. Management considers the entity’s risk appetite first in evaluating strategic alternatives, then in setting objectives aligned with the selected strategy and in developing mechanisms to manage the related risks.
  2. Link growth, risk and return: Entities accept risk as part of value creation and preservation, and they expect return commensurate with the risk. ERM provides an enhanced ability to identify and assess risks, and establish acceptable levels of risk relative to growth and return objectives. w Enhance risk response decisions: ERM provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing and acceptance. ERM provides methodologies and techniques for making these decisions.
  3. Minimize operational surprises and losses: Entities have enhanced capability to identify potential events, assess risk and establish responses, thereby reducing the occurrence of surprises and related costs or losses. w Identify and manage cross-enterprise risks: Every entity faces a myriad of risks affecting different parts of the enterprise. Management needs to not only manage individual risks, but also understand interrelated impacts. 
  4. Provide integrated responses to multiple risks: Business processes carry many inherent risks, and ERM enables integrated solutions for managing the risks. w Seize opportunities: Management considers potential events, rather than just risks, and by considering a full range of events, management gains an understanding of how certain events represent opportunities.
  5. Rationalize capital: More robust information on an entity’s total risk allows management to more effectively assess overall capital needs and improve capital allocation

2(b)

Pro and Cons of having single software in both accounting and tax

3(a)

Advantages of Web Apps:
  1. A Better User Experience – With responsive design, it’s a lot easier and cheaper to make a web based system user friendly across multiple platforms and various screen sizes
  2. Flexible Access – Employees can work from anywhere with internet access.
  3. Client Secure Login – Impress clients with a modern web portal and improve customer service with automated processes.
  4. Easy Setup – It takes a couple of minutes to setup a new user; provide a URL, username and password and they’re away.
  5. Always Up To Date – As everyone is accessing the same version of the web app via a URL, they will always be accessing the most up-to-date version of the software.
  6. Storage Increase – With the availability of the cloud, storage space is virtually infinite.
Disadvantages Of Web Apps:
  1. Internet reliance – Whilst 4G & Wi-Fi internet access is available in many locations, if you happen to lose connection you will not be able to access your web app.
  2. Security – Whilst many business people may believe that data is less secure in a cloud environment, we beg to differ… There are ways in which you can reduce risk of a data breach, such as SSL enforcement for a secure HTTPS access to your app.
  3. Reduced Speed – It’s likely that a web app will operate at a slightly slower speed than one hosted on a server locally.
  4. Browser Support – Unfortunately, we don’t all use the same browser. This means during development you’ll need to ensure your app is supported across a variety of browsers.

3(b)

Asynchronous Attacks They occur in many environments where data can be moved asynchronously across telecommunication lines. Data that is waiting to be transmitted are liable to unauthorized access called Asynchronous Attack. These attacks are hard to detect because they are usually very small pin like insertions.
  1. Data Leakage - This involves leaking information out of the computer by means of dumping files to paper or stealing computer reports and tape.
  2. Subversive Attacks - These can provide intruders with important information about messages being transmitted and the intruder may attempt to violate the integrity of some components in the sub-system
  3. Wire-tapping - This involves spying on information being transmitted over communication network
  4. Piggybacking - This is the act of following an authorized person through a secured door or electronically attaching to an authorized t e l e c o m m u n i c a t i o n link that intercepts and alters transmissions. This involves intercepting communication between the operating system and the user and modifying them or substituting new messages. 

4(a)

  1. UPI Apps: Unified Payment Interface (UPI) and retail payment banks are changing the very face of banking in terms of moving most of banking to digital platforms using mobiles and apps. UPI is a system that powers multiple bank accounts (of participating banks), several banking services features like fund transfer, and merchant payments in a single mobile application. UPI or unified payment interface is a payment mode which is used to make fund transfers through the mobile apps
  2. Immediate Payment Service (IMPS): It is an instant interbank electronic fund transfer service through mobile phones. It is also being extended through other channels such as ATM, Internet Banking, etc.
  3. Mobile Apps: BHIM (Bharat Interface for Money) is a Mobile App developed by National Payments Corporation of India (NPCI) based on UPI (Unified Payment Interface). It facilitates e-payments directly through banks and supports all Indian banks which use that platform. It is built on the Immediate Payment Service infrastructure and allows the user to instantly transfer money between the bank accounts of any two parties. BHIM works on all mobile devices and enables users to send or receive money to other UPI payment addresses by scanning QR code or using account number with Indian Financial Systems Code (IFSC) code or MMID (Mobile Money Identifier) Code for users who do not have a UPI-based bank account.
  4. Mobile Wallets: It is defined as virtual wallets that stores payment card information on a mobile device. Mobile Wallets provide a convenient way for a user to make-in-store payments and can be used that merchants listed with the mobile wallet service providers. There are mobile wallets like PayTm, Freecharge, Buddy, Mobikwik etc. Some of these are owned by banks and some are owned by private companies.
  5. Aadhar Enabled Payment Service(AEPS): Government of India, is planning to launch this in near future. AEPS is an Aadhaar based digital payment mode. Customer needs only his or her Aadhaar number to pay to any merchant. AEPS allows bank to bank transactions. It means the money you pay will be deducted from your account and credited to the payee’s account directly. Customers will need to link their AADHAR numbers to their bank accounts. APES once launched can be used at POS terminals also. 
  6. Unstructure Supplementary Service Data(USSD): A revolutionary idea, where to make payments through mobiles there is neither need for internet nor any smart phone. USSD banking or *99# Banking is a mobile banking based digital payment mode. User does not need to have a smartphone or internet connection to use USSD banking. S/he can easily use it with any normal feature phone. USSD banking is as easy as checking of mobile balance. S/he can use this service for many financial and non-financial operations such as checking balance, sending money, changing Mobile Banking Personal Identification number (MPIN) and getting Mobile Money Identifier (MMID).  

4(b)

Some key aspects in-built into architecture of a CBS are as follows:
  1. Information flow: Facilitates information flow within the bank and improves the speed and accuracy of decision-making. It deploys systems that streamline integration and unite corporate information to create a comprehensive analytical infrastructure.
  2. Customer centric: Through a holistic core banking architecture, enables banks to target customers with the right offers at the right time with the right channel to increase profitability. 
  3. Regulatory compliance: Compliance in case of banks is complex and expensive. CBS has built-in and regularly updated regulatory platform which will ensure compliance. 
  4. Resource optimization: Optimizes utilization of information and resources of banks and lowers costs through improved asset reusability, faster turnaround times, faster processing and increased accuracy

5(a)

Sample list
  1. Significant information resources may be modified inappropriately, disclosed without authorization, and/ or unavailable when needed. (e.g., they may be deleted without authorization).
  2. Lack of management direction and commitment to protect information assets.
  3. Potential Loss of confidentiality, availability and integrity of data and system
  4. User accountability isnot established.
  5. It is easier for unauthorized users to guess the password of an authorized user and access the system and/ or data. This may result in loss of confidentiality, availability and integrity of data and system.
  6. Unauthorized viewing, modification or copying of data and/ or unauthorized use, modification or denial of service in the system.
  7. Security breaches may go undetected
  8. Potential loss of confidentiality, availability and integrity of data and system.
  9. Inadequate preventive measure for key server and IT system in case of environmental threat like heat, humidity, fire, flood etc.
  10. Unauthorized system or data access, loss and modification due to virus, worms and Trojans. 

5(b)

Application Areas of Virtualization
  • Server Consolidation: Virtual machines are used to consolidate many physical servers into fewer servers, which in turn host virtual machines. Each physical server is reflected as a virtual machine “guest” residing on a virtual machine host system. This is also known as “Physical-to-Virtual” or ‘P2V’ transformation.
  • Disaster Recovery: Virtual machines can be used as “hot standby” environments for physical production servers. This changes the classical “backup-andrestore” philosophy, by providing backup images that can “boot” into live virtual machines, capable of taking over workload for a production server experiencing an outage. 
  • Testing and Training: Virtualization can give root access to a virtual machine. This can be very useful such as in kernel development and operating system courses. 
  • Portable Applications: Portable applications are needed when running an application from a removable drive, without installing it on the system’s main disk drive. Virtualization can be used to encapsulate the application with a redirection layer that stores temporary files, windows registry entries and other state information in the application’s installation directory and not within the system’s permanent file system. 
  • Portable Workspaces: Recent technologies have used virtualization to create portable workspaces on devices like iPods and USB memory sticks.   

6(a)

Protecting operating system access is extremely crucial and can be achieved using following steps.

  1. Automated terminal identification: This will help to ensure that a specified session could only be initiated from a certain location or computer terminal.
  2. Terminal log-in procedures: A log-in procedure is the first line of defense against unauthorized access as it does not provide unnecessary help or information, which could be misused by an intruder. When the user initiates the log-on process by entering user-id and password, the system compares the ID and password to a database of valid users and accordingly authorizes the log-in.
  3. Access Token: If the log on attempt is successful, the Operating System creates an access token that contains key information about the user including user-id, password, user group and privileges granted to the user. The information in the access token is used to approve all actions attempted by the user during the session. 
  4. Access Control List: This list contains information that defines the access privileges for all valid users of the resource. When a user attempts to access a resource, the system compasses his or her user-id and privileges contained in the access token with those contained in the access control list. If there is a match, the user is granted access. 
  5. Discretionary Access Control: The system administrator usually determines; who is granted access to specific resources and maintains the access control list. However, in distributed systems, resources may be controlled by the end-user. Resource owners in this setting may be granted discretionary access control, which allows them to grant access privileges to other users. For example, the controller who is owner of the general ledger grants read only privilege to the budgeting department while accounts payable manager is granted both read and write permission to the ledger
  6. User identification and authentication: The users must be identified and authenticated in a foolproof manner. Depending on risk assessment, more stringent methods like Biometric Authentication or Cryptographic means like Digital Certificates should be employed.
  7. Duress alarm to safeguard users: If users are forced to execute some instruction under threat, the system should provide a means to alert the authorities.
  8. Terminal time out: Log out the user if the terminal is inactive for a defined period. This will prevent misuse in absence of the legitimate user. w Limitation of connection time: Define the available time slot. Do not allow any transaction beyond this time. For example, no computer access after 8.00 p.m. and before 8.00 a.m. - or on a Saturday or Sunday.  

Comments

Post a Comment

Popular posts from this blog

All MCQs CA Course - May 2019 Paper with Changed pattern

Hello everyone, following are various Multiple choice questions from different subjects. I Hope you will like it Happy reading Section Z - ISCA MCQ and Important One Words Paper 6: Information Systems Control and Audit (Old Course) Official ICAI MCQ 1. Arrange in chronological order of their assessment. a. Risk b. Threat c. Vulnerability d. Impact (a) a,b,c,d (b) c,b,a,d (c) d,c,b,a (d) c,b,d,a 2. Complete the sentence. "_______ " is not a RISK management strategy. (a) Define (b) Eliminate (c) Share (d) Mitigate 3. COBIT 5 principles include all except, (a) Meeting Stakeholder Needs (b) Covering Enterprise End To End (c) Separating Governance From Management (d) Enabling Better Controls 4. Creating a Governance, Risk and Compliance (GRC) framework is responsibility of ____________. (a) Management (b) Auditors (c) Board of Directors (BoD) (d) Auditor and BoD 5. Best definition to define a HUMAN being in terms of System. (a) Physical, Prob
2 comments
Read more

Suggested answers November 2018 - Advance accounting Old Course IPCC

November 2018 Following are answers, a care is taken to answer them correctly, however, if any mistakes are identified by you, kindly share with me, I would love to hear them and will incorporate changes accordingly. Question Covered in post 1(a), 1(b), 1(c), 1(d), 2, 3(a),  3(b), 4, 5(a), 5(b),  6(b), 7(a), 7(b), 7(c),  7(d), 7(e) Question Pending 6(a) 1(a) (i) Annual lease rent = Rs. 32,500 (ii) Income = 26,000, 32,500, 39,000 (iii) Depreciation = Rs. 20,000, Rs. 25,000, Rs. 30,000 1(b) (i) Prior period Item adjustment Prior Period A/c Dr. To Salary Payable Salary payable A/c Dr To Cash Prior period item shall be disclosed separately (ii) Wages with retrospective effect It is not taken as error or omission in the preparation of Financial statements and hence this is not a prior period item, additional liability of Rs. 75,000 shall be included in current year Salary 1(c) (i) Present obligation as a result of a past obligating ev
28 comments
Read more

Similarities between Delhi and Sikkim

 Delhi and Sikkim are although very different in terms of culture, tradition and food however both have some similarities. The first similarity is the area, both Delhi and Sikkim are small where as Sikkim ranks twenty seventh in terms of covered area and similarly Delhi ranks thirty first in terms of covered area. There is high literacy rate in Delhi and Sikkim, Delhi literacy rate is 86.21% and Sikkim's literacy rate is 82.6% which is also thirteenth in rank. Delhi and Sikkim have high human development index, Delhi ranks Fifth with 0.746 HDI and Sikkim ranks tenth with 0.716 HDI. Both Delhi and Sikkim comes in Northern portion of India and shares almost same latitude. Both Delhi and Sikkim are great heritage of culture and language hub.
Post a Comment
Read more