system audit is the course

1. a. Your organization has recently developed criteria for a risk management program. One goal o- the program is to determine the adequacy and effectiveness of the company IT insurance coverage. Describe how an effective risk management program can enable a more cost-effective use of IT insurance. [10 Marks) b. Explain why help desk support is critical to system implementations? [5 Marks) c. In what way does COBIT help in the alignment of business and IT objectives? [5 Marks) 2. a. Many IT experts have argued about having IT auditors during the system implementation phase. Argue from the point of view of the benefits for having an IT auditor as part of the system implementation team [10 Marks] b. Describe the different test events and what aspects of the system are covered during each event. [5 Marks) c. Explain in brief what is COBIT [5 Marks) 3. UPSA Technologies is a leading company in the IT sector. Its most of the business processes are automated. The company is relying on Information Technology for information and transaction processing. The growth of E-commerce supported by the growth of the Internet has completely revolutionized and reengineered business processes. The company's new business models and new methods presume that the information required by the business managers is available all the time; it is accurate, it is reliable and no unauthorized disclosure of the same is made. Further, it is also presumed that the virtual business organization is up and running all the time on 24x7 basis. However, in reality, the technology-enabled and technology-dependent organizations are more vulnerable to security threats than ever before. Read the above carefully and answer the following: (a) Discuss the security objective of the organization. [5 Marks) (b) There are certain basic ground rules that must be addressed sequentially, prior to knowing the details of how to protect the information systems'. Explain those rules in brief. [10 Marks) (c)Describe various groups of management comnrimad hu nagusitu walimu Senil 4. UPSA Level 400 Technologies Ltd. is in the development of application software for various domains. For the development purposes, the company is committed to follow the best practices suggested by SDLC, SDLC provides the guidelines in terms of a sequence of activities. It consists of a set of steps and phases in which each phase of the SDLC uses the results of the previous one. The SDLC is document driven which means that at crucial stages during the process, documentation is produced. A phase of the SDLC is not complete until the appropriate documentation or artefacts is produced. These are sometimes referred to as deliverables. A deliverable may be a substantial written document, a software artefact, a system test plan or even a physical object such as a new piece of technology that has been ordered and delivered. This feature of the SDLC is critical to the successful management of an IS project. Read the above carefully and answer the following: (a) There are various advantages by following SDLC, but there are some shortcomings also. Explain those shortcomings. [10 Marks] (b) Feasibility study is a key activity in the SDLC. What are the issues which are typically considered in the Feasibility Study? [10 Marks)