April
1999 QUESTION 2 Total Marks: 20 Marks |
Click here to access other
questions
Click to access
|
| (a) | Explain the difference between the two classes
of EDP controls, general controls and application controls.
|
[2] |
| (b) | Describe and give an example of each of the
following three kinds of application control for verifying that a batch of transactions
has been correctly processed: control totals, hash totals, record counts.
|
[6] |
| (c) | Give two objectives of a computer audit.
|
[2] |
| (d) | Explain the distinction between auditing
around the computer and auditing through the computer.
|
[2] |
| (e) | For each of the following scenarios, identify whether auditing through the computer is called for, or whether (in the absence of any other complications) auditing around the computer is sufficient. State your reasons. | [6] |
| (i) At the end of every week, a company updates their customer mailing list. New customers are added to the list, customers are removed on request, and notifications of change of address are processed. | ||
| (ii) An airline allows tickets to be purchased over the Internet with a credit card. All processing is electronic, from communicating with the bank to printing the tickets and a mailing label. | ||
| (iii) A large supermarket chain keeps track of
which products customers buy together. For any pair of products x and y, if more than 50%
of the customers who buy x also buy y, then the supermarket tries to place products x and
y together on the shelves.
|
||
| (f) | Give one advantage and one disadvantage of auditing through the computer, as compared with auditing around the computer. | [2] |