BY : VINIT MISHRA SIR

ALL INDIA RANK - 04 4

ARUL KUMAR
(STUDENT OF TOP-20)

10 ALL INDIA RANK -10

MEGHANA SAWAKAR
(STUDENT OF TOP-20)
 INDEX

S.NO. CHAPTER NAME PAGE NO.

1. AUTOMATED BUSINESS PROCESS 1–9

2. FINANCIAL & ACCOUNTING SYSTEM 10 – 14

3. INFORMATION SYSTEMS & ITS COMPONENTS 15 – 25

4. E-COMMERCE, M-COMMERCE & EMERGING TECHNOLOGIES 26 – 36

5. CORE BANKING SYSTEMS 37 – 48

 CH. 1 : AUTOMATED BUSINESS PROCESS

QUESTIONS AND ANSWERS

Q.1: The Goods and Service Tax (GST) rate in India for various goods and services is divided
broadly under 4 categories, draw a flowchart to compute Goods and Service Tax for the
goods manufactured as per table below. [Jan 2021 (6 Marks)]

Category (K) Rate

A 5%
B 12%
C 18%
D 28%

ANSWER:
Abbreviations used in flowchart are as follows:
K: category for various goods and services
PA, PB, PC, PD: Price of goods manufactured under categories A, B, C and D respectively.
Tax: Goods and Services tax
This flowchart is based on the assumption that the Price value (PA, PB, PC, PD) may vary depending upon
the category of Goods manufactured (A, B, C and D) respectively.

1
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Alternate Presentation
This flowchart is based on the assumption that the Price value V is same for all the Goods manufactured
(A, B, C and D) irrespective of their category.
Abbreviations used in flowchart are as follows:
K: Category for various goods and services
V: Price of goods manufactured.
GST: Goods and Services tax

2
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Q.2: Using the automation technique in modem era of business, the business gets well
developed with a great customer satisfaction of its services and products in which the
customer-oriented supply chain plays a major role. List down the name of all the benefits of
Automating Business processes by explaining any four benefits. [Jan 21 (6 Marks)]

ANSWER:
The benefits of automating Business Processes are as follows:
 Quality and Consistency
 Time Saving
 Visibility
 Improved Operational Efficiency
 Governance and Reliability
 Reduced Turnaround Times
 Reduced Costs
These benefits are explained below:
 Quality and Consistency: Ensures that every action is performed identically - resulting in high
quality, reliable results and stakeholders will consistently experience the same level of service.

3
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Time Saving: Automation reduces the number of tasks employees would otherwise need to do
manually. It frees up time to work on items that add genuine value to the business, allowing
innovation and increasing employees’ levels of motivation.
 Visibility: Automated processes are controlled and they consistently operate accurately within the
defined timeline. It gives visibility of the process status to the organization.
 Improved Operational Efficiency: Automation reduces the time it takes to achieve a task, the
effort required to undertake it and the cost of completing it successfully. Automation not only
ensures systems run smoothly and efficiently, but that errors are eliminated and that best practices
are constantly leveraged.
 Governance and Reliability: The consistency of automated processes means stakeholders can
rely on business processes to operate and offer reliable processes to customers, maintaining a
competitive advantage.
 Reduced Turnaround Times: Eliminate unnecessary tasks and realign process steps to optimize
the flow of information throughout production, service, billing and collection. This adjustment of
processes distils operational performance and reduces the turnaround times for both staff and
external customers.
 Reduced Costs: Manual tasks, given that they are performed one-at-a-time and at a slower rate
than an automated task, will cost more. Automation allows us to accomplish more by utilizing
fewer resources.

Q.3: Though Business Process Automation (BPA) provides many advantages to diverse
businesses in various forms, however, every business is not suitable for automation. Each
business needs a valid reason before it goes for automation. Discuss some examples of
business processes that are best suited to automation. [RTP May 21]

ANSWER:
The examples of business processes that are best suited to automation are as follows:
 Processes involving high-volume of tasks or repetitive tasks: Many business processes such
as making purchase orders involve high-volume of repetitive tasks. Automating these processes
results in cost and work effort reductions.
 Processes requiring multiple people to execute tasks: A business process which requires
multiple people to execute tasks often results in waiting time that can lead to increase in costs.
E.g. help desk services. Automating these processes results in reduction of waiting time and in
costs.
 Time-sensitive processes: Business process automation results in streamlined processes and
faster turnaround times. The streamlined processes eliminate wasteful activities and focus on
enhancing tasks that add value. Time-sensitive processes are best suited to automation. For
example - online banking system, railway/aircraft operating and control systems etc.
 Processes involving need for compliance and audit trail: With business process automation,
every detail of a particular process is recorded. These details can be used to demonstrate
compliance during audits. For example- invoice issue to vendors.

4
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Processes having significant impact on other processes and systems: Some processes are
cross-functional and have significant impact on other processes and systems. In cross functional
processes, different departments within the same company work hand in hand to achieve a
common goal, e.g., the marketing department may work with sales department. Automating
these processes results in sharing information resources and improving the efficiency and
effectiveness of business processes.

Q.4: Every business faces all kinds of risks that may cause serious loss or even bankruptcy.
In purview of this statement, state various types of business risks related to business.
[RTP May 21]

ANSWER:
Various types of business risks related to business are as follows:
 Strategic Risks: These are the risks that would prevent an organization from accomplishing its
objectives (meeting its goals). Examples include risks related to strategy, political, economic
relationship issues with suppliers and global market conditions; also, could include reputation risk,
leadership risk, brand risk, and changing customer needs.
 Financial Risks: Financial risks are those risks that could result in a negative financial impact to
the organization (waste or loss of assets). Examples include risks from volatility in foreign
currencies, interest rates, and commodities; credit risk, liquidity risk, and market risk.
 Regulatory (Compliance) Risks: This includes risks that could expose the organization to fines
and penalties from a regulatory agency due to non-compliance with laws and regulations.
Examples include Violation of laws or regulations governing areas such as environmental,
employee health and safety, lack of due diligence, protection of personal data in accordance with
global data protection requirements and local tax or statutory laws. New and emerging
regulations can have a wide-ranging impact on management’s strategic direction, business model
and compliance system. It is, therefore, important to consider regulatory requirements while
evaluating business risks.
 Operational Risks: Operational risks include those risks that could prevent the organization
from operating in the most effective and efficient manner or be disruptive to other operations
due to inefficiencies or breakdown in internal processes, people and systems. Examples include
risk of loss resulting from inadequate or failed internal processes, fraud or any criminal activity by
an employee, business continuity, channel effectiveness, customer satisfaction and product/service
failure, efficiency, capacity, and change integration.
 Hazard Risks: Hazard risks include risks that are insurable, such as natural disasters; various
insurable liabilities; impairment of physical assets; terrorism etc.
 Residual Risks: This includes any risk remaining even after the counter measures are analyzed
and implemented. An organization’s management of risk should consider these two areas:
Acceptance of residual risk and Selection of safeguards. Even when safeguards are applied, there
is probably going to be some residual risk. The risk can be minimized, but it can seldom be
eliminated. Residual risk must be kept at a minimal, acceptable level. As long as it is kept at an
acceptable level, (i.e. the likelihood of the event occurring or the severity of the consequence is
sufficiently reduced) the risk can be managed.

5
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Q.5: Though Business Process Automation (BPA) provides many benefits to companies
which tend to automate their business processes, however automation of the business
processes is susceptible to many challenges. Discuss these challenges.
[MTP March 21 (4 Marks)]

The automation of the business processes is susceptible to challenges, which are as follows:
 Automating Redundant Processes: Sometimes organizations start off an automation project
by automating the processes they find suitable for automation without considering whether such
processes are necessary and create value. In other cases, some business processes and tasks require
high amount of tacit knowledge (that cannot be documented and transferred from one person to
another) and therefore seek employees to use their personal judgment. These processes are
generally not good candidates for automation as these processes are hard to encode and automate.
 Defining Complex Processes: BPA requires reengineering of some business processes that
requires significant amount of time to be allocated and spent at this stage. This requires a detailed
understanding of the underlying business processes to develop an automated process.
 Staff Resistance: In most cases, human factor issues are the main obstacle to the acceptance of
automated processes. Staff may see process automation as a way of reducing their decision-making
power. This is due to the reason that with automated processes, the management has a greater
visibility of the process and can make decisions that used to be made by the staff earlier. Moreover,
the staff may perceive automated processes as threat to their jobs.
 Implementation Cost: The implementation of automated processes may be an expensive
proposition in terms of acquisition/development cost of automated systems and special skills
required to operate and maintain these systems.

Q.6: Mr. Amar is the chief IT manager of a company who designed a new advisory for all
employees mentioning the various cyber-crimes which may attract prosecution as per
penalties and offences prescribed in Information Technology Act, 2000. Describe the
various cybercrimes that Mr. Amar could have incorporated in his advisory.
[MTP March 21 (6 Marks)]

ANSWER:
The various cyber-crime scenarios which can attract prosecution as per the penalties and offences
prescribed in Information Technology Act, 2000 that Mr. Amar could have incorporated in his
advisory are as follows.
 Harassment via fake public profile on social networking site: A fake profile of a person is
created on a social networking site with the correct address, residential information or contact
details but he/she is labelled as ‘prostitute’ or a person of ‘loose character’. This leads to
harassment of the victim. Section 67 of the IT Act, 2000 is applicable here.
 Email Account Hacking: If victim’s email account is hacked and obscene emails are sent to
people in victim’s address book. Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act, 2000 are
applicable in this case.

6
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Credit Card Fraud: Unsuspecting victims would use infected computers to make online
transactions. Sections 43, 66, 66C, 66D of IT Act, 2000 are applicable in this case.
 Web Defacement: The homepage of a website is replaced with a pornographic or defamatory
page. Government sites generally face the wrath of hackers on symbolic days. Sections 43 and 66
of IT Act and Sections 66F and 67 of IT Act, 2000 also apply in some cases.
 Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, and Bugs: All these are some
sort of malicious programs which are used to destroy or gain access to some electronic
information. Sections 43 and 66 of IT Act, 2000 are applicable in this case.
 Cyber Terrorism: Cyber terrorism is the terrorism conducted in cyberspace, where the criminals
attempt to damage or disrupt computer systems or telecommunication services. Examples are
hacking into computer systems, introducing viruses to vulnerable networks, web site defacing,
denial-of-service attacks, or terroristic threats made via electronic communication. Many terrorists
use virtual (Drive, FTP sites) and physical storage media (USB’s, hard drives) for hiding
information and records of their illicit business. Sections 43, 66, 66A of IT Act, 2000 are applicable
in this case.
 Online sale of illegal Articles: Where sale of narcotics, drugs, weapons and wildlife is facilitated
by the Internet.
 Cyber Pornography: Among the largest businesses on Internet, pornography may not be illegal
in many countries, but child pornography is. Sections 67, 67A and 67B of the IT Act, 2000 are
applicable in this case.
 Phishing and Email Scams: Phishing involves fraudulently acquiring sensitive information
through masquerading oneself as a trusted entity (e.g. usernames, Passwords, credit card
information). Sections 66, 66C and 66D of IT Act, 2000 are applicable in this case.
 Theft of Confidential Information: Many business organizations store their confidential
information in computer systems. This information is targeted by rivals, criminals and disgruntled
employees. Sections 43, 66 and 66B of IT Act, 2000 are applicable in this case.
 Source Code Theft: A Source code generally is the most coveted and important “crown jewel”
asset of a company. Sections 43, 65, 66 and 66B of IT Act, 2000 are applicable in this case.

Q.7: Determine all the sub processes that are included under an Order to Cash Process.
[MTP April 21 (4 Marks)]

ANSWER:
The different sub processes involved in the process Order to Cash Cycle are as follows:
(i) Sales and Marketing (SM)
 Advertises and markets the company’s products and books sales orders from customers.
(i) Order Fulfilment
 Receives orders from SM.
 Checks inventory to establish availability of the product. If the product is available in stock,
transportation is arranged and the product is sent to the customer.

7
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(ii) Manufacturing
 If the product is not available in stock, this information is sent to the manufacturing
department so that the product is manufactured and subsequently sent to the customer.
(iii) Receivables
 The invoice is created, sent to the customer, payment received and the invoice closed.
 Under each sub process, there could be many activities. For example:
o Main Process - Order Fulfilment
o Sub Process –Receive Orders
o Other Activities –Check correctness and validity of information in order, enter order
in computer system, check credit worthiness of customer, check credit limit, obtain
approval for any discrepancy etc.

Q.8: In the present age of Information Technology, Business Process Automation (BPA) is
the key technology-enabled automation of activities or services. As an Information
Technology consultant, you are requested to suggest any three examples of business
processes that are best suited to automation and also discuss any three challenges involved
in Business Process Automation. [July 21 (6 Marks)]

ANSWER:
Few examples of processes that are best suited to automation are as follows:
 Processes involving high-volume of tasks or repetitive tasks: Many business processes such
as making purchase orders involve high-volume repetitive tasks. Automating these processes results
in cost and work-effort reductions.
 Processes requiring multiple people to execute tasks: A business process which requires
multiple people to execute tasks often results in waiting time that can lead to increase in costs. For
example – Help desk services. Automating these processes result in reduction of waiting time and
in costs.
 Time-sensitive processes: Business process automation results in streamlined processes and
faster turnaround times. The streamlined processes eliminate wasteful activities and focus on
enhancing tasks that add value. Time-sensitive processes are best suited to automation. For
example - Online banking system, Railway/aircraft operating and control systems etc.
 Processes involving need for compliance and audit trail: With business process automation,
every detail of a particular process is recorded. These details can be used to demonstrate
compliance during audits. For example- Invoice issue to vendors.
 Processes having significant impact on other processes and systems: Some processes are
cross-functional and have significant impact on other processes and systems. In cross functional
processes, different departments within the same company work hand in hand to achieve a
common goal, e.g., the marketing department may work with sales department. Automating these
processes results in sharing information resources and improving the efficiency and effectiveness
of business processes.

8
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Automated business processes are susceptible to many challenges, some of them are given below:
 Automating Redundant Processes: Sometimes organizations start off an automation project
by automating the processes they find suitable for automation without considering whether such
processes are necessary and create value or not. In other cases, some business processes and tasks
require high amount of tacit knowledge that cannot be documented and transferred from one
person to another and therefore seek employees to use their personal judgement. These processes
are generally not good candidates for automation as these processes are hard to encode and
automate.
 Defining Complex Processes: Business Process Automation (BPA) requires reengineering of
some business processes that requires significant amount of time to be allocated and spent at this
stage. This requires a detailed understanding of the underlying business processes to develop an
automated process.
 Staff Resistance: In most cases, human factor issues are the main obstacle to the acceptance of
automated processes. Staff may see process automation as a way of reducing their decision-making
power. This is due to the reason that with automated processes, the management has a greater
visibility of the process and can make decisions that used to be made by the staff earlier. Moreover,
the staff may perceive automated processes as threat to their jobs.
 Implementation Cost: The implementation of automated processes may be an expensive
proposition in terms of acquisition/development cost of automated systems and special skills
required to operate and maintain these systems.

MCQ: Which of the following term related to Risk refers to an action, device, procedure,
technique or other measure that reduces the vulnerability of a component or system in an
organization.
(a) Residual Risk
(b) Risk Management
(c) Threat
(d) Counter Measure [MTP April 21]

ANSWER: (d)

9
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
CH. 2 : FINANCIAL AND ACCOUNTING SYSTEMS

QUESTIONS AND ANSWERS

Q.1: ABC Ltd. is planning to implement some modules of Enterprise Resource Planning (ERP)
system to manage different aspects related to its various business processes. Determine in
specific various Sales and Distribution activities that enterprise may get support from ERP
framework. [RTP May 21]

ANSWER:
Various sales and distribution activities that may get support from ERP framework are as
follows:
 Pre-Sales Activities: Include prospecting of customers, identifying prospective customers,
gathering data, contacting them and fixing appointments, showing demo, discussion, submission
of quotations, etc.
 Sales Order: Sales order is recorded in our books after getting a confirmed purchased order from
our customer. Sales order shall contain details just like purchase order. E.g. Stock Item Details,
Quantity, Rate, Due Date of Delivery, Place of Delivery, etc.
 Inventory Sourcing: It includes making arrangements before delivery of goods; ensuring goods
are ready and available for delivery.
 Material Delivery: Material is delivered to the customer as per sales order. All inventory details
are copied from Sales Order to Material Delivery for saving user’s time and efforts. This transaction
shall have a linking with Sales Order. Stock balance shall be reduced on recording of this
transaction.
 Billing: This is a transaction of raising an invoice against the delivery of material to customer. This
transaction shall have a linking with Material Delivery and all the details shall be copied from it.
Stock balance shall not affect again.
 Receipt from Customer / Payment: This is a transaction of receiving amount from customer
against sales invoice and shall have a linking with sales invoice.

Q.2: Mr. Rajesh, a manager of a medium-sized company’s customer service department,

uses MIS reporting tool to obtain the reports that help him evaluating company’s businesses’
daily activities or problems that arise, making decisions and tracking progress. Elaborate
the criterions that the information generated through MIS tool meet so that it is useful to Mr.
Rajesh in discharging his role. [RTP May 21 & MTP April 21 (4 Marks)]

ANSWER:
To make the information most useful, Mr. Rajesh needs to ensure that it meets the following
criteria:
 Relevant - MIS reports need to be specific to the business area they address. This is important
because a report that includes unnecessary information might be ignored.

10
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Timely - Managers need to know what’s happening now or in the recent past to make decisions
about the future. Be careful not to include information that is old. An example of timely
information for your report might be customer phone calls and emails going back 12 months from
the current date.
 Accurate - It’s critical that numbers add up and that dates and times are correct. Managers and
others who rely on MIS reports can’t make sound decisions with information that is wrong.
Financial information is often required to be accurate to the dollar. In other cases, it may be OK
to round off numbers.
 Structured - Information in an MIS report can be complicated. Making that information easy to
follow helps management understand what the report is saying. Try to break long passages of
information into more readable blocks or chunks and give these chunks meaningful headings.

Q.3: Identify the disadvantages of Data Base Management System. [MTP March 21 (2 Marks)]

ANSWER:
The disadvantages of Database Management System are as follows:
 Cost: Implementing a DBMS in terms of both system and user-training can be expensive and time-
consuming, especially in large enterprises. Training requirements alone can be quite costly.
 Security: Even with safeguards in place, it may be possible for some unauthorized users to access
the database. If one gets access to database, then it could be an all or nothing proposition.

Q.4: ERP system integrates all business components and updates the data between related
business functions. However, its implementation is a huge task that may require lot of time,
money and energy and its success majorly depend upon issues related to factors like people,
process, and technology. Briefly explain other implementation risks, if any, apart from the
issues related to the factors mentioned above. [MTP March 21 (6 Marks)]

ANSWER:
The success of implementation of Enterprise Resource Planning (ERP) system majorly depends upon
issues related people, process and technology, however the risk related to other implementation issues
of ERP are as follows:
 Lengthy implementation time: ERP projects are lengthy that takes anywhere between 1 to 4
years depending upon the size of the organization. Due to technological developments happening
every day, the business and technological environment during the start and completion of the
project will never be the same. Employee turnover is another problem.
 Insufficient Funding: The budget for ERP implementation is generally allocated without
consulting experts and then implementation is stopped along the way, due to lack of funds.
 Data Safety: As there is only one set of data, if this data is lost, whole business may come to
stand still.
 Speed of Operation: As data is maintained centrally, gradually the data size becomes more and
more and it may reduce the speed of operation.

11
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 System Failure: As everybody is connected to a single system and central database, in case of
failure of system, the whole business may come to stand still may get affected badly.
 Data Access: Data is stored centrally and all the departments access the central data. This creates
a possibility of access to non-relevant data.

Q.5: XYZ Ltd. is the manufacturer of herbal medicines which is under the process of
implementing Enterprise Resource Planning (ERP) in its head office and various
manufacturing units located across the country. Explain the technological risks related to
the implementation of ERP. [MTP March 21 (4 Marks)]

ANSWER:
The technological risks related to Enterprise Resource Planning are as follows:
 Software Functionality: ERP systems offer a myriad of features and functions, however, not all
organizations require those many features. Implementing all the functionality and features just for
the sake of it can be disastrous for an organization.
 Technological Obsolescence: With the advent of more efficient technologies every day, the
ERP system also becomes obsolete as time goes on.
 Enhancement and Upgrades: ERP Systems are not upgraded and kept up-to-date. Patches and
upgrades are not installed and the tools are underutilised.
 Application Portfolio Management: These processes focus on the selection of new business
applications and the projects required delivering them.

Q.6: ABC Ltd., a soft drink manufacturing company was established in 2010. The company
has implemented some modules of ERP and was managing good business in initial seven
years of its establishment. After that, the customer’s feedback indicated a decline in the sale
and therefore, the targets could not be achieved. On analyzing the customers’ feedback, the
management decided to incorporate CRM Module of ERP System to improvise its
relationship with existing customers, find new prospective customers and win back former
customers. The company implemented CRM module and found acceleration in the growth of
its sale for past four years. Discuss various key benefits of CRM module that the company
may have availed after implementing CRM? [MTP April 21 (6 Marks)]

ANSWER:
The key benefits of CRM module that the company may have availed are as follows:
 Improved customer relations: One of the prime benefits of using a CRM is obtaining better
customer satisfaction. By using this strategy, all dealings involving servicing, marketing, and selling
out products to the customers can be carried out in an organized and systematic way. Better
services can be provided to customers through improved understanding of their issues and this in
turn helps in increasing customer loyalty and decreasing customer agitation. In this way,
continuous feedback from the customers regarding the products and services can be received. It is
also possible that the customers may recommend the product to their acquaintances, when
efficient and satisfactory services are provided.

12
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Increase customer revenues: By using a CRM strategy for any business, the revenue of the
company can be increased. Using the data collected, marketing campaigns can be popularized in
a more effective way. With the help of CRM software, it can be ensured that the product
promotions reach a different and brand new set of customers, and not the ones who had already
purchased the product, and thus effectively increase the customer revenue.
 Maximize up-selling and cross-selling: A CRM system allows up-selling which is the practice
of giving customers premium products that fall in the same category of their purchase. The strategy
also facilitates cross selling which is the practice of offering complementary products to customers,
based on their previous purchases. This is done by interacting with the customers and getting an
idea about their wants, needs, and patterns of purchase. The details thus obtained will be stored
in a central database, which is accessible to all company executives. So, when an opportunity is
spotted, the executives can promote their products to the customers, thus maximizing up-selling
and cross selling.
 Better internal communication: Following a CRM strategy helps in building up better
communication within the company. The sharing of customer data between different departments
will enable them to work as a team. This is better than functioning as an isolated entity, as it will
help in increasing the company’s profitability and enabling better service to customers.
 Optimize marketing: CRM enables to understand the customer needs and behavior in a better
way, thereby allowing any enterprise to identify the correct time to market its product to the
customers. CRM will also give an idea about the most profitable customer groups, and by using
this information, similar prospective groups, at the right time will be targeted. In this way,
marketing resources can be optimized efficiently and time is not wasted on less profitable customer
groups.

Q.9: ERP implementation is a huge task and requires lot of time, money and patience. The
organizations implementing ERP Systems should keep abreast of the latest technological
developments and implementation, which is required to survive and thrive. Discuss the
various risks and corresponding controls related to technological risks in an ERP
environment. [July 21 (4 Marks)]

ANSWER:
(a) The technological risks and their corresponding controls related in an ERP environment are as
follows:

Aspect Risk Associated Control Required

Software ERP systems offer a myriad of Care should be taken to incorporate
Functionality features and functions, however, the features that are required by the
not all organizations require those organization and supporting
many features. Implementing all the additional features and functionality
functionality and features just for that might be required at a future
the sake of it can be disastrous for date.
an organization.
Technological With the advent of more efficient This requires critical choice of
Obsolescence technologies every day, the ERP technology, architecture of the
product, ease of enhancements, ease

13
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 system also becomes obsolete as of upgrading, and quality of vendor
time goes on. support.
Enhancement ERP Systems are not upgraded and Care must be taken while selecting
and Upgrades kept up to date. Patches and the vendor and upgrade/supports
upgrades are not installed, and the contracts should be signed to
tools are underutilized. minimize the risks.
Application These processes focus on the By bringing to the light the sheer
Portfolio selection of new business number of applications in the
Management applications and the projects current portfolio, IT organizations
required in delivering them. can begin to reduce duplication and
complexity.

MCQ: Which of the following statement is not correct for extensible Business Reporting
Language (XBRL)? [MTP March 21]

(a) XBRL runs on XML technologies such as XML schema, and ensures that financial and non-financial
data is tagged to form a comparable reporting format.
(b) XBRL has the capability to allow the tagging of transactions that can themselves be aggregated
into XBRL reports.
(c) To publish performance information and allow straight through information processing are key
features of XBRL.
(d) XBRL is an open standard reporting language which is governed by XBRL, a non-profit
organization.
ANSWER: (a)

14
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
CH. 3 : INFORMATION SYSTEMS & COMPONENTS

QUESTIONS AND ANSWERS

Q.1: Write a short note on Extraction – Transformation – Load (ETL). [Jan 2021 (3 Marks)]

ANSWER:
Extraction-Transformation-Load (ETL)
 The concept of the data warehouse includes the process of extraction of data from one or more
of the organization’s databases, its transformation into an appropriate form using different
techniques like smoothing, aggregation, normalization etc. and loading into the data warehouse
which is itself another database for storage and analysis.
 For ETL to be performed on a data, a data warehouse should be designed so that it meets the
following criteria:
o It uses non-operational data which means that the data warehouse is using a copy of data
from the active databases that the company uses in its day-to-day operations.
o The data is time-variant which means a time-stamp is received whenever data is loaded into
the data warehouse.
o The data is to be standardized in case the data in a data warehouse comes from different
sources and does not use the same definitions or units.
 For example, the Events table in Student Clubs database lists the event dates using the mm/dd/yyyy
format (e.g. 01/10/2013) whereas a table in another database might use the format yy/mm/dd
(e.g.13/01/10) for dates. For the data warehouse to match up dates, a standard date format would
have to be agreed upon and all data loaded into the data warehouse would have to be
transformed to use this standard format before its loading into the database for storage.

Q.2: What is virtual memory? How does it differ from secondary memory?
[Jan 2021 (2 Marks)]

ANSWER:
Virtual Memory
 Virtual Memory is not a separate device but an imaginary memory area supported by some
operating systems (for example, Windows) in conjunction with the hardware. If a computer lacks
in required size of the Random-Access Memory (RAM) needed to run a program or operation,
Windows uses virtual memory to compensate.
 Virtual memory is an allocation of temporary space on hard disk space to help RAM. When RAM
runs low, virtual memory moves data from RAM to a space called a paging file. Moving data to
and from the paging file frees up RAM to complete its work.
Differences between Virtual Memory and Secondary Memory are given below:

15
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Virtual Memory Secondary Memory
Virtual Memory is an imaginary memory area Secondary memory is a storage device having
that combines computer’s RAM with temporary features of non-volatility (contents are permanent
space on the hard disk. in nature), greater capacity (they are available in
large size), and greater economy.
When RAM runs low, virtual memory moves The secondary memory is available in bigger
data from RAM to a space called a paging file. sizes; thus program and data can be stored
Moving data to and from the paging file frees up permanently.
RAM to complete its work.

Q.3: Information systems have set high hopes to companies for their growth as it reduces
processing speed and helps in cutting cost. Being an auditor of ABC manufacturing
company, discuss the key areas that should pay attention to while evaluating Managerial
controls by top management. [Jan 2021 (4 Marks)]

ANSWER:
The key areas that auditors should pay attention to while evaluating Managerial controls are
as follows:
(i) Planning: Auditors need to evaluate whether top management has formulated a high-quality
information system’s plan that is appropriate to the needs of an organization or not. A poor-
quality information system is ineffective and inefficient leading to losing of its competitive
position within the marketplace.
(ii) Organizing: Auditors should be concerned about how well top management acquires and
manages staff resources.
(iii) Leading: Generally, the auditors examine variables that often indicate when motivation
problems exist or suggest poor leadership – for example, staff turnover statistics, frequent failure
of projects to meet their budget and absenteeism level to evaluate the leading function. Auditors
may use both formal and informal sources of evidence to evaluate how well top managers
communicate with their staff.
(iv) Controlling: Auditors should focus on subset of the control activities that should be performed
by top management – namely, those aimed at ensuring that the information systems function
accomplishes its objectives at a global level. Auditors must evaluate whether top management’s
choice to the means of control over the users of IS services is likely to be effective or not.

Q.4: Data Mining is commonly applied in banking industry to credit ratings and to intelligent
anti-fraud systems to analyze transactions, card transactions, purchasing patterns and
customer financial data etc. The process of Data Mining involves sequential execution of
steps for its implementation. Discuss the steps involved in this process. [RTP May 21]

ANSWER:
The steps involved in the Data Mining process are as follows:
a. Data Integration: Firstly, the data are collected and integrated from all the different sources
which could be flat files, relational database, data warehouse or web etc.

16
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
b. Data Selection: It may be possible that all the data collected may not be required in the first step.
So, in this step we select only those data which we think is useful for data mining.
c. Data Cleaning: The data that is collected are not clean and may contain errors, missing values,
noisy or inconsistent data. Thus, we need to apply different techniques to get rid of such anomalies.
d. Data Transformation: The data even after cleaning are not ready for mining as it needs to be
transformed into an appropriate form for mining using different techniques like - smoothing,
aggregation, normalization etc.
e. Data Mining: In this, various data mining techniques are applied on the data to discover the
interesting patterns. Techniques like clustering and association analysis are among the many
different techniques used for data mining.
f. Pattern Evaluation and Knowledge Presentation: This step involves visualization,
transformation, removing redundant patterns etc. from the patterns we generated.
g. Decisions / Use of Discovered Knowledge: This step helps user to make use of the knowledge
acquired to take better informed decisions.

Q.5: Due to absence of Logical Access Controls in XYZ Limited; the company’s security
mechanism got attacked by a Logical Access Violator Mr. X leading to potential loss resulting
in total shutdown of the computer functions of the company. Discuss the categories under
which the Logical Access Violator Mr. X may fall into. [RTP May 21]

ANSWER:
The Categories under which the logical Access Violator Mr. X may fall into are as follow:
 Hackers: Hackers try their best to overcome restrictions to prove their ability. Ethical hackers most
likely never try to misuse the computer intentionally but assists in finding the weaknesses in the
system;
 Employees (authorized or unauthorized);
 IS Personnel: They have easiest to access to computerized information since they come across to
information during discharging their duties. Segregation of duties and supervision help to reduce
the logical access violations;
 Former Employees: should be cautious of former employees who have left the organization on
unfavorable terms;
 End Users; Interested or Educated Outsiders; Competitors; Foreigners; Organized Criminals;
Crackers; Part-time and Temporary Personnel; Vendors and consultants; and Accidental Ignorant
– Violation done unknowingly.

Q.6: ABC Ltd., a Delhi based financial consultant company has huge clientele having crucial
data about its clients. Therefore, the company has robust implementation of Logical Access
Controls to ensure that access to its systems, data and programs is restricted to authorized
users to safeguard information against unauthorized use. Describe all the technical
exposures against which these Logical Access Controls provide security to the data and
software of the company. [MTP March 21 (6 Marks)]

17
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
ANSWER:
The technical exposures that are used to protect unauthorized implementation of data and software
are as follows:
 Data Diddling: This involves the change of data before or after they entered the system. A limited
technical knowledge is required to data diddle and the worst part with this is that it occurs before
computer security can protect the data.
 Bomb: Bomb is a piece of bad code deliberately planted by an insider or supplier of a program.
An event, which is logical, triggers a bomb or time based. The bombs explode when the conditions
of explosion get fulfilled causing the damage immediately. However, these programs cannot infect
other programs. Since these programs do not circulate by infecting other programs; chances of a
widespread epidemic are relatively low.
 Christmas Card: It is a well-known example of Trojan and was detected on internal E-mail of
IBM system. On typing the word ‘Christmas’, it will draw the Christmas tree as expected, but in
addition, it will send copies of similar output to all other users connected to the network. Because
of this message on other terminals, other users cannot save their half-finished work.
 Worm: A worm does not require a host program like a Trojan to relocate itself. Thus, a Worm
program copies itself to another machine on the network. Since, worms are stand-alone programs,
and they can be detected easily in comparison to Trojans and computer viruses. Examples of
worms are Existential Worm, Alarm clock Worm etc. The Alarm Clock worm places wake-up calls
on a list of users. It passes through the network to an outgoing terminal while the sole purpose of
existential worm is to remain alive. Existential worm does not cause damage to the system, but
only copies itself to several places in a computer network.
 Rounding Down: This refers to rounding of small fractions of a denomination and transferring
these small fractions into an authorized account. As the amount is small, it gets rarely noticed.
 Salami Techniques: This involves slicing of small amounts of money from a computerized
transaction or account. A Salami technique is slightly different from a rounding technique in the
sense a fix amount is deducted. For example, in the rounding off technique, Rs. 21,23,456.39
becomes Rs. 21,23,456.40, while in the Salami technique the transaction amount Rs. 21,23,456.39
is truncated to either Rs. 21,23,456.30 or Rs. 21,23,456.00, depending on the logic.
 Trap Doors: Trap doors allow insertion of specific logic such as program interrupts that permit a
review of data. They also permit insertion of unauthorized logic.
 Spoofing: A spoofing attack involves forging one’s source address. One machine is used to
impersonate the other in spoofing technique. Spoofing occurs only after a particular machine has
been identified as vulnerable. A penetrator makes the user think that s/he is interacting with the
operating system. For example, a penetrator duplicates the login procedure, captures the user’s
password, attempts for a system crash and makes user login again.

Q.7: Identify the Logical Access Violators who exploit logical exposures in an organization.
Briefly explain them. [MTP April 21 (3 Marks) ]

ANSWER:

18
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Logical Access Violators are the persons who exploit logical exposures in an organization. They
are mainly as follows:
 Hackers: Hackers try their best to overcome restrictions to prove their ability. Ethical hackers
most likely never try to misuse the computer intentionally but assists in finding the weaknesses in
the system;
 Employees (authorized or unauthorized);
 IS Personnel: They have easiest to access to computerized information since they come across to
information during discharging their duties. Segregation of duties and supervision help to reduce
the logical access violations;
 Former Employees: should be cautious of former employees who have left the organization on
unfavorable terms;
 End Users; Interested or Educated Outsiders; Competitors; Foreigners; Organized Criminals;
Crackers; Part-time and Temporary Personnel; Vendors and consultants; and Accidental Ignorant
– Violation done unknowingly.

Q.8: As an internal auditor of an organization, Mr. Anil reviews various physical security
controls implemented within his organization. Discuss various activities that he would
perform while doing auditing these physical access controls? [MTP April 21 (6 Marks)]

ANSWER:
The activities that Mr. Anil would be performing while doing auditing of physical access controls are
as follows:
(i) Sitting and Marking: Auditing building sitting and marking requires attention to several key
factors and features, including:
o Proximity to hazards: The IS auditor should estimate the building’s distance to natural and
manmade hazards, such as Dams; Rivers, lakes, and canals; Natural gas and petroleum
pipelines; Water mains and pipelines; Earthquake faults; Areas prone to landslides;
Volcanoes; Severe weather such as hurricanes, cyclones, and tornadoes; Flood zones;
Military bases; Airports; Railroads and Freeways. The IS auditor should determine if any risk
assessment regarding hazards has been performed and if any compensating controls that
were recommended have been carried out.
o Marking: The IS auditor should inspect the building and surrounding area to see if
building(s) containing information processing equipment identify the organization. Marking
may be visible on the building itself, but also on signs or parking stickers on vehicles.
(ii) Physical barriers: This includes fencing, walls, barbed/razor wire, bollards, and crash gates. The
IS auditor needs to understand how these are used to control access to the facility and determine
their effectiveness.
(iii) Surveillance: The IS auditor needs to understand how video and human surveillance are used
to control and monitor access. He or she needs to understand how (and if) video is recorded and
reviewed, and if it is effective in preventing or detecting incidents.

19
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(iv) Guards and dogs: The IS auditor need to understand the use and effectiveness of security guards
and guard dogs. Processes, policies, procedures, and records should be examined to understand
required activities and how they are carried out.
(v) Key-Card systems: The IS auditor needs to understand how key-card systems are used to
control access to the facility. Some points to consider include: Work zones: Whether the facility
is divided into security zones and which persons are permitted to access which zones whether
key-card systems record personnel movement; What processes and procedures are used to issue
keycards to employees? etc.

Q.9: Suppose you are an IT consultant of ABC enterprises. What general controls would you
apply to all components of system, processes and data for ABC enterprises to ensure the
security of information system and application program. [MTP April 21 (6 Marks)]

ANSWER:
General Controls that can be applied to all components of system are as follows:
• Information Security Policy: The security policy is approved by the senior management and
encompasses all areas of operations of bank and drives access to information across the enterprise
and other stakeholders.
• Administration, Access, and Authentication: IT should be administered with appropriate
policies and procedures clearly defining the levels of access to information and authentication of
users.
• Separation of key IT functions: Secure deployment of IT requires the bank to have separate IT
organization structure with key demarcation of duties for different personnel within IT department
and to ensure that there are no Segregation of Duties (SoD) conflicts.
• Management of Systems Acquisition and Implementation: Software solutions for CBS are
most developed acquired and implemented. Hence, process of acquisition and implementation of
systems should be properly controlled.
• Change Management: IT solutions deployed and its various components must be changed in
tune with changing needs as per changes in technology environment, business processes, regulatory
and compliance requirements. These changes impact the live environment of banking services.
Hence, change management process should be implemented to ensure smooth transition to new
environments covering all key changes including hardware, software and business processes. All
changes must be properly approved by the management, before implementation.
• Backup, Recovery and Business Continuity: Heavy dependence on IT and criticality makes it
imperative that resilience of banking operations should be ensured by having appropriate business
continuity including backup, recovery and off-site data center.
• Proper Development and Implementation of Application Software: Application software
drives the business processes of the banks. These solutions in case developed and implemented
must be properly controlled by using standard software development process.
• Confidentiality, Integrity and Availability of Software and data files: Security is implemented
to ensure Confidentiality, Integrity and Availability of information. Confidentiality refers to
protection of critical information. Integrity refers to ensuring authenticity of information at all

20
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 stages of processing. Availability refers to ensuring availability of information to users when
required.
• Incident response and management: There may be various incidents created due to failure of
IT. These incidents need to be appropriately responded and managed as per predefined policies
and procedures.
• Monitoring of Applications and supporting Servers: The Servers and applications running on
them are monitored to ensure that servers, network connections and application software along
with the interfaces are working continuously.
• Value Add areas of Service Level Agreements (SLA): SLA with vendors is regularly reviewed
to ensure that the services are delivered as per specified performance parameters.
• User training and qualification of Operations personnel: The personnel deployed have
required competencies and skill-sets to operate and monitor the IT environment.

Q.10: Business Intelligence is a technology-driven process for analysing data and

presenting actionable information to help corporate executives, business managers and
other end users make more informed business decisions. List out the benefits of using
Business Intelligence in an organization. [July 21 (3 Marks)]

ANSWER:
The list of various benefits of Business Intelligence (BI) is provided below:
 Business Intelligence improves the overall performance of the company using it. The potential
benefits of BI programs include –
o Accelerating and improving decision making;
o Optimizing internal business processes;
o Enhancing communication among departments while coordinating activities;
o Increasing operational efficiency;
o Driving new revenues; and
o Gaining competitive advantages over business rivals.
 BI systems can also help companies identify market trends and spot business problems that need
to be addressed.
 BI systems help in enhancing customer experience, allowing for the timely and appropriate
response to customer problems and priorities.
 BI data can include historical information as well as new data gathered from source systems as it
is generated, thus enabling BI analysis to support both strategic and tactical decision-making
processes.
 The ultimate objective of BI is to improve the timeliness and quality of information. Business
intelligence provides the information regarding -
o The position of the firm in comparison to its competitors.
o The changes in customer behaviour and spending patterns.

21
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 o The capabilities of the firm.
o The market conditions, future trends, demographic, and economic information.
o The social, regulatory, and political environment.
o What the other firms in the market are doing.

Q.11: Internal control provides and entity with only reasonable assurance and not absolute
assurance about achieving the entity’s operational, financial reporting and compliance
objectives. Explain any four inherent limitations of Internal Control System.
[July 21 (4 Marks)]

ANSWER:
Some inherent limitations of Internal Control System are as follows:
 Management’s consideration that the cost of an internal control does not exceed the expected
benefits to be derived.
 The fact that most internal controls do not tend to be directed at transactions of unusual nature,
the reasonable potential for human error such as - due to carelessness, distraction, mistakes of
judgment and misunderstanding of instructions.
 The possibility of circumvention of internal controls through collusion with employees or with
parties outside the entity.
 The possibility that a person responsible for exercising an internal control could abuse that
responsibility, for example - a member of management overriding an internal control.
 Manipulations by management with respect to transactions or estimates and judgments required
in the preparation of financial statements.

Q.12: Data Mining is the process of analysing data to find previously unknown trends,
patterns and associations to make decisions. As an IT expert of the company, explain the
steps involved in the data mining process. [July 21 (6 Marks)]

ANSWER:
The steps involved in the Data Mining process are as follows:
(a) Data Integration: Firstly, the data are collected and integrated from all the different sources
which could be flat files, relational database, data warehouse or web etc.

(b) Data Selection: It may be possible that all the data collected may not be required in the first
step. So, in this step we select only those data which we think is useful for data mining.

(c) Data Cleaning: The data that is collected are not clean and may contain errors, missing values,
noisy or inconsistent data. Thus, we need to apply different techniques to get rid of such
anomalies.

22
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(d) Data Transformation: The data even after cleaning are not ready for mining as it needs to be
transformed into an appropriate form mining using different techniques like – smoothing,
aggregation, normalization etc.

(e) Data Mining: In this, various data mining techniques are applied on the data to discover the
interesting patterns. Techniques like clustering and association analysis are among the many
different techniques used for data mining.

(f) Pattern Evaluation and Knowledge Presentation: This step involves visualization,
transformation, removing redundant patterns etc. from the patterns we generated.

(g) Decisions/Use of Discovered Knowledge: This step helps user to make use of the knowledge
acquired to take better informed decisions.

Q.13: Briefly discuss two disadvantages of Data Base Management Systems (DBMS)
[July 21 (2 Marks)]

ANSWER:
The disadvantages of Database Management System (DBMS) are as follows:
 Cost: Implementing a DBMS in terms of both system and user-training can be expensive and time-
consuming, especially in large enterprises. Training requirements alone can be quite costly.
 Security: Even with safeguards in place, it may be possible for some unauthorized users to access
the database. If one gets access to database, then it could be and all or nothing proposition.

Q.14: Differentiate between Processor Registers and Cache Memory.

[July 21 (2 Marks)]

ANSWER:
The differences between Processor Registers and Cache memory are provided in the table below:

Processor Registers Cache Memory

These are high speed memory units within It is a fast memory built into computer’s CPU and is
CPU for storing small amount of data used to reduce the average time to access data from the
(mostly 32 or 64 bits). main memory. The data that is stored within a cache
might be values that have been computed earlier or
duplicates of original values that are sorted elsewhere.
The registers are the only memory units Cache memory is an interface between CPU and Main
most processors can operate on directly. storage. It is not directly accessible for operations.

Q.15: Briefly explain any two output controls. [July 21 (2 Marks)]

ANSWER:
Various output Controls under Application Controls are as follows:
 Storage and Logging of sensitive, critical forms: Pre-printed stationery should be stored
securely to prevent unauthorized destruction or removal and usage.

23
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Logging of output program executions: When programs used for output of data are executed,
these should be logged and monitored otherwise confidentiality/ integrity of the data may be
compromised.
 Spooling/Queuing: “Spool” is an acronym for “Simultaneous Peripherals Operations Online”.
This is a process used to ensure that the user can continue working, while the print operation is
getting completed. This process allows data that is being used by the input or output devices to
be placed in a temporary space or buffer until the existing operation gets finished. A queue is the
list of documents waiting to be printed on a particular printer; this should not be subject to
unauthorized modifications.
 Controls over printing: Outputs should be made on the correct printer, and it should be ensured
that unauthorized disclosure of printed information does not take place.
 Report Distribution and Collection Controls: Distribution of reports should be made in a
secure way to prevent unauthorized disclosure of data. It should be made immediately after
printing to ensure that the time gap between generation and distribution is reduced. A log should
be maintained for reports that were generated and to whom these were distributed. Reports
generated but not collected immediately should be secured such that there is no unauthorized
disclosure and data leakage.
 Retention Controls: Retention controls consider the duration for which outputs should be
retained before being destroyed. Retention control requires that a date should be determined for
each output item produced.

MCQ: Except one, following are the means through which protection can be achieved in
case an internet connection exposes an organization to the harmful elements of the outside
world. Identify it. [MTP March 21]

(a) Security of network services

(b) Call back devices
(c) Access Token
(d) Segregation of Networks
ANSWER: (c)

MCQ: In the office of HNK Ltd., a master swipe access card is maintained at the front desk
to enter into executive’s cabin, in case of any emergency. In this case, the possibility of
same may be misused by an unauthorized employee to gain unauthorized access of the
executive’s cabin would be categorized as: [MTP March 21]

(a) Asset
(b) Vulnerability
(c) Accepted residual risk of exposure to potential risk of data theft
(d) Likelihood of compromise on CIA (Confidentiality, Integrity and Availability)
ANSWER: (b)

24
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
MCQ: NMN Ltd. has its five branches in different cities of India. All branches are
interconnected and use centralized mechanism for data sharing and storage. To have a
secure communication between its various branches, the company has installed anti-virus
software and intrusion prevention system. The installation of these systems is covered
under which type of control? [MTP April 21]
(a) Detective Control
(b) Preventive Control
(c) Community Control
(d) Application Control
ANSWER: (b)

25
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
CH. 4 : E – COMMERCE, M – COMMERCE AND
EMERGING TECHNOLOGY

QUESTIONS AND ANSWERS

Q.1: Explain the concept of green computing. How will you develop a sustainable green
computing plan? [Jan 21 (6 Marks)]

ANSWER:
Green Computing
 Green Computing or Green IT refers to the study and practice of environmentally sustainable
computing or IT. It is the study and practice of establishing/ using computers and IT resources in
a more efficient and environmentally friendly and responsible way.
 The objective of Green computing is to reduce the use of hazardous materials, maximize energy
efficiency during the product’s lifetime, and promote the recyclability or biodegradability of
defunct products and factory waste.
 Green computing’s practices include the implementation of energy-efficient Central Processing
Units (CPUs), servers and peripherals as well as reduced resource consumption and proper
disposal of electronic waste (e-waste).
The steps to develop a sustainable Green Computing plan are as follows:
 Involve stakeholders to include checklists, recycling policies, recommendations for disposal of used
equipment, government guidelines and recommendations for purchasing green computer
equipment in organizational policies and plans;
 Encourage the IT community for using the best practices and encourage them to consider green
computing practices and guidelines.
 On-going communication about and campus commitment to green IT best practices to produce
notable results.
 Include power usage, reduction of paper consumption, as well as recommendations for new
equipment and recycling old machines in organizational policies and plans; and
 Use cloud computing so that multiple organizations share the same computing resources thus
increasing the utilization by making more efficient use of hardware resources.

Q.2: From traditional digital payment methods, India is moving towards newer methods of
digital payments. In light of the above statement, briefly explain following new methods.
(i) BHIM (ii) USSD [Jan 21 (4 Marks)]

ANSWER:
(i) BHIM (Bharat Interface for Money)

26
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
  BHIM (Bharat Interface for Money) is a Mobile App developed by National Payments
Corporation of India (NPCI) based on UPI (Unified Payment Interface). It facilitates e-
payments directly through banks and supports all Indian banks which use that platform.
 It is built on the Immediate Payment Service infrastructure and allows the user to instantly
transfer money between the bank accounts of any two parties.
 BHIM works on all mobile devices and enables users to send or receive money to other UPI
payment addresses by scanning QR code or using account number with Indian Financial
Systems Code (IFSC) code or MMID (Mobile Money Identifier) Code for users who do not
have a UPI-based bank account.
(ii) Unstructured Supplementary Service Data (USSD)
 Unstructured Supplementary Service Data (USSD) is a revolutionary idea where to make
payments through mobiles, there is neither need for internet nor any smart phone.
 USSD banking or *99# Banking is a mobile banking based digital payment mode and can be
easily used with any normal feature phone.
 USSD banking is as easy as checking of mobile balance. S/he can use this service for many
financial and non-financial operations such as checking balance, sending money, changing
Mobile Banking Personal Identification Number (MPIN) and getting Mobile Money Identifier
(MMID).

Q.3: Write a short note on

(i) Digital Library (ii) Payment Gateway [Jan 21 (4 Marks)]

ANSWER:
(i) Digital Library
 A Digital Library is a special library with a focused collection of digital objects that can
include text, visual material, audio material, video material, stored as electronic media
formats (as opposed to print, microform, or other media), along with means for organizing,
storing, and retrieving the files and media contained in the library collection.
 Digital libraries can vary immensely in size and scope, and can be maintained by individuals,
organizations, or affiliated with established physical library buildings or institutions, or with
academic institutions.
 The digital content may be stored locally or accessed remotely via computer networks. An
electronic library is a type of information retrieval system.
(ii) Payment Gateway
 Payment gateway is the payment mode through which customers shall make payments.
Payment gateway represents the way e-commerce / m-commerce vendors collects their
payments.
 The payment gateway is the last and most critical part of e-commerce transactions. These
assure seller of receipt of payment from buyer of goods/services from e-commerce vendors.

27
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
  Presently numerous methods of payments by buyers to sellers are being used, including
Credit / Debit Card Payments, Online bank payments, Vendors own payment wallet, Third
Party Payment wallets, like SBI BUDDY or PAYTM, Cash on Delivery (COD) and Unified
Payments Interface (UPI).

Q.4: Cloud based applications are now taking over Installed applications. What are the major
differences between Cloud based Applications and Installed Applications? Explain any four.
[Jan 21 (4 Marks)]

ANSWER:
Differences between Cloud based Applications and Installed Applications are given below:

Particulars Installed Applications Cloud Based Applications

Installation and As software is installed on hard Installation on user computer is not
Maintenance disc of the computer used by required. Update and maintenance are
user, it needs to be installed on defined responsibility of service provider.
every computer one by one. This
may take lot of time. Also,
maintenance and updating of
software may take lot of time
and efforts.
Accessibility As software is installed on the As software is available through online
hard disc of the user’s computer, access, to use the software a browser and
user needs to go the computer an internet connection is needed. It can be
only, i.e. the computer where used from any computer in the world.
software is installed, to use the Access to the software becomes very easy.
software. It cannot be used from Also, it can be used 24 x 7.
any computer.
Mobile Using the software through Mobile application becomes very easy as
Application mobile application is difficult in data is available 24x7. As technology
this case. evolves, mobile technology is becoming an
industry norm that makes cloud based
application future oriented.
Data Storage Data is physically stored in the Data is not stored in the user’s server
premises of the user, i.e. on the computer. It is stored on a web server.
hard disc of the user’s server Ownership of data is defined in Service
computer. Hence user will have Level Agreement (SLA) that defines the
full control over the data. rights, responsibilities and authority of both
service provider and service user.
Data Security As the data is in physical control Data security is a challenge in case of cloud
of the user, user shall have the full based application as the data is not in
physical control over the data control of the user or owner of data. As
and he/she can ensure that it is time evolves; SLAs provides for details of
not accessed without proper back-up, disaster recovery alternatives
access. being used by service provider.
Performance A well written installed Access is dependent on speed of internet.
application shall always be faster Slow internet slows access to information
than web application, reason and may slow operations.
28
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 being data is picked from local
server without internet.
Flexibility It shall have more flexibility and The success of cloud based applications is
controls as compared to web that they allow flexibility against both
application. It is very easy to Capital Expenditure (CAPEX) and
write desktop applications that Operating Expense (OPEX) to the user.
take advantage of the user’s User can scale up operations as per need.
hardware (such as: scanners,
cameras, Wi-Fi, serial ports,
network ports, etc.). Installed
applications have this dis-
advantage of higher Capital
Expenditure (CAPEX) in
comparison to cloud based
application.

Q.5: A business model is adopted by an organization as a framework to describe how it

makes money on a sustainable basis and grows whereas an e-business model utilizes the
benefits of electronic communications. Discuss various e-market models that help
businesses to achieve the value adding processes. [RTP May 21]

ANSWER:
The various e-market models that help businesses to achieve the value adding processes
are as follows:
 E-Shops (e-tailers): An e-shop is a virtual store front that sells products and services online. E-
shop is an online version of retail stores where customers can shop at any hour of the day or night
without leaving home. They are convenient way of effecting direct sales to customers; allow
manufacturers to bypass intermediate operators and thereby reduce costs and delivery times. For
example: www.sonicnet.com, www.wforwomen.com
 E–Malls: The e-mall is defined as the retailing model of a shopping mall, a conglomeration of
different shops situated in a convenient location in e-commerce. E-malls help the consumers from
a variety of stores. e.g., Yahoo! Stores
 E–auctions: Electronic auctions provide a channel of communication through which the bidding
process for products and services can take place between competing buyers. At e-auctions, people
buy and sell through an auction website. In e-auctions, almost perfect information is available
about products, prices, current demand, and supply. E-auction has become an increasingly popular
tool for the buyer to access the lowest price the suppliers are willing to charge. Example –
www.onsale.com, www.ebay.com
 Portals: Portal is a website that serves as a gateway or a main entry point on the internet to a
specific field of interest or an industry. It is a website that is positioned as an entrance to other sites
on the internet. A portal consists of web pages that act as a starting point for using the web or
web-based services. The control of content can be a source of revenue for firms through charging
firms for advertising or charging consumers a subscription for access. Some major general portals
include Yahoo, Excite, and Netscape.

29
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Buyer Aggregators: The Buyer Aggregator brings together large numbers of individual buyers
so that they can gain the types of savings that are usually the privilege of large volume buyers. In
this, the firm collects the information about goods/service providers, make the providers their
partners, and sell their services under its own brand. Example - www.zomato.com
 Virtual Communities: Virtual Community is a community of customers who share a common
interest and use the internet to communicate with each other. Amazon.com provides websites for
the exchange of information on a wide range of subjects relating to their portfolio of products
and services. Virtual communities’ benefit from network externalities whereby the more people
who join and contribute to the community, the greater the benefits that accrue, but without any
additional cost to participants.
 E–marketing: E-marketing (Electronic Marketing) is the process of marketing a product or service
using the Internet. Of course, information on websites also empowers customers and helps the
organizations to achieve their objectives. For example, they can compare prices of products by
rival firms. The internet changes the relationship between buyers and sellers because market
information is available to all parties in the transaction.
 E-procurement: e-procurement is the management of all procurement activities via electronic
means. Business models based on e-procurement seek efficiency in accessing information on
suppliers, availability, price, quality and delivery times as well as cost savings by collaborating with
partners to pool their buying power and secure best value deals. E-procurement infomediaries
specialize in providing up-to-date and real-time information on all aspects of the supply of
materials to businesses.
 E–distribution: e-distributor is a company that supplies products and services directly to
individual business. The e-distribution model helps distributors to achieve efficiency savings by
managing large volumes of customers, automating orders, communicating with partners and
facilitating value-adding services such as order tracking through each point in the supply chain. An
example of a firm specializing in e-distribution is www.wipro.com that uses the internet to provide
fully integrated e-business-enabled solutions that help to unify the information flows across all the
major distribution processes including sales and marketing automation, customer service,
warehouse logistics, purchasing and inventory management, and finance.

Q.6: DJY is a brand in the field of online supplier of kids’ apparels. As we know that risks
associated with e-commerce transactions are high as compared to general internet
activities, what do you think are the risks that DJY is addressing due to its online
transactions? [RTP May 21]

ANSWER:
The risks that DJY is addressing due to its online transactions are as follows:
(i) Privacy and Security: When an organization uses internet to engage in e-commerce, it
exposes itself to additional security threats and privacy issues. There are often issues of security
and privacy due to lack of personalized digital access and knowledge. The nature of e-commerce
operations is an important factor determining the security risks perceptions of any e-commerce
installation. For example, if the type of industry is banking and finance, it would require more
stringent deployment of security solutions than would be for manufacturing industry.

30
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(ii) Quality issues: There are quality issues raised by customers as the original product differs from
the one that was ordered.
(iii) Delay in goods and Hidden Costs: When goods are ordered from another country, the
shipment may be delayed due to factors such as port congestion, bad weather, custom
clearances, etc. Moreover, e-commerce companies may these hidden costs.
(iv) Needs Access to internet and lack of personal touch: The e-commerce requires an internet
connection which is an extra expense and lacks personal touch.
(v) Security and credit card issues: The credit card and debit card information may be stolen
and misused which poses a security threat. There is also possibility of cloning of credit cards and
debit cards.
(vi) Infrastructure: There is a greater need of not only digital infrastructure but also network
expansion of roads and railways which remains a substantial challenge in developing countries.
(vii) Problem of anonymity: There is need to identify and authenticate users in the virtual global
market where anyone can sell to or buy from anyone, anything from anywhere.
(viii) Repudiation of contract: There is possibility that the electronic transaction in the form of
contract, sale order or purchase by the trading partner or customer may be denied.
(ix) Lack of authenticity of transactions: The electronic documents that are produced during an
e-commerce transaction may not be authentic and reliable.
(x) Data Loss or theft or duplication: The data transmitted over the Internet may be lost,
duplicated, tampered with, or replayed.
(xi) Attack from hackers: Web servers used for e-commerce may be vulnerable to hackers. A
hacker is an unauthorized user who attempts to or gains access to the system with/without the
intention to steal or modify data or to insert viruses or worms to cause damage to the system.
(xii) Denial of Service: Service to customers may be denied due to non-availability of system as it
may be affected by viruses, e-mail bombs and by transmitting so many data packets to a server
that it cannot process them all. The denial of service may cause a network to shut down, making
it impossible for users to access the site. For busy e-commerce sites such as Flipkart, these attacks
are costly; while the site is shut down, customers cannot make purchases. Moreover, the longer
a site is shut down, the more damage is done to a site’s reputation.
(xiii) Non-recognition of electronic transactions: e-Commerce transactions, as electronic records
and digital signatures may not be recognized as evidence in courts of law in some countries.
(xiv) Lack of audit trails: Audit trails in e-Commerce system may be lacking and the logs may be
incomplete, too voluminous or easily tampered with.
(xv) Problem of piracy: Intellectual property such as copyright may not be adequately protected
when such property is transacted through e-Commerce.

Q.7: With promotion of cashless economy, most of the businesses are using e-commerce
and m-commerce transactions. Enlist the commercial laws that are applicable to these
transactions. [MTP March 21 (4 Marks)]

ANSWER:

31
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
The commercial laws applicable to e-commerce and m-commerce transactions are as follows:
 Income Tax Act, 1961
 Companies Act, 2013
 Foreign Trade (Development and Regulation) Act, 1992
 The Factories Act, 1948
 The Customs Act, 1962
 The Goods and Services Tax (GST) Act, 2017
 Indian Contract Act, 1872
 The Competition Act, 2002
 Foreign Exchange Management Act (FEMA 1999)
 Consumer Protection Act, 1986

Q.8: During the pandemic Covid 19, the Government of India emphasized on the usage of
various digital mode of payments by the public at large. In light of this statement, explain
various types of cards that are provided to the account holders by the banks or companies
to be used as digital payment mode. [MTP March 21 (6 Marks)]

ANSWER:
Various types of cards used as digital payment mode are as follows:
o Credit Cards: A small plastic card issued by a bank, or issuer etc., allowing the holder to purchase
goods or services on credit. It contains a unique number linked with an account. It has also a
magnetic strip embedded in it which is used to read credit card via card readers. In this mode of
payment, the buyer’s cash flow is not immediately impacted. User of the card makes payment to
card issuer at end of billing cycle. Credit Card issuer charge customers per transactions / fixed
amount as transaction fees.
o Debits Cards: Debit card, is also a small plastic card with a unique number linked with bank
account number. It is required to have a bank account before getting debit card from bank. It
enables cardholder to pay for his/her purchases directly through his/her account. The major
difference between debit card and credit card is that in case of payment through debit card,
amount gets deducted from card’s bank account immediately and there should be sufficient
balance in bank account for the transaction to get completed; whereas in case of credit card there
is no such compulsion.
o Smart Card: Smart card is a prepaid card similar to credit card and debit card in appearance, but
it has a small microprocessor chip embedded in it. It has capacity to store customer’s personal
information such as financial facts, private encryption keys, credit card information, account
information, and so on. Smart cards combine the advantages of both debit card and credit card
and are available to anyone, regardless of credit ratings or income of applicant of smart card.
Moreover, these are not linked to any bank account. For this reason, smart card holder is not
mandated to have a bank account. It is also used to store money which is reduced as per usage.
Mondex and Visa Cash cards are examples of smart cards. The smart card holder has to load
money onto the card by paying cash or through transfer from his/her bank account. After loading
32
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 the money onto the card, the cardholder can use the card to spend money up to the limit of
loaded amount in the same way as using a credit or debit card. Once the loaded amount is spent,
the cardholder may reload money onto the card.

Q.9: Grid computing is a distributed architecture of large numbers of computers connected

to solve a complex problem. With reference to this line, identify the application areas where
this technology can be used effectively and efficiently. [MTP April 21 (4 Marks)]

ANSWER:
The application areas where Grid Computing can be used effectively and efficiently are as follows:
 Civil engineers collaborate to design, execute, & analyze shake table experiments.
 An insurance company mines data from partner hospitals for fraud detection.
 An application service provider offloads excess load to a compute cycle provider.
 An enterprise configures internal & external resources to support e-Business workload.
 Large-scale science and engineering are done through the interaction of people, heterogeneous
computing resources, information systems and instruments, all of which are geographically and
organizationally dispersed.

Q.10: Cloud computing is one of the emerging technologies used in several organizations,
yet it has many pertinent issues. Discuss the major pertinent issues related to cloud
computing. [MTP April 21 (6 Marks)]

ANSWER:
The pertinent issues related to Cloud Computing are as follows:
 Threshold Policy: The main objective of implementing threshold policy is to inform cloud
computing service consumers and providers what they should do. Quite often, this policy does
not exist. The only legal document between the customer and service provider is the Service Level
Agreement (SLA). This document contains all the agreements between the customer and the service
provider; it contains what the service provider is doing and is willing to do. However, there is no
standard format for the SLA, and as such, there may be services not documented in the SLA that
the customer may be requiring in future. A carefully drafted threshold policy outlines what cloud
computing service consumers and providers should do. It is important to consider how the cloud
service provider will handle sudden increases or decreases in demand. How will unused resources
be allocated?
 Interoperability: If a company enters into a contract with one cloud computing vendor, it may
find it difficult to change to another computing vendor that has proprietary APIs (application
programming interfaces) and different formats for importing and exporting data. Industry cloud
computing standards do not exist for APIs or formats for importing/exporting data. This creates
problems of achieving interoperability of applications between two cloud computing vendors.
Once a company is locked in with one cloud provider, it is not easy to move an entire
infrastructure to other clouds. Moreover, each cloud provider offers a unique set of services and

33
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 tools for operating and controlling its cloud. Learning a new cloud environment is similar to
learning a new technology.
 Hidden Costs: Such costs may include higher network charges for storage and database
applications, or latency issues for users who may be located far from cloud service providers.
 Unexpected Behaviour: An application may perform well at the company’s internal data centre.
It does not necessarily imply that the application will perform the same way in the cloud.
Therefore, it is essential to test its performance in the cloud for unexpected behavior. Testing may
include checking how the application allocates resources on sudden increase in demand for
resources and how it allocates unused resources. This problem must be solved before obtaining
services from the cloud.
 Security Issues: Cloud computing infrastructures use new technologies and services, most which
have not been fully evaluated with respect to security. The important security issues with cloud
computing are: the management of the data might not be fully trustworthy; the risk of malicious
insider attacks in the cloud; and the failing of cloud services. Maintaining confidentiality is one the
major issues faced in cloud systems because information is stored at a remote location which can
be accessed by the service provider. Data confidentiality can be preserved by encrypting data.
Cloud systems share computational resources, storage, and services between multiple customer
applications in order to achieve efficient utilization of resources while decreasing cost. However,
this sharing of resources may violate the confidentiality users’ IT Assets. It must be ensured that
there a degree of isolation between these users. In most cases, the provider must ensure that their
infrastructure is secure and that their consumers’ data and applications are protected while the
customer must ensure that the provider has taken the proper security measures to protect their
information.
 Legal Issues: Cloud systems need to adhere to several regulatory requirements, privacy laws and
data security laws. These laws vary from country to country and cloud users have no control over
where their data is physically located.
 Software Development in Cloud: From the perspective of the application development,
developers face the complexity of building secure applications that may be hosted in the cloud.
The speed at which applications will change in the cloud will affect both the System Development
Life Cycle (SDLC) and security. The project manager must keep in mind the applications should be
upgraded frequently. For this, the project manager must ensure that their application development
processes are flexible enough to keep up with the changes.
 Bugs in Large-Scale Distributed Systems: One of the difficult challenges in Cloud Computing
is removing errors in these very large scale distributed systems.

Q.11: PQR limited is planning to receive payment from the customers through Digital
Payments. Though there are lots of benefits of digital payments but there are drawbacks as
well. Briefly explain any six drawbacks of digital payments. [July 21 (6 Marks)]

ANSWER:
Some drawbacks of Digital Payments are listed below:

34
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(i) Difficult for a Non-technical person: As most of the digital payment modes are based on
mobile phone, the internet, and cards; these modes are somewhat difficult for non-technical
persons such as farmers, workers etc.
(ii) The risk of data theft: There is a big risk of data theft associated with the digital payment.
Hackers can hack the servers of the bank or the E-Wallet a customer is using; and easily get his/her
personal information. They can use this information to steal money from the customer’s account.
(iii) Overspending: One keeps limited cash in his/her physical wallet and hence thinks twice before
buying anything. But if digital payment modes are used, one has access to all his/her money that
can result in overspending.
(iv) Disputed transactions: In case the electronic money such as credit card is misused by someone
else, it is very difficult to receive a refund.
(v) Increased business costs: Digital payment systems come with an increased need to protect
sensitive financial information stored in a business’s computer systems from unauthorized access.
Businesses have to incur additional costs in procuring, installing and maintaining sophisticated
payment-security technologies.
(vi) The necessity of internet access: Digital payment cannot be performed if Internet connection
fails.

Q.12: Hybrid cloud is a combination of both at least one private and at least one public cloud
computing environments. Explain the characteristics of Hybrid Cloud. [July 21 (4 Marks)]

ANSWER:
The characteristics of Hybrid Cloud are as follows:
 Scalable: The hybrid cloud has the property of public cloud with a private cloud environment
and as the public could is scalable; the hybrid cloud with the help of its public counterpart is also
scalable.
 Partially Secure: The private cloud is considered as secured and public cloud has high risk of
security breach. The hybrid cloud thus cannot be fully termed as secure but as partially secure.
 Stringent SLAs: in the hybrid could, the Service Level Agreements (SLAs) are overall more
stringent than the private could and might be as per the public cloud service providers.
 Complex Cloud Management: Cloud management in hybrid cloud is complex as it involves
more than one type of deployment models, and the number of users is high.

MCQ: A company on the occasion of Diwali offers to provide an additional discount of 15%
to its customers on online bulk purchase of products worth Rs. 5,000 through its website.
Which of the following business model of e-commerce is being followed in this?
[MTP March 21]
(a) Consumer to Business e-Commerce
(b) Business to Consumer e-Commerce
(c) Business to Business e-Commerce
(d) Consumer to Consumer e-Commerce

35
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 ANSWER: (b)

MCQ: XYZ Ltd. provides Data Processing services to its clients. It has received a big contract
from DEF Insurance Company for its data processing. With limited PCs at its office, XYZ Ltd.
approached Amazon Web Services to hire and access Virtual Machines for data processing
on pay-as per usage concept. Which Cloud Computing Service Model is being used by XYZ
Ltd.? [MTP April 21]

(a) Software as a Service (SaaS)

(b) Platform as a Service (PaaS)
(c) Infrastructure as a Service (IaaS)
(d) Network as a Service (NaaS)
ANSWER: (c)

MCQ: M/s SS and Sons, a renowned chartered accountancy firm has many branch offices all
over Madhya Pradesh. The management thought that as IT operations and the maintenance
of hardware and software are not their core area, they decided to host its application on
internet and outsource the IT functions. Through this initiative, firm provides online services
to its clients regarding registration, trademark, and taxation through an online assistant.
This is an example of which type of application. [MTP April 21]

(a) Cloud based Application

(b) Built-in Application
(c) Installed Application
(d) Customer Application
ANSWER: (a)

36
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 CH. 5 : CORE BANKING SYSTEMS

QUESTIONS AND ANSWERS

Q.1: Explain the stages of Money Laundering. [Jan 21 (6 Marks)]

ANSWER:
The stages of Money Laundering are as follows:
(i) Placement: The first stage involves the Placement of proceeds derived from illegal activities -
the movement of proceeds, frequent currency from the scene of the crime to a place, or into a
form, less suspicious and more convenient for the criminal.
(ii) Layering: It involves the separation of proceeds from illegal source using complex transactions
designed to obscure the audit trail and hide the proceeds. The criminals frequently use shell
corporations, offshore banks or countries with loose regulation and secrecy laws for this purpose.
Layering involves sending the money through various financial transactions to change its form
and make it difficult to follow. Layering may consist of several banks to bank transfers or wire
transfers between different accounts in different names in different countries making deposit and
withdrawals to continually vary the amount of money in the accounts changing the money’s
currency purchasing high value items (boats, houses cars, diamonds) to change the form of
money-making it hard to trace.
(iii) Integration: It involves conversion of illegal proceeds into apparently legitimate business
earnings through normal financial or commercial operations. Integration creates the illusion of
a legitimate source for criminally derived funds and involves techniques as numerous and
creative as those used by legitimate businesses. For example- false invoices for goods exported,
domestic loan against a foreign deposit, purchasing of property and comingling of money in
bank accounts.

Q.2: Define the Mortgage Loan. Briefly explain the types of Mortgage Loan. [Jan 21 (4 Marks)]

ANSWER:
Mortgage Loan
 A Mortgage loan is a secured loan which is secured on the borrower’s property by marking a
lien on the property as collateral for the loan. If the borrower stops paying, then the lender has
the first charge on the property.
 Mortgages are used by individuals and businesses to make large real estate purchases without
paying the entire value of the purchase up front. Over the period of many years, the borrowers
repay the loan amount along with interest until there is no outstanding.
Types of Mortgage Loan are as follows:
 Home Loan: This is a traditional mortgage where customer has an option of selecting fixed or
variable rate of interest and is provided for the purchase of property.

37
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Top Up Loan: Here the customer already has an existing loan and is applying for additional
amount either for refurbishment or renovation of the house.
 Loans for Under Construction Property: In case of under construction properties the loan is
disbursed in tranches / parts as per construction plan.

Q.3: Information Security that refers to ensure Confidentiality, Integrity and Availability of
information, is critical in banking industry, to mitigate the risks of Information Technology.
Identify and explain various sub-processes that are involved in Information Security.
[RTP May 21]

ANSWER:
The various sub-processes that are involved in information Security are as follows:
 Information Security Policies, Procedures and practices: This refers to the processes
relating to approval and implementation of information security. The security policy is basis on
which detailed procedures and practices are developed and implemented at various
units/department and layers of technology, as relevant. These cover all key areas of securing
information at various layers of information processing and ensure that information is made
available safely and securely. For example – Non-disclosure agreement with employees, vendors
etc., KYC procedures for security.
 User Security Administration: This refers to security for various users of information systems.
The security administration policy documents define how users are created and granted access as
per organization structure and access matrix. It also covers the complete administration of users
right from creation to disabling of users is defined as part of security policy.
 Application Security: This refers to how security is implemented at various aspects of
application right from configuration, setting of parameters and security for transactions through
various application controls. For example – Event Logging.
 Database Security: This refers to various aspects of implementing security for the database
software. For example - Role based access privileges given to employees.
 Operating System Security: This refers to security for operating system software which is
installed in the servers and systems which are connected to the servers.
 Network Security: This refers to how security is provided at various layers of network and
connectivity to the servers. For example - Use of virtual private networks for employees,
implementation of firewalls etc.
 Physical Security: This refers to security implemented through physical access controls. For
example - Disabling the USB ports.

Q.4: Current and Savings Account (CASA) is a unique feature which banks offer to their
customers to make them keep their money in their banks. Discuss its business process flow.
[RTP May 21]

ANSWER:
The Business Process flow of Current and Saving Account (CASA) is as follows:
38
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(i) Either the customer approaches the relationship manager to apply for a CASA facility or will
apply the same through internet banking, the charges/ rates for the facility are provided by the
relationship manager on basis of the request made by the customer.
(ii) Once the potential customer agrees for availing the facilities/products of the bank, the
relationship manager request for the relevant documents i.e. KYC and other relevant documents
of the customer depending upon the facility/product. KYC (Know Your Customer) is a process
by which banks obtain information about the identity and address of the customers. KYC
documents can be Passport, Driving License, etc.
(iii) The documents received from the customers are handed over to the Credit team / Risk team for
sanctioning of the facilities/limits of the customers.
(iv) Credit team verifies the document’s, assess the financial and credit worthiness of the borrowers
and updates facilities in the customer account.
(v) Current Account /Saving Account along with the facilities requested are provided to the customer
for daily functioning.
(vi) Customers can avail facilities such as cheque deposits/ withdrawal, Cash deposit/ withdrawal,
Real Time Gross Settlement (RTGS), National Electronics Funds Transfer System (NEFT),
Electronic Clearing Service (ECS), Overdraft Fund Transfer services provided by the bank.

Q.5: Banking has played a vital and significant role in development of economy. In the light
of this statement, explain the key features of banking business. [MTP March 21 (3 Marks)]

ANSWER:
The key features of a banking business are as follows:
 The custody of large volumes of monetary items, including cash and negotiable instruments, whose
physical security should be ensured.
 Dealing in large volume (in number, value and variety) of transactions.
 Operating through a wide network of branches and departments, which are geographically
dispersed.
 Increased possibility of frauds as banks directly deal with money making it mandatory for banks
to provide multi-point authentication checks and the highest level of information security.

Q.6: DFK corporative bank of Uttar Pradesh decided to implement Core Banking System
(CBS) to facilitate integration of its entire business applications. Briefly explain how the
deployment and implementation of CBS can be controlled at various stages to ensure that
objectives of DFK corporative bank are achieved. [MTP March 21 (4 Marks)]

ANSWER:
The deployment and implementation of Core Banking System (CBS) should be controlled at various
stages to ensure that objective of DFK corporative bank are achieved. The detail is as follows:
 Planning: Planning for implementing the CBS should be done as per strategic and business
objectives of bank.

39
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Approval: The decision to implement CBS requires high investment and recurring costs and will
impact how banking services are provided by the bank. Hence, the decision must be approved
by the board of directors.
 Selection: Although there are multiple vendors of CBS, each solution has key differentiators.
Hence, bank should select the right solution which is scalable and where different interfaces are
readily available considering various parameters as defined by the bank to meet their specific
requirements and business objectives.
 Design and develop or procured: CBS solutions used to be earlier developed in-house by the
bank. Currently, most of the CBS deployments are procured. There should be appropriate
controls covering the design or development or procurement of CBS for the bank.
 Testing: Extensive testing must be done before the CBS is live. The testing is to be done at
different phases at procurement stage to test suitability to data migration to ensure all existing
data is correctly migrated and testing to confirm processing of various types of transactions of all
modules produces the correct results.
 Implementation: CBS must be implemented as per pre-defined and agreed plan with specific
project milestones to ensure successful implementation.
 Maintenance: CBS must be maintained as required. E.g. program bugs fixed, version changes
implemented, etc.
 Support: CBS must be supported to ensure that it is working effectively.
 Updation: CBS modules must be updated based on requirements of business processes,
technology updates and regulatory requirements;
 Audit: Audit of CBS must be done internally and externally as required to ensure that controls
are working as envisaged.

Q.7: Write a short note on “Automated Teller Machine (ATM) Channel Server”.
[MTP April 21 (2 Marks)]

ANSWER:
Automated Teller Machines (ATM) Channel Server: This server contains the details of ATM
account holders. Soon after the facility of using the ATM is created by the Bank, the details of such
customers are loaded on to the ATM server. When the Central Database is busy with central end-of-
day activities or for any other reason, the file containing the account balance of the customer is sent
to the ATM switch. Such a file is called Positive Balance File (PBF). This ensures not only continuity of
ATM operations but also ensures that the Central database is always up-to-date. The above process is
applicable to stand alone ATMs at the Branch level. As most of the ATMs are attached to the central
network, the only control is through ATM Switch.

Q.8: Describe the Section 63 in prevention of Money Laundering that specifies the
punishment for false implementation or failure to give information, etc.
[MTP April 21 (4 Marks)]

ANSWER:

40
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
[Section 63] Punishment for false information or failure to give information, etc.
(1) Any person willfully and maliciously giving false information and so causing an arrest or a search
to be made under this Act shall on conviction be liable for imprisonment for a term which may
extend to two years or with fine which may extend to fifty thousand rupees or both.
(2) If any person -
(a) being legally bound to state the truth of any matter relating to an offence under section 3,
refuses to answer any question put to him by an authority in the exercise of its powers under
this Act; or
(b) Refuses to sign any statement made by him in the course of any proceedings under this Act,
which an authority may legally require to sign; or
(c) to whom a summon is issued under section 50 either to attend to give evidence or produce
books of account or other documents at a certain place and time, omits to attend or produce
books of account or documents at the place or time, he shall pay, by way of penalty, a sum
which shall not be less than five hundred rupees but which may extend to ten thousand
rupees for each such default or failure.
(3) No order under this section shall be passed by an authority referred to in sub-section (2) unless
the person on whom the penalty is proposed to be imposed is given an opportunity of being
heard in the matter by such authority.
(4) Notwithstanding anything contained in clause (c) of sub-section (2), a person who intentionally
disobeys any direction issued under section 50 shall also be liable to be proceeded against under
section 174 of the Indian Penal Code (45 of 1860).

Q.9: Briefly discuss the characteristics of Core Banking Systems (CBS).

[July 21 (2 Marks)]

ANSWER:
The characteristics of Core Banking Systems (CBS) are as follows:
 CBS is centralized Banking Application software that has several components which have been
designed to meet the demands of the banking industry.
 CBS is supported by advanced technology infrastructure and has high standards of business
functionality.
 Core Banking Solution brings significant benefits such as a customer is a customer of the bank and
not only of the branch.
 CBS is modular in structure and is capable of being implemented in stages as per requirements of
the bank.
 A CBS software also enables integration of all third-party applications including in-house banking
software to facilitate simple and complex business processes.
 There is a common database in a central server located at a Data Center which gives a
consolidated view of the bank’s operations.
 Branches function as delivery channels providing services to its customers.

41
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
Q.10: XYZ Bank wants to deploy and implement Core Banking Systems (CBS) to all of its
branches. As a consultant, how would you suggest the deployment and implementation of
CBS at various stages to ensure that banks automation objectives are achieved?
[July 21 (6 Marks)]

ANSWER:
The various stages of deployment and implementation of Core Banking Systems (CBS) should be
controlled to ensure that banks automation objectives are achieved:
 Planning: Planning for implementing the CBS should be done as per strategic and business
objectives of bank.
 Approval: The decision to implement CBS requires high investment and recurring costs and will
impact how banking services are provided by the bank. Hence, the decision must be approved by
the Board of Directors.
 Selection: Although there are multiple vendors of CBS, each solution has key differentiators.
Hence, bank should select the right solution which is scalable and where different interfaces are
readily available considering various parameters as defined by the bank to meet their specific
requirements and business objectives.
 Design and develop or procure: CBS solutions used to be earlier developed in-house by the
bank. Currently, most of the CBS deployments are procured. There should be appropriate controls
covering the design or development or procurement of CBS for the bank.
 Testing: Extensive testing must be done before the CBS is live. The testing is to be done at
different phases at procurement stage to test suitability to data migration to ensure all existing
data is correctly migrated and to confirm that the processing of various types of transactions of all
modules produces the correct results.
 Implementation: CBS must be implemented as per pre-defined and agreed plan with specific
project milestones to ensure successful implementation.
 Maintenance: CBS must be maintained as required. For example – program bugs fixed, version
changes implemented, etc.
 Support: CBS must be supported to ensure that it is working effectively.
 Updation: CBS modules must be updated based on requirements of business processes,
technology updates and regulatory requirements.
 Audit: Audit of CBS must be done internally and externally as required to ensure that controls are
working as envisaged.

MCQ: Money Laundering is commonly used by criminals to make dirty money appear
legitimate. In this context, which stage of Money Laundering involves the bank transfers
between different accounts in different names in different countries making deposit and
withdrawals? [MTP March 21]

(a) Placement
(b) Layering

42
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
(c) Integration
(d) Financing
ANSWER: (b)

MCQ: VV designers, the manufacturers of bath accessories allow their customer to pay in
cash only. Now, with the demand of cashless economy the company decided to allow its
customers to pay either through cash or through credit/debit cards. The company uses the
key control that transaction cannot be made if the aggregate limit of out- standing amount
exceeds the credit limit assigned to customer. Identify the risk related to credit card
processing for which this key control is applied. [MTP April 21]

(a) Credit Line setup is unauthorized and not in line with the bank’s policy.
(b) Credit Line setup can be breached.
(c) Masters defined are not in accordance with the Pre-Disbursement Certificate.
(d) Inaccurate reconciliations performed.
ANSWER: (b)

Case Study Based MCQs – [ RTP May 2021]

SciLabs, is an upcoming robotics company in India providing innovative solutions for
different verticals. The company has adopted the concept of Cloud Computing using the
cloud type which is small, most secure, controlled, maintained internally and used to
perform critical activities of the company.
For every new project undertaken by them; the functional requirement documents are
prepared, and the initial design requirements are communicated to programmers via
algorithms and flowcharts. All the customer requirements are tracked, assembling
materials are ordered and the details regarding entire cost incurred for training, research
and full-fledged development of the product are managed through the implemented SAP
ERP system.
Furthermore, different versions of all the documents and white papers related to the
ongoing research are stored in the Relational Database Management Systems (RDBMS)
Teradata warehouse periodically to maintain record of all the changes a said project
undergoes during its entire life cycle. Such methodology enables SciLabs to maintain and
compare the data between different time periods based on the time stamps the data is
stored in the data warehouse.
SciLabs has also implemented stringent controls so that the high-level architectural
diagrams of the new project are kept with utmost confidentiality.
Based on the facts of the case scenario given above, choose the most
appropriate answer to Q. Nos 1 to 5.
(1) Flowcharts are used by SciLabs to communicate the requirements to the
programmers. Which among the following would be the initial step in developing
flowcharts?

43
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 (a) Identifying the activities in each process step.
(b) Preparing an initial rough diagram.
(c) Identifying the business processes to be documented.
(d) Identifying the starting point of the process.
(2) SciLabs uses a module of SAP ERP system that enables to create detailed scheduling,
material requirement planning, and refine production integration. Which of the
following module of SAP ERP support all these features?
(a) Material Management
(b) Supply Chain
(c) Production Planning
(d) Sales and Distribution
(3) The documents and white papers related to the research carried on by the SciLabs
analysts are loaded in Teradata data warehouse so as to have comparisons of the
different version files. Which feature of a Teradata tool is referred here?
(a) Standardized
(b) Time Variant
(c) Non-operational data
(d) Consistency
(4) SciLabs initially has adopted the concept of Cloud Computing using the cloud which is
small, most secure, controlled and maintained internally. However, with the expansion
in the SciLabs business, the management decided to deploy another cloud named
_____ for its non-critical activities and usage of additional resources. Identify the
deployed cloud.
(b) Private Cloud
(c) Public Cloud
(d) Hybrid Cloud
(e) Community Cloud
(5) Though stringent controls are implemented by SciLabs, one of its development team
member Mr. Atul accesses the confidential architectural diagrams of the new project
and download them on his personal computer for wrongful reasons. Under which
Section of the Information Technology Act, 2000; is Mr. Atul punishable?
(a) Section 65
(b) Section 43
(c) Section 66
(d) Section 66D

44
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 ANSWER

(1) (2) (3) (4) (5)

(c) (b) (b) (b) (b)

Case Study Based MCQs – [ MTP March 2021]

M/s TAS & Sons is an automobile manufacturer of spare parts of four wheelers in India. The
company has four manufacturing units in various locations across the country. It also has
two branch offices located in Pune and Hyderabad to handle activities like orders, delivery,
complaints and stock operations. The company maintains its account with ABC Bank from
where it also has taken various loans and advances.
Sometime ago, the company’s business processes like accounting, purchase, sales and
inventory were maintained in manual mode. The management of the company observed that
the manual processing of these activities hinder the overall working of the business related
daily operations. This resulted in huge gap in the flow of information, pending orders,
delayed deliveries, and delayed decision making due to lack of business reports and
therefore overall non-performance. Thus, the management committee decides to adopt the
process of automation for its various business operations so that information flow would be
timely and consolidated within its branches and manufacturing units. To attain this
objective, the service models of Cloud Computing are proposed to be adopted so that the
branches and manufacturing units are interconnected with centralized mechanism of data
sharing and storage. The proposed system with well-implemented access controls will
provide robust data security among its systems of branches and manufacturing units. Not
only the record keeping, but also data maintenance and reports generation would become
simpler after the implementation of proposed system. The management is also looking for
better prospects of adhering to the legal compliances of the country and also to initiate its
business operations through online mode.
Subsequently, the company hires a consultant Mr. Sumit to carry out the feasibility study of
its proposed system who prepares a feasibility report and submits to the management.
Based on the go ahead report of Mr. Sumit’s report, a project team is scheduled to be
constituted who will work under him to execute the project and ensure its delivery on time.
(1) The Management committee of M/s TAS & Sons decides to automate its entire business
processes anticipating reaping better benefits for the company. Which of the following
does not come under the category of benefits of Automation?
(a) Consistency of automated processes
(b) Automating Redundant processes
(c) Reduction of turnaround time
(d) Better utilization of employees’ time
(2) In purview of above case scenario, the management of M/s TAS & Sons decides to
adopt the process of automation for its various business processes so that information
flow within its units and branches would be timely and consolidated. The data is
centralized and in case of loss of any set of data from this location, whole business may
45
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 come to stand still. Identify from the following controls that may be useful to overcome
the aforementioned risk.
(a) It can be controlled by removing redundant data.
(b) Back up arrangement needs to be strong.
(c) To allocate some funds in case of contingencies.
(d) Overhauling of organizational structure is required.
(3) If the company hires XYZ Ltd. as its Cloud Computing service provider, which of the
following model of Cloud Computing would be useful for M/s TAS & Sons if XYZ Ltd.
proposes to host company’s application at its data center over the internet to make it
accessible to the customers of M/s TAS & Sons?
(a) Infrastructure as a Service
(b) Platform as a Service
(c) Software as a Service
(d) Database as a Service
(4) In purview of the above case scenario, the company decides to install various
internetwork processors like routers and firewalls etc. for its business application
through online mode in order to make its whole network secure. Which type of control
the company is planning to work on?
(a) Corrective Control
(b) Preventive Control
(c) Network Control
(d) Detective Control
(5) M/s TAS & Sons maintains its account in ABC Bank which faces the application risk of
incorrect classification and provisioning of Non Performing Asset (NPA) resulting in
financial mismanagement, of company’s account. Which control would be best
suggested to take care of this?
(a) Access for changes made to the configuration, parameter settings should be restricted to
authorized user.
(b) Unique Id should be created for each asset.
(c) The system parameters need to be set up as per business process rules of the bank.
(d) To ensure existence of configuration/customization in the application to perform NPA
classification as per relevant RBI guidelines

ANSWER

(1) (2) (3) (4) (5)

(b) (b) (c) (b) (d)

46
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 Case Study Based MCQs – [ MTP April 2021]
GoCart is one amongst the popular e-commerce shopping portals delivering the products
in India and SAARC nations with its head office in New Delhi. It recently entered into a
Service Level Agreement (SLA) with Google, wherein Google would provide the necessary
application framework, testing tools to GoCart to develop and deploy its application online.
On successful deployment of its application and in order to get a competitive advantage
over other e-Commerce providers, GoCart launched a multi-saver sale wherein huge
discount on the best brands are available, complimentary gifts for purchases above a
certain amount and express free delivery are also provided. All the revenue generated
through the multi saver sale will be routed through a separate current account maintained
with CSC Bank, from where GoCart has already taken a loan.
With the increase in the cybercrimes and misuse of customer data, GoCart has implemented
stringent controls to prevent any unauthorized access to data and has opened up new job
roles exclusively with objective of ensuring security at network and operating system levels.
GoCart has also implemented certain controls to avoid the risk that prevent it from losses
due to failure of internal processes, any criminal activity by an employee and
product/service failure. Further to comply with the regulatory requirements, GoCart books
of accounts are well maintained and subjected to annual statutory audit and the business
reporting is done through XBRL.
(1) GoCart has implemented certain controls to avoid the risk for prevention of losses due
to failure of internal processes, any criminal activity by an employee and
product/service failure. Which among the following risk would GoCart be subjected to
in this case?
(e) Strategic Risk
(f) Operational Risk
(g) Financial Risk
(h) Residual Risk
(2) For GoCart, the business reporting is done using XBRL. Identify the feature of XBRL
which stops poor quality information being sent to a regulator, when the draft report
is being run by one of its staff who had prepared the same?
(a) Clear Definition
(b) Multilingual support
(c) Strong Software Support
(d) Testable Business Rules
(3) With the objective of maintaining utmost security, GoCart recruited Mr. Y to examine
logs from firewalls, intrusion detection system and to issue security advisories to
other members in IT department. Which of the following job roles best fits into job
profile of Mr. Y?
(i) Operations Manager
(j) Network Architect

47
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com
 (k) Security Analyst
(l) Database Administrator
(4) With the recently entered Service Level Agreement (SLA) with Google, GoCart
successfully developed and deployed its new application. Identify the type of cloud
service utilized by GoCart in the application which is developed online?
(m) Infrastructure as a Service
(n) Platform as a Service
(o) Software as a Service
(p) Network as a Service
(5) In addition to routing the revenue in accounts maintained with CSC Bank, GoCart also
has taken various loans and advances from CSC Bank. If CSC Bank faces the
information security risk of non-establishment of user accountability for the accounts
created for GoCart, which control would be best suggested for this?
(q) The identity of users is authenticated to system through password.
(r) System validations have been implemented to restrict set up of duplicate customer master
records.
(s) All users are required to have a unique user id.
(t) Access for changes made to the configuration, parameter settings is restricted to authorized
user.

ANSWER

(1) (2) (3) (4) (5)

(b) (d) (c) (b) (c)

48
Video Classes by Vinit Mishra 9354719404 www.cadreamers.com