Test Series: March, 2022

MOCK TEST PAPER-I

INTERMEDIATE GROUP – II
PAPER – 7: ENTERPRISE INFORMATION SYSTEMS AND STRATEGIC MANAGEMENT
SECTION – A: ENTERPRISE INFORMATION SYSTEMS
Time Allowed – 1½ Hours Maximum Marks: 50 Marks
Part I: Multiple Choice Questions Total Marks: 15 Marks
Question Nos. 1 to 5 carries 2 marks each.
KL Mart deals in grocery items, adults’ apparels, electronic items, stationery items and gym related equipment.
These items are sold in its two showrooms one each in Noida and East Delhi. To purchase items from any of
these two showrooms; the customers must have GST number against which free of cost membership card is
issued to them which the customers may use in any of the showroom. KL Mart has its warehouse located at
Greater Noida, quite distant from the location of its two showrooms. All the three locations - both showrooms and
warehouse maintain their separate computerized billing and inventory systems with both showrooms not aware
of inventory available at warehouse at any point in time. Therefore, the integration between the inventory system
of both showrooms and warehouse store is lacking.
As a regular practice, after every three days, both showrooms raise their inventory requirement to warehouse
and accordingly the warehouse based on the availability of the stock items, either accepts or rejects partially/fully
the requisition raised by any showroom. Once the order of any showroom is confirmed, the warehouse is bound
to deliver the products to that showroom latest by the next day of its order confirmation. The management
observes few incidents wherein the products were not supplied as per the requirement of showroom because of
their non-availability. The time to place the clearance for the order of various products from the warehouse
makes the showrooms to wait forcibly for their ordered products to be received.
To solve the problem of delay in products’ delivery and reduce the turnaround time, the management of KL Mart
proposes to procure new software with an objective to automate inventory, billing, and stock modules to
synchronize integration of inventory systems between the showrooms and warehouse. So, the Management
approaches a software provider/developer company named Gigs Software Ltd. to procure the software to
automate and integrate their inventory process of warehouse and showrooms. Mr. Anil from Gigs Software Ltd.
leads its team to understand and realize the needs and requirements of KL Mart for which he interviews various
officials from management and employees of warehouse/showroom to know about their expectation from
proposed system.
1. Mr. Anil after understanding the needs and requirements of KL Mart compiles a report and decides to
provide an overview of what data would the proposed system be processing and storing, what
transformations shall be performed, what results would be produced and flow of data among external
entities. Identify the tool used by Mr. Anil in this case.
(a) Data Flow Diagram
(b) Flowchart
(c) Decision Table
(d) Decision Box
2. In purview of above case scenario, whenever there is delivery of ordered products by warehouse to
any of the showroom, the vouchers are required to be issued to record the physical movement of stock
from one location to another. What type of voucher is relevant in this case?
(a) Receipt Note
(b) Stock Journal
1

© The Institute of Chartered Accountants of India

 (c) Delivery Note
(d) Physical Stock
3. While developing the proposed software for KL Mart, which of the following control from Data
Resource Management Control should be applied by developer of Mr. Anil’s team from Gigs Software
Ltd. so that only authorized users can change or delete the inventory database?
(a) Update Control
(b) Concurrency Control
(c) Definition Control
(d) Quality Control
4. Mr. Ramesh purchased various grocery and electronic items from KL Mart of ₹ 20,000/-. He used a
digital mode of payment wherein the payment was based through quick response code without using
internet banking. Identify the digital payment method used by Mr. Ramesh.
(a) Cryptocurrency
(b) Smart Card
(c) e-Rupi
(d) Credit Card
5. KL Mart maintains its bank account with Noida Branch of DEF bank for all types of transactions. Which
of the following server of DEF bank stores the login details of its customers and authenticates them at
the time of login?
(a) Internet Banking Application Server
(b) Internet Banking Channel Server
(c) Application Server
(d) Automated Teller Machine Channel Server
Question No(s). 6 to 10 carries 1 Mark each.
6. Consider the following flowchart.

Start

X = 100, Y =200, Z = 300, S = 0

X=Y
Y=Z
Z=X
S=Z

Print S

Stop

© The Institute of Chartered Accountants of India

 Choose the correct value of S.
(a) 100
(b) 200
(c) 300
(d) 0
7. Below mentioned activities are involved in overall Purchase Process of Material Management (MM)
Module in ERP Systems.
(i) Placing an order for Approved Quotation.
(ii) Release of payment to vendor.
(iii) Issue of material to production.
(iv) Receipt of material by stores.
(v) Purchase requisition from production department.
(vi) Evaluation of quotations.
(vii) Asking for quotation from approved vendors.
(viii) Evaluation of purchase request by Purchase department.
(ix) Recording of purchase invoice by Accounts.
Arrange them in sequence.
(a) (v) – (viii) – (vii) – (vi) – (i) - (iv) – (iii) – (ix) – (ii)
(b) (iii) – (iv) – (ii) – (vi) – (i) – (ix) – (viii) – (v) – (vii)
(c) (i) – (ii) – (iii) – (iv) – (ix) – (viii) – (vii) – (vi) – (v)
(d) (v) – (vii) – (ix) – (vi) – (iv) – (i) –(iii) – (ii) – (viii)
8. The Information Systems Auditing is defined as the process of attesting various objectives that are
mentioned below:
(i) Asset safeguarding
(ii) Data integrity
(iii) System effectiveness
(iv) System efficiency
The underpinned definition of these objectives is as under:
I. This involves protecting of various resources like hardware, software, data files etc. by using
internal controls from unauthorized access.
II. This involves whether a system reports information in a way that facilitates its users in decision -
making or not.
III. This involves use of various Information system resources minimally with their optimum
utilization.
IV. This involves maintaining the accuracy, completeness, reliability, and transparency of the data.
3

© The Institute of Chartered Accountants of India

 Match the objectives with their definitions:
(a) (i) – I, (ii) – IV, (iii) - II, (iv) - III
(b) (i) – I, (ii) – II, (iii) - III, (iv) - IV
(c) (i) – IV, (ii) – III, (iii) - II, (iv) - I
(d) (i) – II, (ii) – III, (iii) - I, (iv) - IV
9. There are few examples of e-business model.
(i) A consumer selling his refrigerator on the website.
(ii) Consumer placing an estimate of amount s/he wants to spend on hiring the particular service.
(iii) Seller selling its products to an intermediate buyer who then sells its products to the final
customer.
(iv) Online retailer selling its products and services to consumers through its website.
The business models are listed below:
I. Business - to - Business (B2B)
II. Consumer - to - Consumer (C2C)
III. Business - to - Consumer (B2C)
IV. Consumer - to - Business (C2B)
Identify the statement that shows the correct match of the example with its corresponding e-business
model.
(a) (i) - I, (ii) - II, (iii) - III, (iv) - IV
(b) (i) - II, (ii) - IV, (iii) - I, (iv) - III
(c) (i) - III, (ii) - II, (iii) - I, (iv) - IV
(d) (i) - IV, (ii) - III, (iii) - II, (iv) - I
10. Following are the various risks that are associated with security of information in an automated
environment.
(i) Lack of management direction and commitment to protect information assets.
(ii) Potential loss of confidentiality, availability and integrity of data and system.
(iii) Non-establishment of user accountability.
(iv) Security breaches may go undetected.
Following are the controls for afore-mentioned risks to Information Security.
I. Establishment of security policies.
II. Vendor default passwords are approximately modified, eliminated, or disabled.
III All users to have unique user-id.
IV Logs are maintained and regularly reviewed.

© The Institute of Chartered Accountants of India

 Match the risks with their corresponding controls.
(a) (i) – I, (ii) – II, (iii) – III, (iv) - IV
(b) (i) – IV, (ii) – II, (iii) – III, (iv) – I
(c) (i) – II, (ii) – III, (iii) – IV, (iv) – I
(d) (i) – III, (ii) – I, (iii) – IV, (iv) - II
Part II: Descriptive Questions Total Marks: 35 Marks
Question No. 1 is compulsory. Attempt any three out of remaining four questions.
1. (a) ABC Bank has introduced digital mode of remittance to make online transfer of funds from one
place to another. Explain the various modes of Electronic Funds Transfer (EFT). (3 Marks)
(b) Mention various controls under the Application Control Framework of Information Systems.
(2 Marks)
2. (a) Enterprise Resource Planning (ERP) System comprises of various modules that share common
database and work in congruence and harmony with each other. Why do you think the integration
between different modules of ERP is required? Also, briefly explain integration of Material
Management (MM) Module with other modules. ([1 + 5] Marks)
(b) Blockchain is a shared immutable ledger that facilitates the process of recording transactions and
tracking assets in various business fields. Discuss various application areas of blockchain in
detail. (4 Marks)
3. (a) ABC Ltd. is a coaching institute with its three branches in Delhi/NCR that provides coaching to
engineering aspirants for various competitive examinations. The Institute wishes to develop an IT
setup to initiate online coaching and assessment tests. To attain its objective, ABC Ltd.
approaches an IT based company named KK Software Ltd. to develop the proposed system for
them. Discuss in detail the activities that the Systems Development Management team of KK
Software Ltd. would perform to develop the proposed system for ABC Ltd. (6 Marks)
(b) Data Analytics involves much more than just analyzing the data and help the businesses to
increase revenues, improve operational efficiency and to respond more quickly to emerging
market trends. Discuss the process of Data Analytics in detail. (4 Marks)
4. (a) Grid Computing is special kind of distributed computing model used to solve complex problems
among different interconnected domains with each domain administrated independently and free
to deploy technologies. Briefly explain the constraints that should be considered to develop the
security architecture of Grid Computing. (6 Marks)
(b) Data in each business is considered as a unique resource and therefore its security is a primary
concern for organizations as various risks are associated with it. Briefly discuss the
Asynchronous attacks that fall under Data related risks. (4 Marks)
5. (a) In any Information System; various controls are implemented to prevent, detect, and facilitate the
correction of several risks. Describe various levels at which implementation of these controls are
required to be examined in computer system. (6 Marks)
(b) RBI has prescribed comprehensive Cyber Security Framework for banks to ensure effective
information security governance in CBS environment. Specify the key measures required to
implement Network Security and Secure configuration in digital environment of bank. (4 Marks)

© The Institute of Chartered Accountants of India

 SECTION – B: STRATEGIC MANAGEMENT
Time Allowed – 1½ Hours Maximum Marks – 50
Question 1 and 2 are compulsory.
Attempt any three questions out of remaining four questions.

1. (A) Pantheon Yoga Center (PYC), situated in the dense forests of Chhattisgarh by Dr. Manohar
Dasgupta, a less known meditation center is visited by affluent Indians and foreign seekers, only
by invitation. The uniqueness of his methodologies remains in the fact that only a few people have
been able to experience them yet.
Recently, CEO of a big investment bank approached Dr. Dasgupta to take special sessions for his
management team in Los Angeles, USA - and given Dr. Dasgupta’s popularity amongst business
leaders, he wanted to strengthen his network as well for business purposes by building relations
with him. Though Dr. Dasgupta was reluctant at first but understanding the need to publicize his
practice and an offer by the CEO to get access to more corporates through this route, he took the
opportunity, and called his corporate suite of sessions, the ‘Shanti Classes’.
There were certain risks though; first, his techniques could be shunned by the top management as
being too orthodox and old. Second, maybe they could be revealed to the outside world in a very
disruptive manner, thus taking away the core uniqueness of exclusivity, and lastly, how would he
monetize his methodologies if they expanded so quickly.
With above risks also came the need to build a strong team of like minded individuals who could
support and propagate the ideologies in a positive fashion. For this he relied on his daughter,
Sukanya. She took three months to build a team of fifty young-vibrant men and women from
different backgrounds and trained them with basics and a few specializations.
PYC opened its first branch in Los Angeles, USA, and then took the opportunity to open three
more in India. One each in Madhya Pradesh, Gujarat and Assam.
The center and its techniques have now been recognised globally, especially in Northern America,
while Europe is still to be explored business wise. One thing that Pantheon model reassures is
that strategy has no boundation with respect to product or service; it applies to each kind in its
own way.
Based on the above Case Scenario, answer the Multiple-Choice Questions which are as follows:
1. Core competencies cannot be built on single know how, instead it has to be integration of
many resources. From the above case, what was the core competency of PYC and which of
the following competencies were missing from its bunch of competencies?
(a) Customer Satisfaction was the core competency and its competencies did not include
meditation expertise.
(b) Location of the Yoga Center was the core competency and its competencies did not
include technological know-how.
(c) Exclusivity was the core competency and its competencies did not include easy
scalability.
(d) Dr. Dasgupta’s brand name was the core competency and its competencies did not
include exclusivity. (2 Marks)

© The Institute of Chartered Accountants of India

 2. Suppose you are a banker funding PYC’s new ventures. Please apprise the management
about the third risk mentioned above and which of the functional level strategies is it
associated with for PYC?
(a) Associated with Delivering Value to Customer, Marketing Strategy
(b) Associated with Sources of Funds, Financial Strategy
(c) Associated with Free Publicity, Marketing Strategy
(d) Associated with Management of Funds, Financial Strategy (2 Marks)
3. The formation of “Shanti Classes’ by Dr. Dasgupta to popularise his business can be
categorised as which of the following growth strategies?
(a) Product Development
(b) Diversification
(c) Market Penetration
(d) Market Development (1 Mark)
4. Which growth strategy was the CEO of the investment bank trying to achieve with Dr.
Dasgupta’s classes?
(a) Merger
(b) Diversification
(c) Acquisition
(d) Strategic Alliance (1 Mark)
5. The biggest challenge that you think Sukanya would face while implementing Human
Resource Strategy for the newly trained 50 odd individuals would be?
(a) Building core competency with faith in employees
(b) Creating Competitive Advantage based on employee skills
(c) Managing Diversity of Workforce
(d) Providing Purposeful Direction (1 Mark)
(B) Greg was heading the Global Biscuits SBU for Jonky’s Ltd. and he got an email congratulating him
for being promoted as the head of entire business of Jonky’s in India. Which of the following
statements is true about Greg’s position?
(a) Greg was a business level manager but now he is a corporate level manager
(b) Greg was a functional level manager but now he is a corporate level manager
(c) Greg was a business level manager and now also he is a business level manager
(d) Greg was a corporate level manager and now also he is a corporate level manager
2 Marks)
(C) J&P, a western wear brand has contracted Pee Kaw marketing firm from Singapore, product design
team working as an outsource company from Mexico and Humans branding company taking care
of its people’s operations. What kind of structure is this?
(a) Hourglass Structure
7

© The Institute of Chartered Accountants of India

 (b) Outsourcing
(c) Network Structure
(d) Tree Branch Structure (2 Marks)
(D) Which is not the major dimension of strategic decision making?
(a) Top management involvement
(b) Commitment of organizational resources
(c) Future Oriented
(d) Impact on short term prosperity of firm (1 Mark)
(E) Functional level managers are concerned with_________
(a) Strategies that are responsible for the operations of specific business
(b) Strategies that span multiple businesses
(c) Strategies that are specific to particular country
(d) Strategies that encourage a favourable attitude toward change (1 Mark)
(F) Best Cost provider strategies
(a) Seek to attract buyers on the basis of charging low price for low quality
(b) Aim at giving customers less value for more money
(c) Seek to attract buyers on the basis of charging high price for high quality
(d) Aim to giving customers low cost and better quality (1 Mark)
(G) The statement “where we want to go “denotes company
(a) Objective
(b) Policy
(c) Strategy
(d) Vision (1 Mark)
2. A private Moneyload Ltd. Bank that targets high worth individuals. They offer a premium service with
many additional and personal services not normally available through other banks. They charge a
significant annual fee for these services. The company makes full use of information technology
throughout its operations in order to minimize costs. Identify and explain the generic strategy adopted
by Moneyload Ltd. Bank? (5 Marks)
3. (a) Sky chemical industry intends to grow its business. Advise the company on the available options
using Ansoff’s product market growth matrix. (5 Marks)
(b) The presence of strategic management cannot counter all hindrances and always achieve success
for an organisation. What are the limitations attached to strategic management? (5 Marks)
4. (a) There has been fierce demand for both Gecko and FlyBee for the last 3 years. Gecko makes mass
consumption pens while FlyBee is a notebook and diary brand - both being complementary goods
of each other. But to grow further, FlyBee decided to take up competition with Gecko in pens
segment and thereby launched, FlyPens. Identify and explain the growth strategy opted by FlyBee?
(5 Marks)
(b) Explain briefly the. key areas in which the strategic planner should concentrate his mind to achieve
desired results. (5 Marks)
8

© The Institute of Chartered Accountants of India

5. (a) Explain the steps for initiating strategic change. (5 Marks)
(b) What do you understand by functional structure? (5 Marks)
6. Distinguish between the following:
(a) Strategic Planning and Operational Planning.
5 Marks)
(b) Publicity & Sales Promotion. (5 Marks)

© The Institute of Chartered Accountants of India

 Test Series: March, 2022
MOCK TEST PAPER-I
INTERMEDIATE GROUP – II
PAPER – 7: ENTERPRISE INFORMATION SYSTEMS AND STRATEGIC MANAGEMENT
SECTION – A: Enterprise Information Systems
ANSWERS
Part I: MULTIPLE CHOICE QUESTIONS
1 (a) Data Flow Diagram
2 (b) Stock Journal
3 (a) Update Control
4 (c) e-Rupi
5 (a) Internet Banking Application Server
6 (b) 200
7 (a) (v) - (viii) - (vii) - (vi) - (i) - (iv) - (iii) - (ix) - (ii)
8 (a) (i) - I, (ii) - IV, (iii) - II, (iv) - III
9 (b) (i) - II, (ii) - IV, (iii) - I, (iv) – III
10 (a) (i) - I, (ii) - II, (iii) - III, (iv) - IV
Part II: DESCRIPTIVE QUESTIONS
1. (a) The various modes of Electronic Funds Transfer (EFT) are as follows:
• Real Time Gross Settlement (RTGS) is an electronic form of funds transfer where the
transmission takes place on a real-time basis. In India, transfer of funds with RTGS is done
for high value transactions, the minimum amount being ₹ 2 lakh. The beneficiary account
receives the funds transferred on a real- time basis.
• National Electronic Funds Transfer (NEFT) is a nation-wide payment system facilitating
one-to-one funds transfer. Under this Scheme, individuals can electronically transfer funds
from any bank branch to any individual having an account with any other bank branch in the
country participating in the scheme.
• Immediate Payment Service (IMPS) is an instant payment inter-bank electronic funds
transfer system in India. IMPS offer an inter-bank electronic fund transfer service through
mobile phones. Unlike NEFT and RTGS, the service is available 24x7 throughout the year
including bank holidays.
(b) Various Controls under the Application Control Framework of Information Systems are as
follows:
• Boundary Control
• Input Control
• Processing Control
• Database Control
• Output Control
• Communication Control

© The Institute of Chartered Accountants of India

2. (a) Various modules of Enterprise Resource Planning (ERP) is integrated so that the master data
across all the ERP modules can be same and can be shared with other modules where-ever
required. The integration of ERP’s Material Management (MM) Module with other modules is as
under:
(i) Material Management Integration with Finance and Controlling (FICO): It is integrated
in the area like Material Valuation, Vendor payments, Material costing etc. Whenever any
inventory posting is done, it updates the General Ledger (G/L) accounts online in the
background. Logistics invoice verification will create vendor liability in vendo r account
immediately on posting the document. Any advance given against the purchase order
updates the Purchase Order history. For every inventory posting, there is corresponding
Controlling document to update profit centre accounting reporting.
(ii) Material Management Integration with Production Planning (PP): It is integrated in the
areas like Material Requirement Planning, Receipts/issues against production orders,
Availability check for stocks etc. Material requirement Planning is based on Stocks,
expected receipts, expected issues. It generates planned orders or purchase requisitions
which can be converted to purchase orders/Contracts. Inventory Management is responsible
for staging of the components required for production orders. The receipt of the finished
products in the Warehouse is posted in Inventory Management.
(iii) Material Management Integration with Sales and Distribution (SD): It is integrated in the
areas like Delivery, Availability Check, Stock transfers requirements etc. As soon as a s ales
order is created, it can initiate a dynamic availability check of stocks on hand. When the
delivery is created, the quantity to be delivered is marked as “Scheduled for delivery”. It is
deducted from the total stock when the goods issue is posted. Purchase order can be
directly converted to delivery for a stock transfer requirement.
(iv) Material Management Integration with Quality Management (QM): It is integrated with
QM for Quality inspection at Goods Receipt, In-process inspection etc. In the case of a
goods movement, the system determines whether the material is subject to an inspection
operation. If so, a corresponding activity is initiated for the movement in the Quality
Management system. Based on quality parameters, vendor evaluation is done.
(v) Material Management Integration with Plant Maintenance (PM): The material/service
requirement is mentioned in Maintenance order. This leads to generation of Purchase
Requisition (PR). This PR will be converted to Purchase Order (PO) by MM. The goods for a
PO will be awarded to Maintenance by MM. The spares which were reserved for
maintenance order will be issued by MM against the reservation number.
(b) Various application areas of Blockchain are discussed below:
• Financial Services: Blockchain can be used to provide an automated trade lifecycle in
terms of the transaction log of any transaction of asset or property - whether physical or
digital such as laptops, smartphones, automobiles, real estate, etc. from one person to
another.
• Healthcare: Blockchain provides secure sharing of data in healthcare industry by increasing
the privacy, security, and interoperability of the data by eliminating the interference of third
party and avoiding the overhead costs.
• Government: At the government front, there are instances where the technical
decentralization is necessary but politically should be governed by governments like land
registration, vehicle registration and management, e-voting etc. Blockchain improves the

© The Institute of Chartered Accountants of India

 transparency and provides a better way to monitor and audit the transactions in these
systems.
• Travel Industry: Blockchain can be applied in money transactions and in storing important
documents like passports/other identification cards, reservations and managing travel
insurance, loyalty, and rewards thus, changing the working of travel and hospitality industry.
• Economic Forecasts: Blockchain makes possible the financial and economic forecasts
based on decentralized prediction markets, decentralized voting, and stock trading, thus
enabling the organizations to plan and shape their businesses.
3. (a) The activities that the Systems Development Management team of KK Software would perform to
develop the proposed system for ABC Ltd. are as follows:
(i) Problem definition and Feasibility assessment: Information Systems can be developed
to help resolve problems or to take advantage of opportunities. All the stakeholders must
reach to agreement on the problem and should understand the possible threats associated
with possible solutions/systems related to asset safeguarding, data integrity, system
effectiveness, and system efficiency. The feasibility assessment is done to obtain a
commitment to change and to evaluate whether cost-effective solutions are available to
address the problem or opportunity that has been identified. All solutions must be properly
and formally authorized to ensure their economic justification and feasibility. This requires
that each new solution request be submitted in written form by stakeholders to systems
professionals who have both the expertise and authority to evaluate and approve (or reject)
the request.
(ii) Analysis of existing system: Designers need to analyze the existing system that involves
two major tasks:
• Studying the existing organizational history, structure, and culture to gain an
understanding of the social and task systems in place, the ways these systems are
coupled, and the willingness if stakeholders to change.
• Studying the existing product and information flows as the proposed system will be
based primarily on current product and information flows. The designers need to
understand the strengths and weaknesses of existing product to determine the new
system requirements and the extent of change required.
(iii) Information Processing System design: This phase involves following activities:
• Elicitation of detailed requirements: Either ask the stakeholders for their
requirement in case they are aware about it or discover the requirement through
analysis and experimentation in case stakeholders are uncertain about their need.
• Design of data/information flow: The designers shall determine the flow of
data/information and transformation points, the frequency and timing of the data and
information flows and the extent to which data and information flows will be formalized.
Tools such as Data Flow Diagram (DFD) can be used for this purpose.
• Design of Database and user interface: Design of database involves determining its
scope and structure whereas the design of user interface determines the ways in which
users interact with a system.
• Physical design: This involves breaking up the logical design into units which in turn
can be decomposed further into implementation units such as programs and modules .

© The Institute of Chartered Accountants of India

 • Design of the hardware/software platform: In case the hardware and software
platforms are not available in the organization, the new platforms are required to be
designed to support the proposed system.
(iv) Hardware/Software acquisition and procedures development: To purchase the new
application system or hardware, a request for a proposal must be prepared, vendor
proposals are sought, and final decisions is made based on evaluation. During procedures
development, designers specify the activities that users must undertake to support the on-
going operation of the system and to obtain useful output.
(v) Acceptance Testing and Conversion: Acceptance Testing is carried out to identify errors
or deficiencies in the system prior to its final release into production use. The conversion
phase comprises the activities undertaken to place the new system in operation.
(vi) Operation and Maintenance: In this phase, the new system is run as a production system
and periodically modified to better meet its objectives. A formal process is required to
identify and record the need for changes to a system and to authorize and control the
implementation of needed changes. The maintenance activities associated with these
systems need to be approved and monitored carefully.
(b) The process of Data Analytics involves the following:
• Data Collection: The analytics process starts with data collection, in which data scientists
identify the information they need for an analytics application and then work on their own or
with data engineers and IT staffers to assemble it for use. Data from different source
systems may need to be combined via data integration routines transformed into a common
format and loaded into an analytics system such as a Hadoop cluster, NoSQL database or
data warehouse.
• Find and Fix Data Quality Problem: Once the data that’s needed is in place, the next step
is to find and fix data quality problems that could affect the accuracy of analytics
applications. That includes running data profiling and data cleansing jobs to make sure that
the information in a data set is consistent and that errors and duplicate entries are
eliminated. A data scientist builds an analytical model, using predictive modelling tools or
other analytics software and programming languages such as Python, Scala, R and SQL.
Finally, the model is run in production mode against the full data set, something that can be
done once to address a specific information need or on an ongoing basis as the data is
updated.
• Building Analytical Model: In some cases, analytics applications can be set to
automatically trigger business actions. For example, stock trades by a financial services
firm. Otherwise, the last step in the data analytics process is communicating the results
generated by analytical models to business executives and other end users to aid in their
decision-making. That usually is done with the help of data visualization techniques, which
analytics teams use to create charts and other info graphics designed to make their findings
easier to understand. Data visualizations often are incorporated into Business Intelligence
(BI) dashboard applications that display data on a single screen and can be updated in real
time as new information becomes available.
4. (a) To develop security architecture of Grid Computing, constraints considerations that need to be
kept in mind are as follows:
 Secured Single Sign-on: Most of the distributed computing systems use identity-based
username and password, authentication, and authorization control for accessing a
computing system. To access resources from different administrative domains having
different security mechanisms, the user needs to authenticate him/her to different

© The Institute of Chartered Accountants of India

 domains. This is a very irritating and time-consuming process. To resolve this issue, a
mechanism should be established in which a user authenticates once only (e.g., at the
point of starting a computation) and then are able to acquire resources, use them, and
release them and to communicate internally without any further authentication.
 Resource Management: Grid resources are from different administrative domains that
have their own local resource managers, and a grid does not have full control of these
resources. Allocation of resources to co-users, prioritizing local jobs over system jobs, and
managing these resources without ownership is a big issue.
 Data Management: The users’ data-intensive, high-performance computing applications
in grid computing require the efficient management and transfer of huge data. Providing
secure, efficient, and transparent access to distributed and heterogeneous pool of data is
a big issue in grid computing.
 Management and Protection of Credentials: The different multiple systems involved in
grid computing require different credentials to access them. The credential management
and protection of users’ credentials such as passwords are big issues involved in grid
computing.
 Interoperability with local security solutions: The grid security mechanism may provide
access to different domains with a single sign-on, the access to a local resource will
typically be determined by a local security policy at a local level. It is very difficult to
modify every local resource to accommodate inter-domain accesses. Hence, despite of
modifying every local resource there is an inter-domain security server for providing
security to local resource.
 Standardization: Grid computing as a highly integrated system involves multi-purpose
protocols and interfaces to resolve the issues explained above. Standardizing these
protocols and interfaces is a big issue in grid computing.
 Exportability: The code should be exportable i.e. they cannot use a large amount of
encryption at a time. There should be a minimum communication at a time.
 Support for secure group communication: In a communication, there are number of
processes which coordinate their activities. This coordination must be secure and for this
there is no such security policy.
 Support for multiple implementations: There should be a security policy which should
provide security to multiple sources based on public and private key cryptography.
(b) The Asynchronous attacks of automated environment that fall under Data Related Risks are of
following types:
• Data Leakage: This involves leaking information out of the computer by means of dumping
files to paper or stealing computer reports and tape.
• Subversive Attacks: These can provide intruders with important information about
messages being transmitted and the intruder may attempt to violate the integrity of some
components in the sub-system.
• Wire-Tapping: This involves spying on information being transmitted over communication
network.
• Piggybacking: This is the act of following an authorized person through a secured door or
electronically attaching to an authorized telecommunication link that intercepts and alters
transmissions. This involves intercepting communication between the operating system and
the user and modifying them or substituting new messages.
5. (a) In computer systems, controls should be checked at three levels namely Configuration,
Masters, and Transaction level. These are discussed below:
(i) Configuration: Configuration refers to the way a software system is set up. Configuration is
the methodical process of defining options that are provided. When any software is

© The Institute of Chartered Accountants of India

 installed, values for various parameters should be set up (configured) as per policies and
business process work-flow and business process rules of the enterprise. The various
modules of the enterprise such as Purchase, Sales, Inventory, Finance, User Access etc.
must be configured. Configuration will define how software will function and what menu
options are displayed. Some examples of configuration are Mapping of accounts to front
end transactions like purchase and sales, User activation and deactivation, User Access
and privileges - Configuration and its management and Password Management.
(ii) Masters: Masters refer to the way various parameters are set up for all modules of
software, like Purchase, Sales, Inventory, and Finance etc. These drive how the software
will process relevant transactions. The masters are set up first time during installation and
these are changed whenever the business process rules or parameters are changed.
Examples are Vendor Master, Customer Master, Material Master, Accounts Master,
Employee Master etc. Any changes to these data have to be authorized by appropriate
personnel and these are logged and captured in exception reports. The way masters are set
up will drive the way software will process transactions of that type. For example - The
Customer Master will have the credit limit of the customer. When an invoice is raised, the
system will check against the approved credit limit and if the amount invoiced is within the
credit limit, the invoice will be created, if not the invoice will be put on “credit hold” till proper
approvals are obtained.
(iii) Transactions: Transactions refer to the actual transactions entered through menus and
functions in the application software, through which all transactions for specific modules are
initiated, authorized, or approved. For example - Sales transactions, Purchase transactions,
Stock transfer transactions, Journal entries and Payment transactions. Implementation or
review of specific business process can be done from risk or control perspective. In case of
risk perspective, we need to consider each of the key sub-processes or activities performed
in a business process and look at existing and related control objectives and existing
controls and the residual risks after application of controls. The residual risk should be
knowingly accepted by the management.
(b) The key measures required to implement Network security and secure configuration in digital
environment of bank are as follows:
• Multi-layered boundary defense through properly configured proxy servers, firewalls,
intrusion detection systems to protect the network from any malicious attacks and to detect
any unauthorized network entries.
• Different LAN segments for in-house/onsite ATM and CBS branch/network to confirm the
adequacy of bandwidth to deal with the volume of transactions so as to prevent slowing
down and resulting in lower efficiency.
• To ensure secure network configuration; proper usage of routers, hubs and switches should
be envisaged.
• Periodic security review of systems and terminals to assess the network’s vulnerability and
identify the weaknesses.
• Identification of the risks to ensure that risks are within the bank’s risk appetite and are
managed appropriately.

© The Institute of Chartered Accountants of India

 SECTION – B: STRATEGIC MANAGEMENT
SUGGESTED ANSWERS/HINTS
1. (A)
(1) (2) (3) (4) (5)
(c) (b) (d) (d) (d)

(B) (a)
(C) (c)
(D) (d)
(E) (a)
(F) (d)
(G) (c)
2. According to Porter, strategies allow organizations to gain competitive advantage from three different bases:
cost leadership, differentiation, and focus. Porter called these base generic strategies.
Moneyland Ltd. Bank targets a narrow segment of the market, offering unique and desirable products. The
bank will want to keep its costs under control, but it will not reduce costs at the expenses of reducing the
quality levels of the customer service it offers. By maintaining high quality levels, it will still be able to charge
a premium for its services. Thus, the strategy adopted by Moneyland Ltd. Bank is Focused Differentiation.
A focused differentiation strategy requires offering unique features that fulfil the demands of a narrow market.
Some firms using a focused differentiation strategy concentrate their efforts on a particular sales channel,
such as selling over the internet only. Others target particular demographic groups. Firms that compete based
on uniqueness and target a narrow market are following a focused differentiations strategy.
3. (a) The Ansoff’s product market growth matrix (proposed by Igor Ansoff) is a useful tool that helps
businesses decide their product and market growth strategy. With the use of this matrix, a business
can get a fair idea about how its growth depends upon its markets in new or existing products in
both new and existing markets.
The Ansoff’s product market growth matrix is as follows:

Ansoff’s Product Market Growth Matrix

© The Institute of Chartered Accountants of India

 Sky chemical industry can adopt market penetration, product development, market development
or diversification simultaneously for its different products.
Market penetration refers to a growth strategy where the business focuses on selling existing
products into existing markets. It is achieved by making more sales to present customers without
changing products in any major way.
Market development refers to a growth strategy where the business seeks to sell its existing
products into new markets. It is a strategy for company growth by identifying and developing new
markets for the existing products of the company.
Product development refers to a growth strategy where business aims to introduce new products
into existing markets. It is a strategy for company growth by offering modified or new products to
current markets.
Diversification refers to a growth strategy where a business markets new products in new
markets. It is a strategy by starting up or acquiring businesses outside the company’s current
products and markets.
As market conditions change overtime, a company may shift product-market growth strategies. For
example, when its present market is fully saturated a company may have no choice other than to
pursue new market.
(b) The presence of strategic management cannot counter all hindrances and always achieve success
as there are limitations attached to strategic management. These can be explained in the following
lines:
♦ Environment is highly complex and turbulent. It is difficult to understand the complex
environment and exactly pinpoint how it will shape-up in future. The organisational estimate
about its future shape may awfully go wrong and jeopardise all strategic plans. The
environment affects as the organisation has to deal with suppliers, customers, governments
and other external factors.
♦ Strategic Management is a time-consuming process. Organisations spend a lot of time in
preparing, communicating the strategies that may impede daily operations and negatively
impact the routine business.
♦ Strategic Management is a costly process. Strategic management adds a lot of expenses to
an organization. Expert strategic planners need to be engaged, efforts are made for analysis
of external and internal environments devise strategies and properly implement. These can
be really costly for organisations with limited resources particularly when small and medium
organisation create strategies to compete.
♦ In a competitive scenario, where all organisations are trying to move strategically, it is difficult
to clearly estimate the competitive responses to the strategies.
4. (a) FlyBee is a notebook and diary brand. But to grow further, FlyBee decided to take up competition
with Gecko in pens segment and thereby launched, FlyPens. FlyBee that is hitherto not into
producing pens starts producing them and other similar products is following concentric
diversification which is basically related diversification.
In this form of diversification, the new business is linked to the existing businesses through existing
systems such as processes, technology or marketing. The new product is a spin-off from the
existing facilities and products/processes. There are benefits of synergy with the current
operations. The most common reasons for pursuing a concentric diversification are that
opportunities in existing line of business are available.

© The Institute of Chartered Accountants of India

 (b) A strategic manager defines the strategic intent of the organisation and take it on the path of
achieving the organisational objectives. There can be a number of areas that a strategic manager
should concentrate on to achieve desired results. They commonly establish long-term objectives
in seven areas as follows.
• Profitability.
• Productivity.
• Competitive Position.
• Employee Development.
• Employee Relations.
• Technological Leadership.
• Public Responsibility.
5. (a) The changes in the environmental forces often require businesses to make modifications in their
existing strategies and bring out new strategies. Strategic change is a complex process that
involves a corporate strategy focused on new markets, products, services and new ways of doing
business.
Three steps for initiating strategic change are:
(i) Recognise the need for change – The first step is to diagnose the which facets of the present
corporate culture are strategy supportive and which are not.
(ii) Create a shared vision to manage change – Objectives of both individuals and organisation
should coincide. There should be no conflict between them. This is possible only if the
management and the organisation members follow a shared vision.
(iii) Institutionalise the change – This is an action stage which requires the implementation of
the changed strategy. Creating and sustaining a different attitude towards change is essential
to ensure that the firm does not slip back into old ways of doing things.
(b) Functional structure is widely used because of its simplicity and low cost. A functional structure
groups tasks and activities by business function.
The functional structure consists of a chief executive officer or a managing director and limited
corporate staff with functional line managers in dominant functions such as production, accounting,
marketing, R&D, engineering, and human resources. Disadvantages of a functional structure are
that it forces accountability to the top, minimizes career development opportunities, etc.
6. (a)
Strategic planning Operational planning
Strategic planning shapes the organisation and its Operational planning deals with current
resources. deployment of resources.
Strategic planning assesses the impact of Operational planning develops tactics rather
environmental variables. than strategy.
Strategic planning takes a holistic view of the Operational planning projects current
organisation. operations into the future.
Strategic planning develops overall objectives and Operational planning makes modifications to
strategies. the business functions but not fundamental
changes.
Strategic planning is concerned with the long-term Operational planning is concerned with the
success of the organisation. short-term success of the organisation.
Strategic planning is a senior management Operational planning is the responsibility of
responsibility. functional managers.

© The Institute of Chartered Accountants of India

 (b) Publicity and Sales promotion are adopted by organizations when they are undertaking promotion
in the overall marketing mix.
Publicity is a non-personal form of promotion similar to advertising. However, no payments are
made to the media as in case of advertising. Organizations skillfully seek to promote themselves
and their product without payment. Publicity is communication of a product, brand or business by
placing information about it in the media without paying for the time or media space directly.
Thus, it is way of reaching customers with negligible cost. Basic tools for publicity are press
releases, press conferences, reports, stories, and internet releases. These releases must be of
interest to the public.
Sales promotion is an omnibus term that includes all activities that are undertaken to promote the
business but are not specifically included under personal selling, advertising or publicity. Activities
like discounts, contests, money refunds, installments, kiosks, exhibitions and fairs constitute sales
promotion. All these are meant to give a boost to the sales. Sales promotion done periodically may
help in getting a larger market share to an organization.

10

© The Institute of Chartered Accountants of India