Certificate in Accounting and Finance Stage Examination
Data, Systems and Risks
Model paper
100 marks
Instructions to examinees:
(i) All questions are compulsory.
(ii) The overall duration of the exam is 3 hours and 15 minutes, which includes the 15-minute reading
time.
(iii) Answer in black pen only.
(iv) Answer Multiple Choice Questions in answer script only.
QUESTION 1
Select the most appropriate answer from the options available for each of the following Multiple-Choice
Questions (MCQs). Each MCQ carries ONE mark.
(i) A retail company analyses customer reviews posted on social media platforms to gauge the sentiment
towards its products. However, they frequently encounter challenges due to the use of slang, sarcasm,
and potentially misleading comments, which can skew their analytical insights.
This scenario primarily highlights which characteristic of Big Data?
(a) Velocity
(b) Value
(c) Volume
(d) Veracity
(ii) A company is analyzing data from various sources. They have spreadsheets of customer transactions,
a database of employee records, social media posts containing text and images, and XML files with
product details.
Which of these is an example of unstructured data?
(a) A spreadsheet of customer transactions
(b) A database of employee records
(c) A social media post with text and images
(d) An XML file containing product details
(iii) A software company observes a sudden increase in customer support tickets related to a specific
feature in its application. To address this, the product team decides to analyse user interaction logs
and crash reports to pinpoint the underlying reasons for the surge in issues.
Which stage of data analytics is the company primarily engaging in by seeking to understand "why
did it happen?" and identify the causes of these problems?
(a) Descriptive Analytics
(b) Diagnostic Analytics
(c) Predictive Analytics
(d) Prescriptive Analytics
�Model paper Data, Systems and Risks Page 2 of 5
(iv) A popular mobile fitness application collects extensive user activity data, including GPS locations,
workout routines, and heart rates. The company's privacy policy, buried deep in its terms and
conditions, states that anonymized user data "may be shared with third parties for research and
development.
A large pharmaceutical company offers a significant sum to purchase this anonymized data for drug
efficacy studies. Ethically, what should the fitness app company prioritize before proceeding?
(a) Maximizing profit from data monetization, as the data is anonymized
(b) Seeking user consent again and confirming anonymization
(c) Fast-tracking the sale to secure the deal, trusting the existing privacy policy is sufficient
(d) Sharing it immediately for public health benefits
(v) A business wants to build a system for long-term trend analysis of sales data, storing figures from the
last ten years without modifying them once loaded.
Which of the following characteristics are essential for this data warehousing system?
(a) Time-Variant and Non-Volatile
(b) Subject-Oriented and Operational
(c) Highly Normalized and Real-Time
(d) Integrated and Transactional
(vi) A key component of an organization's IT systems architecture involves the physical devices and
infrastructure that support IT systems, such as servers, storage devices, and networking equipment.
This component is known as:
(a) Application Software
(b) Hardware
(c) Middleware
(d) Networks
(vii) An organization implements a new customer relationship management (CRM) system and needs it
to seamlessly exchange data with its existing enterprise resource planning (ERP) system for inventory
and sales data. Which type of software is specifically designed to facilitate this communication and
data sharing between disparate applications?
This component is known as:
(a) System Software
(b) Application Software
(c) Middleware
(d) Storage Area Network
(viii) Which of the following best describes the primary function of the Financial Management module
within an Enterprise Resource Planning (ERP) system?
(a) Streamlining recruitment processes and employee performance evaluations
(b) Managing customer interactions, sales pipelines, and support activities
(c) Handling a company's financial transactions, including the general ledger, accounts payable,
and financial reporting
(d) Optimizing production schedules and ensuring quality control in manufacturing
(ix) How do Artificial Intelligence (AI) and Machine Learning (ML) primarily enhance decision-making
for organizations?
(a) By replacing all human decision-makers with autonomous systems
(b) By simplifying IT infrastructure management
(c) By eliminating the need for data collection and analysis
(d) Offering real-time insights and predictions
�Model paper Data, Systems and Risks Page 3 of 5
(x) As routine accounting tasks become increasingly automated, a senior accountant is advised by his
firm to develop strong skills in data analytics, predictive modeling, and AI-driven insights. This shift
enables them to provide more valuable advice to clients on future business performance and risk.
This scenario best illustrates which impact of digital disruption on the accounting and finance
profession?
(a) A reinforcement of traditional record-keeping responsibilities
(b) A decrease in the overall demand for accounting professionals
(c) A shift from record-keeping to strategic advisory
(d) A reduced emphasis on client interaction and communication
(xi) When evaluating the Return on Investment (ROI) of Information and Communication Technology
(ICT) investments, which of the following is a key consideration that involves comparing the costs of
implementing ICT systems with the expected benefits?
(a) Employee satisfaction surveys
(b) Market share analysis
(c) Cost-Benefit Analysis
(d) Competitor benchmarking
(xii) A smart factory uses IoT sensors on its machines to collect performance data in real time. To reduce
latency and improve response speed, the factory decides to store and process the data closer to the
sensors rather than sending it all to a distant data center. Which emerging trend best describes this
approach?
(a) Blockchain storage
(b) Edge storage
(c) Data lakes
(d) Magnetic tape storage
(xiii) A financial institution is implementing new technology solutions to streamline its compliance with
anti-money laundering (AML) and Know Your Customer (KYC) requirements, using AI and
machine learning to monitor transactions and detect potential regulatory risks in real time. This
initiative is an example of which key area of Fintech?
(a) Digital Payments
(b) InsurTech
(c) RegTech
(d) Lending and Credit
(xiv) The Open Systems Interconnection (OSI) Model conceptually structures IT systems into distinct
layers. What is a key benefit of this layered approach in IT systems architecture?
(a) It standardizes the physical appearance of all IT hardware
(b) It ensures that all data is stored on local devices, enhancing privacy
(c) It makes troubleshooting and upgrades easier
(d) It automates all data processing tasks, eliminating human intervention
(xv) A bank initiates a transaction to transfer $500 from Account X to Account Y. Due to a system error,
the debit from Account X is processed, but the credit to Account Y fails. To maintain data integrity,
the DBMS automatically reverses the debit from Account X, returning both accounts to their original
state as if the transaction never occurred.
Which ACID property is primarily demonstrated in this scenario?
(a) Consistency
(b) Isolation
(c) Durability
(d) Atomicity
�Model paper Data, Systems and Risks Page 4 of 5
QUESTION 2
SwiftCart, an online retail giant, has experienced unprecedented growth in recent years. Their operations
generate massive amounts of data daily, classified into the following three types:
▪ Customer purchase records from their website (structured)
▪ Millions of customer reviews and social media comments (unstructured)
▪ Real-time clickstream data from user navigation (semi-structured)
Before making a purchase, new customers are required to sign up on the SwiftCart website while the existing
customers must sign in. Occasionally, customers are asked to confirm their account details.
During peak shopping seasons like Ramadan, their systems process thousands of transactions per hour.
Marketing campaigns rely on immediate analysis of customer engagement to tailor offers. However, the
volume and diversity of incoming information have begun to strain SwiftCart’s data infrastructure, leading
to occasional inconsistencies in customer profiles and slow reporting for their sales teams.
Required:
(a) Identify and briefly explain three "Vs" of Big Data that are clearly demonstrated in the above
situation. For each "V" identified, explain its implication for SwiftCart's operations. (09 marks)
(b) Considering the issues SwiftCart is experiencing, specifically, inconsistencies in customer profiles
caused by data diversity and delays in reporting due to high data volume, identify any two
data-related challenges SwiftCart is explicitly encountering. For each challenge, suggest one
emerging technology or trend that could address it, and clearly justify how it would be effective.
(06 marks)
QUESTION 3
(a) Compare and contrast Relational Database Management Systems (RDBMS) with Object Oriented
Database Management System (OODBMS), detailing their respective strengths and the types of data
they are best suited to manage. (06 marks)
(b) Explain the primary characteristics and typical applications of NoSQL databases. (04 marks)
(c) Discuss how the Network Model, characterized by its 'graph-like structure,' facilitates the
management of complex many-to-many relationships. Support your explanation with a relevant
example. (05 marks)
QUESTION 4
TrendyBuys, a growing online fashion retailer, faces significant data management challenges. Sales data
from various online marketplaces is stored in disparate Excel spreadsheets, while internal transactional data
resides in an older SQL database. This fragmentation leads to conflicting sales figures and manual,
inconsistent data consolidation processes.
Furthermore, customer support accesses sensitive customer data using generic logins, and a recent security
incident involved an unmonitored marketing database being breached, leading to customer phishing. The
company lacks sufficient IT staff and formal data governance. This current data chaos prevents TrendyBuys
from effectively leveraging data for strategic decision-making, such as predictive analytics for demand
forecasting.
Required:
(a) Identify and explain any three specific inadequacies in TrendyBuys' current systems and processes
for collecting, storing, and reporting data and information. For each inadequacy, refer to relevant
data concepts and their implications. (06 marks)
(b) Suggest one distinct Technological Control or IT General Control (ITGC) that TrendyBuys could
implement to address each inadequacy identified in Part (a). Explain how each proposed control
proposed would enhance TrendyBuys' ability to make better decisions and improve overall
operational efficiency. (06 marks)
�Model paper Data, Systems and Risks Page 5 of 5
QUESTION 5
(a) Describe the three primary cloud computing service models: Infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Software as a Service (SaaS). For each model, provide its core
offering and a relevant example of its use. (06 marks)
(b) Explain two distinct cloud deployment models that organizations can adopt, outlining their key
features and their typical use. (05 marks)
(c) Discuss three significant benefits that organizations can gain from adopting cloud computing.
(03 marks)
QUESTION 6
SecureInvest, a rapidly growing financial services firm, recently enabled a significant portion of its workforce
to work remotely due to expansion plans. To support this, they migrated several internal applications,
including client portfolio management software, to a new public cloud provider and started relying on a
third-party vendor for automated daily financial reporting. Lately, the IT department has observed several
concerning incidents:
Many remote employees have reported receiving suspicious emails, some of which bypassed the company's
spam filters. One employee, after clicking a link in such an email, inadvertently downloaded malicious
software that encrypted several local files on their laptop, rendering them inaccessible.
During a recent internal audit, it was discovered that a critical client data storage bucket in the new public
cloud environment was inadvertently left publicly accessible for several days due to a misconfiguration
during migration.
The third-party vendor providing automated financial reports experienced a major service outage, leading
to significant delays in daily reporting for SecureInvest and raising concerns about the synchronization of
data with SecureInvest's internal systems.
Required:
(a) Identify and explain three distinct cybersecurity and information security risks that SecureInvest is
facing. For each risk, clearly state its type and briefly describe how it manifests in the scenario.
(06 marks)
(b) For each of the three risks identified in part (a), explain how each specifically impacts the core
objectives of information security: Confidentiality, Integrity, and/or Availability. Also, provide one
relevant example of a cybersecurity incident that illustrates a similar type of risk. (06 marks)
(c) Suggest three comprehensive best practices or strategies SecureInvest should implement to mitigate
the types of risks described in the scenario. (03 marks)
QUESTION 7
(a) Identify and explain two distinct categories of IT risks that affect organizations, ensuring your
selection includes one category primarily associated with physical computing technologies and one
primarily associated with digital computing technologies. For each selected category, provide one
example of a specific risk and briefly describe its nature. (06 marks)
(b) For each of the two IT risk categories explained in part (a), propose two general mitigation strategies,
explaining how each strategy helps address the identified risks. (04 marks)
(c) Explain the strategic importance of effective IT risk management for modern organizations. Also,
discuss two key challenges organizations commonly face when implementing and maintaining IT
general controls (ITGCs) within their diverse IT environments. (04 marks)
(THE END)
