Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
Past papers/ FM + SM/ May 2023
Paper 10 Qs
Question Paper · May 2023

CA Inter FM + SM

This page contains all 10 questions from the CA Inter Financial Management & Strategic Management Question Paper for the May 2023 attempt cycle, sourced from CATS, VSI Jaipur.

10 worked solutions ready
Sign up free to unlock every solution + bare-Act citations + how-to-write skeletons. 30 seconds, no card, no spam. Already signed up? Log in.
🎯 Practice this paper now

Drill 5 questions from this paper — instant grading

Real ICAI questions, instantly graded with bare-Act citations. ~5 minutes. No signup.

Drill 5 questions →
‹ All papers Ask in chat Start drilling →
Q.1 14 marks very hard ⚡ Try this Q →
State with reasons whether the following statements are correct or incorrect: (Answer any seven)
CTTP

Worked Solution

✓ Verified

Answer to any seven of the eight statements:

(a) INCORRECT. The overall audit strategy, as per SA 300 (Planning an Audit of Financial Statements), is a high-level plan that outlines the scope, timing, and direction of the audit, not a record of audit evidence. The audit strategy addresses matters such as significant industry developments and changes in regulatory requirements. The record of audit evidence is maintained separately in audit working papers/documentation. The statement confuses audit planning documentation with evidence documentation.

(b) INCORRECT. Key audit matters (KAM) are not a separate opinion, per SA 701 (Communicating Key Audit Matters in the Independent Auditor's Report). KAMs are matters of most significance during the audit, selected from those communicated to those charged with governance. They are disclosed in the auditor's report to provide greater transparency, but they do not constitute a separate opinion nor do they cover all material matters—only the most significant ones. The auditor continues to give a single overall opinion on the financial statements.

(c) CORRECT. Amortization represents the systematic allocation of the depreciable amount (cost less residual value) of an asset over its useful life, as per AS 26 (Intangible Assets). This is the standard definition for the periodic allocation of costs of intangible assets. The term "depreciable amount" is consistently used in Indian Accounting Standards for both tangible and intangible assets to denote the amount to be allocated over the useful life.

(d) CORRECT. Section 142(1) of the Companies Act, 2013 explicitly states that the remuneration of the auditor "shall be in addition to any facility provided to him." This means that facilities (such as office space, equipment, or other amenities) provided to the auditor are considered part of the overall remuneration package and are subject to the approval process outlined in the Act.

(f) INCORRECT. Analytical procedures are not mandatorily used in all stages of the audit by all auditors, per SA 520 (Analytical Procedures). SA 520 requires analytical procedures to be applied in the planning stage (to obtain an understanding of the entity and identify risk areas) and in the overall review stage (to form a conclusion on whether the financial statements are consistent with the auditor's understanding). However, their use in the substantive testing phase is at the auditor's discretion based on the nature of the assertion and audit evidence required. The statement is too absolute.

(g) CORRECT. In the case of co-operative societies, contribution to the Education fund is a charge on profits (i.e., an expense deducted before distributable profits) and not an appropriation of profit, as per the accounting principles and statutory requirements governing cooperative societies. It is a mandatory expense that reduces the profit available for distribution, not a post-profit allocation.

(h) INCORRECT. Integrated ERP systems (SAP, Oracle, etc.) are more complex and challenging to audit, not less, compared to off-the-shelf accounting software. ERPs involve extensive integration of multiple business functions, complex customizations, extensive user access controls, multiple interdependencies, and sophisticated IT controls. The audit scope and complexity increase significantly due to the need to evaluate system controls, access rights, automated processes, and data integrity across integrated modules. The statement is factually reversed.

SA 300 (Planning an Audit of Financial Statements)SA 701 (Communicating Key Audit Matters in the Independent Auditor's Report)AS 26 (Intangible Assets)Section 142 of the Companies Act, 2013SA 520 (Analytical Procedures)
PLAN

Write it like this

Time target 25 min 12 sec

1The skeleton

- Lead every sub-answer with CORRECT or INCORRECT in bold — examiners are scanning 30 scripts fast; if they can't spot your verdict in 0.5 seconds, you lose the easy 'identification' mark even if your reason is perfect.
- Name the SA/AS/Section immediately after the verdict — write 'as per SA 300' or 'Section 142(1) of the Companies Act, 2013' in your very first line, not buried three sentences later; that reference IS your reason's backbone and scores the technical mark.
- Give one crisp reason in 2–3 lines max per part — don't pad; examiners award 2 marks per sub-question (1 for verdict + 1 for reason), so a bloated paragraph doesn't earn extra marks but eats your time for the remaining parts.
- End with a contrast sentence where the statement is INCORRECT — e.g., 'The statement confuses X with Y'; this one-liner shows conceptual clarity and is exactly how ICAI model answers close each incorrect item.
- Pick your 7 strategically in the first 30 seconds — glance all 8, star the ones where you know the SA/AS reference cold, skip the one you're shakiest on; a confident 7 beats a struggling 8 every time.
- Keep all 7 answers uniform in structure — verdict → authority → reason → contrast; if your (c) looks like a paragraph and your (g) looks like a bullet, it signals inconsistency and examiners notice.**

2Examiner-rewarded phrases

“as per SA [number] / Section [number] of the Companies Act, 2013, the statement is INCORRECT/CORRECT”“the auditor continues to give a single overall opinion on the financial statements”“it is a charge on profits and not an appropriation of profit”

3Common trap

Don't fall for this

Heads up — most students write a long correct reason but forget to open with CORRECT or INCORRECT explicitly, or bury the SA reference in sentence 3. That kills 1 mark per part silently — across 7 parts that's potentially 7 marks gone while your reasoning was actually fine.

Q.4 06 marks medium Core Banking System risks and public cloud characteristics ⚡ Try this Q →
A private bank is planning to migrate all of its existing operations to a Core Banking System (CBS). During these discussions, the IT consultant is asked to explain about the common IT risks involved in CBS. Explain any six of the common IT risks related to CBS.
CTTP

Worked Solution

✓ Verified

Part (a): Six Common IT Risks Related to Core Banking System (CBS)

1. Data Security and Confidentiality Risk: CBS stores highly sensitive customer financial data. Unauthorised access, data breaches, or insider threats can compromise confidentiality. Weak access controls or poor encryption increase exposure to cyber-attacks and data theft.

2. System Availability and Downtime Risk: CBS is expected to operate 24×7. Any unplanned downtime due to hardware failure, software bugs, power outages, or network disruption can halt banking operations, affecting customer transactions and causing reputational and financial loss.

3. Data Integrity Risk: Incorrect, incomplete, or corrupted data can arise due to software errors, concurrent transaction processing failures, or improper reconciliation. Data integrity issues can lead to wrong account balances, failed settlements, and regulatory non-compliance.

4. Migration and Implementation Risk: Migrating from legacy systems to CBS involves complex data conversion. Risks include data loss during migration, incorrect mapping of old data to new formats, incomplete testing, and business disruption during cut-over, leading to errors in customer records.

5. Interface and Integration Risk: CBS is integrated with multiple external systems such as ATMs, internet banking, payment gateways (NEFT/RTGS/IMPS), and third-party applications. Failures or mismatches at these interfaces can result in failed transactions, duplicate postings, or data inconsistencies.

6. Change Management Risk: Frequent updates, patches, and upgrades to CBS carry the risk of introducing new bugs, disrupting existing functionality, or causing compatibility issues with integrated systems. Inadequate change control procedures can destabilise the production environment.

7. Disaster Recovery Risk (additional for reference): Absence of a robust Disaster Recovery Plan (DRP) or Business Continuity Plan (BCP) can result in permanent data loss and prolonged outages in case of a major disaster such as fire, flood, or cyberattack.

(Any six of the above may be presented in the exam for full marks.)

---

Part (b): Four Characteristics of Public Cloud

1. On-Demand Self-Service: Users can provision computing resources — such as server time, storage, and network bandwidth — automatically, without requiring human intervention from the service provider. Resources are available as and when needed through a web interface or API.

2. Broad Network Access: Public cloud services are accessible over the internet using standard mechanisms (e.g., web browsers, mobile apps, laptops). This ensures availability across a wide range of client platforms and geographic locations, enabling remote access by any authorised user.

3. Resource Pooling (Multi-Tenancy): The cloud provider pools computing resources to serve multiple consumers simultaneously using a multi-tenant model. Resources such as storage, processing, memory, and bandwidth are dynamically assigned and reassigned as per demand. Individual tenants generally do not have visibility into the exact physical location of their resources.

4. Measured Service (Pay-per-Use): Cloud systems automatically control and optimise resource use by leveraging metering capability. Resource usage (storage, processing, bandwidth) is monitored, controlled, and reported transparently. Consumers pay only for what they use, making it a cost-effective model aligned with actual consumption.

PLAN

Write it like this

Time target 10 min 48 sec

1The skeleton

- Name the risk as a bold heading first — examiners are scanning 30+ papers and they award marks per named risk, not per paragraph, so 'Data Security and Confidentiality Risk:' as your opener locks the mark before they read the explanation.
- Give exactly one crisp 2-sentence explanation per risk — sentence 1 states WHAT the risk is, sentence 2 states the CONSEQUENCE (financial loss / reputational damage / regulatory non-compliance), because ICAI's model answers always link cause to impact.
- Pick 6 and number them 1–6 cleanly — don't write 4 risks in detail and 2 vaguely; examiners count the risks and each is worth 1 mark, so even coverage beats depth on one point.
- Drop a specific example or trigger inside each risk — e.g., 'NEFT/RTGS/IMPS' under Interface Risk or 'DRP/BCP' under DR Risk — these technical keywords signal you know the domain and push you from borderline to full marks.
- End with a one-line conclusion or 'Any six of the above' note — it signals you know more than six and chose these deliberately; takes 5 seconds but projects exam confidence.

2Examiner-rewarded phrases

“CBS is expected to operate on a 24×7 basis”“may result in unauthorised access, data breaches, or compromise of confidentiality”“inadequate change control procedures can destabilise the production environment”

3Common trap

Don't fall for this

Most students write generic 'hacking is bad' statements instead of CBS-specific risks — the examiner wants risks like Migration Risk (data mapping failures during cut-over) or Interface Integration Risk (ATM/NEFT mismatches), not vague cyber threats. If your 6 risks could apply to ANY software system and not specifically a bank's CBS, you're leaving marks on the table.

🎯 Practice more Core Banking System risks and public cloud chara questions →
Q.5 06 marks medium Cyber Laws and environmental controls audit ⚡ Try this Q →
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber-crimes. We need such laws so that people can perform paperless transactions over the internet. In this context, explain any six advantages of Cyber Laws.
CTTP

Worked Solution

✓ Verified

(a) Six Advantages of Cyber Laws (IT Act 2000)

The Information Technology Act, 2000 is the primary legislation governing cyber activities in India. It provides a legal framework for electronic commerce and addresses cyber-crimes. The key advantages are:

1. Legal Recognition of Electronic Records and Digital Signatures: The IT Act 2000 grants legal validity to electronic records and digital signatures under Section 5, enabling paperless transactions to have the same legal standing as paper-based documents.

2. Facilitation of E-Commerce and Online Transactions: The Act enables businesses and individuals to conduct commercial transactions electronically with confidence, as contracts formed online are legally enforceable. This reduces dependency on physical documentation.

3. Prevention and Punishment of Cyber Crimes: The Act defines offences such as hacking, identity theft, cyber fraud, and publishing obscene content, and provides for penalties under Sections 65 to 75, thereby deterring cyber criminals.

4. Protection of Privacy and Data: Cyber laws provide protection against unauthorized access to personal data and sensitive information. Section 43A mandates that corporates implement reasonable security practices to protect sensitive personal data, providing compensation for negligence.

5. Establishment of Regulatory Authorities: The Act provides for the appointment of a Controller of Certifying Authorities (CCA) and Adjudicating Officers to regulate digital signature certificates and resolve cyber disputes efficiently without lengthy court procedures.

6. Recognition of Electronic Contracts and Banking Transactions: The Act makes online banking, electronic fund transfers, and e-contracts legally valid. Amendments through the IT (Amendment) Act, 2008 further strengthened provisions relating to electronic payment systems and intermediary liability, giving confidence to financial institutions and users.

---

(b) Audit of Environmental Controls — Four Key Factors and Activities

Environmental controls are physical safeguards that protect IT infrastructure from natural and man-made threats. As an IS Auditor, the following four factors and activities require attention:

1. Fire Detection and Suppression Systems: The auditor must physically inspect the availability and functionality of fire detection systems (smoke detectors, heat sensors) and fire suppression equipment (sprinklers, gas-based suppression systems like FM-200). It must be verified that these systems are regularly tested, serviced, and that suppression agents are non-damaging to IT equipment. Placement near server rooms and data centres must be reviewed.

2. Air Conditioning and Temperature/Humidity Controls: IT equipment is sensitive to temperature and humidity fluctuations. The IS auditor should inspect whether dedicated precision air conditioning units (CRAC units) are installed, whether temperature and humidity are continuously monitored, whether alerts are set for threshold breaches, and whether backup cooling exists to prevent equipment failure during primary HVAC failure.

3. Physical Access Controls and Security: The auditor must verify that access to computer rooms, data centres, and server rooms is restricted to authorized personnel only. Controls to examine include: biometric access systems, CCTV surveillance, visitor logs, mantrap doors, and whether entry/exit records are maintained and reviewed regularly. Unauthorized access attempts should be logged and followed up.

4. Power Supply and Electrical Controls: Continuous and stable power supply is critical for IT operations. The IS auditor should review the availability of Uninterruptible Power Supplies (UPS), diesel generators, and voltage regulators. The auditor must check maintenance schedules of UPS and generators, adequacy of fuel stock, automatic switchover testing, and earthing/grounding of electrical systems to prevent equipment damage from power surges or outages.

Final Answer: Part (a) lists six statutory and practical advantages of Cyber Laws under the IT Act 2000, and Part (b) identifies fire controls, temperature management, physical access, and power supply as four critical areas in the audit of environmental controls.

Section 5 of the Information Technology Act 2000Section 43A of the Information Technology Act 2000Sections 65 to 75 of the Information Technology Act 2000Information Technology (Amendment) Act 2008
PLAN

Write it like this

Time target 10 min 48 sec

1The skeleton

- Lead with the Act name and year in line 1 — write 'The Information Technology Act, 2000' in full before anything else; examiners are scanning for statutory anchoring and it signals you know the source law.
- Number your six points as 1–6 with a bold heading per point — don't dump a paragraph; the examiner is counting advantages and stops at whatever number they can see, so headings protect every mark.
- Drop the section number inside each point wherever you know it — even one reference like 'Section 5' or 'Section 43A' inside a relevant advantage shows statutory depth and separates you from candidates who write only general knowledge.
- One-line explanation per advantage is enough — don't over-explain — six advantages in 6 marks means roughly one mark each, so two sentences max per point keeps you on time and prevents rambling that dilutes the structure.
- End with a crisp one-liner conclusion — something like 'Thus, the IT Act 2000 provides a comprehensive legal framework...' signals closure and costs you five seconds but rounds off the answer professionally.

2Examiner-rewarded phrases

“The Information Technology Act, 2000 grants legal recognition to electronic records and digital signatures”“thereby deterring cyber criminals and providing a mechanism for redressal”“facilitates e-commerce by making electronic contracts and online transactions legally enforceable”

3Common trap

Don't fall for this

Heads up — most students write generic lines like 'it protects people online' without naming a single section or authority like CCA or Adjudicating Officer, and they list only 5 advantages thinking that's fine; you need exactly six, and the examiner literally counts them, so a missing sixth is a clean mark dropped.

🎯 Practice more Cyber Laws and environmental controls audit questions →
Q.6 06 marks hard Leadership styles ⚡ Try this Q →
Case: Ramesh and Suresh own software development firm ACS Ltd. Ramesh and Suresh pitch their business in international markets and attract customer funding. Ramesh leads the company operations, assigns new projects and fixed timeline. Individual projects are assigned to project leads by Ramesh and Suresh. Ramesh adheres to strict rules and procedures. The work is being done according to schedules and they exchange ideas occasionally. He set a weekly target of forty hours to complete the assigned task and insists that real-time deadlines must be met. The team was unable to meet the deadline and event…
Ramesh and Suresh own software development firm ACS Ltd. Ramesh and Suresh pitch their business in international markets and attract customer funding. Ramesh leads the company operations, assigns new projects and fixed timeline. Individual projects are assigned to project leads by Ramesh and Suresh. Ramesh adheres to strict rules and procedures. The work is being done according to schedules and they exchange ideas occasionally. He set a weekly target of forty hours to complete the assigned task and insists that real-time deadlines must be met. The team was unable to meet the deadline and eventually worked extra working hours to complete the task. Suresh, unlike Ramesh, adopted a structured approach to work. Suresh manages the project managers by making them feel like leaders rather than just participants. Suresh's encouraging attitude helped to align individual goals with group goals. Ramesh established routines to maximize his team efficiency. Suresh, on the other hand, used positive reinforcement and team efficiency.
Keep reading free — every worked solution + bare-Act citation for Leadership styles
✓ 48-line worked answer · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.6(a) 04 marks medium Audit Committee formation requirement ⚡ Try this Q →
ATM Ltd. is a public company, with a paid up capital of ₹ 12 crore. The company has made a turnover of ₹ 105 crore in the Financial Year 2021-22. The outstanding loan as on 31-03-2022 was ₹ 22 crore. Whether ATM Ltd. is required to constitute an Audit Committee in the financial year 2022-23? Analyse the provisions of Companies Act, 2013 and give your comments.
Keep reading free — every worked solution + bare-Act citation for Audit Committee formation requirement
✓ 30-line worked answer · ✓ 4 bare-Act citations · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.6(b) 04 marks medium Audit scope and nature ⚡ Try this Q →
SK & Co. a Chartered Accountant firm has been appointed as an auditor of Mega Retail project in City A. Since the project is on large scale it involves a high volume of resources (financial, human and physical resources). The appointing authority C&AG assigned an objective examination of the financial and operational performance of the Metro Rail project. Explain the nature and scope of audit that SK & Co will undertake.
Keep reading free — every worked solution + bare-Act citation for Audit scope and nature
✓ 42-line worked answer · ✓ 5 bare-Act citations · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.6(c) 03 marks medium Drawing power vs sanctioned limit ⚡ Try this Q →
A Ltd. has availed Cash Credit facilities against Stock and Book Debt, Term Loan for machineries and Bank Guarantee from Big Bank Ltd. A Ltd. furnishes stock statements and age wise list of debtors to Big Bank Ltd. on regular basis. Concurrent Auditors of Big Bank Ltd. mentioned about wrong calculation of Drawing Power by the Bank Branch along with sanctioned limit, and balances overdrawn due to wrong calculation of Drawing Power (DP) as per the monthly report. Explain the 'meaning of drawing power' and how it differs from sanctioned limit. What is to be ensured while computing Drawing Power (DP)?
Keep reading free — every worked solution + bare-Act citation for Drawing power vs sanctioned limit
✓ 43-line worked answer · ✓ 4 bare-Act citations · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.6(d) 03 marks medium Audit of charitable institutions ⚡ Try this Q →
CA B is appointed as the auditor of a Public Charitable Trust. Guide him the focus area of attention relating to the vouching and verification of expenditure of charitable institution.
Keep reading free — every worked solution + bare-Act citation for Audit of charitable institutions
✓ 41-line worked answer · ✓ 5 bare-Act citations · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.7 10 marks hard Management strategies and competitive advantage ⚡ Try this Q →
Management at all levels develop strategies.
Keep reading free — every worked solution + bare-Act citation for Management strategies and competitive advantage
✓ 72-line worked answer · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
Q.8 05 marks medium Porter's five forces - bargaining power of buyers ⚡ Try this Q →
Buyers of an industry's products or services can sometimes exert considerable pressure on the company. In the light of the five forces as propagated by Michael Porter explain this force. Also state as to when this leverage is evident.
Keep reading free — every worked solution + bare-Act citation for Porter's five forces - bargaining power of buyers
✓ 41-line worked answer · ✓ 1 bare-Act citation · ✓ 3 examiner-rewarded phrases · ✓ Common-trap warning · ✓ How-to-write skeleton
✓ Join 828 CA Inter aspirants on catargettestprep Already signed up? Log in.
‹ All papers Ask in chat Start drilling →
Start 15-min diagnostic