13: IT Flashcards
Some of the implications of manual versus computerized systems for internal control are:
Segregation of duties: In a computerized environment, transaction processing often results in the combination of functions that are normally separated in a manual environment.
Disappearing audit trail
Uniform transaction processing – Computer programs are uniformly executed algorithms
Computer-initiated transactions – Many computerized systems gain efficiency by automatically generating transactions when specified conditions occur.
Potential for increased errors and irregularities – Several characteristics of computerized processing act to increase the likelihood that fraud may occur and remain undetected for long periods.
Potential for increased management review – Computer-based systems increase the availability of raw data and afford more opportunities to perform analytical reviews and produce management reports.
what is purpose of COBIT
Guide managers, users, and auditors to adopt best practices related to the management of information technology.
What are the 4 domains
Planning and Organization—How can IT best contribute to business objectives? Establish a strategic vision for IT. Develop tactics to plan, communicate, and realize the strategic vision.
Acquisition and Implementation—How can we acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process?
Delivery and Support—How can we best deliver required IT services including operations, security, and training?
Monitoring—How can we best periodically assess IT quality and compliance with control requirements?
what is the primary objective of enterprise resource planning system
to integrate data from all aspects of an organization’s activities into a centralized data repository.
Goals of ERP systems:
global visibility, cost reduction, employee empowerment, best practices
components of ERP system
- Online transaction processing (OLTP) system – The modules comprising the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.
- Online analytical processing (OLAP) system – Incorporates data warehouse and data mining capabilities within the ERP.
examples of cloud based system applications
- Infrastructure as a service (IaaS) – Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite;
- Platform as a service (PaaS) – Creating cloud-based software and programs using cloud-based services. Salesforce.com’s Force.com is an example of PaaS;
- Software as a service (SaaS) – Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.
benefits of cloud based systems
universal access, cost reduction, outsourcing, scalability, enterprise wide intergration
risks of cloud based systems
data loss, system penetration by hackers
what is a business continuity plan
The disaster recovery plan discussion above relates to organizational processes and structures that will enable an organization to recover from a disaster. Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for such occurrences and embedding this plan in an organization’s culture. Hence, BCM is one element of organizational risk management. It consists of identifying events that may threaten an organization’s ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur.
what is a disaster recovery plan
DRPs enable organizations to recover from disasters and to enable continuing operations.
Disaster recovery plans are frequently classified by the types of backup facilities maintained and the time required to resume processing:
cold site, warm site, hot site, reciprocal agreements, mirrored site
what is a cold site
An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization. If on a mobile unit (e.g., a truck bed), called a mobile cold site.
what is a warm site
A location where the business can relocate to after the disaster that is already stocked with computer hardware similar to that of the original site, but does not contain backed-up copies of data and information. If on a mobile unit, called a mobile warm site.
what is a hot site
a. An off-site location completely equipped to quickly resume data processing.
b. All equipment plus backup copies of essential data files and programs are often at the site.
c. Enables resumed operations with minimal disruption, typically within a few hours.
d. More expensive than warm and cold sites.
what is a reciprocal agreement
These are shared use facilities governed by inter-organizational agreements that house IT facilities. May be cold, warm, or hot.
what is a mirrored site
Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission critical systems. Expensive and used for mission critical systems (e.g., credit card processing at VISA and MasterCard).
three main functional areas within many IT Departments:
A. Applications Development
B. Systems Administration and Programming
C. Computer Operations
what is the responsibility of applications development and the roles
This department is responsible for creating new end-user computer applications and for maintaining existing applications.
1.
Systems analysts – Responsible for analyzing and designing computer systems; systems analysts generally lead a team of programmers who complete the actual coding for the system; they also work with end users to define the problem and identify the appropriate solution.
2.
Application programmers – Work under the direction of the systems analyst to write the actual programs that process data and produce reports.
what is the responsibility of systems administration and programming and the roles
This department maintains the computer hardware and computing infrastructure and grants access to system resources.
1.
System administrators – The database administrator, network administrator, and web administrators are responsible for management activities associated with the system they control. For example, they grant access to their system resources, usually with user-names and passwords. System administrators, by virtue of the influence they wield, must not be permitted to participate directly in these systems’ operations.
2.
System programmers – Maintain the various operating systems and related hardware. For example, they are responsible for updating the system for new software releases and installing new hardware. Because their jobs require that they be in direct contact with the production programs and data, it is imperative that they are not permitted to have access to information about application programs or data files.
what is the responsibility of computer operations and its roles
This department is responsible for the day-to-day operations of the computer system, including receipt of batch input to the system, conversion of the data to electronic media, scheduling computer activities, running programs, etc.
1.
Data control – This position controls the flow of all documents into and out of Computer Operations; for batch processing, schedules batches through data entry and editing, monitors processing, and ensures that batch totals are reconciled; data control should not access the data, equipment, or programs. This position is called “quality assurance” in some organizations.
2.
Data entry clerk (data conversion operator) – For systems still using manual data entry (which is rare), this function keys (enters) handwritten or printed records to convert them into electronic media; the data entry clerk should not be responsible for reconciling batch totals, should not run programs, access system output, or have any involvement in application development and programming.
3.
Computer operators – Responsible for operating the computer: loading program and data files, running the programs, and producing output. Computer operators should not enter data into the system or reconcile control totals for the data they process. (That job belongs to Data Control.)
4.
File librarian – Files and data not online are usually stored in a secure environment called the file library; the file librarian is responsible for maintaining control over the files, checking them in and out only as necessary to support scheduled jobs. The file librarian should not have access to any of the operating equipment or data (unless it has been checked into the library).
what is the role of IT steering Commitee
This group’s principal duty is to approve and prioritize systems proposals for development.
what is the role of lead systems anaylst
This individual is usually responsible for all direct contact with the end user and for developing overall programming logic and functionality.
what is the role of application programmers
This team, under the direction of the lead analyst, is responsible for writing and testing the programs.
