13: IT

Question 1

Some of the implications of manual versus computerized systems for internal control are:

Answer 1

Segregation of duties: In a computerized environment, transaction processing often results in the combination of functions that are normally separated in a manual environment.
Disappearing audit trail
Uniform transaction processing – Computer programs are uniformly executed algorithms
Computer-initiated transactions – Many computerized systems gain efficiency by automatically generating transactions when specified conditions occur.
Potential for increased errors and irregularities – Several characteristics of computerized processing act to increase the likelihood that fraud may occur and remain undetected for long periods.
Potential for increased management review – Computer-based systems increase the availability of raw data and afford more opportunities to perform analytical reviews and produce management reports.

Question 2

what is purpose of COBIT

Answer 2

Guide managers, users, and auditors to adopt best practices related to the management of information technology.

Question 3

What are the 4 domains

Answer 3

Planning and Organization—How can IT best contribute to business objectives? Establish a strategic vision for IT. Develop tactics to plan, communicate, and realize the strategic vision.
Acquisition and Implementation—How can we acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process?
Delivery and Support—How can we best deliver required IT services including operations, security, and training?
Monitoring—How can we best periodically assess IT quality and compliance with control requirements?

Question 4

what is the primary objective of enterprise resource planning system

Answer 4

to integrate data from all aspects of an organization’s activities into a centralized data repository.

Question 5

Goals of ERP systems:

Answer 5

global visibility, cost reduction, employee empowerment, best practices

Question 6

components of ERP system

Answer 6

1. Online transaction processing (OLTP) system – The modules comprising the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.
2. Online analytical processing (OLAP) system – Incorporates data warehouse and data mining capabilities within the ERP.

Question 7

examples of cloud based system applications

Answer 7

1. Infrastructure as a service (IaaS) – Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite;
2. Platform as a service (PaaS) – Creating cloud-based software and programs using cloud-based services. Salesforce.com’s Force.com is an example of PaaS;
3. Software as a service (SaaS) – Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.

Question 8

benefits of cloud based systems

Answer 8

universal access, cost reduction, outsourcing, scalability, enterprise wide intergration

Question 9

risks of cloud based systems

Answer 9

data loss, system penetration by hackers

Question 10

what is a business continuity plan

Answer 10

The disaster recovery plan discussion above relates to organizational processes and structures that will enable an organization to recover from a disaster. Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for such occurrences and embedding this plan in an organization’s culture. Hence, BCM is one element of organizational risk management. It consists of identifying events that may threaten an organization’s ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur.

Question 11

what is a disaster recovery plan

Answer 11

DRPs enable organizations to recover from disasters and to enable continuing operations.

Question 12

Disaster recovery plans are frequently classified by the types of backup facilities maintained and the time required to resume processing:

Answer 12

cold site, warm site, hot site, reciprocal agreements, mirrored site

Question 13

what is a cold site

Answer 13

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization. If on a mobile unit (e.g., a truck bed), called a mobile cold site.

Question 14

what is a warm site

Answer 14

A location where the business can relocate to after the disaster that is already stocked with computer hardware similar to that of the original site, but does not contain backed-up copies of data and information. If on a mobile unit, called a mobile warm site.

Question 15

what is a hot site

Answer 15

a. An off-site location completely equipped to quickly resume data processing.
b. All equipment plus backup copies of essential data files and programs are often at the site.
c. Enables resumed operations with minimal disruption, typically within a few hours.
d. More expensive than warm and cold sites.

Question 16

what is a reciprocal agreement

Answer 16

These are shared use facilities governed by inter-organizational agreements that house IT facilities. May be cold, warm, or hot.

Question 17

what is a mirrored site

Answer 17

Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission critical systems. Expensive and used for mission critical systems (e.g., credit card processing at VISA and MasterCard).

Question 18

three main functional areas within many IT Departments:

Answer 18

A. Applications Development
B. Systems Administration and Programming
C. Computer Operations

Question 19

what is the responsibility of applications development and the roles

Answer 19

This department is responsible for creating new end-user computer applications and for maintaining existing applications.
1.
Systems analysts – Responsible for analyzing and designing computer systems; systems analysts generally lead a team of programmers who complete the actual coding for the system; they also work with end users to define the problem and identify the appropriate solution.
2.
Application programmers – Work under the direction of the systems analyst to write the actual programs that process data and produce reports.

Question 20

what is the responsibility of systems administration and programming and the roles

Answer 20

This department maintains the computer hardware and computing infrastructure and grants access to system resources.
1.
System administrators – The database administrator, network administrator, and web administrators are responsible for management activities associated with the system they control. For example, they grant access to their system resources, usually with user-names and passwords. System administrators, by virtue of the influence they wield, must not be permitted to participate directly in these systems’ operations.
2.
System programmers – Maintain the various operating systems and related hardware. For example, they are responsible for updating the system for new software releases and installing new hardware. Because their jobs require that they be in direct contact with the production programs and data, it is imperative that they are not permitted to have access to information about application programs or data files.

Question 21

what is the responsibility of computer operations and its roles

Answer 21

This department is responsible for the day-to-day operations of the computer system, including receipt of batch input to the system, conversion of the data to electronic media, scheduling computer activities, running programs, etc.
1.
Data control – This position controls the flow of all documents into and out of Computer Operations; for batch processing, schedules batches through data entry and editing, monitors processing, and ensures that batch totals are reconciled; data control should not access the data, equipment, or programs. This position is called “quality assurance” in some organizations.
2.
Data entry clerk (data conversion operator) – For systems still using manual data entry (which is rare), this function keys (enters) handwritten or printed records to convert them into electronic media; the data entry clerk should not be responsible for reconciling batch totals, should not run programs, access system output, or have any involvement in application development and programming.
3.
Computer operators – Responsible for operating the computer: loading program and data files, running the programs, and producing output. Computer operators should not enter data into the system or reconcile control totals for the data they process. (That job belongs to Data Control.)
4.
File librarian – Files and data not online are usually stored in a secure environment called the file library; the file librarian is responsible for maintaining control over the files, checking them in and out only as necessary to support scheduled jobs. The file librarian should not have access to any of the operating equipment or data (unless it has been checked into the library).

Question 22

what is the role of IT steering Commitee

Answer 22

This group’s principal duty is to approve and prioritize systems proposals for development.

Question 23

what is the role of lead systems anaylst

Answer 23

This individual is usually responsible for all direct contact with the end user and for developing overall programming logic and functionality.

Question 24

what is the role of application programmers

Answer 24

This team, under the direction of the lead analyst, is responsible for writing and testing the programs.

Question 25

what is role of end users

Answer 25

This group has the primary responsibility of identifying problems and proposing initial solutions.

Question 26

what are the stages in a SDLC system

Answer 26

planning and feasibility, analysis, design, development, testing, implementation, maintenance

Question 27

Four levels of documentation

Answer 27

Systems documentation, Program documentation, Operator documentation, user documentation

Question 28

Application controls concern the accuracy, validity, and completeness of data processing in specific application programs. They can be placed in one of three categories:

Answer 28

1. Input and origination controls – Control over data entry and data origination process
2. Processing and file controls – Controls over processing and files, including the master file update process
3. Output controls – Control over the production of reports

Question 29

what is ebusiness

Answer 29

E-business is the generic name given to any business process that relies on electronic dissemination of information or on automated transaction processing. This lesson distinguishes e-business from e-commerce and describes the benefits, risks, and some common business models of e-commerce.

Question 30

what is ecommerce

Answer 30

E-commerce is a narrower term used to refer to transactions between the organization and its trading partners.

Question 31

what are the risks of ecommerce

Answer 31

1. System availability – Online systems must be stable and availability. This was an early challenge to eBay. In its early days, it asked users to stay off of the system during peak hours!
2. Security and confidentiality – Data breaches—for example, the 2013 Target credit and debit card breach—can irreparably harm trust in systems and companies.
3. Authentication – Is an online person or company who they say they are? Increasingly, e-commerce sites (e.g., e-lance) include verification of identity as a prerequisite to site use.
4. Nonrepudiation – This is, essentially, the existence of an audit trail that renders actions verifiable. Hence, one cannot deny, after a transaction, one’s role in it.
5. Integrity – Is the system secure from hackers and crackers? Creating a system that is immune to hacks is a formidable undertaking. Even the FBI website has been hacked.

Question 32

what are the risks of not implementing ecommerce

Answer 32

1. Your customers find it cheaper and easier to buy online.
2. Limited growth – E-commerce offers global reach.
3. Limited markets – E-commerce turns what once were small, highly specialized markets (e.g., collecting antique fountain pens) into large, worldwide markets.

Question 33

what are operational systems

Answer 33

support day to day activities. sometimes called transaction processing systems. process financial and non financial trransactions

Question 34

what are management information systems (MIS)

Answer 34

systems designed to support routine management problems.

Question 35

what are accounting information systems (AIS)

Answer 35

take the financial data from transaction processing systems and use it to produce financial statements and control reports for managment

Question 36

what is decision support systems (DSS)

Answer 36

provide information to mid- to upper-level managers to assist them in managing non routine problems

Question 37

what are executive support systems (ESS)

Answer 37

provide senior executives with immediate access to internal and external info

Question 38

what is data mining

Answer 38

the process of sorting through data maintained in a data warehouse in an effort to identify relationships between data fields or events. These relationships are often classified as sequences (one event leads to another) or associations (one event is correlated with another event). The ability to recognize these patterns is, thus, critical to successful data mining.

Question 39

what is data warehouse

Answer 39

a database archive of an organization’s operational transactions (sales, purchases, production, payroll, etc.) over a period of years; external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, are also included

Question 40

what is data mart

Answer 40

A data mart is focused on a particular market or purpose and contains only information specific to that objective.

Question 41

what is there a great need for within a small business computing enviornment

Answer 41

There is a great need for third-party review and testing within the small business computing environment, Backup procedures are important. Additional supervision of computing may be necessary.

Question 42

what is database management system

Answer 42

The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.

Question 43

what is data manipulation language

Answer 43

The data manipulation language allows the user to add new records, delete old records, and update existing records.

Question 44

what is data query language

Answer 44

Data query language (DQL) is used to extract information from the database.

Question 45

what is data definition language

Answer 45

Data definition language (DDL) is used to create tables and fields of information within the fields

Question 46

what is a central processing unit

Answer 46

Central processing unit (CPU) – The CPU is the control center of the computer system. The CPU has three principal components:
1.
Control unit – Interprets program instructions.
2.
Arithmetic logic unit (ALU) – Performs arithmetic calculations.
3.
Primary storage (main memory)

Question 47

what is batch processing

Answer 47

in batch processing, transactions are first gathered together in a group and then keyed into a transaction file. Periodically, the transaction file is edited, sorted, and then the transactions are used to update the master file.

Question 48

what is real time systems

Answer 48

Online/real-time systems are updated as transactions occur and consequently require networked information systems based on random access storage devices.
Because the information system is updated immediately, errors are detected as soon as the transaction occurs.

Question 49

what is extensible business reporting language

Answer 49

XBRL is specifically designed to exchange financial information over the World Wide Web.

Question 50

what are network firewalls

Answer 50

Network firewalls perform relatively low-level filtering capabilities

Question 51

what are application firewalls

Answer 51

application firewalls have the ability to do much more sophisticated checks and provide much better control.