4 - IT Flashcards
IT concepts on BEC exam
What are the 3 basic processes in a manual AIS?
1 - Journalize
2 - Post
3 - Summarize
What are the 3 basic processes in a automated AIS?
1 - Input
2 - Process
3 - Output
What are the 6 risks that are heightened in a computer based system?
1 - Reliance on faulty programs
2 - Unauthorized access to data
3 - Unauthorized changes to master files, programs
4 - Failure to make necessary changes to systems, programs
5 - Inappropriate manual intervention (management override)
6 - Loss of data
Physical ______ _______ are substantially reduced in a computerized environment, particularly in online, real-time systems.
audit trails
These are built into better accounting information system software and created by maintaining a file of all transactions processed by the system, to include the username of the person who processed the transaction.
Electronic audit trails
In a computerized environment, many functions that are normally separated as part of ___________ controls are combined to be processed at the same time.
segregation of duties
Computerized systems have uniform transaction processing, which results in an increase in processing consistency and decreases the chance for ________. `
clerical errors
In a computerized environment, there is an increased risk of ___________, or errors in programming logic.
systematic errors
Computerized systems can gain efficiency by automatically generating transactions when conditions occur, but these transactions should be ___________.
Regularly reported and reviewed
One benefit of computerized systems is the potential for increased __________ review.
Management
The ____________ framework is a widely used international standard for identifying best practices in IT security and control
COBIT (Control Objectives for Information and Related Technology)
COBIT bridges the gap between strategic business requirement, __________, and the delivery of supporting IT.
accounting control needs
COBIT facilitates ____________ and helps ensure the _______ of information and information systems
IT governance; integrity
The IT function is divided into these 4 domains:
1 - Planning and organization
2 - Acquisition and implementation
3 - Delivery and support
4 - Monitoring
This domain of the COBIT IT function establishes a strategic vision for IT and develops tactics to plan, communicate, and realize the strategic vision
Planning and organization
This domain is concerned with acquiring, implementing, and developing IT solutions to address business objectives and integrate with critical business processes
Acquisition and implementation
This domain is concerned with delivering IT services, including operations, security, and training
Delivery and support
This domain is concerned with assessing IT quality and compliance with control requirements.
Monitoring
The COBIT model identifies 4 interrelated monitoring processes:
1 - Monitor and evaluate IT performance
2 - Monitor and evaluate internal control
3 - Ensure regulatory compliance
4 - Provide IT Guidance
To have value to an organization, data must have the following 7 attributes:
1-Effectiveness 2-Efficiency 3-Confidentiality 4-Integrity 5-Availability 6-Compliance 7-Reliability
The five physical resources that comprise an IT system include:
1 - People 2 - Applications 3 - Technology 4 - Facilities 5 - Data
These systems provide transaction processing, management support, and decision making support in a single, integrated, organization-wide package.
Enterprise resource planning systems (also known as enterprise-wide systems
What are the 4 goals of an ERP system?
1 - Global (organization wide) visibility
2 - Cost reductions
3 - Employee empowerment
4 - “Best practices”
In __________, a virtual data pool is created by contracting with a third-party data storage provider.
Cloud-based system
What are the 6 benefits of cloud-based systems:
1 - Universal access 2 - Cost reductions 3 - Scalability 4 - Outsourcing and economies of scale 5 - Enterprise-wide integration 6 - Deployment speed
What are the 5 primary risks with cloud-based systems?
1 - Risk of data loss and outages
2 - Increased risk of system penetration by hackers
3 - Reliance on CSP competence, professionalism, and reliability.
4 - Data stored on community clouds may be vulnerable to other tenants
5 - Storing data with a high profile provide can make a company a high-profile target for cyber-attackers
The _________ is responsible for the efficient and effective functions of existing systems and for planning for the development and technical resources for future systems
Chief Information Officer (aka VP of IT, etc.)
What are the 3 main functional areas of an IT department:
1 - Application development
2 - Systems administration and programming
3 - Computer operations
This functional area is responsible for creating new end-user applications and maintaining existing applications.
Application development
These people are responsible for analyzing and designing computer systems; lead teams of programmers, and work with end-users to define problems and ID solutions.
Systems analyst
These people work under the systems analyst and write the actual programs that process data and produce reports
Applications programmers
New program development is completed in a _________ environment using copies of live data and existing programs.
test or “sandbox”
This department maintains the computer hardware and infrastructure and works to grant access to system resources
Systems administration and programming
Responsible for the management activities of systems they control
System administrators (could be web admin, network admin, database admin, etc.)
These people are responsible for maintaining the various operating systems and related hardware. They also update the system and install new hardware.
System programmers
The ___________ ensures that all applicable devices link to the organization’s network and that the networks operate securely and continuously.
Network managers.
Ensures that all components of the system are protected from all internal or external threats
Security management
This department is responsible for the day-to-day operations of the computer system.
Computer operations
Computer operators and data entry personnel should never be allowed to act as ________.
Programmers
Systems programmers should never have access to _________.
application program documentation
Data administrators should not have access to ______.
computer operations, live data
Application programmers and systems analysts should never have access to _________
computer operations, live data
Application programmers and systems analysts should not ____________..
Control access to computer resources.
