AUD 9 - Information Technology Flashcards
Benefits of IT (5)
MCCAT
- Monitoring - electronic controls can be monitored by the computer software itself.
- Consistency - computers process data the same way every time.
- Circumvention - controls are difficult to circumvent when programmed properly & exceptions are unlikely to be permitted.
- Analysis - data can be accessed for analytical procedures more conveniently (w/ proper software).
- Timeliness - electronic processing & updating is normally more efficient.
Risks of IT (6)
MCFOLA
- Manual Intervention - knowleadgeable individuals can sometimes alter files by bypassing the appropriate programs.
- Changes in Programs - severe consequences without detection are possible if unauthorized program changes occur.
- Failure to Change - programs are sometimes not updated for new laws, rules, or activities.
- Overreliance - without clear output, IT systems are often assumed to be working when they are not.
- Loss of Data - catastropic data loss is possible if appropriate controls aren’t in place.
- Access - destruction & alteration of large amounts of data are possible if unauthorized access occurs.
What are the two IT risks of major concern to the auditor?
- Unauthorized Access to a computer system can cause more damage to the accounting system as a whole than in a maunal system where it is difficult for one person to access all the different records of the system.
- The Audit Trail is an electronically visible trail of evidence enabling one to trace info contained in statments or reports back to the original source.
In what two ways may Data be processed?
Processing of Transaction (2)
- Online Transaction Processing - means that the database is updated as soon as a transaction is received, keeps the business up-to-date the moment transactions are keyed or transmitted into the system.
- Batch Processing - the accumulation of info about similar events or transactions so that they could be entered into the acctg system at one time.
- Increases efficiency of processing transactions
- Allows for greater control over input process
- DELAYS the availability of info (time delay)
The linking of computers (Network) may be done in what three different ways?
(Network Configurations)
- LAN - communication network that serves several users within a specified geographical area.
- VAN - links different companies’ computer files together.
- WAN - a computer network connecting different remote locations that may range from short distances, building floors, or regions.
Network Topology (5)
Topology refers to the shape of a network, or the network’s layout.
- Bus
- Star
- Ring
- Tree
- Mesh
Electronic Ecommerce
(E-Commerce)
The conduct of business, generally involving the buying & selling of products, including billing & payment, using electronic communication (EDI) between the computers of different entities such as suppliers & customers.
What is Electronic Data Interchange (EDI)?
&
What are three special considerations related to EDI?
EDI is the electronic interchange of business information between suppliers & consumers using a standardized format.
Three special considerations related to EDI:
- Strict Standards are needed for the form of data so that it will be understood by computers at both end.
- Translation Software is needed by each computer on both ends so that it can convert data between the standard used for EDI & the form needed for processing internally.
- Unauthorized Access considerations. Requires the use of encryptions & firewalls.
Computer/Internet Risks
Virus
Trojan Horse
Worm
Hoax Virus
Killer Application
Phishing
Firewall
Virus - a program with the ability to reproduce by modifying other programs to include a copy of itself.
Trojan Horse - is a purposefully hidden malicious or damaging code within an authorized computer program.
Worm - a program that duplicates itself over a network so as to infect many computers with viruses.
Hoax Virus - a widely distributed e-mail message warning of a virus that doesn’t exist.
Killer Application - simply refers to a program that is extremely useful, & is not anything dangerous.
Phishing - is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private info that will be used for identity theft.
Firewall - a tool for establishing security which prevents unauthorized users from accessing data.
Controls
What are the 2 broad types of Controls?
Controls - in an operation of computer systems, management must focus on two broad types of controls:
- General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
- Application Controls - these are specific to individual programs & uses of the system.
General Controls
What are the 5 elements of General Control?
(Personnel,File Security,Contingency Planning,Computer Facilities,Acces Ctrls)
General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
-
Personnel Policies
- Control Clerks & Librarians
- Has Custody responsibilities
- Data Input Clerks & Computer Operators
- Has Recording responsibilities
- System Analysts & Programmers
- Has Authorization responsibilties
- Control Clerks & Librarians
-
File Security
- Back Up
- Grandfather/father/son retention system
- Lock Out
- Read-Only
- Back Up
-
Contingency Planning
- Hot Site (computers ready to go)
- Cold Site (no computer waiting)
- Mirrored Web Server - off site
- Documentation - if no segregation of duties
- Hardware Controls
- Parity Check - counts the number of bits/characters
- Echo Check - sends back to originator for check/confirmation of correct info
- Computer Facilities - Fire/Insurance
- Access Controls - biometrics
Application Controls (Program Controls)
What are the 3 elements of Application Controls?
Application Controls - specific to individual programs & users
-
Inputs
- Field Checks -Data is validated to correvct length, character types, format (valid Lic#)
- Validity Check - Compared with acceptable entries (valid SS#)
- Limit Test - SS #s not greater than 9
- Check Digits - identification numbers based on formula
- Financial Total
- Record Conts
- Hash - A meaning less total
- Non financial Totals
- Edit Checks - Verify that each individual entry is appropriate & generates a list of rejected transactions.
-
Processing
- Systems & software documentation
- Error-checking compiler
- Test Data
- Change Control measures
- System Testing
- User Acceptance Testing
-
Output
- Distribution lists
- Shredders
- System testing
Application Controls - Input
Data can be verified in what 4 ways?
Form of Data Verified (4)
Application Controls - specific to individual programs & users
-
Form of Data Verified:
- Field Checks - Data is validated to correvct length, character types, format (valid Lic#)
- Validity Check - Compared with acceptable entries (valid SS#)
- Limit Test - SS #s not greater than 9
- Check Digits - identification numbers based on formula
Application Controls - Input
Control Totals (3)
Application Controls - specific to individual programs & users
-
Control Totals:
- Record Counts - number of items being input
- Financial Total - total of column of entries in currency
- Hash - A meaning less total
Parity Check
vs.
Echo Check
Parity & Echo checks are a type of Hardware Control whichis considered a General Control of a company.
Parity Check - A hardware control that makes certain that each byte has either an odd or even number of bits in the “1” or “on” position, depending on whether the machine is designed as odd or even parity, respectively.
Echo Check - A hardware control that has one computer re-transmit data back to the computer from which it originated to make certain that the data received matches the data transmitted.
