B6 (Area IV) Flashcards
Information technology (IT) corporate governance goal is to
align with organizational objectives
Six Sigma steps are
problem, analyze data, and control
IT governance concept of
timeliness of data availability, depict the way an organization achieves its mission critical goals using IT strategies
Supporting documentation for an organizations IT security policy is
industry regulations, performance standards for IT assets, protocols for IT processes
Vision Statement security outlines how
an organization will protect tangible and intangible assets.
Factors that those in charge of IT governance use to create organizations IT strategy are
vision statement, corporate strategy, regulations
Virtual networks uses
outsourced computer power
Internet provider vision to provide reliable and consistent network connectivity for all customer is reliant on
All IT personnel on company payroll, physical network, quick disaster recovery speeds
Strong IT governance models have
both people and policies in place that help organizations reach objectives
Responsibility of an information technology steering committee should be
formed to guide and oversee systems development and acquisition
Function of information systems steering committee is
ensuring top management participation, guidance and control, coordination of integrating information systems, setting governing policies for various information systems
Information resource are categorized as
medium impact when work around for its loss on short term but recovery is necessary for long term. High impact is organization cannot operate without information resource over short period of time. Low impact the organization could operate without information resource. No impact is not a category.
Routers are
network devices that assign IP addresses and manage network traffic by source and destination fields
1) Routers assign:
2) Switches:
3) Gateways:
4) Servers:
1) IP addresses
2) switches can divide one connection into multiple connections
3) gateways convert protocols to communicate with other network devices
4) servers coordinate programs data and other computers so that the network can operate but do not act and an intermediary.
Virtual private networks creates an
encrypted communication tunnel across the internet for the purpose of allowing a remote user secure access into the network
Error most likely detected by analyzing financial totals is
transportation error on one employees paycheck on weekly payroll (manual total will be calculated for each transaction then compared to computer generated batch control total)
An accounting information system (AIS)
is a subsystem within management information system
Accounting information system (AIS) is found in a
well design system of audit trail that allows a user to trace a transaction from source documents to financial reports
Example of audit trail is authorized individual to select
inventory can be traced back by a copy of purchase order to see when item was ordered and who authorized it
Management information systems
perform report data for strategic planning
An example of decision support system (DDS) is
transaction processing system because (DSS) forecasts scenarios
Enterprise resource planniny system is
integrate and secure data from all aspects of an organizations activities
Supply chain management system concerned with
what goods were ordered, when goods were delivered and the amount paid
B= Business, C= Consumer
Local food writer is asked by business to write a review about food this is an example of _________
Accountants referring to the AICPA website is__________
1) of C2B
2) is B2C
Benefit of using electronic funds transfer for international cash transactions is
reducing frequency of entry errors
Cloud computing can best be defined as
organizations that use internet access and applications that run on remote third party technology infrastructure
The best reason for the company to switch to cloud computing is
usually has lower upfront costs of equipment and maintenance
Disadvantage of IT outsourcing is
quality control because they are a third party with their own standards
Veracity is
trustworthiness of your data,
Publication phase of the data cycle
when data is circulated to users for various purposes.
A document count is
how many invoices a company has
Foreign key is process of
transforming raw data into information that can be used in relational database
Descriptive Analytics analyzes sales
by looking at the average sales by region
1) Predictive Analytics statistical techniques and forecasting models to ____________
2) Diagnostic analytics focus on ____
3) Prescriptive analytics use______
1) predict what could happen
2 determining why something occurred
3) optimization and simulation algorithms to affect future decisions
1) SQL is most like used to _________
2) C perform similar functions to SQL but ________
3) C++ can execute queries but ______
4) JavaScript focused on_______
1) involves extraction, which can be done by running queries
2) the language most likely being used for pulling records in database
3) broader terms of the application it has. SQL is more narrowly focused on queries
4) web programming and host of other applications
Employ data mining allows
allows users to perform diagnostic analytics to drill into under lying data to better understand data
1) Boxplot shows if there is
2) Dot Plot is a
3) Histogram a
4) Trend Line is a
1) a mean, median, minimum, maximum and outlier to compare
2) two dimensional map that shows the frequency of data points on one axis and another dimension on other
3) bar chart that plots a measurement of data points at different points in time does not show extremes
4) continuous graphing of data points over a specified time period
1) Flowchart maps out
2) Waterfall chart shows
3) Directional Chart highlights
1) process, not cumulative effect of data points
2) cumulative effect of series of data points that make up total with incremental contributions making up total net income
3) milestones or events over multiple time periods
A key difference in controls when
changing from manual system to a computer system bc its changing methodologies
When seeking competitive advantage in planning the implementation of new software system
design an optimal process and then align the software
Risk assessment identifies
whether the company has information that unauthorized individuals want.
Risk management includes
risk assessment, trade off between risk and reward, risk inherent aspect of project
Integrating general and application control procedures
part of basic design ensures effective control procedures
General controls in an information system include
information technology infrastructure, security management, software acquisition
Reviewing the systems access log most likely detects
computer related fraud
Identification of critical applications is important to
include in the disaster and recovery plan
Continuity Planning most effectively
restore business operations following a disaster
To assure continuity in the event of a natural disaster the firm should
adopt an offsite mirrored web server
Cold is a data processing disaster recovery site
but has not been stocked with equipment
Hot site is a
Location that is equipped with the necessary hardware and software
The primary purpose of a disaster recovery plan is to
specify the steps required to resume operations
Incremental backup
backup copying only the data items that have changed since last backup
System availability control example
raise the floors in the room where the network resides to avoid flood damage
Primary objective of data security controls
access, change, or destruction
Systems analyst start the process of
implementing a new software system
Computer programmers create a
program based on a design
Data entry and application programming should
be delegated to separate individuals
A disadvantage of symmetric encrypt data is
both sender and receiver must have the private key before this encryption method will work
Systems Analyst develops
long range plans, directing application development and computer operations
Physical access control
separates unauthorized individuals from computer resources
An application programmer should have the responsibility to
CODE approved changes to a payroll program
1) Hashing involves______
2) Both hashing and asymmetric encryption provides________
1) mapping large quantities of data into smaller table for recovering purposes. Encryption involves using a digital key to scramble. Asymmetric encryption is considered more secure. Symmetric provides less security than asymmetric
2) the same level of assurance enforceability of a digitally signed transactions as an inked signature
Public Key Infrastructure (PKI) refers to
processes used to issue asymmetric keys and digital certificates
Encryption in a electronically transmitting data would
provide the most assurance unauthorized release of sensitive information would be prevented
What is used to prevent unauthorized access to files
Smart Card, Multifactor authentication, Multimodal authentication
1) Asymmetric encryption
2) Private key
1) a public key is used to encrypt messages.
2) private key used to decrypt the the message at the other end
Read but not write is the access staff accountants should have after
sending to management for approval
Firewall prevents
unauthorized users from gaining access to network resources
Multifactor authentication requires
both a password and a numerical key generated on a smartphone for its users to log in
Users enter a log in name and password in an effort to
strengthen this the installation of fingerprint scanners
Biometric Devices use mitigate the risk of
unauthorized access to its payroll data
The highest risk of data integrity is
a spreadsheet into which the controller enters summary daily sales data from a printed report of an automated accounting system
Calculate monetary value:
(Risk Probability) x (Cost)
Risk is measured in: (H) = high action as soon as possible, (M) medium action and corrective action in a reasonable time frame, (L) low action no corrective action
The 7 principles of quality management are
Customer Focus, Leadership, People Engagement, Process Approach, Continuous Improvement, Evidence Based Decision Making, Relationship Management
Six Sigma
evaluate the achievement of goals and improving processes to reduce defective outputs
What does IT stand for
Information Technology