B6 - Process Management and Information Technology Flashcards
1
Q
What is the purpose of the General IT controls?
A
They’re designed to ensure that the organization’s control environment (people, process and IT) is stable and well-managed. These are controls over the system as a whole.
2
Q
What are types of the General IT controls?
A
- System development life-cycle standards and controls.
- Physical and logical controls over infrastructure
- Business resiliency management
- Change management procedures
- Software acquisition, development, operations, and maintenance controls.
3
Q
What would be examples of general controls?
A
- Restricting access to a computer facility by use of biometrics devices
- Having backup file systems
- Performing background checks of personnel
- Segregation of duties of incompatible roles.
4
Q
What does application controls include?
A
It includes input controls, processing controls, and output controls. They tend to be specific to the process or subsystem (e.g., “missing data check” on an input screen, reconciliation of totals and physical controls over inventory)
5
Q
What is a preventive control?
A
Preventive controls stop problems before they occur (e.g., locked door, a security guard, segregation of duties). It relates to timing before an event occurs.
6
Q
What is detective controls?
A
Detective controls call attention to errors that have already entered the system before an error causes a negative outcome or even worse, a disaster (e.g., reconciling account records to physical counts). It relates to timing after the event happened.
7
Q
What are feedback controls?
A
Evaluate the results of a business process, and if the results are not good, management can adjust the process before disaster occurs. These are detective controls.
8
Q
What are Feed Forward Controls?
A
Feed forward controls compare projected results (future) to a pre-determined standard and allow management to make a change to prevent an unwanted outcome, preventive controls. Used in a budget system (e.g., modern inventory ordering systems, sales are projected, current inventory levels are identified, and inventory is ordered)
9
Q
What is a firewall?
A
Firewalls are designed to limit who is able to access a system (unauthorized users). Passwords are required to help minimize vulnerability.
10
Q
What do firewalls do?
A
Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system based on set parameters.
11
Q
What is a multifactor authenticator?
A
Allows for a second authentication key from a second device (e.g., smartphone or other key generator needed at the time of log in)
12
Q
How is asymmetric encryption used?
A
A public key is used to encrypt messages. A private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt the message but only the intended recipient can decrypt it.
13
Q
What is multimodal authentication?
A
Multimodal authentication uses multiple biometric data (e.g., fingerprints, facial scanning, eye scanning, etc.) to verify the identity of the individual accessing the data.
14
Q
What is the purpose of a digital signature?
A
To ensure that the sender of the message is authentic. Digital signature uses asymmetric encryption.
15
Q
What is a Public Key Infrastructure (PKI)?
A
Represents the mechanisms used to issue keys and digital certificates.
16
Q
What is hashing?
A
It involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signature.
17
Q
What is data masking?
A
it involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifier.
18
Q
What is the role of the system analyst?
A
- The system analyst role falls under the application development team (yellow team)
- It analyzes and designs new applications and they lead teams of application (software) programmers who complete the actual coding.
- They talk to end users about their needs to develop the new application.
19
Q
What is the role of the security administrator?
A
- the security administrator role falls in the system administrator and system programming team
(red team) - It ensures all components of the system are secure from threats both internal and external.
- Responsibility include security of software and system and granting appropriate access to systems via user authentication, password set up and maintenance.
20
Q
What is the role of the Network Manager?
A
- Falls under the security administrator role (red team).
- Ensures all applicable devices link to the organization’s network and networks operate securely and continuously
- Manages remote access
21
Q
What is the role of the web administrator?
A
- Falls under the security administrator role (red team).
- Operate and maintain the web server
22
Q
What is the role of the Help Desk Personnel?
A
- Falls under the security administrator role (red team).
- Answer help-line calls and emails, resolve user problems, and obtain technical support and vendor support when necessary.
23
Q
What is the role of the Database Administrator?
A
- Falls under the security administrator role (red team).
- System administrator that maintains and supports the database SOFTWARE.
- This include ensuring security and backup and recovery procedures.
24
Q
What is the purpose of data security controls?
A
To ensure that storage media are only accessed, changed, or deleted after appropriate authorization. The objective is to protect information.
25
What is the purpose of change management and related control activities?
Anticipate monitoring the use of system software to prevent unauthorized access to system software and computer programs.
26
What are the steps in a disaster recovery plan?
1. Assess the risk
2. identify mission-critical applications and data
3. Develop a plan for handling the mission-critical applications
4. Determine the responsibilities of the personnel involved in disaster recovery
5. Test the disaster recovery
27
What does Business Process Reengineering (BPR) refer to?
BPR refers to the implementation or radical transformation of business processes to achieve strategic objectives, such as improving customer satisfaction and service, cutting operational costs, and enhancing competitiveness.
Business process reengineering has longer implementation time because it involves radical change.
28
How does business process management works?
Business process management seeks incremental change
29
What is a Statistical Process Control (SPC)?
It is a means of quality control which uses statistics in order to control and monitor a process.
30
What is benchmarking?
It is a process where a company compares to peers to measure performance and understand where improvements can be made in the process.
31
What are the 5 steps in benchmarking?
1. To identify the object of the benchmarking project. Single procedures or concepts are more appropriate for a benchmarking studying.
2. Identify a company that excels in the particular procedure or concept you are studying.
3. Study the company
4. Analysis of the information you received by looking at the other company's procedures.
5. You apply what you learned to your own company.
32
What is the type of approach Just-in-time (JIT) inventory system use?
JIT uses a "pull" approach, where an item is produced only when it is needed down the line.
33
What are some characteristics of a just-in-time inventory system?
1. lot size equal to one
2. insignificant set-up times and costs
3. Balanced and level workloads
4. A reduction of WIP because of reduced materials pending processing.
34
What is the continuous improvement (Kaizen) model about?
Occurs at the manufacturing stage where the ongoing search for cost reduction takes the form of analysis of production processes.
35
What is value chain analysis?
It is concerned with the additional value a product gains by passing through all the activities of the production chain.
36
What is lean manufacturing?
It requires the use of only those resources required to meet the requirements of customers (resources invested only in value-added activities).
37
What is the focus of lean manufacturing?
Waste reduction and efficiency
38
What is the goal of the Six Sigma program?
it is a quality-improvement program that strives to reduce product or service defects to near zero levels.
39
What are the steps of the existing product and business process improvement of the Six Sigma program?
1. Define the problem
2. Measure key aspects of the current process (collect relevant data)
3. Analyze data
4. Improve or optimize current processes
5. Control (develop statistical control process to monitor results)
40
What are the steps of the new product and business process development of the Six Sigma program?
1. Define design goals
2. Measure critical to quality issues (CTQ) (analyze the value chain to determine the features that provide value to the customer)
3. Analyze Design Alternatives (develop different methodologies)
4. Design optimization (use modeling techniques)
5. Verify the design
4. Design optimization
41
What are the 5 IT resources or physical resources?
1. Data
2. Application systems
3. Technology
4. Facilities
5. People
42
What are the 7 desirable attributes of information?
1. Efficiency
2. Confidentiality
3. Integrity
4. Availability
5. Compliance
6. Reliability
7. Effectiveness
43
What does efficiency relates to?
Provides information through the optimal (most productive and economical) use of resources.
44
What does confidentiality refers to?
Protection of sensitive information from unauthorized disclosure
45
What does integrity refers to?
Accuracy and completeness of information, validity in accordance with business values and expectations
46
What does availability refer to?
Information is available when required now and in the future. Also includes safeguarding of necessary resources and associated capabilities.
47
What does compliance refer to?
Comply with laws, regulations, and contractual arrangements to which the business process is subject also internal business policies.
48
What does reliability refer to?
Provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities
49
What does effectiveness refer to?
Information is relevant and pertinent to the business process and is delivered in a timely, correct, consistent and usable manner.
50
What is the focus of IT Governance?
It focuses on the effective management of data and is ultimately the responsibility of management and the board of directors.
51
What are the components supporting IT Governance?
1. Data Availability
2. Architecture
3. Metadata
4. Policy
5. Quality
6. Regulatory Compliance and Practice
7. Security
52
What does data availability under the components of IT Governance refers to?
Information that is not available to employees when they need it provides no benefit. It must be available at the right time to support IT governance goals.
53
What are the factors that impact the IT strategy?
1. Available IT personnel
2. Virtual/Physical Network Design
3. Cybersecurity
4. Centralized/Decentralized Network Design
5. Disaster Recovery and Business Continuity
54
What is decentralized (distributed) processing?
It is a form of processing that uses multiple independent computers to validate a group (block) of transactions at a time. While those blocks are processed, they are added to a chain of all prior blocks that have ever been processed.
55
Who is responsible for structuring IT governance?
Executive management
56
Who is responsible for overseeing IT Governance and appointing executive positions?
The board of directors.
57
What is the role of a systems steering committee?
It is responsible for the oversight of the information system functions. It has a more holistic view than the project management team and it's able to review and approve long-range plans inclusive of developing strategic goals, allocating budgets, monitoring projects, and addressing issues as they arise.
58
How is the high impact or risk assessment (likelihood of loss) described?
the organization cannot operate without the information resource for even a short period of time.
59
How is the medium impact or risk assessment (likelihood of loss) described?
Information resource is classified as medium if there is a work-around for its loss in the short term, but recovery is necessary for long-term operations
60
How is the low impact or risk assessment (likelihood of loss) described?
Information resource is classified as low impact if the organization could operate without the information resource for an extended period of time.
61
What is a node?
A node is any device connected to a network.
62
What is a router?
hardware pieces that manage network traffic by reading source and destination fields within information packets to determine the proper path for a data packet to flow. It assigns IP addresses to different devices.
63
What is a switch?
they connect and divide devices within a computer network. It connects other devices.
64
What is a gateway?
Gateway acts as intermediary between different networks. it transforms data from one protocol into another so that information can flow between networks.
65
What is a server?
A server provides computer power for other machines in the network. It also coordinates programs, data, and other computers so that the network can operate.
66
What is a firewall?
The protective device (hardware) or program (application) that protects an organization's IT resources by filtering network traffic through security protocols.
67
What is a Virtual Private Network (VPN)?
A VPN provides an encrypted communication tunnel across the internet that allows remote users secure access to a network.
68
What is an Accounting Information System?
It's a way to translate raw data into information. Some of the responsibilities of the AIS include:
1. Collecting and storing data about various activities and company transactions
2. Processing data and using it to generate financial reports
3. Secure critical organization financial information.
69
What are the steps of an Accounting Information System?
1. We make debits and credits to record journal entries
2. journal entries are posted to the general ledger
3. general ledger becomes the foundation for the trial balance
4. From the trial balance we make adjustments
5. The adjusted trial balance can be used to prepare financial statements.
70
What are the sequence of events in an AIS?
1. The transaction data from source documents is entered into the AIS by an end user.
2. The original paper source documents are filed
3. These transactions are recorded in the appropriate journal
4. the transactions are posted to the general and subsidiary ledgers
5. Trial balances are prepared.
6. Financial reports are generated.
71
What is the purpose of a Management Information system (MIS)?
Enables companies to use data as part of their strategic planning process as well as the tactical execution of that strategy.
72
What are subsystems under Management information system (MIS)?
1. Accounting Information system (AIS)
2. Decision support system (DSS)
3. Executive information system (EIS)
73
What is the greatest impact in the design of the MIS system?
The key driver comes from the ultimate goal of the reports, which is to help managers make decisions.
74
What is a Decision Support System (DSS)?
It's a subsystem from MIS. Serves the management, operations, and planning (forecast) of all levels of an organization. Helps managers with routine decisions.
75
Under what type of MIS subsystem is artificial intelligence (AI) sitting?
Artificial Intelligence is referred to as an expert system and falls under the Decision Support System (DSS). It is designed to mimic the knowledge and decision-making abilities of the users who employ them so that decisions can be automated.
76
What is the Supply Chain Management System (SCM)?
Unifies business processes beginning with the original supplier and ending with the customer. Includes activities such as purchasing, material handling, production planning and control, logistics and warehousing, inventory control and production distribution and delivery by taking a holistic approach.
77
What are the questions (concerns) that should be asked in a Supply Chain Managements System (SCM)?
The questions are concerned with four important characteristics for every sale:
1. What was ordered?
2. When was it ordered?
3. Where is it being sold and delivered to?
4. How much was ordered?
78
What is the objective of the Supply Chain Managements System (SCM)?
The objective include flexibility and responsiveness in meeting the demand for customers and business partners.
79
What is an Enterprise Resource Planning system (ERP)?
its one system that supports all the activities of the organization. The ERP provides transaction processing, management support, and decision making support in a single package.
80
What are the goals of the ERP?
1. integration of all data within one database with user defined views
2. Maintenance cost savings
3. Employee empowerment - improves communication and decision making
4. utilizes best practices - most successful business processes are integrated in one,
81
What is E-business?
uses internet to improve business performance through connectivity (broad category)
82
What is e-commerce?
a subcategory of e-business. Marketing, buying, and selling of products and services via internet.
It's not restricted to entities that have established business relationships (no prior contact with each other) and generally involves internet rather than private networks.
83
What is business to consumer (B2C)?
E-commerce includes companies selling goods and services directly to consumers over the internet without the need for a brick and mortar store.
84
What is a business to business (B2B)?
Includes the buying and selling of goods and services between business entities over the internet.
85
What is consumer to business (C2B)?
Consumers sell their goods and products to businesses.
86
What is consumer to consumer (C2C)?
It's an online marketplace in which individual consumers buy and sell goods with each other. Often an intermediary company hosts a platform for the execution of the transactions and the host charges a fee.
87
What is government E-commerce?
It's the electronic exchange of goods and services between governments and its citizens. This type of e-commerce includes the following:
1. paying property taxes online
2. paying payroll taxes online
3. contract bidding
88
What is business to employee (B2E)?
sharing information and interacting with employees often done on an intranet.
89
What's are some of the benefits of electronic fund transfer (EFT)?
1. reduces the need for manual entry, thus reducing data entry errors.
2. It increases speed and reduces costs.
90
What's is electronic fund transfer (EFT)?
moving funds electronically from one bank to another without using paper money or checks. Examples:
1. Retail pmts using Point of Sale terminals
2. Direct Deposit of employee pay
3. ATM transactions
4. Federal reserve wire transfers.
91
What is vertical scalability?
Refers to adding more memory, computing power, and resources to the cloud.
92
What are advantages of IT outsourcing?
1. lower IT costs
2. access to IT expertise
3. resources without assets or personnel acquisition
4. Ability to focus more on core missions
93
What are disadvantages of IT outsourcing?
1. less control over the deployment of IT assets
2. inability to control the quality of service
3. potential delay in access to IT support.
94
What is variety?
Refers to the different types of data that are involved in the analysis (e.g., text, numbers, images, and videos).
95
What is veracity?
it is the trustworthiness of the data. therefore, if data is bias or contains irrelevant data, it cannot be fully trusted.
96
What is a relational database?
Relational databases allow data to be stored in different tables, with the tables linked through relationships using key fields.
97
What is a primary key?
A unique identifier for a specific row within a table
98
What is a foreign key?
It is an attribute in one table that is also a primary key in another table.
99
What is an attribute?
Attributes are the column headers in a table that describe the characteristics or properties desired.
100
What is required to perform advanced data analytics?
Most analytics exercises involve some form of extract, transform, and load (ETL) process to pull the data and get it into a format that is usable.
101
What is the structure query language (SQL)?
It is a type of code that uses commands such as SELECT, FROM, and WHERE to query a database. it is also used to select the tables and data needed for input into analytical model, and the most common.
102
What is cluster analysis?
Grouping data with similar characteristics.
103
What is descriptive analytics?
Describes what happened within the data. What is the issue? Summarizes the activity that occurred within a given attribute or attributes.
104
What is diagnostic analytics?
Explains why something happened. Attempts to uncover correlations, patterns, and relationships within a data set to explain why the event occurred.
105
What is predictive analytics (also called data mining)?
Helps predict what will happen in the future. Provides expected or predictive outcomes based on historical data. Use statistical techniques and forecasting models to predict what could happen.
106
What is prescriptive analytics?
What should be done today in order to respond to the prediction or predicament. Prescribe or recommend actions to be taken based on advance analytics to reach a desired goal.
107
What is a boxplot?
Boxplot are graphical displays that show lower and upper extremes, lower and upper quartiles, as well as median points.
108
What is reversion access from change management controls?
This is a parallel implementation , which involves keeping the legacy systems in place while simultaneously setting up new systems to run concurrently or be in place so the company can revert back to the old one in the event of unexpected complications.
109
What is the purpose of system testing as a control activity to reduce the risk of incorrect processing of newly installed systems?
System testing through independent verification of transaction processing represents one of the most effective methods to reduce the risk of incorrect processing of transactions in a newly installed system.
110
What is an acceptance test?
An acceptance test ensures that the software works correctly for the intended user in its normal work environment.
Two types of acceptance tests:
1. Alpha test
2. Beta test
111
What is an Alpha test?
The initial version of the completed software is tested by the customer under the supervision of the developer and the developer's site.
112
What is a Beta test?
The later version of the complete software is tested by the customer at his or her own site without the developer being present.
113
What is sanity testing?
Exercises the logical reasoning and behavior of the software to determine whether system logic is functioning as designed.
114
What is offshore Operations?
Offshore operations relates to outsourcing of services or business functions to an external party in a different country.
115
What is outsourcing?
Outsourcing is the contracting of services to an external provider. A contractual relationship exists between the business and its service provider.
116
What is shared services?
Shared services refer to seeking out redundant services, combining them, and then sharing those services within a group or organization. The distinguishing feature is that they are shared within an organization or group of affiliates.
117
What is the role of the application (computer) programmer?
Writes the new application, (writes the code) in the "test" environment. The person responsible for writing or maintaining application programs. It has standard access to the source code libraries.
118
What are the core components of identifying IT risks?
Understanding, identifying, assessing, and ultimately mitigating IT risk are now the core component of the overall strategy an organization must employ
119
What are the types of risk that inherently exist in technology?
1. Technology risk
2. Security risk
3. Availability risk
4. Operational risk
5. Financial risk
6. Compliance risk
7. Strategic risk.
Data integrity risk is not included.
120
What are the benefits of an ERP system?
1. Stores information in a central repository so that data is only entered once and accessed by various departments.
2. Acts as a framework for integrating/improving organization's ability to monitor sales, expenses, customer service, distributions, and other functions.
3. Provides vital cross-functional information quickly to managers across the organization
4. Improves customer service as information is easily shared
5. Allows greater access control
121
What are disadvantages of the ERP system?
1. Significant time to successfully implement
2. It can be extremely costly
3. Integration of all business units can be complex
4. Significant changes to business processes lead to errors, user resistance, and low adoption rates.
122
What is cloud computing?
An entity uses a network of remote servers, hosted on the internet to store, manage and process data rather than keeping that data on a local server or in house.
123
What is a cloud based system?
it is a virtual pool that is often managed by a third party data storage provider.
124
What is cloud service provider?
Offers network services, infrastructure, or business applications in the cloud (or remote servers)
125
What is a remote server?
It means that the server can be accessed by companies or individuals using network connectivity.
126
What are the advantages of cloud based systems?
1. Universal access: system data is available at any site with internet access.
2. Cost reduction: You can pay for use, demand pricing, low or no fixed costs. No cost of purchasing your own software.
3. Outsourcing and economies of scale: it's cheaper to outsource than to provide a cloud service internally.
4. Cloud services are easier to integrate with ERP systems
127
What are the disadvantages of cloud based systems?
1. Risk of data loss and outages is increased by putting all the data with one vendor.
2. Increased risk of system penetration by Hackers
3. Diligence in vendor screening and selection is essential to cloud computing. CSP (service providers) might be unwilling to divulge details of their operations with auditors.
128
What are the types of disaster recovery facilities?
1. Cold site
2. Warm site
3. Hot site
129
What is a cold site?
offsite location with electrical and other physical requirements for processing. has no computer or files but the business pays for the cold site to provide them. This is the lowest cost solution and takes 1-3 days to resume business operations.
130
What is a warm site?
An offsite location with similar computer hardware, but no files. back data files are delivered to the site as needed possibly. It's more costly than the cold site. Takes about a day to establish.
131
What is a hot site?
Used for mission critical applications. Completely equipped, including the data. Allows for near immediate recovery, within minutes or hours. Huge cost but quicker to recover.
132
What items are considered in a disaster recovery plan?
1. backup files serve as a corrective control, not preventive or detective control
2. business needs to recover from power, equipment failure, and errors involved in processing the wrong files.
3. Redundant multiple backups
4. One or more archives stored on-site
5. At least one archive file is maintained off-site in case of fire, natural disaster, terrorist attacks.
133
When do passwords need to be changed?
passwords need to be changed every 90 days
134
What is one of the most important steps in batch processing?
After data from the transaction files are created and the master file is updated, the output is validated to ensure the information was actually processed. This is performed by comparing the batch total for a transaction (dollar amount) manually calculated to a computer-generated total for the same batch. Any differences will indicate an error that needs to be corrected before the master file is updated. Sequential access files.
135
What is online, real-time processing system?
It is a continuous immediate processing method in which each transaction goes through all processing steps (data entry, data validation, and master file update) before the next transaction is processed. Random-access storage is needed.
136
What is an Executive Information System (EIS)?
- Provide senior management with immediate and easy access to internal and external information to assist with non-routine decisions and in strategic decision making.
- Present data in high-level reports and visualization (usually a dashboard) that allows for big-picture decision making
137
What is a size check test?
Compares the transaction with a predetermined threshold on a standalone basis.
138
What is a check digit test?
Determine whether an ID number entered is a valid entry (e.g., a bank number should have 9 digits)
139
What is a field check test?
Compares the field values in a transaction form to the field requirements (i.e., mandatory) and format restrictions (i.e., text, numeric, dates, etc.)
140
What is clustering under the diagnostic analysis of data analytics?
Data mining technique that identifies similar data (e.g., identifying customers in certain geographic area).
141
What is association under the diagnostic analysis of data analytics?
Data mining technique that discovers links between two items. It can often find hidden patterns in data (e.g., what products are often purchased together).
142
What is sequencing under the diagnostic analysis of data analytics?
Data mining technique that looks for sequential patterns. It can often help discover similar patterns in transaction data over time.
143
What is forecasting under the predictive analysis of data analytics?
It is not a data mining technique but it uses data mining technique of prediction.
144
What provides a detailed and structured review of program logic?
A walk-through of a program allows the company to gain an understanding of the program logic, design philosophy, features, functionality (how the program processes the information).
145
What does test data processing refers to?
It is used to confirm if the program is producing expected results.
146
What is a denial-of-service attack?
One computer attacks another computer with a large amount of information which will more likely crash the computer entirely rather than locking the user out for a certain period of time.
147
What is Extensive Business Reporting Language (XBRL)?
reporting language designed to create, share, and distribute financial information. It is used to code and bring meaning to financial data.
148
What is a ransomware attack?
Malicious code that locks a company out of its own system/network until the company pays "ransom" or cash if the data is not backed-up.
149
What is formjacking attack?
Hacker attempts to obtain credit card information by slipping a malicious code into the company's valid online checkouts.
150
When is a SOC 1 report used?
A SOC 1 report focuses on internal controls over financial reporting
151
When is a SOC 2 report used?
A SOC 2 report focuses on controls over data security.
152
What is the SOC 2 Trust Service Criteria (TSC)?
1. Security (mandatory)
2. Availability - if you're making 'up-time' guarantees
3. Processing integrity
4. Confidentiality
5. Privacy - protection of private/personal information
153
When is a type 1 report used in a SOC report?
Type 1 reports only cover the design of internal controls over financial reporting at a specific point in time. No opinion is rendered.
154
When is a type 2 report used in a SOC report?
Type 2 reports covers the design and effectiveness of internal controls over security (test of controls and results). An opinion is rendered on the effective operation of the controls over a period of time.
155
What does the Theory of Constraint (TOC) states?
Theory of constraint (TOC) states that organizations are impeded from achieving objectives by the existence of one or more constraints or bottlenecks. Organization should work around or leverage the constraint.
156
What is a constraint (bottleneck)?
Anything that impedes the accomplishment of an objective.
157
What is an internal constraint?
Internal constraints are evident when the market demands more than the system can produce (e.g., inefficient equipment, lack of people skills or mind-set, policies prevent the use of resources)
158
What is an external constraint?
External constraints exist when the system produces more than the market requires.
159
What is a treemap chart?
A treemap is used to show proportions of an item relative to other item. It shows the relative size out of 100%.
160
What is a waterfall chart?
The waterfall chart is used to bridge the change from one period to the next period (e.g., change in revenue from year 5 to year 6)
161
What is the most effective way information technology, people, processes and systems can facilitate the decision-making process of the organization?
By providing relevant and reliable data that reduces uncertainty
162
What is data encryption?
Allows one user to scramble a message into an unreadable format. The other user must then have the digital key to unscramble the message. Strong security measure.
163
What is digital certification?
Proof of public key and verifies the identity of user. Helps ensure that only trusted devices and users can connect to the company's network.
164
What will be a control activity to reduce risk of incorrect processing in a newly installed computerized accounting system?
Independently verify the transaction.
165
What is value delivery?
It ensures the information technology department performs what is necessary to deliver the benefits promised at the beginning of a specific project or an investment.
166
What is the data librarian's role?
Primarily responsible for maintaining systems and methods to maintain data. It also ensures that data can be accessed by the rest of the organization.
167
What is the primary objective of data security controls?
To ensure that storage media are subject to authorization prior to access, change, or destruction.
168
What are the 3 main data processing controls?
1. Run to run totals (sum checks)
2. Data matching
3. Data sequence checks
169
What is the purpose of the run to run totals (sum checks) processing control?
Its looking to compare the data number of transactions prior to processing to total transactions that were processed. It ensures the output report includes the same total inputs that we had before processing.
170
What is the purpose of the data matching processing control?
Focuses on making sure information is consistent across various sources. Information agrees while it's been processed.
171
What is the purpose of the data sequence checks processing control?
It makes sure if there is a sequence there is nothing missing (e.g., invoices 1 through 10. We're not missing check#7)
172
What is Electronic Data Interchange (EDI)?
Computer-to-computer exchange of business documents and data in a standardized electronic format between business partners that allows direct processing of the data by the receiving system (e.g., compressed business cycle with lower year-end receivables)
173
What is unique about Software-as-a-Service (SaaS) provider compared to a traditional in-house application?
Data is stored in the cloud that is managed by the SaaS provider. This means that the SaaS provider processes and potentially owns the data if stipulated in the service agreement (SLA). This is not true about the traditional in-house application as the data would be owned by the company.
174
What is malware?
Hacker plants malicious code in the network of a company or individual. Forms of malicious code include viruses, worms, spyware, etc.
175
What is phishing?
Sends users fake emails to mimic a company that consumers consider well-trusted to collect personal information and/or infect the computer with a virus.
176
What is pharming attack?
Sends users to fake websites instead of real websites the user intended to visit to gain access to consumer computer and steal personal information.
177
What is a bot, zombies, and botnet attack?
1. Hacker can take over the computer, which is the bot.
2. Hacker infects the bot with malware to transform it into a zombie and take control over it to carry out a task.
3. Hacker takes hundreds of zombies and create a botnet, which are instructed by the hacker to carry a cyber-attack.
178
What is a data control language (DCL) in SQL?
Focused on managing access and permission in a database. The two main commands are GRANT and REVOKE, which are used to add, change, or remove access/permissions in a database.
179
What is Data Definition Language (DDL) in SQL?
DDL commands are used to manage the structure of a database. Used to manage rows/columns in a database
180
What is Data Manipulation Language (DML) in SQL?
DML commands are used to manage the data or information in the database.
181
What is Transaction Control Language (TCL) in SQL and the commands used?
TCL commands are used to manage transactions in the database with common commands as follows:
SAVEPOINT - temporarily saves a transaction
COMMIT - fully saves transaction
ROLLBACK - restores back to last COMMIT
182
What are the commands used in the data definition language (DDL)?
CREATE - create a table
DROP - delete a table
TRUNCATE - delete information
ALTER - add, delete, or modify columns in a table
BACKUP - safely store the database
183
What is a Gantt chart?
It is used for project management. It represents each task and the timing and duration of that task (e.g., company assigns the start date and end date for each task).
184
What is a Column chart?
Uses vertically arranged bars and allows you to compare quantity across different products or activities (e.g., a company had multiple product types, they could compare revenue for each product type in a column chart).
185
What is a bar chart?
Similar to a column chart, but it displays the data horizontally. In the y-axis you have the product type and the x-axis will have the quantity/volume.
186
What is a line chart?
it shows changes in one variable, usually over time. the horizontal axis of a line chart is usually a time line.
187
What is a pie chart?
Circular graphic that divides data into slices and illustrates the numerical portion out of 100%.
188
what is a pareto chart?
A pareto chart is similar to a bar chart, but it also includes a line that accumulates up to 100%. The line descend from left to right and the line on to represents the relative portion out of 100% and accumulates up to 100%.
189
What is a scatter plot
Displays two variables for a set of data. Allows to plot data for the two variables and see if there is a trend.
190
What is a Bubble Chart?
It's similar to a scatter plot, but it allows you to add a 3rd variable. Example, in a traditional scatter plot, you could plot revenue and consumer rating by product. However, in a bubble chart you could add a 3rd variable like gross margin.
191
What is a funnel chart?
A way to illustrate various stages in the process. Example, a company may want to use a funnel chart to illustrate their sales funnel (leads, sales call, trial period, purchase)
192
What is spoofing?
When a hacker disguises itself as legitimate and attempts to take over a persons computer, phone , etc.(e.g., hacker attempts to trick employees with a phony "spoof" about the "victim" having just been in an accident and "requesting the password" to take over the computer.
193
What is piggybacking?
The process of gaining free network access through someone else
194
What is eavesdropping?
Hacker intercepts, deletes, or modifies data that is being transmitted between two devices.
195
What are common diagnostic analytic techniques?
1. Performing "drill-down" analysis - mining underlying data to answer questions.
2. Performing a cluster or profile analysis - Determine if any similar grouping of variables reveal insight or unknown answers (e.g., identifying customers in certain geographic areas).
3. Association discovers links between two items. Finds hidden patterns in data.
4. Sequencing - data mining technique that looks at sequential patterns
196
What are the advantages of a centralized network design?
It enables an organization to exert greater control over its IT environment.
197
What are the advantages of a decentralized network design (or distributed data processing (DDS))?
1) it enhances user satisfaction by allowing users to control the resources that influence their profitability
2) It reduces costs by allowing data to be entered and edited locally
3) It provides the ability to back up computing facilities to protect against potential hazards such as fires and flood.
198
What is scalability?
Organizations can buy only the capabilities and storage that they currently need but can contract for expansion as organizational needs evolve. Two types of scalability:
1) Vertical scalability
2) Horizontal scalability
199
What is vertical scalability?
It refers to increasing processing power and speed
200
What is horizontal scalability?
It refers to increasing storage size
201
What is the command in SQL that retrieves the unique data from a table?
SELECT DISTINCT
202
What is Platform as a Service (PaaS)?
PaaS provide a platform for developers to build and deploy applications using pre-configured services, such as databases, messaging, and authentication
203
What is a transaction processing system (TPS)?
TPS is a system used for performing daily business transactions such as sales or orders from customers. Payroll system is also an example of a TPS.
204
What is the primary purpose of a data dictionary in a database management system?
The primary purpose of a data dictionary is to store metadata that describes the data elements, their definitions, relationships, data types, constraints, and other characteristics within a database.
