B6 - Process Management and Information Technology

Question 1

What is the purpose of the General IT controls?

Answer 1

They’re designed to ensure that the organization’s control environment (people, process and IT) is stable and well-managed. These are controls over the system as a whole.

Question 2

What are types of the General IT controls?

Answer 2

1. System development life-cycle standards and controls.
2. Physical and logical controls over infrastructure
3. Business resiliency management
4. Change management procedures
5. Software acquisition, development, operations, and maintenance controls.

Question 3

What would be examples of general controls?

Answer 3

1. Restricting access to a computer facility by use of biometrics devices
2. Having backup file systems
3. Performing background checks of personnel
4. Segregation of duties of incompatible roles.

Question 4

What does application controls include?

Answer 4

It includes input controls, processing controls, and output controls. They tend to be specific to the process or subsystem (e.g., “missing data check” on an input screen, reconciliation of totals and physical controls over inventory)

Question 5

What is a preventive control?

Answer 5

Preventive controls stop problems before they occur (e.g., locked door, a security guard, segregation of duties). It relates to timing before an event occurs.

Question 6

What is detective controls?

Answer 6

Detective controls call attention to errors that have already entered the system before an error causes a negative outcome or even worse, a disaster (e.g., reconciling account records to physical counts). It relates to timing after the event happened.

Question 7

What are feedback controls?

Answer 7

Evaluate the results of a business process, and if the results are not good, management can adjust the process before disaster occurs. These are detective controls.

Question 8

What are Feed Forward Controls?

Answer 8

Feed forward controls compare projected results (future) to a pre-determined standard and allow management to make a change to prevent an unwanted outcome, preventive controls. Used in a budget system (e.g., modern inventory ordering systems, sales are projected, current inventory levels are identified, and inventory is ordered)

Question 9

What is a firewall?

Answer 9

Firewalls are designed to limit who is able to access a system (unauthorized users). Passwords are required to help minimize vulnerability.

Question 10

What do firewalls do?

Answer 10

Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system based on set parameters.

Question 11

What is a multifactor authenticator?

Answer 11

Allows for a second authentication key from a second device (e.g., smartphone or other key generator needed at the time of log in)

Question 12

How is asymmetric encryption used?

Answer 12

A public key is used to encrypt messages. A private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt the message but only the intended recipient can decrypt it.

Question 13

What is multimodal authentication?

Answer 13

Multimodal authentication uses multiple biometric data (e.g., fingerprints, facial scanning, eye scanning, etc.) to verify the identity of the individual accessing the data.

Question 14

What is the purpose of a digital signature?

Answer 14

To ensure that the sender of the message is authentic. Digital signature uses asymmetric encryption.

Question 15

What is a Public Key Infrastructure (PKI)?

Answer 15

Represents the mechanisms used to issue keys and digital certificates.

Question 16

What is hashing?

Answer 16

It involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signature.

Question 17

What is data masking?

Answer 17

it involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifier.

Question 18

What is the role of the system analyst?

Answer 18

1. The system analyst role falls under the application development team (yellow team)
2. It analyzes and designs new applications and they lead teams of application (software) programmers who complete the actual coding.
3. They talk to end users about their needs to develop the new application.

Question 19

What is the role of the security administrator?

Answer 19

1. the security administrator role falls in the system administrator and system programming team
   (red team)
2. It ensures all components of the system are secure from threats both internal and external.
3. Responsibility include security of software and system and granting appropriate access to systems via user authentication, password set up and maintenance.

Question 20

What is the role of the Network Manager?

Answer 20

1. Falls under the security administrator role (red team).
2. Ensures all applicable devices link to the organization’s network and networks operate securely and continuously
3. Manages remote access

Question 21

What is the role of the web administrator?

Answer 21

1. Falls under the security administrator role (red team).
2. Operate and maintain the web server

Question 22

What is the role of the Help Desk Personnel?

Answer 22

1. Falls under the security administrator role (red team).
2. Answer help-line calls and emails, resolve user problems, and obtain technical support and vendor support when necessary.

Question 23

What is the role of the Database Administrator?

Answer 23

1. Falls under the security administrator role (red team).
2. System administrator that maintains and supports the database SOFTWARE.
3. This include ensuring security and backup and recovery procedures.

Question 24

What is the purpose of data security controls?

Answer 24

To ensure that storage media are only accessed, changed, or deleted after appropriate authorization. The objective is to protect information.

Question 25

What is the purpose of change management and related control activities?

Answer 25

Anticipate monitoring the use of system software to prevent unauthorized access to system software and computer programs.

Question 26

What are the steps in a disaster recovery plan?

Answer 26

1. Assess the risk
2. identify mission-critical applications and data
3. Develop a plan for handling the mission-critical applications
4. Determine the responsibilities of the personnel involved in disaster recovery
5. Test the disaster recovery

Question 27

What does Business Process Reengineering (BPR) refer to?

Answer 27

BPR refers to the implementation or radical transformation of business processes to achieve strategic objectives, such as improving customer satisfaction and service, cutting operational costs, and enhancing competitiveness.

Business process reengineering has longer implementation time because it involves radical change.

Question 28

How does business process management works?

Answer 28

Business process management seeks incremental change

Question 29

What is a Statistical Process Control (SPC)?

Answer 29

It is a means of quality control which uses statistics in order to control and monitor a process.

Question 30

What is benchmarking?

Answer 30

It is a process where a company compares to peers to measure performance and understand where improvements can be made in the process.

Question 31

What are the 5 steps in benchmarking?

Answer 31

1. To identify the object of the benchmarking project. Single procedures or concepts are more appropriate for a benchmarking studying.
2. Identify a company that excels in the particular procedure or concept you are studying.
3. Study the company
4. Analysis of the information you received by looking at the other company’s procedures.
5. You apply what you learned to your own company.

Question 32

What is the type of approach Just-in-time (JIT) inventory system use?

Answer 32

JIT uses a “pull” approach, where an item is produced only when it is needed down the line.

Question 33

What are some characteristics of a just-in-time inventory system?

Answer 33

1. lot size equal to one
2. insignificant set-up times and costs
3. Balanced and level workloads
4. A reduction of WIP because of reduced materials pending processing.

Question 34

What is the continuous improvement (Kaizen) model about?

Answer 34

Occurs at the manufacturing stage where the ongoing search for cost reduction takes the form of analysis of production processes.

Question 35

What is value chain analysis?

Answer 35

It is concerned with the additional value a product gains by passing through all the activities of the production chain.

Question 36

What is lean manufacturing?

Answer 36

It requires the use of only those resources required to meet the requirements of customers (resources invested only in value-added activities).

Question 37

What is the focus of lean manufacturing?

Answer 37

Waste reduction and efficiency

Question 38

What is the goal of the Six Sigma program?

Answer 38

it is a quality-improvement program that strives to reduce product or service defects to near zero levels.

Question 39

What are the steps of the existing product and business process improvement of the Six Sigma program?

Answer 39

1. Define the problem
2. Measure key aspects of the current process (collect relevant data)
3. Analyze data
4. Improve or optimize current processes
5. Control (develop statistical control process to monitor results)

Question 40

What are the steps of the new product and business process development of the Six Sigma program?

Answer 40

1. Define design goals
2. Measure critical to quality issues (CTQ) (analyze the value chain to determine the features that provide value to the customer)
3. Analyze Design Alternatives (develop different methodologies)
4. Design optimization (use modeling techniques)
5. Verify the design
6. Design optimization

Question 41

What are the 5 IT resources or physical resources?

Answer 41

1. Data
2. Application systems
3. Technology
4. Facilities
5. People

Question 42

What are the 7 desirable attributes of information?

Answer 42

1. Efficiency
2. Confidentiality
3. Integrity
4. Availability
5. Compliance
6. Reliability
7. Effectiveness

Question 43

What does efficiency relates to?

Answer 43

Provides information through the optimal (most productive and economical) use of resources.

Question 44

What does confidentiality refers to?

Answer 44

Protection of sensitive information from unauthorized disclosure

Question 45

What does integrity refers to?

Answer 45

Accuracy and completeness of information, validity in accordance with business values and expectations

Question 46

What does availability refer to?

Answer 46

Information is available when required now and in the future. Also includes safeguarding of necessary resources and associated capabilities.

Question 47

What does compliance refer to?

Answer 47

Comply with laws, regulations, and contractual arrangements to which the business process is subject also internal business policies.

Question 48

What does reliability refer to?

Answer 48

Provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities

Question 49

What does effectiveness refer to?

Answer 49

Information is relevant and pertinent to the business process and is delivered in a timely, correct, consistent and usable manner.

Question 50

What is the focus of IT Governance?

Answer 50

It focuses on the effective management of data and is ultimately the responsibility of management and the board of directors.

Question 51

What are the components supporting IT Governance?

Answer 51

1. Data Availability
2. Architecture
3. Metadata
4. Policy
5. Quality
6. Regulatory Compliance and Practice
7. Security

Question 52

What does data availability under the components of IT Governance refers to?

Answer 52

Information that is not available to employees when they need it provides no benefit. It must be available at the right time to support IT governance goals.

Question 53

What are the factors that impact the IT strategy?

Answer 53

1. Available IT personnel
2. Virtual/Physical Network Design
3. Cybersecurity
4. Centralized/Decentralized Network Design
5. Disaster Recovery and Business Continuity

Question 54

What is decentralized (distributed) processing?

Answer 54

It is a form of processing that uses multiple independent computers to validate a group (block) of transactions at a time. While those blocks are processed, they are added to a chain of all prior blocks that have ever been processed.

Question 55

Who is responsible for structuring IT governance?

Answer 55

Executive management

Question 56

Who is responsible for overseeing IT Governance and appointing executive positions?

Answer 56

The board of directors.

Question 57

What is the role of a systems steering committee?

Answer 57

It is responsible for the oversight of the information system functions. It has a more holistic view than the project management team and it’s able to review and approve long-range plans inclusive of developing strategic goals, allocating budgets, monitoring projects, and addressing issues as they arise.

Question 58

How is the high impact or risk assessment (likelihood of loss) described?

Answer 58

the organization cannot operate without the information resource for even a short period of time.

Question 59

How is the medium impact or risk assessment (likelihood of loss) described?

Answer 59

Information resource is classified as medium if there is a work-around for its loss in the short term, but recovery is necessary for long-term operations

Question 60

How is the low impact or risk assessment (likelihood of loss) described?

Answer 60

Information resource is classified as low impact if the organization could operate without the information resource for an extended period of time.

Question 61

What is a node?

Answer 61

A node is any device connected to a network.

Question 62

What is a router?

Answer 62

hardware pieces that manage network traffic by reading source and destination fields within information packets to determine the proper path for a data packet to flow. It assigns IP addresses to different devices.

Question 63

What is a switch?

Answer 63

they connect and divide devices within a computer network. It connects other devices.

Question 64

What is a gateway?

Answer 64

Gateway acts as intermediary between different networks. it transforms data from one protocol into another so that information can flow between networks.

Question 65

What is a server?

Answer 65

A server provides computer power for other machines in the network. It also coordinates programs, data, and other computers so that the network can operate.

Question 66

What is a firewall?

Answer 66

The protective device (hardware) or program (application) that protects an organization’s IT resources by filtering network traffic through security protocols.

Question 67

What is a Virtual Private Network (VPN)?

Answer 67

A VPN provides an encrypted communication tunnel across the internet that allows remote users secure access to a network.

Question 68

What is an Accounting Information System?

Answer 68

It’s a way to translate raw data into information. Some of the responsibilities of the AIS include:
1. Collecting and storing data about various activities and company transactions
2. Processing data and using it to generate financial reports
3. Secure critical organization financial information.

Question 69

What are the steps of an Accounting Information System?

Answer 69

1. We make debits and credits to record journal entries
2. journal entries are posted to the general ledger
3. general ledger becomes the foundation for the trial balance
4. From the trial balance we make adjustments
5. The adjusted trial balance can be used to prepare financial statements.

Question 70

What are the sequence of events in an AIS?

Answer 70

1. The transaction data from source documents is entered into the AIS by an end user.
2. The original paper source documents are filed
3. These transactions are recorded in the appropriate journal
4. the transactions are posted to the general and subsidiary ledgers
5. Trial balances are prepared.
6. Financial reports are generated.

Question 71

What is the purpose of a Management Information system (MIS)?

Answer 71

Enables companies to use data as part of their strategic planning process as well as the tactical execution of that strategy.

Question 72

What are subsystems under Management information system (MIS)?

Answer 72

1. Accounting Information system (AIS)
2. Decision support system (DSS)
3. Executive information system (EIS)

Question 73

What is the greatest impact in the design of the MIS system?

Answer 73

The key driver comes from the ultimate goal of the reports, which is to help managers make decisions.

Question 74

What is a Decision Support System (DSS)?

Answer 74

It’s a subsystem from MIS. Serves the management, operations, and planning (forecast) of all levels of an organization. Helps managers with routine decisions.

Question 75

Under what type of MIS subsystem is artificial intelligence (AI) sitting?

Answer 75

Artificial Intelligence is referred to as an expert system and falls under the Decision Support System (DSS). It is designed to mimic the knowledge and decision-making abilities of the users who employ them so that decisions can be automated.

Question 76

What is the Supply Chain Management System (SCM)?

Answer 76

Unifies business processes beginning with the original supplier and ending with the customer. Includes activities such as purchasing, material handling, production planning and control, logistics and warehousing, inventory control and production distribution and delivery by taking a holistic approach.

Question 77

What are the questions (concerns) that should be asked in a Supply Chain Managements System (SCM)?

Answer 77

The questions are concerned with four important characteristics for every sale:
1. What was ordered?
2. When was it ordered?
3. Where is it being sold and delivered to?
4. How much was ordered?

Question 78

What is the objective of the Supply Chain Managements System (SCM)?

Answer 78

The objective include flexibility and responsiveness in meeting the demand for customers and business partners.

Question 79

What is an Enterprise Resource Planning system (ERP)?

Answer 79

its one system that supports all the activities of the organization. The ERP provides transaction processing, management support, and decision making support in a single package.

Question 80

What are the goals of the ERP?

Answer 80

1. integration of all data within one database with user defined views
2. Maintenance cost savings
3. Employee empowerment - improves communication and decision making
4. utilizes best practices - most successful business processes are integrated in one,

Question 81

What is E-business?

Answer 81

uses internet to improve business performance through connectivity (broad category)

Question 82

What is e-commerce?

Answer 82

a subcategory of e-business. Marketing, buying, and selling of products and services via internet.
It’s not restricted to entities that have established business relationships (no prior contact with each other) and generally involves internet rather than private networks.

Question 83

What is business to consumer (B2C)?

Answer 83

E-commerce includes companies selling goods and services directly to consumers over the internet without the need for a brick and mortar store.

Question 84

What is a business to business (B2B)?

Answer 84

Includes the buying and selling of goods and services between business entities over the internet.

Question 85

What is consumer to business (C2B)?

Answer 85

Consumers sell their goods and products to businesses.

Question 86

What is consumer to consumer (C2C)?

Answer 86

It’s an online marketplace in which individual consumers buy and sell goods with each other. Often an intermediary company hosts a platform for the execution of the transactions and the host charges a fee.

Question 87

What is government E-commerce?

Answer 87

It’s the electronic exchange of goods and services between governments and its citizens. This type of e-commerce includes the following:
1. paying property taxes online
2. paying payroll taxes online
3. contract bidding

Question 88

What is business to employee (B2E)?

Answer 88

sharing information and interacting with employees often done on an intranet.

Question 89

What’s are some of the benefits of electronic fund transfer (EFT)?

Answer 89

1. reduces the need for manual entry, thus reducing data entry errors.
2. It increases speed and reduces costs.

Question 90

What’s is electronic fund transfer (EFT)?

Answer 90

moving funds electronically from one bank to another without using paper money or checks. Examples:
1. Retail pmts using Point of Sale terminals
2. Direct Deposit of employee pay
3. ATM transactions
4. Federal reserve wire transfers.

Question 91

What is vertical scalability?

Answer 91

Refers to adding more memory, computing power, and resources to the cloud.

Question 92

What are advantages of IT outsourcing?

Answer 92

1. lower IT costs
2. access to IT expertise
3. resources without assets or personnel acquisition
4. Ability to focus more on core missions

Question 93

What are disadvantages of IT outsourcing?

Answer 93

1. less control over the deployment of IT assets
2. inability to control the quality of service
3. potential delay in access to IT support.

Question 94

What is variety?

Answer 94

Refers to the different types of data that are involved in the analysis (e.g., text, numbers, images, and videos).

Question 95

What is veracity?

Answer 95

it is the trustworthiness of the data. therefore, if data is bias or contains irrelevant data, it cannot be fully trusted.

Question 96

What is a relational database?

Answer 96

Relational databases allow data to be stored in different tables, with the tables linked through relationships using key fields.

Question 97

What is a primary key?

Answer 97

A unique identifier for a specific row within a table

Question 98

What is a foreign key?

Answer 98

It is an attribute in one table that is also a primary key in another table.

Question 99

What is an attribute?

Answer 99

Attributes are the column headers in a table that describe the characteristics or properties desired.

Question 100

What is required to perform advanced data analytics?

Answer 100

Most analytics exercises involve some form of extract, transform, and load (ETL) process to pull the data and get it into a format that is usable.

Question 101

What is the structure query language (SQL)?

Answer 101

It is a type of code that uses commands such as SELECT, FROM, and WHERE to query a database. it is also used to select the tables and data needed for input into analytical model, and the most common.

Question 102

What is cluster analysis?

Answer 102

Grouping data with similar characteristics.

Question 103

What is descriptive analytics?

Answer 103

Describes what happened within the data. What is the issue? Summarizes the activity that occurred within a given attribute or attributes.

Question 104

What is diagnostic analytics?

Answer 104

Explains why something happened. Attempts to uncover correlations, patterns, and relationships within a data set to explain why the event occurred.

Question 105

What is predictive analytics (also called data mining)?

Answer 105

Helps predict what will happen in the future. Provides expected or predictive outcomes based on historical data. Use statistical techniques and forecasting models to predict what could happen.

Question 106

What is prescriptive analytics?

Answer 106

What should be done today in order to respond to the prediction or predicament. Prescribe or recommend actions to be taken based on advance analytics to reach a desired goal.

Question 107

What is a boxplot?

Answer 107

Boxplot are graphical displays that show lower and upper extremes, lower and upper quartiles, as well as median points.

Question 108

What is reversion access from change management controls?

Answer 108

This is a parallel implementation , which involves keeping the legacy systems in place while simultaneously setting up new systems to run concurrently or be in place so the company can revert back to the old one in the event of unexpected complications.

Question 109

What is the purpose of system testing as a control activity to reduce the risk of incorrect processing of newly installed systems?

Answer 109

System testing through independent verification of transaction processing represents one of the most effective methods to reduce the risk of incorrect processing of transactions in a newly installed system.

Question 110

What is an acceptance test?

Answer 110

An acceptance test ensures that the software works correctly for the intended user in its normal work environment.

Two types of acceptance tests:
1. Alpha test
2. Beta test

Question 111

What is an Alpha test?

Answer 111

The initial version of the completed software is tested by the customer under the supervision of the developer and the developer’s site.

Question 112

What is a Beta test?

Answer 112

The later version of the complete software is tested by the customer at his or her own site without the developer being present.

Question 113

What is sanity testing?

Answer 113

Exercises the logical reasoning and behavior of the software to determine whether system logic is functioning as designed.

Question 114

What is offshore Operations?

Answer 114

Offshore operations relates to outsourcing of services or business functions to an external party in a different country.

Question 115

What is outsourcing?

Answer 115

Outsourcing is the contracting of services to an external provider. A contractual relationship exists between the business and its service provider.

Question 116

What is shared services?

Answer 116

Shared services refer to seeking out redundant services, combining them, and then sharing those services within a group or organization. The distinguishing feature is that they are shared within an organization or group of affiliates.

Question 117

What is the role of the application (computer) programmer?

Answer 117

Writes the new application, (writes the code) in the “test” environment. The person responsible for writing or maintaining application programs. It has standard access to the source code libraries.

Question 118

What are the core components of identifying IT risks?

Answer 118

Understanding, identifying, assessing, and ultimately mitigating IT risk are now the core component of the overall strategy an organization must employ

Question 119

What are the types of risk that inherently exist in technology?

Answer 119

1. Technology risk
2. Security risk
3. Availability risk
4. Operational risk
5. Financial risk
6. Compliance risk
7. Strategic risk.

Data integrity risk is not included.

Question 120

What are the benefits of an ERP system?

Answer 120

1. Stores information in a central repository so that data is only entered once and accessed by various departments.
2. Acts as a framework for integrating/improving organization’s ability to monitor sales, expenses, customer service, distributions, and other functions.
3. Provides vital cross-functional information quickly to managers across the organization
4. Improves customer service as information is easily shared
5. Allows greater access control

Question 121

What are disadvantages of the ERP system?

Answer 121

1. Significant time to successfully implement
2. It can be extremely costly
3. Integration of all business units can be complex
4. Significant changes to business processes lead to errors, user resistance, and low adoption rates.

Question 122

What is cloud computing?

Answer 122

An entity uses a network of remote servers, hosted on the internet to store, manage and process data rather than keeping that data on a local server or in house.

Question 123

What is a cloud based system?

Answer 123

it is a virtual pool that is often managed by a third party data storage provider.

Question 124

What is cloud service provider?

Answer 124

Offers network services, infrastructure, or business applications in the cloud (or remote servers)

Question 125

What is a remote server?

Answer 125

It means that the server can be accessed by companies or individuals using network connectivity.

Question 126

What are the advantages of cloud based systems?

Answer 126

1. Universal access: system data is available at any site with internet access.
2. Cost reduction: You can pay for use, demand pricing, low or no fixed costs. No cost of purchasing your own software.
3. Outsourcing and economies of scale: it’s cheaper to outsource than to provide a cloud service internally.
4. Cloud services are easier to integrate with ERP systems

Question 127

What are the disadvantages of cloud based systems?

Answer 127

1. Risk of data loss and outages is increased by putting all the data with one vendor.
2. Increased risk of system penetration by Hackers
3. Diligence in vendor screening and selection is essential to cloud computing. CSP (service providers) might be unwilling to divulge details of their operations with auditors.

Question 128

What are the types of disaster recovery facilities?

Answer 128

1. Cold site
2. Warm site
3. Hot site

Question 129

What is a cold site?

Answer 129

offsite location with electrical and other physical requirements for processing. has no computer or files but the business pays for the cold site to provide them. This is the lowest cost solution and takes 1-3 days to resume business operations.

Question 130

What is a warm site?

Answer 130

An offsite location with similar computer hardware, but no files. back data files are delivered to the site as needed possibly. It’s more costly than the cold site. Takes about a day to establish.

Question 131

What is a hot site?

Answer 131

Used for mission critical applications. Completely equipped, including the data. Allows for near immediate recovery, within minutes or hours. Huge cost but quicker to recover.

Question 132

What items are considered in a disaster recovery plan?

Answer 132

1. backup files serve as a corrective control, not preventive or detective control
2. business needs to recover from power, equipment failure, and errors involved in processing the wrong files.
3. Redundant multiple backups
4. One or more archives stored on-site
5. At least one archive file is maintained off-site in case of fire, natural disaster, terrorist attacks.

Question 133

When do passwords need to be changed?

Answer 133

passwords need to be changed every 90 days

Question 134

What is one of the most important steps in batch processing?

Answer 134

After data from the transaction files are created and the master file is updated, the output is validated to ensure the information was actually processed. This is performed by comparing the batch total for a transaction (dollar amount) manually calculated to a computer-generated total for the same batch. Any differences will indicate an error that needs to be corrected before the master file is updated. Sequential access files.

Question 135

What is online, real-time processing system?

Answer 135

It is a continuous immediate processing method in which each transaction goes through all processing steps (data entry, data validation, and master file update) before the next transaction is processed. Random-access storage is needed.

Question 136

What is an Executive Information System (EIS)?

Answer 136

• Provide senior management with immediate and easy access to internal and external information to assist with non-routine decisions and in strategic decision making.
• Present data in high-level reports and visualization (usually a dashboard) that allows for big-picture decision making

Question 137

What is a size check test?

Answer 137

Compares the transaction with a predetermined threshold on a standalone basis.

Question 138

What is a check digit test?

Answer 138

Determine whether an ID number entered is a valid entry (e.g., a bank number should have 9 digits)

Question 139

What is a field check test?

Answer 139

Compares the field values in a transaction form to the field requirements (i.e., mandatory) and format restrictions (i.e., text, numeric, dates, etc.)

Question 140

What is clustering under the diagnostic analysis of data analytics?

Answer 140

Data mining technique that identifies similar data (e.g., identifying customers in certain geographic area).

Question 141

What is association under the diagnostic analysis of data analytics?

Answer 141

Data mining technique that discovers links between two items. It can often find hidden patterns in data (e.g., what products are often purchased together).

Question 142

What is sequencing under the diagnostic analysis of data analytics?

Answer 142

Data mining technique that looks for sequential patterns. It can often help discover similar patterns in transaction data over time.

Question 143

What is forecasting under the predictive analysis of data analytics?

Answer 143

It is not a data mining technique but it uses data mining technique of prediction.

Question 144

What provides a detailed and structured review of program logic?

Answer 144

A walk-through of a program allows the company to gain an understanding of the program logic, design philosophy, features, functionality (how the program processes the information).

Question 145

What does test data processing refers to?

Answer 145

It is used to confirm if the program is producing expected results.

Question 146

What is a denial-of-service attack?

Answer 146

One computer attacks another computer with a large amount of information which will more likely crash the computer entirely rather than locking the user out for a certain period of time.

Question 147

What is Extensive Business Reporting Language (XBRL)?

Answer 147

reporting language designed to create, share, and distribute financial information. It is used to code and bring meaning to financial data.

Question 148

What is a ransomware attack?

Answer 148

Malicious code that locks a company out of its own system/network until the company pays “ransom” or cash if the data is not backed-up.

Question 149

What is formjacking attack?

Answer 149

Hacker attempts to obtain credit card information by slipping a malicious code into the company’s valid online checkouts.

Question 150

When is a SOC 1 report used?

Answer 150

A SOC 1 report focuses on internal controls over financial reporting

Question 151

When is a SOC 2 report used?

Answer 151

A SOC 2 report focuses on controls over data security.

Question 152

What is the SOC 2 Trust Service Criteria (TSC)?

Answer 152

1. Security (mandatory)
2. Availability - if you’re making ‘up-time’ guarantees
3. Processing integrity
4. Confidentiality
5. Privacy - protection of private/personal information

Question 153

When is a type 1 report used in a SOC report?

Answer 153

Type 1 reports only cover the design of internal controls over financial reporting at a specific point in time. No opinion is rendered.

Question 154

When is a type 2 report used in a SOC report?

Answer 154

Type 2 reports covers the design and effectiveness of internal controls over security (test of controls and results). An opinion is rendered on the effective operation of the controls over a period of time.

Question 155

What does the Theory of Constraint (TOC) states?

Answer 155

Theory of constraint (TOC) states that organizations are impeded from achieving objectives by the existence of one or more constraints or bottlenecks. Organization should work around or leverage the constraint.

Question 156

What is a constraint (bottleneck)?

Answer 156

Anything that impedes the accomplishment of an objective.

Question 157

What is an internal constraint?

Answer 157

Internal constraints are evident when the market demands more than the system can produce (e.g., inefficient equipment, lack of people skills or mind-set, policies prevent the use of resources)

Question 158

What is an external constraint?

Answer 158

External constraints exist when the system produces more than the market requires.

Question 159

What is a treemap chart?

Answer 159

A treemap is used to show proportions of an item relative to other item. It shows the relative size out of 100%.

Question 160

What is a waterfall chart?

Answer 160

The waterfall chart is used to bridge the change from one period to the next period (e.g., change in revenue from year 5 to year 6)

Question 161

What is the most effective way information technology, people, processes and systems can facilitate the decision-making process of the organization?

Answer 161

By providing relevant and reliable data that reduces uncertainty

Question 162

What is data encryption?

Answer 162

Allows one user to scramble a message into an unreadable format. The other user must then have the digital key to unscramble the message. Strong security measure.

Question 163

What is digital certification?

Answer 163

Proof of public key and verifies the identity of user. Helps ensure that only trusted devices and users can connect to the company’s network.

Question 164

What will be a control activity to reduce risk of incorrect processing in a newly installed computerized accounting system?

Answer 164

Independently verify the transaction.

Question 165

What is value delivery?

Answer 165

It ensures the information technology department performs what is necessary to deliver the benefits promised at the beginning of a specific project or an investment.

Question 166

What is the data librarian’s role?

Answer 166

Primarily responsible for maintaining systems and methods to maintain data. It also ensures that data can be accessed by the rest of the organization.

Question 167

What is the primary objective of data security controls?

Answer 167

To ensure that storage media are subject to authorization prior to access, change, or destruction.

Question 168

What are the 3 main data processing controls?

Answer 168

1. Run to run totals (sum checks)
2. Data matching
3. Data sequence checks

Question 169

What is the purpose of the run to run totals (sum checks) processing control?

Answer 169

Its looking to compare the data number of transactions prior to processing to total transactions that were processed. It ensures the output report includes the same total inputs that we had before processing.

Question 170

What is the purpose of the data matching processing control?

Answer 170

Focuses on making sure information is consistent across various sources. Information agrees while it’s been processed.

Question 171

What is the purpose of the data sequence checks processing control?

Answer 171

It makes sure if there is a sequence there is nothing missing (e.g., invoices 1 through 10. We’re not missing check#7)

Question 172

What is Electronic Data Interchange (EDI)?

Answer 172

Computer-to-computer exchange of business documents and data in a standardized electronic format between business partners that allows direct processing of the data by the receiving system (e.g., compressed business cycle with lower year-end receivables)

Question 173

What is unique about Software-as-a-Service (SaaS) provider compared to a traditional in-house application?

Answer 173

Data is stored in the cloud that is managed by the SaaS provider. This means that the SaaS provider processes and potentially owns the data if stipulated in the service agreement (SLA). This is not true about the traditional in-house application as the data would be owned by the company.

Question 174

What is malware?

Answer 174

Hacker plants malicious code in the network of a company or individual. Forms of malicious code include viruses, worms, spyware, etc.

Question 175

What is phishing?

Answer 175

Sends users fake emails to mimic a company that consumers consider well-trusted to collect personal information and/or infect the computer with a virus.

Question 176

What is pharming attack?

Answer 176

Sends users to fake websites instead of real websites the user intended to visit to gain access to consumer computer and steal personal information.

Question 177

What is a bot, zombies, and botnet attack?

Answer 177

1. Hacker can take over the computer, which is the bot.
2. Hacker infects the bot with malware to transform it into a zombie and take control over it to carry out a task.
3. Hacker takes hundreds of zombies and create a botnet, which are instructed by the hacker to carry a cyber-attack.

Question 178

What is a data control language (DCL) in SQL?

Answer 178

Focused on managing access and permission in a database. The two main commands are GRANT and REVOKE, which are used to add, change, or remove access/permissions in a database.

Question 179

What is Data Definition Language (DDL) in SQL?

Answer 179

DDL commands are used to manage the structure of a database. Used to manage rows/columns in a database

Question 180

What is Data Manipulation Language (DML) in SQL?

Answer 180

DML commands are used to manage the data or information in the database.

Question 181

What is Transaction Control Language (TCL) in SQL and the commands used?

Answer 181

TCL commands are used to manage transactions in the database with common commands as follows:
SAVEPOINT - temporarily saves a transaction
COMMIT - fully saves transaction
ROLLBACK - restores back to last COMMIT

Question 182

What are the commands used in the data definition language (DDL)?

Answer 182

CREATE - create a table
DROP - delete a table
TRUNCATE - delete information
ALTER - add, delete, or modify columns in a table
BACKUP - safely store the database

Question 183

What is a Gantt chart?

Answer 183

It is used for project management. It represents each task and the timing and duration of that task (e.g., company assigns the start date and end date for each task).

Question 184

What is a Column chart?

Answer 184

Uses vertically arranged bars and allows you to compare quantity across different products or activities (e.g., a company had multiple product types, they could compare revenue for each product type in a column chart).

Question 185

What is a bar chart?

Answer 185

Similar to a column chart, but it displays the data horizontally. In the y-axis you have the product type and the x-axis will have the quantity/volume.

Question 186

What is a line chart?

Answer 186

it shows changes in one variable, usually over time. the horizontal axis of a line chart is usually a time line.

Question 187

What is a pie chart?

Answer 187

Circular graphic that divides data into slices and illustrates the numerical portion out of 100%.

Question 188

what is a pareto chart?

Answer 188

A pareto chart is similar to a bar chart, but it also includes a line that accumulates up to 100%. The line descend from left to right and the line on to represents the relative portion out of 100% and accumulates up to 100%.

Question 189

What is a scatter plot

Answer 189

Displays two variables for a set of data. Allows to plot data for the two variables and see if there is a trend.

Question 190

What is a Bubble Chart?

Answer 190

It’s similar to a scatter plot, but it allows you to add a 3rd variable. Example, in a traditional scatter plot, you could plot revenue and consumer rating by product. However, in a bubble chart you could add a 3rd variable like gross margin.

Question 191

What is a funnel chart?

Answer 191

A way to illustrate various stages in the process. Example, a company may want to use a funnel chart to illustrate their sales funnel (leads, sales call, trial period, purchase)

Question 192

What is spoofing?

Answer 192

When a hacker disguises itself as legitimate and attempts to take over a persons computer, phone , etc.(e.g., hacker attempts to trick employees with a phony “spoof” about the “victim” having just been in an accident and “requesting the password” to take over the computer.

Question 193

What is piggybacking?

Answer 193

The process of gaining free network access through someone else

Question 194

What is eavesdropping?

Answer 194

Hacker intercepts, deletes, or modifies data that is being transmitted between two devices.

Question 195

What are common diagnostic analytic techniques?

Answer 195

1. Performing “drill-down” analysis - mining underlying data to answer questions.
2. Performing a cluster or profile analysis - Determine if any similar grouping of variables reveal insight or unknown answers (e.g., identifying customers in certain geographic areas).
3. Association discovers links between two items. Finds hidden patterns in data.
4. Sequencing - data mining technique that looks at sequential patterns

Question 196

What are the advantages of a centralized network design?

Answer 196

It enables an organization to exert greater control over its IT environment.

Question 197

What are the advantages of a decentralized network design (or distributed data processing (DDS))?

Answer 197

1) it enhances user satisfaction by allowing users to control the resources that influence their profitability
2) It reduces costs by allowing data to be entered and edited locally
3) It provides the ability to back up computing facilities to protect against potential hazards such as fires and flood.

Question 198

What is scalability?

Answer 198

Organizations can buy only the capabilities and storage that they currently need but can contract for expansion as organizational needs evolve. Two types of scalability:
1) Vertical scalability
2) Horizontal scalability

Question 199

What is vertical scalability?

Answer 199

It refers to increasing processing power and speed

Question 200

What is horizontal scalability?

Answer 200

It refers to increasing storage size

Question 201

What is the command in SQL that retrieves the unique data from a table?

Answer 201

SELECT DISTINCT

Question 202

What is Platform as a Service (PaaS)?

Answer 202

PaaS provide a platform for developers to build and deploy applications using pre-configured services, such as databases, messaging, and authentication

Question 203

What is a transaction processing system (TPS)?

Answer 203

TPS is a system used for performing daily business transactions such as sales or orders from customers. Payroll system is also an example of a TPS.

Question 204

What is the primary purpose of a data dictionary in a database management system?

Answer 204

The primary purpose of a data dictionary is to store metadata that describes the data elements, their definitions, relationships, data types, constraints, and other characteristics within a database.