BEC 7 - Information & Technology

Question 1

What are the 5 types of Management Reporting Systems?

_{(Mgmt Info,Decision Support,Expert,Executive Supp,Analytical Processing)}

Answer 1

• Management Information System (MIS)
  
  • An organized assembly of resources & procedures required to collect, process, & distribute data for use in decision making
• Decision Support System (DSS)
  
  • An interactive system that provides decision models & data to help the decision making
• Expert System
  
  • Software system with AI, once input is provided, system provides recommendations to the problem
• Executive Support Information System
  
  • Systems designed specifically to support executive work (helps answers questions regarding competitors & new aquisitions)
• Analytical Processing System
  
  • Software that enables user to ask questions & retrieve data

Question 2

Systems Development Life Cycle Approach (SDLC)

(7 Steps)

_{(Feasibility,Req,Software Selection,Config,Final Testing,Post Implementation,Maint)}

Answer 2

SDLC - An approach for analyzing whether or not to develop & implement new information & control system, consisting of 7 steps:

1. Feasibility Study
   
   • whether it makes economic or practical sense to develop & implement a new system
2. Requirement Definition
   
   • identifying & defining the problem/inefficiency that is expected to be improved
3. Software Selection
   
   • purchases systems or systems developed inhouse
4. Configuration & Development
   
   • confuguration of purchased system, or development of inhouse internal system created
5. Final Testing & Implementation
6. Post Implementation
   
   • evaluation of performance, such as ROI
7. Maintenance

Question 3

Transactional Processing

What are the two types?

Answer 3

Transactional Processing - The electronic processing of tranactions , which can be accomplished using either:

• Online Transaction Processing (OLTP)
  
  • Immediately
  • Real time, records are up to date
• Batch Processing
  
  • Involves gathering information & then entering transactions in a group
  • Greater control of input process
    
    • more verifiability
  • Associated with DELAY

Question 4

Networks

Centralized Processing

vs.

Distributed Processing

Answer 4

Network - where computers are connected to one another to enable sharing of peripherial devices, sharing data, & programs stored on a file server. Networks allow various user departments to share information files maintained in databases.

• Centralized Processing - All activities take place on one computer.
• Distributed Processing - Use of multiple computers with in some cases, each computer is designated with a different task or, in other cases, all working on similar tasks distributing the volume.

Question 5

Network Configurations

WAN, LAN, VAN

Answer 5

The linking of computers may be done in different ways using different Network Configurations:

• Local Area Networks (LAN) - Communication networks that serve several users within a specified geographical area.
• Wide Area Networks (WAN) - A network connecting users that are located in different remote locations
• Value-Added Network (VAN) - A network connecting users from different companies together. As a result, it is necessary to have extensive security measures. (Whenever a network allows one computer to initiate an action that will have an affect on another, it is know as VAN)

Question 6

Computer Network Topology

What are the 5 types of computer Topography?

Answer 6

Topology refers to the shape of a network or a network’s layout. Examples are:

1. Bus - linear
2. Star - attached to a central network
3. Ring - configured sequentially
4. Tree - group of stars
5. Mesh - many redundant connections

Question 7

Network Group/Size

Intranet

Extranet

Internet

Answer 7

Intranet is a network that is limited to the computers of a single company.

Extranet (like intranet) is primarily for users within a single company, but select customers & vendors are able to participate.

Internet is a world wide network that allows virtually any computer system to link to it by a way of electronic gateway.

Question 8

Enterprise Resource Planning (ERP)

Answer 8

Enterprise Resource Planning (ERP) - A packaged business computer software that allows an entity to automate & integrate a majority of its business processes. Examples are:

• SAP
• Oracle Financials
• JD Edwards

Question 9

World Wide Web - Languages

Hypertext Transfer Protocol (HTTP)

Transmission Control Protocol or Internet Protocol (TCP/IP)

Hyper Text Markup Language (HTML)

Extensible Business Reporting Language (XBRL)

Answer 9

HTTP - the language commonly understood by diferrent computers to communicate via internet.

TCP/IP - an IP is a unique computer address.

HTML - specialized programming languages used to create websites.

Extensible Business Reporting Language (XBRL) is a global standard language specifically designed for the electronic communication of business information & FINANCIAL DATA.

Question 10

Electronic Data Interchange (EDI)

What are the 3 special considerations?

Answer 10

Electronic Data Interchange (EDI) is the electronic interchange of business information using a standardized format; a process which allows one company to send information to another company electronically rather than with paper.

There are special considerations relating to EDI:

1. Strict Standards are needed for the form of data.
2. Translation Software by each computer so data can be converted on both ends of the customer/supplier.
3. Unauthorized Access to company transmissions arise requiring encryptions & firewalls.

Question 11

Challenges for Auditors regarding EDI

What are the 4 challenges?

Answer 11

EDI adds to the complexity of Auditing as EDI enables:

1. Communication w/o the use of paper (no audit trail)
2. EFTs & sales over the internet
3. Simplication of recording process using scanning devices
4. Sending info to trading partners as transactions occur

EDI also creates special challenges for the audit as the reduction of paper trail is associated with EDI.

• detection risk may not be sufficiently reduced through substantive testing
• control risk must be reduced to adequately acieve an acceptable level of audit risk
• controls must be built into systems to insure validity of information captured

Question 12

Computer/Internet Risks

Virus

Trojan Horse

Worm

Hoax Virus

Killer Application

Phishing

Answer 12

Virus - a program with the ability to reproduce by modifying other programs to include a copy of itself.

Trojan Horse - is a purposefully hidden malicious or damaging code within an authorized computer program.

Worm - a program that duplicates itself over a network so as to infect many computers with viruses.

Hoax Virus - a widely distributed e-mail message warning of a virus that doesn’t exist.

Killer Application - simply refers to a program that is extremely useful, & is not anything dangerous.

Phishing - is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private info that will be used for identity theft.

Question 13

Size & Power of Computers

Supercomputers

Minicomputers

Microcomputers

Personal Digital Assistants

Answer 13

• Supercomputers - common for massive scale needs by science & math departments of universities & governmental operations
• Minicomputers - the only computer a large organization might have, with several terminals having the ability to connect to it simultaneously
• Microcomputers - personal computers, laptops or desktops
• Personal Digital Assistants - handheld computers, cell phone, ipad

Question 14

Programming Language

Source Program

Object Program

Compiler

Protocol

Query Program

Answer 14

• Source Program - language written by the programmer, resembles the english language
• Object Program - language in a form the machine understands
• Compiler - a program that converts source programs into machine language
• Protocol - rules determining the required format & methods for transmissions of data
• Query Program - an application that counts, sums, & retrieves items from a database based on user criteria
• Fourth Generation Program Language (4GL) - are commonly used in the development of business applications, and are distinguised by ther use of “natural language” commands making them self-documenting.
• 2 Popular Programming Language
  
  • C++
  • JAVA

Question 15

Data Structure

Bit>Byte>Character>Field>Record>File>Database

TESTED

Answer 15

Data Structure refers to the relationships among files in the database & among data items within each file.

• Bit - A single switch is either 1 or 0
• Byte - A group of 8 bits representing a character
• Character - A letter, number, punctuation mark
• Field - a group of related characters representing a unit of information (column)
• Record - a collection of related info, many fields (rows)
• File - a group of related records
• Database - a collection of files

Question 16

Database Management Systems (DBMS)

What is Data Mining?

Answer 16

DBMS is a software system that controls the organization, storage, & retrieval of data in a database.

• Correct! The primary function of a database management system (DBMS) is its ability to access, summarize, create and modify information contained in an electronic database.

Data Mining - program/tool that looks for trends or anomalies.

Question 17

Organizations of an IT Environgment

Systems Development & Maintenance Personnel

(System Analyst,Application Programmer,Database Administrator)

Answer 17

Systems might include the following:

System Analyst - designs the information system using system flowcharts & other tools & prepares specifications for application programers , as well as acting as an intermediary between the users & programmers.

Application Programmer - writes, tests, & debugs programs that will be used in the system

Database Administrator - individual/department responsible for the security & information classification of shared data stored on a database system. this responsibility includes the design, definition, & maintenance of the database.

Question 18

Organization of an IT Environment

Operations in an IT Function Personnel

(Data Ctrl Clerk,Data Ctrl Dept,Computer Operator,Librarians)

Answer 18

Data Control Clerk- schedules jobs for the cumputer & manages the distribution of reports & other inputs. Also involved with coding activities.

Data Control Department - responsible for collecting data for input into a batch processing operation.

Computer Operator - a person who operates a computer in a data center & perform activities such as commanding the operating system, mounting disks & tapes, & placing paper in the printer.

Librarians - individuals responsible for safeguarding & maintaining all program & data files.

Question 19

Controls

What are the 2 broad types of Controls?

Answer 19

Controls - in an operation of computer systems, management must focus on two broad types of controls:

• General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
• Application Controls - these are specific to individual programs & uses of the system.

Question 20

General Controls

What are the 5 elements of General Control?

_{(Personnel,File Security,Contingency Planning,Computer Facilities,Acces Ctrls)}

Answer 20

General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.

1. Personnel Policies
   
   • Control Clerks & Librarians
     
     • Has Custody responsibilities
   • Data Input Clerks & Computer Operators
     
     • Has Recording responsibilities
   • System Analysts & Programmers
     
     • Has Authorization responsibilties
2. File Security
   
   • Back Up
     
     • Grandfather/father/son retention system
   • Lock Out
   • Read-Only
3. Contingency Planning
   
   • Hot Site (computers ready to go)
   • Cold Site (no computer waiting)
   • Mirrored Web Server - off site
   • Documentation - if no segregation of duties
   • Hardware Controls
     
     • Parity Check - counts the number of bits/characters
     • Echo Check - sends back to originator for check/confirmation of correct info
4. Computer Facilities - Fire/Insurance
5. Access Controls - biometrics

Question 21

Application

(Program Controls)

Answer 21

Application Controls - specific to individual programs & users

1. Inputs
   
   • Field Checks -Data is validated to correvct length, character types, format (valid Lic#)
   • Validity Check - Compared with acceptable entries (valid SS#)
   • Limit Test - SS #s not greater than 9
   • Check Digits - identification numbers based on formula
   • Financial Total
   • Record Conts
   • Hash - A meaning less total
   • Non financial Totals
   • Edit Checks - Verify that each individual entry is appropriate & generates a list of rejected transactions.
2. Processing
   
   • Systems & software documentation
   • Error-checking compiler
   • Test Data
   • Change Control measures
   • System Testing
   • User Acceptance Testing
3. Output
   
   • Distribution lists
   • Shredders
   • System testing

Question 22

Contingency Planning

(General Controls)

Answer 22

Contingency Planning refers to controls that are designed to protect information from accidental or intentional destruction or unauthorized alteration. This includes:

• Backup & Planned Downtime Controls - copies of files & programs are mainted.
  
  • Grandfather-Father-Son retention system.
• Checkpoint - system make copies at certain checkpoints
• Business Continuity & Disaster Recover - able to operate incase of distasters.
  
  • Hot Site - Computers & Data are ready
  • Cold Site - Available space, but not ready
  • Mirrored Web Server - particularly for an e-commerce

Question 23

General Controls

Personnel Policies - Segregation of Duties (ARC)

Answer 23

Personnel Policies - the Segregation of Duties amoung the IT personnel (ARC).

• Control Clerks & Librarians
  
  • Has Custody responsibilities
• Data Input Clerks & Computer Operators
  
  • Has Recording responsibilities
• System Analysts & Programmers
  
  • Has Authorization responsibilties

Question 24

General Controls

Contingency Planning

(Hot Site vs. Cold Site)

Answer 24

Contingency Planning - Being prepared for a computer failure or loss of data through backup & planned downtime controls, and business contingency & disaster recover plans.

• Hot Site (computers ready to go)
• Cold Site (no computer waiting)
• Mirrored Web Server - off site

Question 25

General Controls

Hardware Controls

(Parity Check vs. Echo Check)

Answer 25

Hardware Controls - are instructions “hard-wired” into equipment by making the manufacturer designed to make certain that data is in a form that can be appropriately readable by the computer to avoid the processing of erroneous data.

• Parity Check - a hardware control that makes certain that each byte has either an odd or even number of bits in the “1” or “on” position, depending on whether the machine is desinged as odd or even parity.
• Echo Check - a hardware control that sends back data to originator for check/confirmation of correct info.

Question 26

Application Controls

What are the 3 elements?

Answer 26

Application Controls - designed to make certain that input data is accurate & reliable, including field checks, validity checks, limit tests, & check digits. The three elements are:

1. Input
2. Processing
3. Output

Question 27

Application Control - Types of Input Controls

Field Checks

Validity Checks

Limit Tests

Check Digits

Hash Total

Answer 27

• Field Checks - data is validated as to correct length, character types, & format accepted
• Validity Checks - data is compared with a list of acceptable entries to be sure it matches one of them.
  
  • Example: Two-letter state abbreviation
• Limit Tests - numbers are compared to limits
  
  • Example: SS’s not greater than 9
• Check Digits - Identification characters are often designed so that one of the characters is based on a formula applied.
• Hash Total - The total of values which cannot be meaningful if added together.

Question 28

eXtensible Business Reporting Language (XBRL)

What are 4 important points?

Answer 28

Extensible Business Reporting Language (XBRL) is a global standard language specifically designed for the electronic communication of business information & FINANCIAL DATA/Financial Statements.

• XBRL can handle data in different languages
• XBRL is built upon the XML
• The SEC mandated that all public companies must file Financial Statments in XBRL
• Her Magesty’s Revenue & Customs (HMRC), the department of British Gov’t responsible for the collection of taxes, mandated all corporations’ tax submission use iXBRL.

Question 29

Computer Assisted Audit Techniques

(CAATs)

(5)

Answer 29

Audit techniques that can be applied to larger samples and, in some cases, entire popluations of data through the use of computer enabling the auditor to obtain audit evidence more efficiently. These includes

• Test Data Approach
• Controlled Reprocessing
• Integrated Test Facility Approach
• Transaction Tagging
• Parallel Simulation

Question 30

Test Data Approach

Answer 30

An audit technique involving the use of data supplied by auditor being processed by client’s programs enabling the auditor to determine if outcomes match expectations & if all errors included in the data were properly identified & addressed by the client’s software.

Question 31

Controlled Reprocessing

Answer 31

An audit technique involving the use of the auditor’s computers to run the client’s data using the client’s programs to make certain that the results are the same as those derived by the client & verifying that all data given to the auditor represents all data processed by the client.

Question 32

Integrated Test Facility Approach

Answer 32

An audit technique in which data developed by the auditor is processed by the client’s programs as if it related to a separate division to determine if the client’s software provides the results tha the auditor knows should be reported.

Question 33

Transaction Tagging

Answer 33

An audit technique that involves flagging specific client transactions with some type of tag & tracing the processing of them through the client’s programs to determine if the programs are processing the transactions correctly.

Question 34

Parallel Simulation

Answer 34

An audit technique in which the client’s data is processed using the auditor’s programs to determine if the results are the same as those reported by the client.

Question 35

What are the two risk of major concern to the Auditor regarding Audit of a company that has IT systems?

(Audit Trail & Unauthorized Access)

Answer 35

Unauthorized Access to a computer system can cause more damage to the accounting system as a whole more than in a manual system where it is difficult for one person to access all the different records of the system.

Audit Trail is an electronically visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source. It is important for the following reasons:

• Allows for monitoring of activities
• Providing a deterrent to fraud
• Making it possible to answer queries by examining the source data.

Question 36

Trust Services

Webtrust Services

vs.

Systrust Services

Answer 36

Trust Services are governed by SSAE & represent attest engagements in which a CPA assesses a clients commercial interet site & reports on whether the system meets certain principles. Examples are:

• Webtrust Services - A service provided by accountants designed to provide assurance about the existance of companies doing business on the Internet & about the reliability of key business information on its website.
• Sys Trust Services - A service provided by accountants desiged to provide assurance about the ability of an entity’s data processing system to maintain information secure, private, & confidential & about its ability to provide assurance about the integrity of the processing of the data.

Question 37

Control Objective for Information & Related Technology

COBIT - 5

Answer 37

1. Meeting Stakeholder Needs - Bring value to stakeholders
   
   • Financial
   • Customer
   • Internal
   • Learning & Growth
2. End-to-end Application
   
   • adresses the mgmt & governance of IT
3. Development of a Single Integrated Framework
4. Enabling a Holistic Approach
5. Separating Governance from Management

Question 38

E-Cash

Answer 38

The use of E-Cash allows a customer to pay for goods or services from a website while maintaining financial privacy. E-cash is designed to allow payments through an intermediary (PAYPAL) such that the transmission of sensitive credit or bank account information is not required.

Question 39

What are some examples of artificial intelligence information systems?

Answer 39

• Neural Networks
• Cased-based reasoning systems
• Intelligent Agents

Question 40

A fast growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?

a. Analysis.
b. Implementation.
c. Testing.
d. Design.

Answer 40

You answered correctly

Correct! The systems development life cycle has seven steps as follows: (1) the planning phase (2) the analysis phase; (3) the design phase; (4) the development phase (5) the testing phase (6) the implementation phase; and (7) the maintenance phase. The analysis phase would come before the implementation, testing and design phases.