BEC 7 - Information & Technology Flashcards
What are the 5 types of Management Reporting Systems?
(Mgmt Info,Decision Support,Expert,Executive Supp,Analytical Processing)
-
Management Information System (MIS)
- An organized assembly of resources & procedures required to collect, process, & distribute data for use in decision making
-
Decision Support System (DSS)
- An interactive system that provides decision models & data to help the decision making
-
Expert System
- Software system with AI, once input is provided, system provides recommendations to the problem
-
Executive Support Information System
- Systems designed specifically to support executive work (helps answers questions regarding competitors & new aquisitions)
-
Analytical Processing System
- Software that enables user to ask questions & retrieve data
Systems Development Life Cycle Approach (SDLC)
(7 Steps)
(Feasibility,Req,Software Selection,Config,Final Testing,Post Implementation,Maint)
SDLC - An approach for analyzing whether or not to develop & implement new information & control system, consisting of 7 steps:
-
Feasibility Study
- whether it makes economic or practical sense to develop & implement a new system
-
Requirement Definition
- identifying & defining the problem/inefficiency that is expected to be improved
-
Software Selection
- purchases systems or systems developed inhouse
-
Configuration & Development
- confuguration of purchased system, or development of inhouse internal system created
- Final Testing & Implementation
-
Post Implementation
- evaluation of performance, such as ROI
- Maintenance
Transactional Processing
What are the two types?
Transactional Processing - The electronic processing of tranactions , which can be accomplished using either:
-
Online Transaction Processing (OLTP)
- Immediately
- Real time, records are up to date
-
Batch Processing
- Involves gathering information & then entering transactions in a group
- Greater control of input process
- more verifiability
- Associated with DELAY
Networks
Centralized Processing
vs.
Distributed Processing
Network - where computers are connected to one another to enable sharing of peripherial devices, sharing data, & programs stored on a file server. Networks allow various user departments to share information files maintained in databases.
- Centralized Processing - All activities take place on one computer.
- Distributed Processing - Use of multiple computers with in some cases, each computer is designated with a different task or, in other cases, all working on similar tasks distributing the volume.
Network Configurations
WAN, LAN, VAN
The linking of computers may be done in different ways using different Network Configurations:
- Local Area Networks (LAN) - Communication networks that serve several users within a specified geographical area.
- Wide Area Networks (WAN) - A network connecting users that are located in different remote locations
- Value-Added Network (VAN) - A network connecting users from different companies together. As a result, it is necessary to have extensive security measures. (Whenever a network allows one computer to initiate an action that will have an affect on another, it is know as VAN)
Computer Network Topology
What are the 5 types of computer Topography?
Topology refers to the shape of a network or a network’s layout. Examples are:
- Bus - linear
- Star - attached to a central network
- Ring - configured sequentially
- Tree - group of stars
- Mesh - many redundant connections
Network Group/Size
Intranet
Extranet
Internet
Intranet is a network that is limited to the computers of a single company.
Extranet (like intranet) is primarily for users within a single company, but select customers & vendors are able to participate.
Internet is a world wide network that allows virtually any computer system to link to it by a way of electronic gateway.
Enterprise Resource Planning (ERP)
Enterprise Resource Planning (ERP) - A packaged business computer software that allows an entity to automate & integrate a majority of its business processes. Examples are:
- SAP
- Oracle Financials
- JD Edwards
World Wide Web - Languages
Hypertext Transfer Protocol (HTTP)
Transmission Control Protocol or Internet Protocol (TCP/IP)
Hyper Text Markup Language (HTML)
Extensible Business Reporting Language (XBRL)
HTTP - the language commonly understood by diferrent computers to communicate via internet.
TCP/IP - an IP is a unique computer address.
HTML - specialized programming languages used to create websites.
Extensible Business Reporting Language (XBRL) is a global standard language specifically designed for the electronic communication of business information & FINANCIAL DATA.
Electronic Data Interchange (EDI)
What are the 3 special considerations?
Electronic Data Interchange (EDI) is the electronic interchange of business information using a standardized format; a process which allows one company to send information to another company electronically rather than with paper.
There are special considerations relating to EDI:
- Strict Standards are needed for the form of data.
- Translation Software by each computer so data can be converted on both ends of the customer/supplier.
- Unauthorized Access to company transmissions arise requiring encryptions & firewalls.
Challenges for Auditors regarding EDI
What are the 4 challenges?
EDI adds to the complexity of Auditing as EDI enables:
- Communication w/o the use of paper (no audit trail)
- EFTs & sales over the internet
- Simplication of recording process using scanning devices
- Sending info to trading partners as transactions occur
EDI also creates special challenges for the audit as the reduction of paper trail is associated with EDI.
- detection risk may not be sufficiently reduced through substantive testing
- control risk must be reduced to adequately acieve an acceptable level of audit risk
- controls must be built into systems to insure validity of information captured
Computer/Internet Risks
Virus
Trojan Horse
Worm
Hoax Virus
Killer Application
Phishing
Virus - a program with the ability to reproduce by modifying other programs to include a copy of itself.
Trojan Horse - is a purposefully hidden malicious or damaging code within an authorized computer program.
Worm - a program that duplicates itself over a network so as to infect many computers with viruses.
Hoax Virus - a widely distributed e-mail message warning of a virus that doesn’t exist.
Killer Application - simply refers to a program that is extremely useful, & is not anything dangerous.
Phishing - is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private info that will be used for identity theft.
Size & Power of Computers
Supercomputers
Minicomputers
Microcomputers
Personal Digital Assistants
- Supercomputers - common for massive scale needs by science & math departments of universities & governmental operations
- Minicomputers - the only computer a large organization might have, with several terminals having the ability to connect to it simultaneously
- Microcomputers - personal computers, laptops or desktops
- Personal Digital Assistants - handheld computers, cell phone, ipad
Programming Language
Source Program
Object Program
Compiler
Protocol
Query Program
- Source Program - language written by the programmer, resembles the english language
- Object Program - language in a form the machine understands
- Compiler - a program that converts source programs into machine language
- Protocol - rules determining the required format & methods for transmissions of data
- Query Program - an application that counts, sums, & retrieves items from a database based on user criteria
- Fourth Generation Program Language (4GL) - are commonly used in the development of business applications, and are distinguised by ther use of “natural language” commands making them self-documenting.
- 2 Popular Programming Language
- C++
- JAVA
Data Structure
Bit>Byte>Character>Field>Record>File>Database
TESTED
Data Structure refers to the relationships among files in the database & among data items within each file.
- Bit - A single switch is either 1 or 0
- Byte - A group of 8 bits representing a character
- Character - A letter, number, punctuation mark
- Field - a group of related characters representing a unit of information (column)
- Record - a collection of related info, many fields (rows)
- File - a group of related records
- Database - a collection of files
Database Management Systems (DBMS)
What is Data Mining?
DBMS is a software system that controls the organization, storage, & retrieval of data in a database.
- Correct! The primary function of a database management system (DBMS) is its ability to access, summarize, create and modify information contained in an electronic database.
Data Mining - program/tool that looks for trends or anomalies.
Organizations of an IT Environgment
Systems Development & Maintenance Personnel
(System Analyst,Application Programmer,Database Administrator)
Systems might include the following:
System Analyst - designs the information system using system flowcharts & other tools & prepares specifications for application programers , as well as acting as an intermediary between the users & programmers.
Application Programmer - writes, tests, & debugs programs that will be used in the system
Database Administrator - individual/department responsible for the security & information classification of shared data stored on a database system. this responsibility includes the design, definition, & maintenance of the database.
Organization of an IT Environment
Operations in an IT Function Personnel
(Data Ctrl Clerk,Data Ctrl Dept,Computer Operator,Librarians)
Data Control Clerk- schedules jobs for the cumputer & manages the distribution of reports & other inputs. Also involved with coding activities.
Data Control Department - responsible for collecting data for input into a batch processing operation.
Computer Operator - a person who operates a computer in a data center & perform activities such as commanding the operating system, mounting disks & tapes, & placing paper in the printer.
Librarians - individuals responsible for safeguarding & maintaining all program & data files.
Controls
What are the 2 broad types of Controls?
Controls - in an operation of computer systems, management must focus on two broad types of controls:
- General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
- Application Controls - these are specific to individual programs & uses of the system.
General Controls
What are the 5 elements of General Control?
(Personnel,File Security,Contingency Planning,Computer Facilities,Acces Ctrls)
General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
-
Personnel Policies
- Control Clerks & Librarians
- Has Custody responsibilities
- Data Input Clerks & Computer Operators
- Has Recording responsibilities
- System Analysts & Programmers
- Has Authorization responsibilties
- Control Clerks & Librarians
-
File Security
- Back Up
- Grandfather/father/son retention system
- Lock Out
- Read-Only
- Back Up
-
Contingency Planning
- Hot Site (computers ready to go)
- Cold Site (no computer waiting)
- Mirrored Web Server - off site
- Documentation - if no segregation of duties
- Hardware Controls
- Parity Check - counts the number of bits/characters
- Echo Check - sends back to originator for check/confirmation of correct info
- Computer Facilities - Fire/Insurance
- Access Controls - biometrics
Application
(Program Controls)
Application Controls - specific to individual programs & users
- Inputs
- Field Checks -Data is validated to correvct length, character types, format (valid Lic#)
- Validity Check - Compared with acceptable entries (valid SS#)
- Limit Test - SS #s not greater than 9
- Check Digits - identification numbers based on formula
- Financial Total
- Record Conts
- Hash - A meaning less total
- Non financial Totals
- Edit Checks - Verify that each individual entry is appropriate & generates a list of rejected transactions.
- Processing
- Systems & software documentation
- Error-checking compiler
- Test Data
- Change Control measures
- System Testing
- User Acceptance Testing
- Output
- Distribution lists
- Shredders
- System testing
Contingency Planning
(General Controls)
Contingency Planning refers to controls that are designed to protect information from accidental or intentional destruction or unauthorized alteration. This includes:
-
Backup & Planned Downtime Controls - copies of files & programs are mainted.
- Grandfather-Father-Son retention system.
- Checkpoint - system make copies at certain checkpoints
-
Business Continuity & Disaster Recover - able to operate incase of distasters.
- Hot Site - Computers & Data are ready
- Cold Site - Available space, but not ready
- Mirrored Web Server - particularly for an e-commerce
General Controls
Personnel Policies - Segregation of Duties (ARC)
Personnel Policies - the Segregation of Duties amoung the IT personnel (ARC).
- Control Clerks & Librarians
- Has Custody responsibilities
- Data Input Clerks & Computer Operators
- Has Recording responsibilities
- System Analysts & Programmers
- Has Authorization responsibilties
General Controls
Contingency Planning
(Hot Site vs. Cold Site)
Contingency Planning - Being prepared for a computer failure or loss of data through backup & planned downtime controls, and business contingency & disaster recover plans.
- Hot Site (computers ready to go)
- Cold Site (no computer waiting)
- Mirrored Web Server - off site
General Controls
Hardware Controls
(Parity Check vs. Echo Check)
Hardware Controls - are instructions “hard-wired” into equipment by making the manufacturer designed to make certain that data is in a form that can be appropriately readable by the computer to avoid the processing of erroneous data.
- Parity Check - a hardware control that makes certain that each byte has either an odd or even number of bits in the “1” or “on” position, depending on whether the machine is desinged as odd or even parity.
- Echo Check - a hardware control that sends back data to originator for check/confirmation of correct info.
Application Controls
What are the 3 elements?
Application Controls - designed to make certain that input data is accurate & reliable, including field checks, validity checks, limit tests, & check digits. The three elements are:
- Input
- Processing
- Output
Application Control - Types of Input Controls
Field Checks
Validity Checks
Limit Tests
Check Digits
Hash Total
- Field Checks - data is validated as to correct length, character types, & format accepted
-
Validity Checks - data is compared with a list of acceptable entries to be sure it matches one of them.
- Example: Two-letter state abbreviation
-
Limit Tests - numbers are compared to limits
- Example: SS’s not greater than 9
- Check Digits - Identification characters are often designed so that one of the characters is based on a formula applied.
- Hash Total - The total of values which cannot be meaningful if added together.
eXtensible Business Reporting Language (XBRL)
What are 4 important points?
Extensible Business Reporting Language (XBRL) is a global standard language specifically designed for the electronic communication of business information & FINANCIAL DATA/Financial Statements.
- XBRL can handle data in different languages
- XBRL is built upon the XML
- The SEC mandated that all public companies must file Financial Statments in XBRL
- Her Magesty’s Revenue & Customs (HMRC), the department of British Gov’t responsible for the collection of taxes, mandated all corporations’ tax submission use iXBRL.
Computer Assisted Audit Techniques
(CAATs)
(5)
Audit techniques that can be applied to larger samples and, in some cases, entire popluations of data through the use of computer enabling the auditor to obtain audit evidence more efficiently. These includes
- Test Data Approach
- Controlled Reprocessing
- Integrated Test Facility Approach
- Transaction Tagging
- Parallel Simulation
Test Data Approach
An audit technique involving the use of data supplied by auditor being processed by client’s programs enabling the auditor to determine if outcomes match expectations & if all errors included in the data were properly identified & addressed by the client’s software.
Controlled Reprocessing
An audit technique involving the use of the auditor’s computers to run the client’s data using the client’s programs to make certain that the results are the same as those derived by the client & verifying that all data given to the auditor represents all data processed by the client.
Integrated Test Facility Approach
An audit technique in which data developed by the auditor is processed by the client’s programs as if it related to a separate division to determine if the client’s software provides the results tha the auditor knows should be reported.
Transaction Tagging
An audit technique that involves flagging specific client transactions with some type of tag & tracing the processing of them through the client’s programs to determine if the programs are processing the transactions correctly.
Parallel Simulation
An audit technique in which the client’s data is processed using the auditor’s programs to determine if the results are the same as those reported by the client.
What are the two risk of major concern to the Auditor regarding Audit of a company that has IT systems?
(Audit Trail & Unauthorized Access)
Unauthorized Access to a computer system can cause more damage to the accounting system as a whole more than in a manual system where it is difficult for one person to access all the different records of the system.
Audit Trail is an electronically visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source. It is important for the following reasons:
- Allows for monitoring of activities
- Providing a deterrent to fraud
- Making it possible to answer queries by examining the source data.
Trust Services
Webtrust Services
vs.
Systrust Services
Trust Services are governed by SSAE & represent attest engagements in which a CPA assesses a clients commercial interet site & reports on whether the system meets certain principles. Examples are:
- Webtrust Services - A service provided by accountants designed to provide assurance about the existance of companies doing business on the Internet & about the reliability of key business information on its website.
- Sys Trust Services - A service provided by accountants desiged to provide assurance about the ability of an entity’s data processing system to maintain information secure, private, & confidential & about its ability to provide assurance about the integrity of the processing of the data.
Control Objective for Information & Related Technology
COBIT - 5
-
Meeting Stakeholder Needs - Bring value to stakeholders
- Financial
- Customer
- Internal
- Learning & Growth
-
End-to-end Application
- adresses the mgmt & governance of IT
- Development of a Single Integrated Framework
- Enabling a Holistic Approach
- Separating Governance from Management
E-Cash
The use of E-Cash allows a customer to pay for goods or services from a website while maintaining financial privacy. E-cash is designed to allow payments through an intermediary (PAYPAL) such that the transmission of sensitive credit or bank account information is not required.
What are some examples of artificial intelligence information systems?
- Neural Networks
- Cased-based reasoning systems
- Intelligent Agents
A fast growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?
a. Analysis.
b. Implementation.
c. Testing.
d. Design.
You answered correctly
Correct! The systems development life cycle has seven steps as follows: (1) the planning phase (2) the analysis phase; (3) the design phase; (4) the development phase (5) the testing phase (6) the implementation phase; and (7) the maintenance phase. The analysis phase would come before the implementation, testing and design phases.
