BEC Custom 9 Flashcards
Risk
possibility of loss or other unfavorable outcome that results from uncertainty inherent in future events
Business Risk
- the broad, macro-risk a firm faces largely as a result of the relationship between the nature of the firm and the nature of its environment
Diversifiable risk (also Unsystematic or Firm-specific)
- elements of risk that can be eliminated through diversification of investments
Non-diversifiable risk (Systematic or Market-related risk)
- elements of risk that can’t be eliminated through diversification of investments
EBIT
- earnings before interest and taxes
- measures the results of a firm’s operating activities, except debt financing
Financial risk
- common shareholders’ risk that result from the use of debt financing and preferred stock which require payment before common shareholders receive a return on investment
Default risk
Risk that the issuer of a security will not be able to make future interest and/or principal payments; the risk that the issuer may default on its obligation
Interest rate risk
- risk that increases in market rate of interest will decrease the value of outstanding debt
Inflationary (also purchasing power) risk
- risk that a rise in general price levels (inflation) will result in a reduction in the purchasing power of a fixed sum of money
Liquidity (also Marketability) risk
Risk that an asset can’t be readily sold at fair value for cash
Political risk
Risk associated with operations in a foreign country that has different political, governmental, cultural, ethical, market structure, or other socio-political elements than a firm’s domestic market
What is the purpose of COBIT?
- align IT and business goals/strategies
- link business risks, control needs & IT
- common language for users, auditors, management and business process owners in identifying risks and structuring controls
What are the basic elements of the COBIT framework?
- IT resources
- monitor and evaluate
- deliver and support
- acquire and implement
- plan and organize
What is the COBIT focus?
IT controls and processes
What is the focus of COSO?
organizational controls and processes
What is the goal of a Enterprise Resource Planning System (ERP)?
- to integrate management support, knowledge work support, and operational support into one system
Online Transaction Processing System (OLTP)
- include core business functions - sales, production, purchasing, payroll, financial reporting, etc.
Online Analytical processing system (OLAP)
- data warehouse and data mining capabilities within ERP
Infrastructure as a Service (IaaS)
- access to virtual hardware
- e.g. Amazon Web Services & Carbonite
Platform as a Service (PaaS)
Access operating system and related services including development
Software as a Service (SaaS)
Access software
- e.g. Office 365, Google Docs
Cold Site
- off-site location with electrical and other physical requirements for processing
- no equipment or files
- 1-3 days start-up
- Cheaper
Warm Site
- off-site location with similar computer hardware
- does not include backed up data
- more $
Hot Site
- completely equipped including data
- near-immediate (within hours) operation
- Big $$$
Mirrored Site
- fully redundant, fully staffed, fully equipped
- real-time replication of mission critical systems
BRM
Business risk management
BCP
Business continuity planning
OCP
organizational continuity plan
- process of risk assessment, contingency planning, and long-term continuity maintenance
BIA
- business impact analysis
- risk analysis portion of BCP
What are the three important functions of an information technology department?
- development
- admin and programming
- operations
Applications Development
- create and maintain applications
- for safety, done in a test environment
- use “nonlive” copies of programs
- when tested and approved, put into use “live”
- duty = safeguarding (future) “assets”: application programs and systems in development
Systems Analysts
- analyze and design new systems
- lead teams of programmers
- partner with end users to define problems and solutions
Application programmers
- write application programs
System administrators
- duty = authorize events (access)
System programmers
- maintain operating systems and related hardware
- segregation of duties - must not have access to application programs or data files
Data control clerk
- control document flows; schedule batches for data entry and editing; reconcile control totals
Computer operators
- operate the mainframe computer
- load program and data files, run programs (execute transactions)
File Librarian
- maintain files and data that are not online in the file library
- check files in and out to support scheduled jobs
What are the four roles in the systems development life-cycle (SDLC)?
- IT Steering Committee
- Lead Systems Analyst
- Systems Analysts & Application Programmers
- End users
IT Steering Committee
- review, approve, and prioritize systems development proposals
- include members from IT department and functional user areas
Lead Systems Analyst
- manages development team(s) and projects
- direct contact with end users
- usually responsible for developing overall programming logic and functionality
Source Program Library Management System (SPLMS)
- software and instructions for people
- for new or changed programs, manages migration from application development test environment to production library
- controls and validates program changes by comparing new to old code
What are the 4 functions of the SPLMS?
- store programs in the source program library
- retrieve programs for updating and maintenance
- delete obsolete programs
- audit trail - document program changes
System Documentation
- overview of program, data files, processing logic, interactions with other programs and systems
- may include requirements, architecture, and design
Program Documentation
- detailed descriptions of inputs, logic, and outputs
- includes program flowcharts, source code listings, record layouts
Operator Documentation
- also called “run manual”
- how to load and execute programs and data
- includes needed equipment, files, supplies, commands, and error messages
