Ch 10

Question 1

The Processing Integrity principle of the Trust Services Framework states that

Answer 1

that a reliable system is one that produces information that is accurate, complete, timely, and valid.

if bad, then bad information, then bad decisions. garbage in garbage out

Question 2

what is a turnaround document

Answer 2

a
record of company data sent 
to an external party and then 
returned by the external party 
for subsequent input to the 
system. Can also be sued to update the other account(s)

Question 3

What is the significnace of prenumbering?

Answer 3

Prenumbering improves control by making it possible to verify that no documents are missing.

Question 4

The input control of Forms Design is entailed as

Answer 4

Source documents and other forms should be designed to minimize the
chances for errors and omissions. Two particularly important forms design controls involve
sequentially prenumbering source documents and using turnaround documents.

Question 5

Why should source documents be cancelled?

Answer 5

so they cannot be inadvertently or fraudulently
reentered into the system/ coounted twice.

Note: Cancellation does not mean disposal. Original source documents (or their electronic images) should be retained for as long as needed to
satisfy legal and regulatory requirements and provide an audit trail.

Question 6

What is a range check?

Answer 6

●A range check tests whether a numerical amount falls between predetermined lower and
upper limits. For example, a marketing promotion might be directed only to prospects
with incomes between $50,000 and $99,999.

Question 7

What is a limit check?

Answer 7

tests a numerical amount against a fixed value. For example, the
regular hours-worked field in weekly payroll input must be less than or equal to
40 hours. Similarly, the hourly wage field should be greater than or equal to the
minimum wage.

Question 8

What is the completeness check?

Answer 8

an
edit check that verifies that all
data required have been entered. Requireed field on Access, for example

Question 9

size check?

Answer 9

an edit check that
ensures the input data will fit
into the assigned field. specify the field length - field size on access

Question 10

What is a sign check

Answer 10

determines whether the data in a field have the appropriate arithmetic sign.
For example, the quantity-ordered field should never be negative. Validation rules also

Question 11

What is a validity check?

Answer 11

an edit test 
that compares the Id code or 
account number in transaction 
data with similar data in the 
master file to verify that the 
account exists. For example, if product 
number 65432 is entered on a sales order, the computer must verify that there is indeed a 
product 65432 in the inventory database. An example os when one is checking to see id numbers or check numbers are correct according to documents. Also validity rules

Question 12

What is a reasonableness test?

Answer 12

●A reasonableness test determines the correctness of the logical relationship between
two data items. For example, overtime hours should be zero for someone who has not
worked the maximum number of regular hours in a pay period.

Question 13

which control involves

recalculating the check digit to identify data entry errors.

Answer 13

check digit verification

Question 14

Example of hash total vs financial total (batch totals)

Answer 14

• in excel - sum of cells - financial totals
• hash - Same as above but something else - like employee ID NUMBERS - THEN ADD UP TO SEE IF match up with others. If off, maybe you pay someone twice. lookup

Question 15

What is promption?

Answer 15

●Prompting, in which the system requests each input data item and waits for an acceptable response, ensures that all necessary data are entered (i.e., prompting is an online
completeness check).

Eg - requring one to type in a value before leaving

Question 16

What are batch totals?

Answer 16

●Batch totals summarize numeric values for a batch of input records. The following are
three commonly used batch totals:
1. A financial total sums a field that contains monetary values, such as the total dollar
amount of all sales for a batch of sales transactions.
2. A hash total sums a nonfinancial numeric field, such as the total of the quantity-ordered field in a batch of sales transactions.
3. A record count is the number of records in a batch.

Question 17

In addition to user review of output and periodic reconciliation preocedures on balances/inventory, External Data Reconciliation is another output control. What is it?

Answer 17

●External data reconciliation. Database totals should periodically be reconciled with
data maintained outside the system. For example, the number of employee records in the payroll file can be compared with the total number of employees in the human resources database to detect attempts to add fictitious employees to the payroll database. Similarly,
inventory on hand should be physically counted and compared to the quantity on hand recorded in the database.

make sure your list and HR’s list, for eg, match. Finds ghost emplyoees. Also a surprise audit would confirm

Question 18

Controls in place to minimize risk of data transmission errors are

Answer 18

Data transmission controls. Transmission Control Protocol (TCP) in CH 8 is an example. It assigns a sequence number to each packet and uses that info to verdy all packets have been received or in correct orde.r Another is the thing that see’s is all bytes of an e–mail has been sent

Question 19

a data transmission
control that uses a hash of a file
to verify accuracy is a

Answer 19

Checksum. When data are transmitted, the sending device can calculate a hash of the
file, called a checksum. The receiving device performs the same calculation and sends
the result to the sending device. If the two hashes agree, the transmission is presumed
to be accurate. Otherwise, the file is resent.

Question 20

Data matching, a processing control, is what?

Answer 20

cases, two or more items of data must be matched before an
action can take place. For example, before paying a vendor, the system should verify that
information on the vendor invoice matches information on both the purchase order and
the receiving report.

Essentially - making sure all is right before executing order. three-way match on shipping. - all info right? received? paid for?

Question 21

File labels need to be checked to ensure that the correct and most current
files are being updated. What two important types of internal labels?

Answer 21

header record and trailer record.

The header
record is located at the beginning of each file and contains the file name, expiration
date, and other identification data. The trailer record is located at the end of the file; in
transaction files it contains the batch totals calculated during input.

Question 22

What is a transposition error?

Answer 22

ONLY when two numbers switch, an error 
that results when numbers 
in two adjacent columns are 
inadvertently exchanged (for 
example, 64 is written as 46).

Question 23

What is a parity bit, and what are they used for?

Answer 23

parity bit - an extra bit added
to every character; used to
check transmission accuracy.

or

a data transmission control in which the
receiving device recalculates
the parity bit to verify accuracy
of transmitted data.

Question 24

What is a crossfooting balance test?

Answer 24

a
processing control which verifies accuracy by comparing two
alternative ways of calculating
the same total. An example is excel spreadsheets a grand total can be computed either by summing a column
of row totals or by summing a row of column totals.

Question 25

What is a write-protection mechanism?

Answer 25

These protect against overwriting or erasing of data files
stored on magnetic media. Write-protection mechanisms have long been used to protect
master files from accidentally being damaged.

Question 26

see p 291 for illustrative example of a ccredit sales processing and a series of control checks being implemented along the way.

Answer 26

p 291

Question 27

a processing control that verifies that the
balance of a control account
equals zero after all entries to it
have been made is called a

Answer 27

zero-balance test. If not zero, some sort of error is made in processing. Balance of account is zero after all entries posted. Also like kapila reimbursement, after all checks received control acc should be 0

Question 28

When a problem occurs,
data about everything that has happened since the last backup is lost unless it can be reentered into the system. Thus, management’s answer to the first question determines the organization’s___ ___ ___

Answer 28

recovery point objective (rPo) -
the amount of data the organization is willing to reenter or potentially lose. lose. The RPO is inversely related
to the frequency of backups: the smaller the desired RPO, the more frequently backups need
to be made.

Question 29

a full backup is an exact copy of the entire databse. What is an incremental backup?

Answer 29

incremental backup - a type 
of partial backup that involves 
copying only the data items 
that have changed since the last 
partial backup. this produces a 
set of incremental backup files, 
each containing the results of 
one day’s transactions.

Question 30

after assessing RPO, org should determine the ___ ___ ___

Answer 30

recovery time objective (rto) - 
the maximum tolerable time 
to restore an organization’s 
information system following a 
disaster, representing the length 
of time that the organization is 
willing to attempt to function 
without its information system.

Question 31

Fault tolerance is a key control to minimize risk of downtime. What is it?

Answer 31

the capability
of a system to continue
performing when there is a
hardware failure. An example is use of RAID’s

Question 32

What are RAIDS?

Answer 32

a fault tolerance 
technique that records data on 
multiple disk drives instead of 
just one to reduce the risk of 
data loss.

Question 33

example of common features to minimize risks associated with natural and human-caused disasters

Answer 33

●Raised floors provide protection from damage caused by flooding.
●Fire detection and suppression devices reduce the likelihood of fire damage.
●Adequate air-conditioning systems reduce the likelihood of damage to computer equipment
due to overheating or humidity.
●Cables with special plugs that cannot be easily removed reduce the risk of system damage
due to accidental unplugging of the device.
●Surge-protection devices provide protection against temporary power fluctuations that
might otherwise cause computers and other network equipment to crash.
●An uninterruptible power supply (UPS) system provides protection in the event of a
prolonged power outage, using battery power to enable the system to operate long enough
to back up critical data and safely shut down. (However, it is important to regularly
inspect and test the batteries in a UPS to ensure that it will function when needed.)
●Physical access controls reduce the risk of theft or damage.

.

Question 34

See table 10-2 p 294 for summary of controls in regards to avialbiilty

Answer 34

[p 294

Question 35

For such organizations, the goal is not quick
recovery from problems, but resiliency (i.e., the ability to continue functioning). ___ ___ ___ provides maximum resiliency.

Answer 35

real-time mirroring - maintaining 
complete copies of a database 
at two separate data centers 
and updating both copies in 
real-time as each transaction 
occurs.

Question 36

required in both DRP and BCP.

For some organizations, both RPO and RTO must be close to

Answer 36

zero

Question 37

What media should be used for backups and archives, tape or disk? .

Answer 37

Disk backup is faster,
and disks are less easily lost. Tape, however, is cheaper, easier to transport, and more durable.
Consequently, many organizations use both media. Data are first backed up to disk, for speed,
and then transferred to tape

Question 38

what is an archive?

Answer 38

a copy of a database, 
master file, or software that 
is retained indefinitely as a 
historical record, usually to 
satisfy legal and regulatory 
requirements.

Question 39

There are incremental and differential backups. What’s a differential backup?

Answer 39

differential backup copies all changes made since the last FULLbackup (incremental is partial). Thus, each
new differential backup file contains the cumulative effects of all activity since the last
full backup. Consequently, except for the first day following a full backup, daily differential backups take longer than incremental backups. Restoration is simpler, however, because the last full backup needs to be supplemented with only the most recent differential
backup, instead of a set of daily incremental backup files.

Question 40

special attention should be paid to archiving ____

Answer 40

e-mails, e-mail, because it has
become an important repository of organizational behavior and information. Indeed, e-mail
often contains solutions to specific problems. E-mail also frequently contains information relevant to lawsuits. Therefore, organizations need to back up and archive important e-mail while also periodically
purging the large volume of routine, trivial e-mail.

Question 41

A ____ ____ ___ specifies how to resume not only IT operations,
but all business processes, including relocating to new offices and hiring temporary
replacements, in the event that a major calamity destroys not only an organization’s data
center but also its main headquarters.

Answer 41

Business continuity plan (BCP)

Question 42

What is a cold site vs hot site?

Answer 42

a disaster recovery
option that relies on access
to an alternative facility that
is prewired for necessary telephone and Internet access, but does not contain any computing equipment.

cold site still leaves the organization without the use of its information system for
a period of time, so it is appropriate only when the organization’s RTO is one day or more. A second option is to contract for use of a hot site, which is a facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities. A hot site typically results in an
RTO of hours.

.

Question 43

Biggest problem with cold and hotsites?

Answer 43

A problem with both cold and hot sites is that the site provider typically oversells its
capacity, under the assumption that at any one time only a few clients will need to use the
facility.