Chapter 4

Question 1

General Controls

Answer 1

apply overall to the IT accounting system

Question 2

application controls

Answer 2

used specifically in accounting applications to control inputs, processing, and outputs
example: validity check

Question 3

authentication of users

Answer 3

a process or procedure in an IT system to ensure that the person accessing the IT system is a valid and authorized user

Question 4

login

Answer 4

to make the computer recognize you in order to create a connection at the beginning of a computer session,
user id is used along with the password

Question 5

smart card

Answer 5

plugged into the computer’s card reader and helps authenticate that the user is valid displays a constantly changing token

Question 6

security token

Answer 6

plug into the usb port and thereby eliminates the need for a card reader

Question 7

two factor authentication

Answer 7

authentication of the user, based on something they have and something they know

Question 8

biometric devices

Answer 8

use some uniqe physical characteristic of the user to identify the user and allow the appropriate level o access to that user

Question 9

computer log

Answer 9

a complete record of all dates, times , and uses for each user

Question 10

nonrepudiation

Answer 10

the user cannot deny any particular act that he or she did on the IT system

Question 11

user profile

Answer 11

determines each user’s access level to the system, on a need to know basis

Question 12

authority table

Answer 12

contains a list of valid authorized users and the access level granted to each one

Question 13

configuration tables

Answer 13

contain the appropriate set-up and security settings

Question 14

firewall

Answer 14

a hardware or software designed to block unauthorized access

Question 15

encryption

Answer 15

the process of converting data into secret codes referred to as cipher text

Question 16

symmetric encryption

Answer 16

uses a single encryption key that must be used to encrypt data and also to decode the encrypted data

Question 17

public key encryption

Answer 17

uses both a public key and a private key. The public key, which can be known by everyone, is used to encrypt the data and a private key is used to decode the encrypted data

Question 18

wired equivalency privacy(WEP)

Answer 18

used by wireless network equipment such as access points and wireless network cards

Question 19

wireless protected access(WPA)

Answer 19

improved encryption that requires access to an access point first

Question 20

service set identifier(SSID)

Answer 20

a password that is passed between the sending and receiving nodes of a wireless network

Question 21

virtual private network

Answer 21

utilizes tunnels, authentication, and encryption within the Internet network to isolate Internet communications so that unauthorized users cannot access or use certain data

Question 22

secure socket layer

Answer 22

a communication protocol built into web server and browser software that encrypts data transferred on that website, ex: https

Question 23

virus

Answer 23

self replicating piece of program code that can attach itself to other programs and data and perform malicious actions such as deleting files or shutting down the computer

Question 24

antivirus software

Answer 24

continually scans the system for viruses and worms and either deletes or quarantines them

Question 25

vulnerability assessment

Answer 25

the process of proactively examining the IT system for weaknesses that can be exploited by hackers, viruses, or malicious employees

Question 26

intrusion detection

Answer 26

specific software tools that monitor data flow within a network and alert the IT staff to hacking attempts or other unauthorized access attempts

Question 27

penetration testing

Answer 27

the process of legitimately attempting to hack into an IT system to find whether weaknesses can be exploited by unauthorized users

Question 28

IT governance committee

Answer 28

usually made up of top executives, responsibilities include

1. align IT investments to business strategy
2. Budget funds and personnel for the most effective use of the IT systems.
3. Oversee and prioritize changes to IT systems
4. Develop, monitor, and review all IT operational policies
5. Develop, monitor, and review security policies

Question 29

systems analysts

Answer 29

analyze and design IT systems,

Question 30

programmers

Answer 30

actually write the software using the code

Question 31

operations personnel

Answer 31

employees who are responsible for processing operating data

Question 32

database administrator

Answer 32

develops maintains the database and ensures adequate controls over data within the database

Question 33

system development life cycle

Answer 33

systematic steps undertaken to plan, prioritize, authorize, oversee, test, and implement large scale changes to the IT system

Question 34

uninterruptible power supply

Answer 34

includes a battery to maintain power in the event of a power outage in order to keep the computer running for several minutes after a power outage

Question 35

emergency power supply

Answer 35

an alternative power supply that provides electrical power in the event that a main source is lost

Question 36

physical protection should include

Answer 36

1. Limited access to computer rooms through employee ID badges or card keys
2. Video surveillance equipment
3. logs of persons entering and exiting the computer rooms
4. locked storage of backup data and offsite backup data

Question 37

business continuity planning

Answer 37

proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks

Question 38

two types of IT business continuity concepts

Answer 38

1. strategy for backup and restoration of IT systems, to include redundant servers, redundant data storage, daily incremental backups, a backup of weekly changes, and offsite storage of daily and weekly backups
2. A disaster recovery plan

Question 39

redundant servers

Answer 39

two or more computer network or data servers that can run identical processes or maintain the sames data

Question 40

redundant arrays of independent disks

Answer 40

often set up as mirror images of each other to prevent data loss

Question 41

offsite backup

Answer 41

having backups sent to an offsite location

Question 42

disaster recovery plan

Answer 42

plan for continuance of IT systems after a disaster

Question 43

AICPA 5 categories of IT controls

Answer 43

1. Security
2. Availability
3. Processing integrity
4. Online privacy
5. Confidentiality

Question 44

Control categories

Answer 44

authentication of users
hacking and other network break ins
environmental
physical access
business continuity

Question 45

Database management system

Answer 45

software system that manages the interface between many users and the database

Question 46

local area network

Answer 46

a computer network covering a small geographic area

Question 47

wide area network

Answer 47

a bunch of LAN’s hooked together

Question 48

telecommuting

Answer 48

communicating over the phone

Question 49

electronic data interchange

Answer 49

the company to company transfer of standard business documents in electronic form

Question 50

application controls

Answer 50

internal controls over input, processing, and output of accounting applications

1. input controls
2. processing controls
3. output controls

Question 51

input controls

Answer 51

source document controls - paper document used to capture original data
standard procedures for data preparation and error handling
programmed edit checks
control totals and reconciliation

Question 52

data preparation

Answer 52

procedures to collect and prepare source documents

Question 53

field check

Answer 53

examines a field to determine whether the appropriate type of data was entered

Question 54

validity check

Answer 54

examines a field to check that the data entry in the field s valid compared with a preexisting list of acceptable values

Question 55

limit check

Answer 55

has only an upper limit

Question 56

range check

Answer 56

has both an upper and lower limit

Question 57

reasonableness check

Answer 57

compares the value in a field with those field to which it is related to determine whether the value is reasonable

Question 58

completeness check

Answer 58

assesses the critical fields in an input screen to make sure that a value is in those fields

Question 59

sign check

Answer 59

examines a field to determine that it has the appropriate sign

Question 60

sequence check

Answer 60

checks if the batch number is the next one in the sequence

Question 61

self checking digit

Answer 61

an extra digit added to a coded id number, determined by a mathematical algorithm

Question 62

control totals

Answer 62

subtotals of selected fields for an entire batch of transactions

Question 63

record counts

Answer 63

count the number of records processed

Question 64

batch totals

Answer 64

total the financial data

Question 65

hash totals

Answer 65

total of fields that have no apparent logical reasoning

Question 66

run to run control totals

Answer 66

reconciliation of control totals at various stages of the processing

Question 67

output control

Answer 67

makes so that the data doesn’t get into the wrong hands

Question 68

throughput

Answer 68

the measure of transactions in a period