Chapter 4

Question 1

In a batch system, individual transactions are…

Answer 1

Assigned to groups before posting, and each transaction has it’s OWN line entry in the appropriate ledger. (the batches are processed periodically such as daily, weekly, monthly)

Question 2

The characteristic of transactions processed within each individual transaction cycle is that…

Answer 2

Transactions are numerous but are generally similar and processed nearly identically

Question 3

What is a transaction log?

Answer 3

It includes all transactions, including payments made to a vendor, that have been processed against the master files. Since any changes to vendor accounts would have to be applied by a transaction, the transaction logs would reflect incorrectly applied adjustments as well as the original correct transactions. (also would include the identity of the person who authorized the transaction)

Question 4

What type of system is a payroll system?

Answer 4

A transaction processing system (TPS). It may use a database management system to store its data, but it is not a database management system

Question 5

What is an ad hoc report?

Answer 5

One that is created on demand generally to meet unique specifications that respond to a specific requirement. A well designed database system should be able to produce this report when required

Question 6

What is online analytical processing?

Answer 6

It allows end users to retrieve data from a system and perform analysis using statistical and graphical tools

Question 7

What is the relationship between system analysts, application programers, and system programers?

Answer 7

The duties of a system analysts and application programers can be and ofter are combined. The duties of system programmers and and application programers should NOT be combined

Question 8

Can a database administrator and a network administrator be the same person?

Answer 8

Yes, but it is rare. Since the skill sets of database administrator and network administrator are both highly technical and very specialized, it is unlikely that one person will be able to perform both functions

Question 9

What is the role of an application programer (software developer/engineer)

Answer 9

They are responsible for writing and or maintaining application programs. They should NOT have access to data

Question 10

What are decision support systems?

Answer 10

They are computer based information systems that provide INTERACTIVE support to managers or others during the decision making process

Question 11

Reviewing an audit log is which kind of security control?

Answer 11

Detective control. They are generally chronological records that provide documentary evidence of the sequence of activities that can be used to detect errors or irregularities

Question 12

What does a database administrator do?

Answer 12

They control the database, not the data, and duties generally include design of the firms database, maintaining security measures, and controlling data structure

Question 13

What should always be included in the system specification document for a financial report?

Answer 13

Data elements. They define the building blocks of the information provided in a financial report

Question 14

What are the five focus areas identified by COBIT for IT governance?

Answer 14

1. Strategic Alignment
2. Value Delivery
3. Resource Management
4. Risk Management
5. Performance Measurement

Question 15

When changing from a manual system to a computer system, what is true about the controls?

Answer 15

Methodologies for implementing the controls change. That does not mean that they are better or worse, but they are definitely different

Question 16

What is the primary objective of data security controls?

Answer 16

To ensure that storage media are subject to authorization prior to access, change, or destruction. The objective is to protect information.

Question 17

What is the purpose of a digital signature?

Answer 17

It is a means of ensuring that the sender of a message is authentic. The digital signature uses encryption so that the recipient of the message can be assured that it is from the sender that is shown

Question 18

What is the difference between a program-level policy and a program-framework policy?

Answer 18

A program-level policy describes information security and assigns responsibility for achievement of security objectives to the IT department.
A program-framework policy adds detail to the IT program by describing the elements and organization of the program and department that will carry out the security mission

Question 19

What is one advantage of using the internet for EDI transactions rather than a traditional value added Network (VAN)?

Answer 19

The internet permits EDI transactions to be sent to trading partners as transactions occur (rather than batching them periodically as with a VAN)

Question 20

What would a manufacturing company use if they wanted to be able to place material orders more efficiently?

Answer 20

Electronic Data Intercharge (EDI). This would allow them to “place” material orders more efficiently and would utilize EDI for placing those order and also for other “paperwork” between the company and it’s vendors

Question 21

Define electronic data interchange (EDI)

Answer 21

Electronic (computer-to-computer) exchange of business transaction documents (business information). It is always between two separate businesses (not internally)

Question 22

What is one benefit of EDI?

Answer 22

It would create a compressed business cycle with lower year-end receivables balances. Since it speeds transaction processing, the business cycle is generally shortened and year-end receivable balances are reduced

Question 23

Does EDI require a prior relationship to do business?

Answer 23

EDI requires that companies have a prior relationship. Agreements will have been drawn up between the companies to outline how the systems will operate.

Question 24

What is a virus?

Answer 24

It is a piece of computer program that inserts itself into some other program to propagate. A virus cannot run independently

Question 25

What are application controls?

Answer 25

They are written into the application and are particular to the particular process or subsystem (rather than relating to the timing of its occurrence)

Question 26

What are circuit level gateways?

Answer 26

They only allow data into a network that results from computers inside the network by keeping track of requests that are sent out of the network and only allowing data that is in response to those requests

Question 27

What is access control software?

Answer 27

Access control is a preventative control. It prevents “bad people” from accessing an organizations system and data

Question 28

To prevent interrupted information systems operation, what controls are included in a company’s disaster recovery plan?

Answer 28

Backup and downtime controls. Downtime is a key factor in the disaster recovery plan. Backup is always essential in any disaster recovery plan

Question 29

What is a business continuity plan?

Answer 29

It is broader than a disaster recovery plan. It provides for continuation of all areas of the business (eg manufacturing operations) not just for recovery of the management information systems

Question 30

What is a file oriented system?

Answer 30

It focuses on individual applications, each with its own set of files and with each file physically separate from the other files

Question 31

What is a database management system (DBMS) (and name an example)?

Answer 31

The focus in a DBMS is on data rather than a particular application. This leads to data independence, data standardization, one-time data entry, data security, and shared data ownership (example is Microsoft Access)

Question 32

What is MIPS?

Answer 32

Millions of instructions per second. Processing power is measured in MIPS.

Question 33

What is the difference between gateways and routers?

Answer 33

Gateways connect different types of networks. Routers route packets of data through interconnected LANs

Question 34

What is a three-tier architecture?

Answer 34

A desktop client, application, and database

Question 35

What is data mining?

Answer 35

It is the extraction of implicit, previously unknown, and potentially useful information from data. Orgs need to identity trends. process of analyzing data to show patterns or relationships in that data.

Question 36

What is a common use of a VAN?

Answer 36

They are often used to route data transactions between trading partners (NOT INSIDE a company)

Question 37

What is a distributed database?

Answer 37

A database that is distributed in some manner on different pieces of either local or remote hardware via an intranet or an extranet. It is connected by a company’s local area networks.

Question 38

What is a value added network?

Answer 38

They are privately owned communications networks that provide additional services beyond standard data transmission. They provide good security because they are private networks

Question 39

What is the database administrator?

Answer 39

It is a person who is responsible for the design, maintenance and security of the database

Question 40

What are the components of a local area network (LAN)

Answer 40

transmission media, nodes, workstations, servers, network interface cards, operating systems, and communication devices.

Question 41

What item is most critical to include in a systems specifications document for a financial report?

Answer 41

Data elements should always be included. They define the building blocks of the information provided in a financial report

Question 42

What is transaction processing?

Answer 42

It is the term used to describe processing large numbers of commonly occurring business events in a predefined, highly structured way. Common transaction processing systems include sales, cash receipts, accounts payable, etc.