COMPUTER AND INTERNET FRAUD Flashcards

Question

Hacker Computer Manipulation HTTP Exploits

Answer 1

HTTP traffic, used for web browsing, is almost always allowed to pass through firewalls unhindered. Thus, attackers have a direct line to the web server.

Answer 2

To discourage unauthorised use, such a screen might be replaced with one that informs the user that he is about to access a proprietary network. Additionally, the screen should warn that unauthorised access is prohibited and will be prosecuted under the law. The screen should not identify either the organisation or the network.

Answer 3

should be established and disseminated throughout the organisation. These policies should include training for all employees, customers (who will appreciate the additional security), and others who have a need to access the network

Answer 4

should be used wherever practical. These modems will answer an incoming call and require the sender to enter a password. Once the caller has identified himself, the modem will terminate the connection, and dial a previously established phone number. When the prearranged number is called, the sender must again perform the sign-on procedure.

Answer 5

should be secured to the highest level possible. Most major software companies today have to release updates and patches to their software every so often. Check your software vendor’s websites on a regular basis for new security patches or use the new automated patching features that some companies offer.

Answer 6

should be used in accordance with sound security practices. For example: − Passwords should be changed periodically (every 90 days is suggested). − Passwords should be of sufficient length to deter guessing (a minimum of 8 characters is suggested). − Passwords of transferred or terminated employees should be changed immediately

Answer 7

All packages should be audited to ensure that these default passwords (which are widely known) have been changed.

Answer 8

should be considered for sensitive data files, password files, and sensitive computer programs.

Answer 9

should terminate any connection (whether dial-in or direct connect) after: − A reasonable number of unsuccessful attempts to enter a valid password (usually no more than three). − A terminal (direct connect or dial-in) has been connected for a period of time with no activity. This is called “timing-out.”

Answer 10

should be reviewed to learn the current jargon and hacker “handles,” which are the names that hackers use for their online personas. Hackers have used the Internet quite efficiently to communicate with each other, while producing a significant amount of hacking documentation and programs. Almost any hacker website will contain a large number of text files that explain “how to hack,” or how various systems operate. Many of these files will also explain the standard vulnerabilities of the systems, and the best methods to penetrate their security.

Answer 11

• Almost all communication systems maintain a log file that records all successful and unsuccessful system access attempts. These also allow for the printing of reports containing sign-on and -off activity. These reports should be printed out regularly and reviewed by the data security officer. Where possible, special reports should be printed on the number of unsuccessful access attempts. These attempts at logging in to the system should be followed up by data security to determine their cause. • The data security function should have sufficient resources and staff to administer passwords, maintain the security software, review system activity reports, and follow up on all potential security violations. • Finally, periodic reviews of telecommunications security should be performed by consultants and/or internal or external auditors, if the latter have the necessary experience and qualifications.

Answer 12

• Company employees now possess the ability to quickly disclose sensitive company materials to outside parties, increasing the opportunity for corporate espionage. • Companies that employ a company-wide e-mail system can now be held responsible for any unethical or illegal activities conducted by employees on the e-mail system. • Companies must now be concerned with the repercussions of the actions of any disgruntled or rash employees. The speed with which an e-mail can be “fired off” creates the opportunity for ill-advised communications. • Once an e-mail message has left a company’s system, it may travel through any number of “foreign” e-mail systems before reaching its destination. An e-mail transmission can quite easily be intercepted or compromised without the use of encryption software. • Without a security-enhanced e-mail system, the receiver of an e-mail message has little assurance that the e-mail is authentic. E-mail addresses can be easily “spoofed” or cloned by a knowledgeable user.

Answer 13

In general, if the employee wrote the message as part of his duties for his employer (i.e., “in the scope of your employment”) the employer owns the copyright. If the e-mail was not part of the employee’s duties (something personal or related to another activity, whether permitted by the employer or not), then the user has copyright, but the employer, as owner of the system on which it was created or passed through, may have some rights to the copy on the system.

Answer 14

• Harassing other users of the system • Consuming unreasonable amounts of available resources • Intentionally sending other users viruses • Evading software licensing or copying mechanisms • Crashing/disrupting system services • Impersonating another user anywhere on the Internet • Bypassing system security mechanisms • Translating encrypted material without authorisation • Eavesdropping on other e-mail interactions • Using the system for any personal gain either monetarily or politically unless permitted by the organisation

Answer 15

* Benign, by displaying a message on a certain date; * Annoying, by slowing performance or altering the screen display; or * Catastrophic, by erasing or destroying data or files, or crashing systems.

Answer 16

Most of these fraudulent warnings urge recipients to “forward this to everyone you know.” Before forwarding a questionable warning, it is wise to consult a few of the authorities who track viruses.

Answer 17

Macro viruses are macros that self-replicate. If a user accesses a document containing a viral macro and unwittingly executes this macro virus, it can then copy itself into that application’s startup files.

Answer 18

These viruses use system BIOS, replace the boot sector, and move the boot sector to another location. It then writes a copy of its own program code that will run every time the system is booted or when programs are being run. A boot sector cannot infect a computer if it is introduced after the machine is running the operating system.

Answer 19

Parasitic viruses attach themselves to programs known as executables. When a user launches a program that has a parasitic virus, the virus is surreptitiously launched first. To cloak its presence from the user, the virus then triggers the original program to open. The parasitic virus, because the operating system understands it to be part of the program, is given the same rights as the program to which the virus is attached. These rights allow the virus to replicate, install itself into memory, or release its payload.

Answer 20

Terminate and Stay Resident (TSR) viruses usually hide in memory and cause system crashes, depending on their memory location. The TSR takes control of the operating system by passing its request to DOS each time DOS is executed

Answer 21

These types of viruses copy their virus code to a program file and modify the program so the virus code gets executed first. The virus does this by writing over the existing code or attaching itself to the program file. The more sophisticated types replicate themselves with a .com extension each time the user accesses an executable program file.

Answer 22

Multi-partite viruses share some of the characteristics of boot sector viruses and file viruses, which increases its ability to spread. They can infect .com and .exe files, and the boot sector of the computer’s hard drive. On a computer booted up with an infected diskette, a typical multi-partite virus will first reside in memory and then infect the boot sector of the hard drive. From there the virus can infect a PC’s entire environment. This type of virus accounts for a large number of infections.

Answer 23

olymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection by antivirus software. Some polymorphic viruses use different encryption schemes and require different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart antivirus software. One of the most advanced polymorphic viruses uses a mutation engine and random number generators to change the virus code and its decryption routine

Answer 24

They constantly change their patterns in an effort to blend into the system. They attempt to avoid detection by bypassing DOS interrupt calls when they are installed, and remove their code from the infected files before the file is accessed by the requesting program.

Answer 25

This modern day virus uses a special language-driven algorithm generator that enables it to create an infinite variety of original encryption algorithms. It avoids the checksum detection method, like stealth viruses, by not changing the infected file size. Each time they replicate, they produce a new and different code.

Answer 26

The boot sector and partition table viruses infect the boot operation of the file server. This virus does not spread from the workstation to the file server. However, if you are using NetWare it can cause the software to lose the location of its partition table on the file server if the file server is booted with an infected disk. Viruses that infect programs seem to be limited to infecting files on the server. However, because the files are continuously being accessed by workstations, this type of virus is difficult to contain.

Answer 27

A worm is a self-replicating program that resides as a file on a system, executes an autonomous process, and deliberately moves from system to system. It looks for other nodes on the networks, copies itself to them, and causes the self-copy to execute on other nodes. These programs find network utilities showing node names, monitor network traffic, and randomly select network identification codes, as well as other mischief.

Answer 28

* Unknown or unchecked application software * Software or media brought in by employees * Programs downloaded from modem bulletin boards * Unsolicited e-mail * Vendors and suppliers with infected software * Uncontrolled and shared program applications * Demonstration software * Freeware and shareware

Answer 29

• A sudden and sometimes dramatic decrease of free space on your media. • The system suddenly, and for no apparent reason, slows down its command-response time. • An increase in the size of some files. • There has been a change in the length of executable files, a change in their content, or a change in their file date/time stamp. • An unexpected number of disk accesses, especially to particular file(s). • The operating system and/or other programs suddenly begin behaving in unpredictable ways. Sometimes disk files that should be there cannot be accessed or are suddenly erased with no warning. • Unusual messages and graphics. • Unable to boot up the system. • Unable to access files. • Unexplained and repeated maintenance repairs. • System or data files disappear or become fragmented. • Unexplained changes in memory. • Unexplained changes in program sizes. • Resident antiviral software programs display messages that a virus has been encountered. Note that until the source of the virus has been identified and removed from the system, antiviral systems might continually inform the operator that a virus is being encountered and removed.

Answer 30

• Do not use a disk to boot your system. • If you must boot your system from a disk, make sure it is properly labelled and continuously protected. • Don’t install shareware or other untested programs on your system. If you must, don’t put them in the root directory. • In a network environment, don’t place untested programs on the server. • If you are sharing information on disks, ensure they only contain information and no executable files. • Use current antivirus software to detect potential viruses. • Back up all programs and files. • Write virus-free warranties and indemnities into your purchase orders and contracts. • Always write-protect your systems and program disks. • Teach computer users about computer viruses so that they can recognise them. • Always use caution when opening e-mail attachments.

Answer 31

This is the standard virus check program. It is run when the user requests it, and it scans the contents of the disk, directories, or files that the user wants, for any boot sectors and/or files that contain viruses that it recognises based on the virus description information in its virus definition files. Usually run manually by the user either as a preventative maintenance activity or when a virus is suspected, scanning can also be automated through the use of a program scheduler.

Answer 32

These scanners inspect executable files for code using algorithms to identify operations that would indicate an unknown virus. They might also examine macros to detect virus-like behaviour

Answer 33

These applications run continuously, looking for behaviour that might indicate virus activity (for example, instructions to format a hard drive.)

Answer 34

Change detection scanners generate a database of characteristics for executable files and check for changes to these files that might signify a virus attack.

Answer 35

This is a totally different approach to virus detection. Instead of looking for the viruses themselves, this technique looks for the changes that the viruses make to files and boot sectors. Starting with a clean system, the software “inoculates” each boot sector and program file by storing a snapshot of information about it based on its content and size. Then, periodically, it re-examines these files to see if anything has changed. If it has, then the utility will inform the user; if the user hasn’t made the change, the virus may have. The main advantage of this type of virus detection is that since it is looking at the effects of the virus, it doesn’t need to know what the virus itself is; this means it will detect even new viruses without requiring updated virus definition files all of the time. The disadvantage, and why it is not used that often, is that it generates a substantial amount of false positives.

Answer 36

• Isolate the system and all media • Run antivirus software • Document findings • Interview the system custodian and all users, and determine: − Symptoms − Damage − Prior clean-up conducted − Access controls in place and working − System malfunction − Personal media used − Unauthorised media used − Virus identification • Follow the audit trail of the infection • Determine the source of the virus—person, system, or media • Make users aware of protection policies and procedures • Ensure countermeasures are in place and working • Track costs of virus problems

Answer 37

While users are online, their computer modems are secretly disconnected from their ISP and reconnected to the Internet, only this time through an expensive international line. Victims have usually downloaded a special “viewer” program from a website offering free computer images. Once activated, the downloaded material begins the hijacking disconnection and reconnection process. Long-distance charges continue to mount until victims shut down their computers, even if their Internet connection had already been terminated.

Answer 38

The tried-and-true pyramid has found a new high-tech home on the Internet. As in most pyramid schemes, the initial participants of the scheme are rewarded handsomely, while the participants who join the scheme later are bilked out of their investment money.

Answer 39

Information on this scheme is easily found on the Internet. The set-up caters to the desire to avoid taxes. For a fee, the company purports to be able to create a foreign trust to which taxpayers can transfer their assets. Since the trust is not within the taxpayer’s country, the logic goes, the assets are not subject to taxation. The logic is faulty for several reasons. First, if the taxpayer derives use from the funds in the trust, according to law, those funds are considered taxable income. Thus, consumers who fall for this scam subject themselves to prosecution for tax evasion. That is, of course, only if the trust is set up at all. Some of the operators of this scheme simply take consumers’ money and disappear. And sadly, those are the consumers who get off lightly. Others who have fallen for this pitch find that they have transferred all of their assets to a trust of which they are not the beneficiaries. Their assets then legally belong to another entity and getting them transferred back to their control is virtually impossible.

Answer 40

The letter sent to unsuspecting targets generally forewarns of the grave dangers that await the target should he or she not reply to the letter. The letter asks for a small cash donation in exchange for the target’s piece of mind that no bad tidings will be spread, providing examples of some of the unfortunates who did not heed the letter. The money should be sent to a P.O. box, the e-mail often instructs

Answer 41

A fraudulent website will claim to have insider information about the value of a given stock, suggesting that something unexpected will soon happen to that company. When the unknowing stock investor takes the advice of the supposedly knowledgeable investment advisor, the advisor manipulates the stock price to his advantage.

Answer 42

Spamming involves sending e-mail to subscribers whose names appear on electronic versions of the phone list and posting ads to the plethora of discussion and chat groups using the Internet. These postings are often disguised to look like tips from individual citizens who are supposedly engaged in a lawful enterprise, when in fact they are part of an Internet boiler room.

Answer 43

This scam has several variations but usually starts with the victim offering something for sale on the Internet. Usually it is a big ticket item. Somehow the fraudster has obtained a legitimate cheque from a person or company, scanned it, and altered it to support the scheme. The fraudster then contracts with the victim to buy the item but must supply a down payment first. The cheque is delivered by a highly recognised international carrier such as FedEx, further adding to the false impression that this is a legitimate deal. The victim deposits the cheque, but before it clears, the fraudster requests a refund and backs out of the deal offering to let the victim keep a portion of the funds for his trouble. The victim forwards part of the money back. Of course the victim later learns that his bank has reversed the deposit amount because the cheque was no good. The fraudsters usually claim to be in another country and must therefore use a “middle man” such as a lawyer to facilitate the transaction on their behalf. This is designed to create a sense of false security for the victim. Another variation on this scheme involves a seemingly chance meeting in a harmless chat room. Once the chat relationship develops the fraudster explains that they are in a foreign country and need some help. It seems that they are unable to cash certain traveller’s cheques in their country and ask for the victim’s help to cash the cheques for them in the United States and then send them a money order, less a small token of their appreciation. They usually invent some unfortunate circumstance or urgency for the request. The first time it occurs the cheques are good and everything works out. In a second request, they ask for the victim’s help again, this time it’s a much larger amount and this time the cheques are counterfeit. The victim unknowingly participates in a forgery by passing the counterfeit cheques.

Answer 44

to trick people into providing their personal and financial information by pretending to be from a legitimate company, agency, or organisation

Answer 45

Spear phishing is a targeted attack generally focused on a corporate entity. The ruse is meant to fool the corporate employee into believing that the phishing e-mail originated not from a bank or financial institution but from their own IT or HR department. The goal is to obtain the employee’s user name and password to access the corporate network.

Answer 46

A vishing scheme is generally transmitted as an incoming recorded telephone message that uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organisation. The message uses an urgent pretext to direct unsuspecting users to another telephone number. The victim is invited to punch their personal information on their telephone keypad. The criminals capture the key tones and convert them back to numerical format.

Answer 47

SMiShing is a hybrid of phishing and short message service, commonly known as text messaging. It uses much the same approach of phishing but delivers an alarming message via SMS

Answer 48

Like most phishers, rock phishers use botnets to send massive amounts of phishing e-mails to huge volumes of Internet users. The e-mails contain a message from a financial institution, hopefully enticing users to click on a fraudulent URL. There is some indication that they cycle through multiple e-mail lists and attempt to reach the Internet users most likely to use the brands that they are targeting. Unlike most phishers, they don’t compromise a Web server and install a phishing site. Instead, an elaborate process is implemented whereby multiple domain names are registered at multiple registrars—often with less known country-code based top-level domains. Multiple DNS (domain name system) servers are also set up, which provide names to IP services for the pool of domain names. The IP addresses used—and there may be upwards of 100 at a time—point to multiple compromised servers that simply forward Web connections to the real phish sites. These proxy servers typically handle connections for multiple targets at a time.

Answer 49

an attack in which a user is fooled into entering sensitive data (such as a password or credit card number) into a malicious website that impersonates a legitimate website

Answer 50

Any confidential information or credit card numbers should be encrypted in their entirety. An encryption system is made up of a cryptographic function, which scrambles an electronic transmission, and an inverse decrypt function, which restores the transmission to its original state. Encryption hardware and software can be used to scramble any communication by utilising a complex mathematical formula. The only way to unscramble an encrypted message is to provide the unique answer key, thus unlocking the message. Encryption is the best method to stymie would-be interceptors of company transactions.

Answer 51

Because the Internet offers users an additional layer of anonymity, businesses should install some form of a customer validation safeguard in their Internet purchasing system. This may include a customer code or password that the customer can identify himself with before purchasing a product. As well, the business should distinguish itself to the customer, ensuring that no one else can falsely assume the company’s identity.

Answer 52

—Organisations that conduct business on the Web should never, under any circumstances, keep their financial information database on their Web server. A knowledgeable computer hacker can sometimes penetrate Internet websites, and financial information is the primary target of these hackers, for obvious reasons. Therefore, the database that maintains a company’s financial information should be a completely internal system, untouchable from the Internet. This safeguard will help ensure that the sensitive information is not compromised in any way.

Answer 53

Firewalls are advanced software programs that effectively “lock up” access to an Internet site or e-mail transmission. Firewalls are designed to control the interface between a network and the Internet. This technology surveys incoming and outgoing transmissions between the network and the Internet, stopping any questionable transmission attempt to access a sensitive area. While firewalls are not foolproof, they do provide an additional layer of protection against Internet attacks or breaches of security.

Answer 54

• Authentication – This requirement addresses the problem of identifying the parties of an e-commerce transaction to each other. We want to make sure that we can determine with whom we (or our computers) are communicating. • Non-repudiation – Non-repudiation can help ensure that no party to an e-commerce transaction can later deny that the transaction occurred. We need some way to be able to recognise a “signature” between e-commerce parties just as we rely on written signatures on paper documents.

Answer 55

• Memory cards – Any plastic card is made “smart” by including an IC chip. But the chip may simply be a memory storage device. Memory cards can hold thousands of times more memory than a magnetic stripe card. Nevertheless, its functions are limited to basic applications such as phone cards. • Processor cards – Smart cards with a full-fledged microprocessor on board can function as a processor device that offers multiple functions such as encryption, advanced security mechanisms, local data processing, complex calculation, and other interactive processes. Most stored-value cards integrated with identification, security, and information purposes are processor cards. Only processor cards are truly smart enough to offer the flexibility and multifunctionality desired in e-commerce.

Answer 56

(1) miniature subscriber identity modules (SIMs) that fit inside mobile phones, (2) banking cards, and (3) identification cards, specifically those used by governments and large corporations.

Answer 57

* Alteration of input * Alteration of output * Data file manipulation * Communications systems * Operating systems * Computer operations

Answer 58

* Access privileges exist beyond those required to perform assigned job functions. * Exception reports are not reviewed and resolved. * Access logs are not reviewed. * Production programs are run at unusual hours. * A lack of separation of duties exists in the data centre.

Answer 59

* Protecting data and programs from intentional or inadvertent unauthorised alteration or destruction. * Maintaining the confidentiality, integrity, and availability of data. * Protecting the data centre from physical threats such as fire, flood, and intentional destruction. * Having the capability to restore data centre operations in case of complete destruction. The most important step is to obtain management support for effective security. Without such support, any security plan will falter.

Answer 60

1) Determine if indeed a crime has been committed. This is the critical step in the internal investigation. The organisation must be careful to differentiate between inadvertent computer misuse and deliberate criminal intent. The company’s internal auditors, physical and information security specialists, and senior management should be involved in making this type of decision. 2) Determine the status of the crime. When did the incident begin? Where did the intrusion come from? Internal or external? Is the incident still occurring? If not still occurring, when did it stop? 3) Review the organisation security and audit policies and procedures to determine the best method for continuing the investigation. 4) Determine the need for law enforcement assistance. The organisation will have to decide if the violation is serious enough to call in the police or other law enforcement entities. Most computer crimes are not reported to law enforcement due to several factors, including the organisation’s desire to keep its flaws and weaknesses from being exposed to its customers and stockholders. This is a difficult decision for the company to make. However, as we also mentioned earlier, if companies don’t report computer crimes, then law enforcement will be powerless to help prevent and solve them and computer criminals will feel they have a free hand to continue their activities.

Answer 61

• A strong set of policies and standards to define for employees and management what the company deems as unacceptable or unauthorised activities. • Strong physical security to thwart those intent upon the theft of physical assets of the organisation. • Central Systems access control and data object protection. • Strong security for the organisation’s application programs. • Intrusion detection hardware and software for network and communications resources. • Auditing of system and violation logs.

Answer 62

All program and system changes should be approved in writing. Programmers should not have access to the production library, but only to “test” libraries. All programs that are to be modified should be moved into a test library by someone other than a programmer. All completed program changes should be tested and the results approved by both data centre and user personnel before being placed into production. Adequate program documentation should be approved for all program changes. User personnel should be notified when modified programs will be placed into production.

Answer 63

mplementation controls are those controls over the development or purchase of a new application. All new system requests should be made in writing. A system development life- cycle methodology should be used for developing and implementing in-house or purchased packages. All new systems requests should be approved by the appropriate management level. Users should be involved in the project from design through final testing. All test results should be approved by both data centre management and user personnel. There should be an implementation plan for placing the new system into production.

Answer 64

Computer operations controls are controls that govern the day-to-day operation of the computer system. There should be an approved schedule for all production runs. All system activity should be reviewed by data centre management. Any unusual program executions should be investigated and resolved. A log of unusual events, such as abends (abnormal terminations of a program execution) or reruns should be kept by operations staff and also should be reviewed by data centre management. Access to the computer room should be restricted to authorised personnel. All third parties, such as technicians, should be accompanied by a data centre employee. Doors to the data centre should be secured.

Answer 65

Controls over system software include those that govern the installation of the computer system, the communications software, and the security software. Data centre management should approve the system software selection as well as the chosen options and parameters. System software should be tested before implementation in a production environment. (Note that this might not be possible for the operating system itself.)

Answer 66

Controls over data files ensure that correct files are used for each production job and that adequate backup files exist. Data file label bypass options should be disabled. A data-file management system should be used to record and locate all data files. Data file backup copies should be made and stored in a secure facility. Offsite backup file copies should be maintained in case of a disaster in the data centre. Utilities that can modify data files should be removed from the system and used only under management supervision. Live data files should not be used for testing.

Answer 67

* Provide physical security over equipment, users, and information * Protect critical data from loss, damage, or unauthorised disclosure * Ensure network reliability by using appropriate hardware and software * Prevent unauthorised access and use of the network * Ensure system availability * Meet user requirements

Answer 68

Separation of duties is a key element in a well-designed internal control system. It is also fundamental to detecting and preventing fraud. Programmers should not operate the computer, have unsupervised access to production programs, or have access to production data sets (data files). Users should not have access to the production program code. Computer operators should not perform computer programming. Adequate supervision should be provided by personnel who do not actually perform the work.

Answer 69

``` Computer systems maintain a variety of history files or logs. These logs record activity in the following areas: • Mainframe activity − Programs executed − Data files accessed − Date, time, and duration − User IDs that initiated a particular action − Error messages − Equipment malfunctions • Communications activity − User ID − Terminal identifier − Dial-in port identifier − Date, time, and duration − Error messages − Equipment malfunctions • Security software activity − User ID − Unsuccessful log-in attempts − Modifications to the password files and access capability ```

Answer 70

wrapping if not printed periodically. Wrapping forces the software to record at the beginning of the file if the file is full and not printed out

Answer 71

• One-for-one checking consists of checking each source document against a detailed list processed by the computer. This technique is normally used for low-volume input because of the cost and time involved. • Batch/control totals involve manually grouping transactions at the input stage and manually establishing a control total over the entire group. The methods used include document counts, item or line counts, dollar totals, and cash totals. • In computer sequence checking, the computer verifies the preassigned serial numbers of input transactions and reports missing or duplicate numbers. • Computer matching consists of the computer matching the input data to information held on the master file or suspense files. Unmatched items are reported for investigation. • Programmed edit checks are computer program procedures that edit data. Examples include: − Reasonableness − Dependency − Existence − Format − Mathematical accuracy − Range − Digit verification − Prior data matching • Prerecorded input is used to reduce errors during data entry.

Answer 72

one-for-one checking, batch control totals, computer | sequence check, and computer matching

Answer 73

data is initially recorded correctly and converted correctly to machine-readable form

Answer 74

one-for-one checking, batch control totals, computer matching, programmed edits, and prerecorded input

Answer 75

the correct master file account is updated correctly with the correct transaction.

Answer 76

one-for-one checking, batch control totals, computer matching, and programmed checks

Answer 77

all data entered and accepted by the system updates the master file once and only once

Answer 78

are one-for-one checking, batch control totals, computer sequence checks, and computer matching.

Answer 79

only valid transactions are processed, that all transactions processed are authorised by management, and that transactions represent events that actually occurred.

Answer 80

one-for-one checking and programmed checks

Answer 81

data is kept up-to-date or identify unusual data requiring further action. They also ensure that data stored on file is not changed except through the normal processing cycle.

Answer 82

used for one-for-one checking, batch control totals, and programmed checks.

Answer 83

Evaluating internal controls in an application system requires a thorough understanding of the system. The first phase, information gathering, consists of collecting information about the industry and the risks associated with that industry; conducting ratio analysis and peer comparisons to identify aberrations; understanding how management runs the business; and determining if there are strong budget-to-actual controls in the organisation. Evaluation is the second phase and consists of the use of questionnaires and/or matrices to evaluate the internal controls and to identify internal control weaknesses. Analysing the results is necessary to determine if a weakness exists and/or the extent of any weaknesses. A results report should be prepared that includes recommendations.

Answer 84

• Data centre controls over the equipment itself (backups, access controls, local password administration, etc.) might not be implemented by the end users. • Locally developed spreadsheet or database applications might not have all the controls typically found in mainframe systems. • Access can be compromised by the end users by installing a modem and phone line connected to a local area network or stand-alone PC and not informing data security about the arrangement.