Final Exam Chapter 7 Flashcards
a reliable system of processes data accurately completely, in a timely manner, and only with proper authorization which requires controls over data input quality, processing of the data, and data output
processing integrity
source document controls that only authorized personnel should prepare source documents
Authorization
Source document control where you design forms to minimize errors and omissions
Forms Design
source document control where program system to identify missing or duplicate form numbers
pre-numbered forms sequence test
source document control where you make machine readable to minimize input errors
Turnaround documents
source document control where you stamp entered paper documents set a flag field on processed electronic documents
cancellation of documents
source document control where you scan documents for reasonableness and correctness before entering them into the system
visual scanning
data entry control that checks whether the characters are of the proper type
field check
data entry control where you check if the data has the appropriate sign + or -
sign check
data entry control where you check that the amount doesn’t exceed a maximum value or is below a minimum value
limit check
data entry control where you make sure the amount falls between a particular range
range check
data entry control where the number of characters does not exceed the field size
size check
Data entry control where all required data items have been entered
completeness check
data entry control where program compares id number account number or name entered to a table of valid numbers or names in a database
validity check
data entry control where the logical relationship is correct
reasonableness test
data entry control where the check digit is in the ID number
Check Digit verification
Batch processing controls for data entry data is in proper numerical or alphabetical sequence
sequence check
Batch processing controls for data entry that records information about input or processing errors
error log
Batch processing controls for data entry that have financial totals hash totals or record count
batch totals
online data entry control where system requests each input item and waits for an acceptable response (online completeness check)
prompting
online data entry control where system checks accuracy of input data by retrieving and displaying related information
closed loop verification
online data entry control where system maintains a detailed record of all transactions data
transaction logs
processing controls were two or more items must match before processing can proceed
data matching
processing controls where file labels should be checked to ensure he correct and most current files are being updated
file labels
processing control where batch totals should be recomputed as processing takes place and compared to original batch totals
Recalculation of batch totals
processing control where you compare arithmetic results produced by two different methods to verify accuracy
cross footing
processing control the protect against accidental writing over or erasing of data files
write protection mechanisms
processing control that locks other users out until first user has finished processing
concurrent update controls
output control where users carefully examin output for reasonableness and completness and to assure that they are the intended recipient
user review of output
output control that periodoically all transactions and system updates should be reconciled to control reports or file status/update reports ex. subsidiary ledgers
reconcilation procedures
database totals should periodically be reconciled with data maintained outside the system
external data reconciliation
hash of the file by sender and reciever
checksums
extra bit added to byte to make byte odd or even
parity bits
reliable systems are available for use whenever needed to perform business processes
availability
use physical and logical access controls
properly store magnetic and optical media
use redundant components to provide fault tolerance
use serge protectors and an uninterruptible power supply
properly design computer rooms
train computer operators
conduct security awareness training
install run and update antivirus and antivirus software
scan email cds dvds usb drive and any other removable media for malware
THESE ARE ALL EXAMPLES OF WHAT
Minimizing the risk of system downtime
a plan to recover data processing capacity as smoothly and quickly as possible in the event of an emergency that disables the computer system or destroys the data center
disaster recovery plan
a plan that specifies how to resume all business processes in the event of a major calamity that destroys a company’s main headquarters
business continuity plan
what are the key components of a disaster recovery plan and business continuity plan
data backup procedures provisions for access to replacement infrastructure thorough documentation periodic testing adequate insurance
transmit and store securely both on-site and off-site
create multiple backup copies
maintain two copies of the database in separate data centers and update both copies in real time
real time mirroring
empty building is purchased or leased and prewired for necessary telephone and internet access, also contracts are created so all necessary equipment will be brought in if necessary
cold site
facility that is pre-wired for phone and internet but also contains the essential computing and office equipment
Hot site
what should business continuity plans and disaster recovery plans contain (4)
instructions for notifying the staff
steps to take to resume operations
assignments of responsibilities
detailed operating instructions
how should availability be tested
at least yearly testing to test transfer of actual operations of hot or cold sites and testing of backup restoration
what controls should be taken to protect availability (7)
change requests should be documented and follow a standardized format
all changes should be approved by management
changes should be thoroughly tested prior to implementation
all documentation should be updated to reflect authorized changes
emergency changes must be documented and subjected to a formal review and approval process soon after implementation
back out plans to revert back to original configuration
user rights and privileges need to be carefully monitored during the change process to ensure that proper segregation of duties is mantained
