Final Questions Flashcards
Best describes the purpose of a BPMN collapsed sub-process?
Contain a series of activities that are hidden from view
Access Control
limit to who can use and change records in the system (example: passwords control who can use an application)
Accounts Receivable
monies owed by customers for prior sales of goods or services. In data modeling context, AR are calculated as each customer’s sales less corresponding cash receipts
Agents
the people or organizations who participate in business events such as customers and salespeople
Application controls
ensure data integrity and an audit trail (for example: new invoices are assigned sequential numbers)
Cash
organization’s monies in bank or related accounts. the instances of the class are individual accounts. considered a resource
cash receipts
record receipts of cash from external agents (customers) and the corresponding deposit of those receipts into cash accounts. Considered an event
Choreography
the interaction (message flows) between two participants (modeled as pools) in a process modeled using BPMN
Collaboration
A BPMN model showing two participant pools and the interactions between then within a process
Customer
the external agent in the sales and collections process
error event
an intermediate event in a BPMN model showing processing for exceptions to the normal process flow
Events
classes that model the organization’s transactions, usually affecting the organization’s resources such as sales and cash receipts
Many-to-many relationship
exists when instances of one class (sales) are related to many instances of another class (inventory) and vice versa. these relationships are implemented in Access and relational databases by adding a linking table to convert the many-to-many relationship into two one-to-many relationships
one-to-many relationships
exists when instances of one class are related to multiple instances of another class (example: a customer can participate in many sales but each sale involves only one customer)
Orchestration
In BPMN, the sequence of activities within one pool
Product
class representing the organization’s goods held for sales, that is, the organization’s inventory. considered a resource
Quote
description of the products and/or services to be provided to a customer if ordered
REA
resource-event-agent framework for modeling business processes, originally developed by William McCarthy
Sales
Events documenting the transfer of goods or services to customer and the corresponding recognition of revenue for the organization
Sales order
event documenting commitments by customers to purchase products. the sales order event precedes the economic event (sale)
Subprocess
represent a series of process steps that are hidden from view in BPMN. the sue of subprocesses in modeling helps reduce complexity
type image
class that represents management information (such as categorizations, policies, and guidelines) to help manage a business process. Type image often allows process information to be summarized by category
Access point
logically connects stations to a firm’s network
Audit around the computer (or black-box approach)
auditors test the reliability of computer generated information by first calculating expected results from the transactions entered into the system. Then, auditors compare these calculations to the processing or output results
Audit through the computer (or white box approach)
requires auditors to understand the internal logic of the system/ application being tested
computer-assisted audit techniques (CAATs)
essential tools for auditors to conduct an audit in accordance with heightened auditing standards
continuous audit
preforming audit-related activities on a continuous basis
data governance
the convergence of data quality, data management, data policies, business process management and risk management surrounding the handling of data in a firm
Data mining
a process of using sophisticated statistical techniques to extract and analyze data from large databases to discern patterns and trends that were not previously known
Data warehouse
a collection of information gathered from an assortment of external and operations (internal) databases to facilitate reporting from decision making and business analysis
Database
A shared collection of logically related data for various uses
Database system
a term typically used to encapsulate the constructs of a data model, database management system (DBMS) and database
embedded audit module
a programmed audit module that is added to the system under review
Firewall
a security system comprised of hardware and software that is built using routers, servers and a variety of software
generalized audit software (GAS)
frequently used to perform substantive tests and sued for testing of controls through transactional data analysis
hub
contains multiple ports
integrated test facility (ITF)
an automated technique that enables test data to be continually evaluated during the normal operation of a system
local area network (LAN)
a group of computers, printers, and other devices connected to the same network that covers limited geographical range such as a home, small office or a campus building
MAC (media access control) address
a designated address that is connected to each device via the network and only sees trafic
operating system (OS)
performs the tasks that enable a computer to operate; comprised of system utilities and programs
operational database
often includes data for the current fiscal year
parallel simulation
attempts to simulate the firm’s key features or processes
remote access
connection to a data-processing system from a remote location (through a virtual private network)
Router
software-based intelligent device that chooses the most efficient communications path through a network to the required destination
Station
a wireless endpoint device equipped with a wireless network interface card
Switch
an intelligent device that provides a path for each pair of connections on the switch by storing address information in its switching tables
Test data technique
uses a set of input data to validate system integrity
virtual private network (VPN)
securely connects a firm’s WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople and business partners
Wide are network (WAN)
links different sites together; transmits information across geographically dispersed LANs; and covers a broad geographic area such as a city, region, nation or an international link
Wireless network
comprised of two fundamental architectural components: access points and stations
Another name for data warehousing is data mining.
a. True b. False
False
Data warehousing refers to the short-term storage of large amounts of data for an entire enterprise.
a. True b. False
False
An operating system handles input and output to and from attached hardware devices, such as hard disks, printers, and dial-up ports and sends messages to each application or interactive user about the status of operation and any errors that may have occurred.
a. True b. False
True
Which of the following is not a function of generalized audit software?
a. To aid in the random selection of transactions for substantive testing. b. To run in parallel with the client's application software and compare the output. c. To test the mathematical accuracy by footing and cross-foot items in the accounting system. d. To keep an independent log of access to computer application software.
D
Which of the following is not a computer-assisted audit technique?
a. Test data b. Tagging and lagging c. Integrated test facility d. Parallel simulation
B. Tagging and Lagging
When would “auditing around the computer” be appropriate?
a. When significant controls over the computer system are adequate. b. When significant controls over the computer system are not required. c. It is never appropriate to audit around the computer.
B
: A virtual private network (VPN) sends encrypted messages though public Internet service providers.
a. True b. False
True
A _____ is a type of network equipment that directs information or data to transmit over the Internet.
a. Server b. Router c. Firewall d. Switch
B. Router
A ____ is a network with security and controlled access for a private group but built on top of a public network.
a. Wide area network. b. Virtual organization. c. Middleware network. d. Virtual private network.
d. Virtual private network.
Common IT techniques that are needed to implement continuous auditing include:
a. Database management systems b. Computer-assisted audit techniques (CAATs) c. Data warehouses d. All of the above
All of the above
Which of the following best describes the purpose of a balanced scorecard?
a. Mission statement b. Performance measurement framework c. Strategy map d. Budgeting document
b. Performance measurement framework
balanced scorecard framework
provides an integrating framework that describes organizational performance relative to its strategic objectives across four perspectives: learning and growth, process, customer, and finance. Objectives for each perspective describe the strategy in a series of cause-and-effect relationships
Balanced scorecard management process
the process by which companies plan, implement and monitor performance. It consists of five steps: formulate the strategy, translate the strategy, link the strategy to operations, monitor performance and adapt
Customer perspective
the balanced scorecard perspective that describes the organization’s customer related objectives and corresponding customer measures; it views organization performance from the customers’ perspective
enterprise IT (EIT)
a type of information technology that restructures interactions within an organization and with external partners, such as customer relationship management systems
financial perspective
the balanced scorecard perspective that describes the organization’s financial objectives and corresponding financial measures of performance; it views organizational performance from the shareholders’ perspective
function IT (FIT)
a type of information technology that performs/supports a single function, such as spreadsheet applications
information capital
an intangible asset that reflects the readiness of the company’s technology to support strategic internal processes. it includes computing hardware, infrastructure, applications and employees’ abilities to use technology effectively
key performance indicator
those measures that the organization feels best indicates the performance of a particular activity
learning and growth perspective
the balanced scorecard perspective that describes the organizations’ objectives and corresponding measures related to improvements in tangible and intangible infrastructure, such as human, information, and organizational capital
network IT (NIT)
a type of information technology that allows people to communicate with one another such as e-mail and instant messaging
process perspective
the balanced scorecard perspective that describes the organizations’ internal, process-related, objectives and corresponding measures; it views organizational performance from an internal perspective
strategy map
a one-page representation of the firm’s strategic priorities and the cause-and-effect linkages to those strategic priorities
value proposition
represents the product and service characteristics, such as price, quality, selection and brand image that the firm attempts to deliver to customers to meet or exceed customers’ expectations and thereby result in customer retention and new customer acqusition
accounting rate of return (ARR)
the average annual income from the IT initiative divided by the initial investment cost
acquisition costs
all direct and indirect costs necessary to acquire and implement the IT initiative
alignment risk
the risk that an IT initiative is not aligned with the strategy of the organization
benefits
the positive consequences to the organization of an IT investment
breakeven analysis
determines the breakeven point, where the total value of benefits is equals that of total costs
business case
economic justification for an IT investment or other major project
change risk
the risk that the organization will be unable to make the changes necessary to implement the IT initiative successfully
economic justification process
the process by which an organization creates a business case for an IT investment or other major project
financial risk
the risk that the IT investment will not deliver expected financial benefits
internal rate of return (IRR)
the discount rate (return) that makes a project’s net present value equal to zero
net present value (NPV)
the sum of the present value of all cash inflows minus the sum of the present value of all cash outflows related to an IT investment or other capital investment
operation cost
the recurring cost necessary to operate, maintain and administer an IT initiative
payback period
the amount of time necessary to recoup a project’s initial investment
project risk
the risk that the project will not be completed on time or within budget
relevant costs
those costs that will change as a result of an IT initiative or other major project
solution risk
the risk that the proposed solution will not generate expected benefits
technological risk
the risk that the technology will not perform as expected to deliver the planned benefits
value proposition
summarizes the costs and benefits of a preferred alternative IT investment, describing (1) the relevant time frames that the costs will by incurred and benefits realized, (2) the corresponding discount rates to apply future cash flows and (3) the sensitivity of the results to assumptions
100% rule
a rule operation percent planning of all tasks, including all of the internal, external and interim tasks
15-15 rule
a rule suggesting that if a project is more than 15% over budget or 15% off the planned schedule, it will likely never recoup the time or cost necessary to be considered successful. at this point a decision needs to be made on if or how to proceed from that point on
analysis phase
the phase of the SDLC involves a complete, detailed analysis of the systems needs of the end user as well as a proposed solution
critical path
the longest path for a project and represents the minimum amount of time needed for the completion of the project when sufficient resources are allocated
design phase
the phase of the SDLC that involves describing in detail the desired features of the system that were uncovered in the analysis phase
Gantt chart
a graphical representation of the project schedule that maps the tasks to a project calendar
implementation phase
the phase of SDLC that involves development, testing and implementation of the new proposed system
maintenance phase
the final phase of the SDLC that includes making changes, corrections, additions and upgrades (generally smaller in scope) to ensure the system continues to meet the business requirements that have been set out for it
perceived ease of use
the extent to which a person perceives that the use of a particular system will be relatively free from effort
perceived usefulness
the extent to which users believe the system will help them perform their job better
planning phase
the phase of SDLC that summarizes the business needs with a high-level view of the intended project
Program Evaluation Review Technology (PERT)
a project management tool used to help identify all tasks needed to complete a project. it is also helpful in determining task dependencies
project
a series of tasks that are generally performed in a defined sequence to produce a predefined output
project management
the process of carrying out the system development life cycle to achieve an intended outcome
project manager
the lead member of the project team who is responsible for the project
project sponsor
generally a senior executive in the company who takes responsibility for the success of the project
scope creep
the change in a project’s scope after the project work has started
systems analyst
person responsible for both determining the information needs of the business and designing a system to meet those needs
systems development life cycle (SDLC)
the process of creating or modifying information systems to meet the needs of its users. it serves as the foundation for all processes people use to develop such systems
technology acceptance model (TAM)
a model that predicts when users will adopt a new system to the extent they believe the system will help them perform their job better
triple constaint
three factors that constrain information technology and other projects: cost, scope and time. also known as Dempster’s triangle
work breakdown structure (WBS)
the process of identifying all tasks needed to complete a project