Information Technology Flashcards
What is an advantage of using generalized audit software packages for a client that has EDP
It allows an auditor to perform audit tests on clients computer files while having only a limited understanding of the client’s IT environment
What is a Hot site
It has a redundant hardware and software ALREADy configured and ready to go so you have continuity of your operations in the event of a disaster
What is the difference between a limit test and a validity test
Limit test - also called a reasonable test - designed to assure that all inputs are in an appropriate range of data ( example - someone can’t enter a birthdate that is before 1900) or enter a date like April 31st
A validity check - this is when data that has been input is compared to a list located permanently in the company. If they do not match the input amount is rejected
Validity and limit tests are both tests that ensure the accuracy of processing - therefore they are both processing controls
What is private key for encryption and what are its disadvantages
It a tiny bit of code that is used in asymmetric encryption used to transform an encrypted message into a readable format
one disadvantage is that both a sender and a receiver must have the key for it to work
Activity logs that indicate failed transactions provide information on what
They provide documentation about the existence of transactions that become part of the audit trail
Its an essential element of the audit trail in an EDI system
What is an integrated test facility and what does it allow you to do
You run fictitious transactions through a client’s system along with the client’s data to make certain that it is receiving the same treatment .
You can compare the actual results to the expected results.
What happens in a parallel simulation
This is when you run the client’s data through an auditor developed software packaged.
Auditor can then compare the results to see if the client’s system processed the data similarly
What is current or concurrency control and an example
This is a control that allows users to access limited resources on a first come - first serve basis and lock out all remaining once capacity has been filled
Example - Airline reservations. Passenger 1 - hits enter 2 seconds before passenger 2 locking 2 out of the last seat
What is a compensating control
this is a tat security measure that compensates for some other security measure that is deemed too difficult or impractical to implement
What is a data entry control?
A data entry control validates data
EDI
- Transactions are all uniformly formatted - using strict standards
- Still will use software maintenance agreement because will need to update the software periodically
- It is regulated by contract law - like all ordinary commerce
- If you use a VAN to do your EDI - value added network - the cost is higher than using the internet because a VAN is privately owned
What does a systems analyst do
They are responsible for the DESIGN of the system
- need to make sure there is adequate documentation so that if the system analyst leaves someone else can follow their work
What is a definition of cloud computing
t is a model that allows organizations to use the internet to access and use services on remote third-party technology infrastructure
what is virtualization
This is a model where several virtual servers run on one physical host.
It is used for rapid application deployment
What is a VPN
Virtual Private Network
Using a VPN you can access network resources from remote locations
What techniques are used to see if all data has been processed
record counts and hash totals
Why and how do you use redundant data checks
Redundant data checks compare datant from two or more files to determine if they match
This is to make sure the computer has read the data properly
How do you use check digit verification
This is one digit in a number that is created from a mathematical formula from other number in the field
It is used to identify inappropriate information in the field - lie a invalid product number
What is an input control and what are examples
An input control are computer controls designed to provide reasonable assurance that transactions are:
- properly authorized before being processed by the computer
- accurately converted before being recorded on the computer
- and that is they are inaccurate are rejected, or corrected
Example - Edit Check - this is used to test the validity of data entered into a program for processing
What is a mirrored web server
This is a complete duplicate of a computer system
- it can be put into service immediately
- it provides the best assurance of service continuity in the event of a natural disaster
Why do you use cryptocurrency - bitcoin
It allows customers to pay for goods or services from a website while maintaining financial privacy
It uses an intermediary so that you do not have to expose any sensitive or private credit or bank account information
What is a sight draft
A sight draft is a type of bill or exchange - the exporter holds the title of the goods transferred until the importer receives and pays for them
What are application controls
These are designed to ensure that an individual computer application or process performs properly
It is particular to a specific process or subsystem
What is a VAN and what does it do
Value added net work - it is privately owned
- it is a way to link different companies computer files together
- It routes datait transactions between trading partners
- It is more expensive that the plain internet because it is private
- its a private data communication system between business partners - because it is private - it is more secure
What is the difference between a cold, hot and warm site for disaster recovery
Cold - space available - but no equipment so will been d computers, and data loaded before operations can begin. It is when there is space available for operations. It would be when the delivery of duplicate computer hardware is prearranged, but not installed or read to operate.
Hot - off site location - completely ready to take over -
Warm site - it contains the hardware and equipment, but no copies of backed up data
What is an ERP system
It is software that integrates all the business processes of an organization and incorporates data from all aspects of the organization’s activities
What are some of the benefits of a EDI system
This is when you electronically transfer funds from one entity to another
- It reduces the time it takes to receive payment
- This shortens the business cycle
- This reduced the average and year-end receivables balances
- must rely more on Internal controls because there is decreased documentation so an auditor will need to increase testing
It uses a an inventory program which can be used to automatically send an order to a supplier when quantities in stock drop below a certain level - so it reduces stock outs
If you want to use the internet as a commercial network what must you do
As a company you need to be concerned about access to company information by unauthorized users - so you need to use firewalls
What are example of preventive, detective and corrective controls
Preventive - access controls to prevent unauthorized individuals from accessing the system
Detective - hash total is a detective contro. Echo check sis one as well (this is when you send the transmitted data back to the point of origin to compare it to the original data)
Corrective - contingency planning - designed to correct an error or irregularity and minimize consequences
What is in a systems specification document
This details what the program will do and how it will operate. Included are the data elements needed of rte program to operate properly
What are the control risks associated with micro computers
- Data and software are generally more accessible in a microcomputer environment so unauthorized individuals can more readily access records and modify software
A micro computer is a small computer like a pc
What are general controls for a computer system
They ensure the integrity of software and data files in the environment where computer systems are developed, maintained, and operated.
Biometric devices are an example
What do you use to detect unauthorized program changes
examine source code or program documentation to see if changes have been made
What is translation software and when is it used
It is needed to convert transactions from the entity’s internal former to a standard EDI format
- electronic data format
- this is a computer to computer exchange of business documents using a standard electronic format between business partners
What is continuity planning
It focuses on how a company can most effectively restore and continue business operations following a disaster
What is capacity planning
this refers to an IT function of optimizing IT infrastructure across the organization
The design if an effective management reporting system
- The types of decisions tpo be made has the biggest impact on the design of a system
- If there is a lot of variability in decisions making the system will need to be more flexible
- most systems are very scalable so the number of transactions, users or regulatory agencies has little impact on the system’s design
What is a systems development life cycle
1 - planning
2 - analysisi
3 - design
4- development
5 - testing
6 - implementation
7 - maintenance
What are some of the risks of ding an audit in an IT environment
Manual intervention - this the ability of someone to alter files by bypassing programs
Over-reliance - this is the risk that results will be accepted when it is the output of an IT system despite lack of support
Access - this is the risk that someone will get access to the system to destroy or alter data
What is COBIT 5
This is the seamless integration of the system for governing IT with the system for governing the enterprise.
This is then applied to all components of the enterprise involved in the processing of information - internally or externally
What is one of the most significant concerns for an auditor evaluating internal controls of an entity that processes sales transactions on the internet
The potential for computer disruptions in recording sales
This could result in unrecorded or unfulfilled sales
What is message encryption software
This is software that encodes messages so that they can only be read by those who know or have a ket.
It increases security but adds costs to the system
What is a three-tired architecture for client/server applications
desktop client
application
database
What is a distributed processing environment -
This is when various processes are performed separately by the individuals responsible for them in their locations and are integrated into a central system
It is most beneficial with large volumes of data are generated at many locations and fast access is required
they avoid time delays associated with sending large amount of data to and from any central location
What is a hash total
It is a number with no intrinsic meaning, but is used solely to determine that all transactions have been recorded
Invoice number added up
A payroll processing system is described as
TPS - Transaction processing system
What is an application firewall and why would you use them
- they offer more control over application access, but are more expensive and difficult to implement
- They allow additional user authentication features that protect programs and data
what is a distributed or cooperative system
This is when there is no system programmer, data entry clerks, or tape librarians
Therefor the user management is the one responsible for making sure there are adequate backups made of software and data files
What are AI info systems that learn from experience
Neural networks - like a brain
Case-based reasoning - its decision are made according to information stored in an archive of past cases - it learns from past experienced
Intelligent agents - Ai system that makes decisions based on rules, but can and will modify the rules as new information becomes available
What are rule - based expert systems
these simply carry out programming commands which are pre-determined by the programmer - DOESNT learn from prior experience
What is a digital signature used for
verify that the SENDER of the message and its content - not the recipient.
What is the greatest risk with an EDI system
The risk that data may be inadvertently transmitted to unauthorized or improper users
What are the responsibility of a system analyst
the installation and operating system upgrades
- the development of application programs
What are the responsibilities of a net work administrator
partially responsible of rte design and implementation is security policies
- overseeing the day to day operations of the businesses networks
- this would include eh managing of remote access in a multinational organization
What is online processing
This involves processing transactions and updating files as the transactions occur and provide information on a timely basis
- because it is entered as the transaction occurs -it will always be complete
- this is why inline processing provides the most accurate and complete information for decision making
What is the test data approach
This involves running data compiled by the auditor through the client It system , under the auditors control
The datant will have errors and be used to determine if the client’s IT system will deal with them appropriately
only those error you are interest in are included - not all conditions
What is an executive support system
Executive support systems provide senior executives with access to internal and relevant external information to assist with making non-routine decisions involving competitors, acquisitions, and business cycles.
What duties should be separated in an IT system
authorization (develop or authorize a program)
data entry (recording)
custody - access to outputs
When would you use a sequence check
This is used to validate for a correct expected sequence of numbers in an entry. example - renumbered payroll checks
updating and maintaining an operating system and compilers is the responsibility of who?
A systems programmer
What is a compiler
It is a program that converts instructions into a chosen-code form so that they can be read and executed by a computer
Why would you use bar codes to record info on parts used by the manufacturer
It will reduce costs and times involved in tracing and recording the use of parts in the manufacturing process
What do you do in mapping
This is used to determine which elements correspond to the standards in eh EDU system
When do you use decoding and translation
This is part of the process to convert the data into the appropriate form to enable the transaction
What is job control language and how is it used
- This is used in the computer’s operating system to perform scheduling, resource allocation, and data retrieval functions
Its the set of instructions for how to go about doing this
What is a characteristic of an audit when the clients financial data is mostly electronic
the auditor would be concerned with the system as well as the individual transactions - therefore audit tests would be performed on a continuous basis - there would be less distinction between the phases of the audit
What are logical views
This is the architectural view of the design of a system
It is a box an arrow system to see how functions within the system are connected - very high level
What kind of segregation of duties should an applications programmer have
authorization -
Example: coding approved changes to a payroll system
What does an online analytical processing system do
This enables users to interactively analyze data through operations such as consolidations, drill -down etc.
What is message authentication
This protects the confidentiality of data by making sure that only authorized users have access and encryption
Id a system uses encryption - the system is stronger if the exception is done by physically secure hardware devices
Why is an inventory subsidiary file likely to be a master file
Because it contain information that remains relatively consistent over time
What are transactions files and examples
Payroll is an example of a transaction file or detail file - they contain information over a given period
Cash disbursement is another example
Cash receipts - same as well
What is a digital certificate
It is an electronic document that is used to identify an individual.
It authenticate the web credentials of the sender and lets the recipient know the data is from a trusted source
What do you do when you assess EDP control risk
Assessing EDP control risk is a matter that requires the application of judgement
It is not performed by software
What is control reprocessing
This is when you run a client’s data through the client’s program using the auditors computer to verify that it is operating as indicated by the client
What are example of when you would use test data ti test controls
- to check for missing employee numbers
- Agreement of hours per clock cards
- Time tickets with invalid job numbers
You would not use test data to check for proper approval of overtime by supervisors
What is a parity check
It is a hardware control that makes certain that each piece of data has the appropriate odd or even number of data components or data bits
What is the objective of data security control
It is to protect the data
such as making sure the data is stored properly and is protected for unauthorized change or destruction
What do systems analyst do
they examine problems and recommend an coordinate the development of solutions
What is the primary purpose of a DBMS - stat base management system
The ability to access, summarize, create, and modify information contained in an electronic database
Colter Corp. is conducting an analysis of a potential capital investment. The project is expected to increase sales by $100,000 and reduce costs by $50,000 annually. Depreciation expense is $30,000 per year. Colter’s marginal tax rate is 40%. What is the annual operating cash flow for the project?
102000
By increasing income by $100,000 and decreasing costs of $50,000, the project will increase annual cash inflow by $150,000.
With depreciation of $30,000 per year, the increase in taxable income will be $120,000 per year, resulting in additional income taxes of $120,000 x 40% or $48,000. The annual operating cash flow for the project is therefore $150,000 - $48,000, or $102,000.
Tam Co. is negotiating for the purchase of equipment that would cost $100,000, with the expectation that $20,000 per year could be saved in after-tax cash costs if the equipment were acquired. The equipment’s estimated useful life is 10 years, with no residual value, and would be depreciated by the straight-line method. Tam’s predetermined minimum desired rate of return is 12%. Present value of an annuity of 1 at 12% for 10 periods is 5.65. Present value of 1 due in 10 periods at 12% is .322.
5.0
To calculate an internal rate of return, Tam must determine the interest rate at which the present value of the after-tax cash savings of $20,000 per year for 10 years is equal to the initial investment of $100,000. The formula for calculating the present value is:
$20,000 x factor = $100,000 or factor = $100,000/$20,000 = 5.0
The factor on a table of present values, Tam will select the rate at which the factor, for 10 periods, is closest to 5.0.
An entity is examining potential investments and notes that 1-year maturity yields are higher than those for 10-year maturities. Which of the following explanations for this occurrence is best?
The short-term investments have higher liquidity and therefore carry a higher rate of interest.
The short-term investments carry a more immediate default risk premium resulting in higher rates of return.
The long-term instruments provide a longer stream of investment income and therefore carry a lower rate of return.
Investors are expecting reduced inflation in the future as reflected in the lower long-term returns.
Typically, long-term yields are greater than short-term yields due to a maturity premium.
If investors expect low inflation in the future, the reduced or eliminated inflation premium may offset the maturity premium.
Investments with higher liquidity typically carry a lower rate of return than investments with low liquidity.
Long-term investments can have immediate default risk.
Long-term investments typically have a higher rate of return to compensate the investor for tying up the funds for longer than short-term investments.
A company uses its fixed assets of $1,000,000 at 95% capacity to generate sales of $2,000,000. The company wishes to generate sales of $3,000,000. What amount of additional fixed assets must be acquired, assuming that all fixed assets will operate at maximum capacity?
425000
The cost of debt most frequently is measured as
Actual interest rate adjusted for inflation
Actual interest rate plus a risk premium
Actual interest rate
Actual interest rate minus tax savings
actual interest rate minus tax savings
Which of the following performance measures may lead a manager of an investment center to forgo investments that could benefit the company as a whole?
Residual income.
Return on investment.
Profitability index.
Economic value added.
ROI
A performance measure that could lead a manager to forgo a profitable investment would focus on profit percentage instead of absolute profit.
Return on investment (ROI) measures the profitability of an investment in relation to the average invested capital.
An investment may be profitable, but if the investment would decrease the company’s overall ROI it may be forgone.
A lender and a borrower signed a contract for a $1,000 loan for one year. The lender asked the borrower to pay 3% interest. Inflation occurred and prices rose by 2% over the next year. The borrower repaid $1,030. What is the amount worth in real terms, after inflation?
At a rate of inflation of 2%, $102 dollars at the end of the period are equivalent to $100 at the beginning. As a result, $1,030 at the end of the year would be equivalent to $1,030 x 100/102 or $1009.89.
Para Co. is reviewing the following data relating to an energy saving investment proposal:
Cost $50,000
Residual value at the end of 5 years $10,000
Present value of an annuity of $1 at 12% for 5 years 3.60
Present value of $1 due in 5 years at 12% 0.57
What would be the annual savings needed to make the investment realize a 12% yield?
In order to realize a 12% yield, the present value of the annual savings for 5 years plus the present value of the residual value at the end of 5 years, both discounted at 12%, must be equal to the $50,000 investment. The present value of the residual value at the end of 5 years is $10,000 x .57 = $5,700. As a result, the present value of the annual savings for 5 years must be equal to the difference of $50,000 - $5,700 or $44,300. Since the present value factor for an annuity for 5 years at 12% is 3.60, the annual savings would be $44,300/3.60 = $12,306 to realize a 12% yield.
