Information Technology (M41) Flashcards
This processes data and transactions to provide users with the information they need to plan, control, and operate an organization
An Information System
T/F
Overall, manual accounting systems have been replaced by computerized accounting information systems
TRUE
These are designed to improve productivity by supporting daily work of employees (Word, Excel, Email, etc.)
Office Automation Systems
This involves the daily processing of transactions (payroll recording, cash receipts, cash disbursements)
Transaction Processing Systems
This is designed to help with the decision-making process by providing access to computer data
Management Reporting Systems
This is an example of a management reporting system that is designed to provide past, present, and future information for planning, organization, and controlling the operations of the organization
Management Information Systems
This is an example of a management reporting system that is computer-based and combines models and data to resolve non-structured problems with extensive user involvement
Decision Support Systems
This is an example of a management reporting system that is computer-based and applies reasoning methods to data in a specific relatively structured area to render advice or recommendations
Expert Systems
This is an example of a management reporting system is a computerized system that is specifically designed to support executive work
Executive Information Systems
What are the phases in a Systems Development Lifecycle (SDLC)
(7 Phases - PADDTIM)
1) Planning
2) Analysis
3) Design
4) Development
5) Testing
6) Implementation
7) Maintenance
This is a type of testing under the testing phase (in a systems development lifecycle) that involves testing the pieces of code
Unit Testing
This is a type of testing under the testing phase (in a systems development lifecycle) that involves testing of the integration of the units/pieces of code into a system
System Testing
This is a type of testing under the testing phase (in a systems development lifecycle) involves testing where the separate systems can work together
Integration Testing
This is a type of testing under the testing phase (in a systems development lifecycle) which determines whether the system meets the business requirements and enables users to perform their jobs efficiently and effectively
User Acceptance Testing
This is a type of implementation under the implementation phase (in a systems development lifecycle) that uses two systems (old and new) until it is determined that the new system is operating properly
Parallel Implementation
This is a type of implementation under the implementation phase (in a systems development lifecycle) that ceases the old system and begins using the new system immediately
Plunge Implementation
This is a type of implementation under the implementation phase (in a systems development lifecycle) that involves having a small group of individuals using the new system until it is seen to be working properly
Pilot Implementation
This is a type of implementation under the implementation phase (in a systems development lifecycle) that involves installing the system in a series of waves
Phased Implementation
The advantage of this implementation is that there is less risk of system disaster
Parallel Implementation
The disadvantage of this implementation is the additional work and cost during the implementation period
Parallel Implementation
It is VERY expensive to keep both systems running
The advantage of this implementation system is that it isn’t very costly
Plunge Implementation
The disadvantage of this implementation system is that it has high risk of system disaster
Plunge Implementation
The advantage of this implementation system is that it provides a partial operational test of the new system at a lower cost
Pilot Implementation
The costs are much lower than the Parallel Implementation where both systems are being used across the board.
In which phase of the SDLC would the activity of identifying the problem(s) that need to be solved most likely occur?
Planning Phase
List the 5 types of computers in order of largest/highest power to smallest/lowest power
1) Supercomputers
2) Mainframe Computers
3) Servers
4) Microcomputers (desktops/laptops)
5) Tablets/Smart Phones/PDAs
What are 4 categories of hardware?
1) Central Processing Unit (CPU)
2) Secondary Storage
3) Input Devices
4) Output Devices
What is the slowest & therefore cheapest form of secondary storage hardware, which is used primarily for archiving purposes
Magnetic Tape
What type of secondary storage hardware is similar to a USB drive?
Solid State Drives (SSDs)
What type of secondary storage hardware is also known as “Storage as a Service” (SaaS), hosted offsite, and is accessed via the internet?
Cloud-Based Storage
What is the most common secondary storage hardware medium used today?
Magnetic Disks (hard drives)
What is the difference between Digital & Analog?
Digital is read in binary (0s & 1s)
Analog is read using electrical, mechanical, hydraulic, or pneumatic devices to transmit the fluctuations in a signal
What type of secondary storage device requires no moving parts for read/write operations?
Solid State Drives
Another term for cloud-based storage is
Storage-as-a-Service (SaaS)
This is a program that controls the display for a user (usually on a computer monitor that allows the user to interact with the system
a Input Interface
This uses icons, pictures, and menus instead of text for inputs (classic example: Windows)
Graphical User Interface (GUI)
These are documents that are sent to the customer and returned as inputs
Turnaround Documents
What is a classic example of a turnaround document?
a Remittance Advice
A good example of a point-of-sale recorder is…
A cash register
T/F
Point of Sale Recorders are generally wireless
FALSE
They usually have a wire connection
What is a good example of a Radio Frequency Identification (RFID)
A toll road that reads the toll card in a person’s card and charges it as they drive by
T/F
RFID is a wireless input device that is used for inventory control and similar to bar-codes technology but does not require line-of sight access
TRUE
What are the 4 common output devices?
1) Monitors
2) Printers
3) Plotters
4) Computer Output to Microfilm or Microfiche (COM)
What is the most common output device?
Monitors
This is a systems software that manages the input, output, processing, and storage devices and operations of a computer
an Operating System
This is a systems software that handles common file, data manipulation, and other “housekeeping” tasks
Utility Programs
This is a systems software that controls and supports transmission between computers, computers and monitors, and accesses various databases
Communications Software
What is the difference between a low-end and high-end application software?
Low-End is all in one package, designed for small organizations.
High-End is ordinarily in Modules
This is an applications software that is designed as a relatively complete information system
Enterprise Resource Planning (ERP)
What is the difference between multiprocessing and multitasking?
Multiprocessing is the simultaneous execution of two or more tasks, usually by two or more CPUs that are part o the same system
Multitasking is the simultaneous processing of several jobs on one computer
List the programming languages in order of 1st generation to 5th generation
1) Machine Language (Binary)
2) Assembly Language
3) “High-Level” Programming language
4) “Application-Specific Languages”
5) Visual or Graphical Interfaces
What are examples of a high-level, 3rd generation programming language?
COBOL, C++, Java
This is a review of a program by a programmer for errors before the program is run and debugged on the computer
Desk Checking
This finds and eliminates errors in a computer program.
Debug
This is a set of program instructions performed repetitively a predetermined number of times, or until all of a particular type of data has been processed
Loop
This is a listing of the contents of storage
Memory Dump
This is a section of coding inserted into a program to correct a mistake or to alter a routine
Patch
This is a complete cycle of a program including put, processing, and output
Run
What is a big pro for batch processing as opposed to online real-time processing
a Batch leaves a relatively easy-to-follow audit trail
T/F
Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because the processing of transactions in a batch system is not uniform
FALSE
The processing of transactions in a batch system usually IS uniform
T/F
Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because there are time delays in processing transactions in a batch system
TRUE
T/F
The posting of a transaction as it occurs, to several files, without intermediate printouts, is a characteristic of a batch processed computer system
FALSE
T/F
The production of numerous printouts is a characteristic of a batch processed computer system
TRUE
T/F
The keypunching of transactions, following by machine processing is a characteristic of a batch processed computer system
TRUE
T/F
The collection of like transactions which are sorted and processed sequentially against a master file is a characteristic of a batch processed computer system
TRUE
This is a subject-oriented, integrated collection of data used to support management decision making processes
Data warehouse
What is the difference between a data warehouse and a data mart?
a Data Mart is a data warehouse that is limited in scope
he online analytical processing term that represents a combination of systems that help aggregate, access, and analyze business data and assist in the business decision-making process is
Business Intelligence
This uses sophisticated techniques from statistics, artificial intelligence and computer graphics to explain, confirm, and explore relationships among data which is stored in a data warehouse or data mart
Data Mining
Processing can be ______, _____, or _______
Centralized
Decentralized
Distributed
What is the difference between a Bit and a Byte
Bit - a binary digit (0 or 1)
Byte - A group of adjacent bits (usually 8)
This is the smallest storage unit in a computer
Bit
This is a group of related characters (Example, SSN)
Field
This is an ordered set of logically related fields (for example, a payroll file for one employee)
Record
This is a group of related records (for example, all weekly pay records YTD)
File
A group of related records in a relational database with a unique identifier in each record
Table
This is a group of related files or a group of related tables
Database
This type of system focuses upon data processing needs of individual departments. Each application program or system is developed to meet the needs of the particular requesting department or user group
Traditional File Processing Systems
This is computer hardware and software that enables the databases to be implemented
Database System
This is software that provides a facility for communications between various applications programs and the database
Database Management System
This concept separates the data from the related application programs
Data Independence
This is the process of identifying and organizing a database’s data, both logically and physically
Data Modeling
This is the field that makes a record in a relational database table unique
Primary Key
This is the field that is common to two or more related tables in a relational database
Foreign Key
This is a data model designed for use in designing accounting information databases
REA Data Model
What does REA stand for in the REA data model?
R - Resources
E - Events
A - Agents
These are identifiable objects that have economic value
Resources
These are an organization’s business activities
Events
These are people or organizations about which data is collected
Agents
What are the three methods of backup and recovery?
1) Backup of Database & Logs of Transactions
2) Database Replication
3) Backup Facility
This is a computer network that is centered around an individual and the personal communication devises they use
Personal Area Networks (PANs)
This is a privately owned network within a single building or campus of up to a few miles in size
Local Area Networks (LANs)
This is a larger version of a LAN. It might include a group of nearby offices within a city
Metropolitan Area Network (MAN)
These are networks that span a large geographical area, often a country or continent.
Wide Area Networks (WAN)
These are languges used to create and format documents, link documents to other web pages, and to communicate between web browsers
HTML - Hypertext Markup Language
XML - Extensible Markup Language
_____ is increasingly replacing _____ in internet applications due to its superior ability to tag and format documents that are communicated among trading partners
XML
HTML
SQL is used to ____
Query a Database
Internetwork communication requires the use of a common set of rules, ____, and _____
Protocols (TCP)
Shared Routing Systems (IP)
This is the primary internet protocol for data communication on the World Wide Web
HTTP - Hypertext Transfer Protocol
This is a standard for finding a document on the internet
URL - Uniform Resource Locator
A framework for acessing linked resources
WWW - World Wide Web
This provides the user with the ability to locate and display web resources. Examples include Firefox, Chrome, & Internet Explorer
Web Browser
This is an XML application that facilitates the sharing and syndication of web content, by subscriptio
RSS (Really Simple Syndication)/Atom Feeds
This is a web page diary or bulletin board
Blog
What does Wiki stand for?
What I Know Is
This is a micro variation of a blog
This is a number that identifies a machine as unique on the internet
IP Address
This is an entity that provides access to the internet
ISP - Internet Service Provider
This basic communication language or protocol of the internet has two layers
TCP/IP (Transmission Control Protocol/Internet Protocol)
What is the higher layer in TCP/IP?
The higher layer assembles messages or files into smaller packets that are transmitted over the internet
What is the lower layer in TCP/IP?
The lower layer assigns IP addresses and insures that messages are delivered to the appropriate computer
This is a malicious, security-breaking program that is disguised as something benign, such as a game, but is actually intended to cause IT damage
Trojan Hourse
This is a program that propagates itself over a network, reproducing itself as it goes
Worm
This states that the end user is responsible for the development and execution of the computer application that generates the information used y that same end user
End-User Computing (EUC)
This is the conversion of data into a form called a cipher text, that cannot be easily understood by unauthorized people
Encryption
This is the process of convertng encrypted data ack into its original form so it can be understood. The conversion is performed using an algorithm and key which only the users control
Decryption
This is a detailed sequence of actions to perform to accomplish some task
Algorithm
In the content of encryption, a value that must be fed into the algorithm used to decode an encrypted message in order to reproduce the original plain text
Key
This is an encryption system in which both the sender and receiver have access to the electronic key but do not allow others access
Private Key System
What is the primary disadvantage for a private key system?
Both parties must have the key
T/F
The use of message encryption software reduces the need for periodic password changes
FALSE
T/F
The use of message encryption software increases system overhead
TRUE
T/F
The use of message encryption software requires manual distribution of keys
FALSE
This process can be automated
T/F
The use of message encryption software guarantees the secrecy of data
FALSE
NOTHING guarantees the secrecy of anything
Controls must exist over the origin, proper submission, and proper delivery of EDI communications.
Autentication
This is a block of data that is transmitted from one computer to another. It contains data and authentication information.
Packet
This is the electronic exchange of business transactions, in a standard format, from one entity’s computer to another entity’s computer through an electronic communications network
Electronic Data Interchange (EDI)
T/F
Increased reliance upon third parties is considered an exposure involved with EDI systems as compared to other systems
TRUE
T/F
Possible loss of confidentiality of information is considered an exposure involved with EDI systems as compared to other systems
TRUE
T/F
Delayed transaction processing time is considered an exposure involved with EDI systems as compared to other systems
FALSE
T/F
Increased reliance upon computer systems is considered an exposure involved with EDI systems as compared to other systems
TRUE
_______ is a framework to assist enterprises in achieving their objectives for governance and management of enterprise IT
COBIT - Control Objectives for Information and Related Technology
Who developed COBIT?
ISACA - Information Systems Audit & Control Association
What is the current version of COBIT?
COBIT 5
What are the 5 principles of COBIT 5? (MCAES)
1) Meeting stakeholder needs
2) Covering the enterprise end-to-end
3) Applying a single integrated framework
4) Enabling a holistic approach
5) Separating governance from management
These factors individually and collectively influence whether something will work in an organization
COBIT Enablers
What are the 7 COBIT Enablers? (POCPISP)
1) Processes
2) Organizational Structures
3) Culture/ethics
4) Principles & Policies
5) Information
6) Services
7) People’s skills
What are the five principles of a reliable Trust System?
1) Security
2) Availability
3) Processing Integrity
4) Online Privacy
5) Confidentiality
This means that the system is protected against unauthorized use, both physical and logical
Security
This means that the system is available for operation and use as committed or agreed. The system is available for operation and use in conformity with the entity’s availability policies
Availability
This means that system processing is complete, accurate, timely, and authorized
Processing Integrity
This means that personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed
Online Privacy
This means that information designated as private is protected as committed or agree
Confidentiality
T/F
Internal control is ineffective when computer department personnel provide physical security for program files
FALSE
T/F
Internal control is ineffective when computer department personnel originate changes in master files
TRUE
Only a user should be able to change master files
T/F
Internal control is ineffective when computer department personnel design documentation for computerized systems
FALSE
T/F
Internal control is ineffective when computer department personnel participate in computer software acquisition decisions
FALSE
What are the five steps in the system development life cycle?
1) Software Concept
2) Requirements Analysis
3) Architectural Design
4) Coding & Debugging
5) System Testing
This person is responsible for maintaining the database and restricting access to the database to authorized personel
Database Administration
This person is responsible for the daily computer operations of both the hardware and the software
Data Operator
This person is responsible for custody of the removable media and for the maintenance of program and system documentation
Data Librarian
For the CPA Exam, remember that (at a minimum) an attempt should be made to segregate what 3 key functions in a small computer environment?
1) Programming
2) Operations
3) Library
What is the difference between a systems programmer and a applications programmer
The Systems programmer is responsible for implementing, modifying, and debugging the software necessary for making the hardware work.
The Applications programmer is responsible for writing, testing, and debugging the application programs from the specifications provided by a systems analyst.
These control program development, program changes, computer operations, and access to programs and data.
Computer General Control Activities
These control activities relate to specific computer applications and are embedded in the computer program used in the financial reporting system
Programmed Control Activities
These control activities involve employee follow-up of items listed on computer exception reports.
Manual Follow-Up of Computer Exception Reports
Programmed Control Activities and Manual Follow-Up of Computer Exception Reports are examples of….
Computer Application Control Activities
A control feature in an electronic data processing system requires the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of hardware control is referred to as ….
Echo Control/Echo Check
Under this computer control, a special bit is added to each character that can detect if the hardware loses a bit during the internal movement of a character
Parity Check
This is a specialized form of user identification in which the user dials the system, identifies themselves, and is disconnected from the system before being called back
Call Back
This is a control total where the total is meaningless for financial purposes (for example, a mathematical sum of employee SSNs)
Hash Total
This is a test of the reasonableness of a field of data, given a predetermined upper and/or lower limit
Limit/Reasonableness Test
This is a control that allows only “valid” transactions or data to be entered into the system
Validity Check
This is a control that limits the types of characters accepted into a specific data field
Field Check
This is a control that searches for blanks inappropriately existing in input data
Missing Data Check
This is a control of an exact number of characters to be input
Field Size Check
What are the four things a disaster recovery and business continuity plan should allow the firm to do?
1) Minimize the disruption, damage, and loss
2) Establish an alternate temporary method for processing information
3) Resume normal operations as quickly as possible
4) Train and familiarize personnel to perform emergency operations
