Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS 414 > IS 414 CH. 10 > Flashcards

IS 414 CH. 10 Flashcards

1
Q

What is the chapter about

A

Processing Integrity

Processing Availability Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Processing Integrity

A

states that a reliable system is one that produces information that is accurate, complete, timely, and valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is essential for processing integrity (application controls)

A

input, processing, and output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Input (threats/risks and controls)

A

If the data entered into a system are inaccurate, incomplete, or invalid, the output will be too. Only authorized personnel acting with their authority should prepare source documents. Forms design, cancellation, and storage of source documents and automated data entry controls are needed to verify the validity of input data.

Threats/Risk: Data that is
-invalid, unauthorized, incomplete, and inaccurate

Controls: Forms design, cancellation and storage of documents, authorization and segregation of duties controls, visual scanning, data entry controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Forms Design

A

Source documents and other should be designed to minimize that chances for errors and omissions. Two form design controls include:

  • sequentially prenumbering source documents
  • using turnaround documents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Prenumbered source document

A

prenumbering improves controls by making it possible to verify that no documents are missing
the program should be programmed to identify and report missing or duplicate source documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Turnaround document

A

-is a record of company data sent to an external party and then returned by the external party for subsequent input into the system
-are prepared in machine readable form to facilitate their subsequent processing as input records
(Ex: Utility bill that a special scanning device reads when the bill is returned with a payment)
-they improve accuracy by eliminating the potential for input errors when entering data manually

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cancellation and Storage of source documents

A

-source documents that have been entered into the system should be cancelled so they cannot be accidentally or fraudulently reentered into the system
-paper documents should be defaced (ex: stamping them “paid”)
-electronic documents can be “cancelled” by setting a flag field to indicate that the document has already been processed
(Cancellation DOES NOT mean disposal)
-Original source documents (or their electronic images) should be retained for as long as needed to satisfy legal and regulatory requirements and provide an audit trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data entry controls

A

source documents should be scanned for reasonableness and propriety before being entered into the system. however, this manual control must be supplemented with automated data entry controls like:
field check, sign check, limit check, range check, size check, completeness check, (or test), validity check, reasonableness test, check digit, check digit verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

field check

A

an edit check that tests whether the characters in a field are of the correct field type (e.g., zip code would indicate an error if it contained alphabetic characters)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

sign check

A

an edit check that verifies that the data in a field have the appropriate arithmetic sign (e.g., the quantity ordered field should never be negative)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

limit check

A

an edit check that tests a numerical amount against a fixed value (e.g., regular hours work field input should be 40 hours or less and the hourly wage field should be greater than or equal to the minimum wage)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

range check

A

an edit check that tests whether a data item falls within predetermined upper and lower limits (e.g., marketing promotion directed toward incomes of 50,000-99,000)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

size check

A

an edit check that ensures that input data will fit into the assigned field e.g, the value 458,976,253 will not fit in an eight-digit-field)
important for applications that accept user-end input, providing a way to prevent buffer overflow vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

completeness check (or test)

A

an edit check that verifies that all data required have been entered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

validity check

A

an edit check that compares the ID code or account number in transaction data with similar data in the master file to verify that the account actually exists
(e.g., if product number 65432 is entered on a sales order, the computer must verify that there is indeed a product 65432 in the inventory database)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

reasonableness check

A

an edit check of the logical correctness of relationships among data items (e.g., overtime hours should be zero for someone who has not worked the maximum number of regular hours in a pay period)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

check digit

A

ID numbers (such as employee number) can contain a check digit computed from other digits (e.g., system assigns a new employee a 9-digit number, then calculates a tenth digit to form a 10-digit number)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

check digit verification

A

Recalculating a check digit to verify that a data entry error has not been made (e.g., using the first 9 digits to find out the 10th digit should be, if an error is made in entering any of the ten digits, the calculation made on the first time nine digits will not match the tenth, or check digit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Additional batch processing data entry controls

A

Batch processing works more efficiently if the transactions are sorted so that the accounts affected are in the same sequence as records in the master file. (e.g., accurate batch processing of sales transactions to update customer account balances requires that the transactions first be sorted by customer account number.)

An error log that identifies data input errors (data, cause, problem) facilitates timely review and resubmission of transactions that cannot be processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

sequence check

A

an edit check that determines if a batch of input data is in the proper numerical or alphabetical sequence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

batch totals

A

the sum of a numerical item for a batch of documents, calculated prior to processing the batch, when the data are entered, and subsequently compared with computer-generated totals after each processing step to verify that the data was processed correctly

common batch totals: financial total, hash total, and record count

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

financial data

A

a type of batch total that equals the sum of a field that contains monetary value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

hash total

A

a type of batch total generated by summing values for a field that would not usually be totaled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

record count

A

a type of batch total that equals the number of records processed at a given time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Additional online data entry controls

A

prompting, closed loop verification

transaction log includes a detailed record of all transactions, including a unique transaction identifier, the date and time of entry, and who enter the transaction. If an online file is damaged, the transaction log can be used to reconstruct the file. If a malfunction temporarily shuts down the system, the transaction log can be used to ensure that transactions are not lost or entered twice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

prompting

A

an online data entry completeness chceck that requests each required item of input data and then waits for an acceptable response before requesting the next required item

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

closed-loop verification

A

an input validation method that used data entered into the system to retrieve and display other relation info so that the data entry person and verify the accuracy of the input data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Processing controls

A

controls are also needed to ensure that data is processed correctly. important processing controls include: data matching, file labels, recalculation of batch totals, cross-footing and zero-balance tests, write-protection mechanisms, and concurrent update controls

30
Q

data matching

A

in certain cases, 2+ items of data must be matched before an action can take place (e.g., before paying a vendor, the system should verify that info on the vendor invoice matches info on both the purchase order and the receiving report)

31
Q

file labels

A

need to be checked to ensure that the correct and most current files are being updated. both external labels that are readable by humans and internal labels that are written in machine readable form on the data recording media should be used. two important types of internal labels are header and trailer records.

32
Q

header record

A

type of internal label that appears at the beginning of each file and contains the file name, expiration data, and other file identification info

programs should be designed to read the header record prior to processing, to ensure that the correct file is being updated

33
Q

trailer record

A

type of internal label that appears at the end of a file; in transaction files, the trailer record contains the batch totals calculated during input

programs should also be designed to read the info in the trailer record after processing, to verify that all input records have been processed

34
Q

Recalculation of batch totals

A

batch totals should be recomputed as each transaction record is processed, and the total for the batch should be then compared to the values in the trailer record. Any discrepancies indicate a processing error.

Often the nature of the discrepancy provides a clue about the type of error that occurred. Ex: if recomputed amount

35
Q

Tranposition error

A

an error that results when numbers in two adjacent columns are inadvertently exchanged (ex: 64 and 46)

36
Q

cross-footing and zero balance test

A

a processing control which verifies accuracy by comparing two alternative ways of calculation the same total (ex: in excel, grand total in a few ways)

a processing control that verifies that the balance of a control account equals zero after all entries to it have been made (think debits and credits and journal entries)

37
Q

write-protection mechanism

A

protect against overwriting or erasing of data files stored on magnetic media. Used to protect master files from accidentally being damaged. Technological innovations also necessitate the use of write-protection mechanisms to protect the integrity of transaction data. Ex: Radio frequency identification (RFID) tags used to track inventory need to be write-protected so that unscrupulous customers cannot change the price of merchandise.

38
Q

concurrent update controls

A

controls that lock out users to protect individual records from errors that could occur if multiple users attempted to update the same record simultaneously

39
Q

Processing (threats/risks and controls)

A

Threats/Risk: Errors in output and stored data
Controls: Data matching, file labels, batch totals, cross-footing and zero balance tests, write-protection mechanisms, database processing integrity controls

40
Q

Output (threats/risks and controls)

A

Threats/Risk: Use of inaccurate or incomplete reports; unauthorized disclosure of sensitive info; loss, alteration, or disclosure of info in transit
Controls: Reviews and reconciliations, encryption and access controls, parity checks, message acknowledgement techniques

41
Q

output controls

A

careful checking of system output provides additional control over processing integrity

42
Q

user review of output

A

users should carefully examine output to verify that it is reasonable, complete, and that they are the intended recipients

43
Q

reconciliation procedures

A

Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms. General ledgers should be reconciled to subsidiary account totals.
(ex: inventory in G/L should equal the sum of item balances in the inventory database)

44
Q

external data reconciliation

A

database totals should be periodically reconciled with data maintained outside the system

ex: number of employees in records payroll can be compared with the total number of employees in the human resources database to detect attempts to add fake employees to the payroll
ex: count inventory by hand and what’s recorded in the database

45
Q

data transmission controls

A

Organizations need to implement controls designed to minimize the risk of data transmission errors. Whenever the receiving device detects a data transmission error, it requests the sending device to retransmit the data
Ex: Transmission Control Protocol (TCP) assigns a sequence number to each packet that uses that info to verify that all packets have been received and to reassemble them in the correct order

Two other common data transmission controls are checksums and parity bits

46
Q

Checksum

A

A data transmission control that uses a hash of a file to verify accuracy

When data are transmitted, the sending device can calculate a hash of the file and the receiving device performs the same calculation and sends the result to the sending device. If the two hashes agree, the transmission is presumed to be accurate. Otherwise, the file is resent.

47
Q

Parity Bit

A

An extra bit added to every character; used to check transmission accuracy
Two basic schemes are referred to as even parity and odd parity

48
Q

Parity Checking

A

A data transmission control in which the receiving device recalculates the parity bit to verify accuracy of transmitted data

49
Q

Processing Integrity Controls in Spreadsheets

A

hard-wiring (not good) use reference cells instead

50
Q

Availibility

A

Interruptions to business processes due to the unavailability of systems or information can cause significant financial losses. Ensure systems and info are available for use whenever needed. The primary objected is to minimize the risk of system downtime. It is impossible; however, to complete eliminate the risk of downtime. Therefore, organizations also need controls designed to enable quick resumption of normal operations after an event disrupts system availability

51
Q

Availibility: Objectives and Key Controls

A

Objective: To minimize risk of system downtime
Key Controls: preventative maintenance, fault tolerance, data center location and design, training, and patch management and anitvirus software

Objective: Quick and complete recovery and resumption of normal operations
Key Controls: backup procedures, disaster recovery plan (DRP), and Business continuity plain (BCP)

52
Q

preventative maintenance

A

cleaning disk drives and properly storing magnetic and optical media, to reduce the risk of hardware and software failure

53
Q

fault tolerance

A

The use of reduntant components provides fault tolerance, which is the capability of a system to continue performing when there is a hardware failure

54
Q

(e.g. of fault tolerance) Redundant arrays of Independent Drives

A

A fault tolerance technique that records data on multiple disk drives instead of just one to reduce the risk of data loss.

Thus if one disk drive fails, the data can be readily accessed from another

55
Q

Importance of locating and designing the data centers housing mission-critical servers and databases so as to minimize the risks associated with natural and human-caused diasters

A
  • raised floors protection from flooding
  • fire detection and suppression devices reduce likelihood of fire damage
  • adequate A/C reduce of damage to comp equipment due to overheating or humidity
  • cables with speical plugs…
56
Q

Uninterruptible Power Supply

A

An alternative power supply device that protects against the loss of power and fluctuations in the power level by using battery power to enable the system to operate long enough to back up critical data and safely shut down..

57
Q

Training

A

reduce risk of system downtime

well trained, less likely to make mistakes and know how to recover with minimal damage

58
Q

patch management and anitvirus software

A

system downtime can occur from comp malware (viruses and worms), important to install, run, and keep current antivirus and anti-spyware programs
patch management helps too

59
Q

Recovery and Resumption of Normal Operations

A

Hardware malfunctions, software problems, or human error can cause data to be inaccessible

60
Q

Backup

A

A copy of a database, file, or software program

61
Q

An organization’s backup procedures

A
  1. How much data are we willing to recreate from source documents (if they exist) or potentially lose (if no source documents exist?
  2. How long can the organization function without its info system?
62
Q

Recovery Point Objective

A

The amount of data the organization is willing to reenter or potentially lose

63
Q

Recovery Time Objective

A

The maximum tolerable time to restore an organization’s information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system.

64
Q

Real-Time Mirroring

A

The maximum tolerable time to restore an organization’s information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system

65
Q

Full Backup

A

Exact copy of an entire database

66
Q

Incremental Backup

A

A type of partial backup that involves copy only the data items that have changed since the last partial backup. This produces a set of incremental backup files, each containing the results of one day’s transactions

67
Q

Differential Backup

A

A type of partial backup that involves copy all changes made since the last full backup. THus, each new differential backup file contains the cumulative effects of all activity since the last full backup

68
Q

Archive

A

A copy of a database, master file, or software that is retained indefinitely as a historical record, usually to satisfy legal and regulatory requirements

69
Q

Disaster Recovery Plan

A

A plan to restore an organization’s IT capability in the event that its data center is destroyed

70
Q

Cold Site

A

A disaster recovery option that relies on access to an alternative facility that is prewired for necessary telephone and internet access, but does not contain any computing equipment

71
Q

Hot Site

A

A disaster recovery option that relies on access to a completely operational alternative data center that is not only prewired but also contains all necessary hardware and software.

72
Q

Business Continuity Plan

A

A plan that specifies how to resume not only IT operations but all business processes in the event of a major calamity

IS 414 (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions