IT Systems Flashcards
Is any combination of input, output, and computing hardware that can be used for work.
Workstation, may be included in the audit of hardware controls.
Is an organized collection of data in a computer system
Database
Data in the database are integrated to
Eliminate redundancy of data items. A single integrated system allows for improved data accessibility.
Is an integrated set of computer programs that (1) create the database, (2) maintain the elements, (3) safeguard the data from loss or destruction, and (4) make the data available to applications programs and inquiries.
Database management systems (DBMS)
The three major ways to organize a database are:
1) Tree (hierarchical) structure
2) Network structure
3) Relational structure
Arranges data in a one-to-many relationship in which each record has one antecedent but may have an unlimited number of subsequent records
Tree (hierarchical) structure
Connects every record in the database with every other record. Its maintenance is very complex.
Network structure
Organizes data into two-dimensional files called tables. Tables are linked based on common fields. Each data element is stored as few times as necessary.
Relation structure
Two features that make the relational data structure stand out are
Cardinality and referential integrity
Is a model for establishing a system of internal control
Control framework
Defines internal control as a process, effected by an organization’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in
1) Effectiveness and efficiency of operations
2) Reliability of financial reporting
3) Compliance with applicable laws and regulations
COSO framework
COSO describes five components of an internal control system:
1) Control environment
2) Risk assessment
3) Control activities
4) Information and communication
5) Monitoring
Facilitates a discussion of objectives, risks, and mitigation responses within the context of e-business
eSAC (Electronic Systems Assurance and Control) Model
eSAC’s IT business assurance objectives fall into five categories:
1) Availability
2) Capability
3) Functionality
4) Proctectability, and
5) Accountability
Is a leading framework for the governance and management of enterprise IT.
COBIT 5
The five key principles of COBIT 5 are:
1) Meeting stakeholder needs
2) Covering the enterprise end-to-end
3) Applying a single, integrated framework
4) Enabling a holistic approach
5) Separating governance from management
Addresses timely related to IT management, control, and security.
GTAG (Global Technology Audit Guide)
GTAG 1 recognizes three families of controls:
(a) General and application controls;
(b) Preventive, detective, and corrective controls; and
(c) Governance, management, and technical controls.
Computer-based processing differs from manual processing in the following ways:
1) Transaction trails
2) Uniform processing of transactions
3) Segregation of functions
4) Potential for errors and fraud
5) Potential for increased management supervision
6) Initiation or subsequent execution of transactions by computer
7) Dependence of controls in other areas on controls over computer processing
Two basic processing modes include
Batch processing and Online real-time system
Transactions are accumulated and submitted to the computer as a single batch
Batch processing
The database is updated immediately upon entry of the transaction by the operator
Online, Real-time system
IT controls can be categorized as
General controls and application controls
Include systems development, change management, security, and computer operations.
General controls
Relate to the business tasks performed by a particular system. They should provide reasonable assurance that the recording, processing, and reporting of data are properly performed.
Application controls
Types of application controls:
1) Batch input controls
2) Online input controls
3) Processing controls
4) Output controls
Include financial totals, record counts, and hash totals.
Batch input controls
Include preformatting, filed checks, validity checks, limit (reasonableness) and range checks, self-checking digits, sequence checks, and zero balance checks.
Online input controls
Ensure that data are complete and accurate during updating.
Processing controls
Ensures that processing results are complete, accurate, and properly distributed.
Output controls
