IT Systems

Question 1

Is any combination of input, output, and computing hardware that can be used for work.

Answer 1

Workstation, may be included in the audit of hardware controls.

Question 2

Is an organized collection of data in a computer system

Answer 2

Database

Question 3

Data in the database are integrated to

Answer 3

Eliminate redundancy of data items. A single integrated system allows for improved data accessibility.

Question 4

Is an integrated set of computer programs that (1) create the database, (2) maintain the elements, (3) safeguard the data from loss or destruction, and (4) make the data available to applications programs and inquiries.

Answer 4

Database management systems (DBMS)

Question 5

The three major ways to organize a database are:

Answer 5

1) Tree (hierarchical) structure
2) Network structure
3) Relational structure

Question 6

Arranges data in a one-to-many relationship in which each record has one antecedent but may have an unlimited number of subsequent records

Answer 6

Tree (hierarchical) structure

Question 7

Connects every record in the database with every other record. Its maintenance is very complex.

Answer 7

Network structure

Question 8

Organizes data into two-dimensional files called tables. Tables are linked based on common fields. Each data element is stored as few times as necessary.

Answer 8

Relation structure

Question 9

Two features that make the relational data structure stand out are

Answer 9

Cardinality and referential integrity

Question 10

Is a model for establishing a system of internal control

Answer 10

Control framework

Question 11

Defines internal control as a process, effected by an organization’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in

1) Effectiveness and efficiency of operations
2) Reliability of financial reporting
3) Compliance with applicable laws and regulations

Answer 11

COSO framework

Question 12

COSO describes five components of an internal control system:

Answer 12

1) Control environment
2) Risk assessment
3) Control activities
4) Information and communication
5) Monitoring

Question 13

Facilitates a discussion of objectives, risks, and mitigation responses within the context of e-business

Answer 13

eSAC (Electronic Systems Assurance and Control) Model

Question 14

eSAC’s IT business assurance objectives fall into five categories:

Answer 14

1) Availability
2) Capability
3) Functionality
4) Proctectability, and
5) Accountability

Question 15

Is a leading framework for the governance and management of enterprise IT.

Answer 15

COBIT 5

Question 16

The five key principles of COBIT 5 are:

Answer 16

1) Meeting stakeholder needs
2) Covering the enterprise end-to-end
3) Applying a single, integrated framework
4) Enabling a holistic approach
5) Separating governance from management

Question 17

Addresses timely related to IT management, control, and security.

Answer 17

GTAG (Global Technology Audit Guide)

Question 18

GTAG 1 recognizes three families of controls:

Answer 18

(a) General and application controls;
(b) Preventive, detective, and corrective controls; and
(c) Governance, management, and technical controls.

Question 19

Computer-based processing differs from manual processing in the following ways:

Answer 19

1) Transaction trails
2) Uniform processing of transactions
3) Segregation of functions
4) Potential for errors and fraud
5) Potential for increased management supervision
6) Initiation or subsequent execution of transactions by computer
7) Dependence of controls in other areas on controls over computer processing

Question 20

Two basic processing modes include

Answer 20

Batch processing and Online real-time system

Question 21

Transactions are accumulated and submitted to the computer as a single batch

Answer 21

Batch processing

Question 22

The database is updated immediately upon entry of the transaction by the operator

Answer 22

Online, Real-time system

Question 23

IT controls can be categorized as

Answer 23

General controls and application controls

Question 24

Include systems development, change management, security, and computer operations.

Answer 24

General controls

Question 25

Relate to the business tasks performed by a particular system. They should provide reasonable assurance that the recording, processing, and reporting of data are properly performed.

Answer 25

Application controls

Question 26

Types of application controls:

Answer 26

1) Batch input controls
2) Online input controls
3) Processing controls
4) Output controls

Question 27

Include financial totals, record counts, and hash totals.

Answer 27

Batch input controls

Question 28

Include preformatting, filed checks, validity checks, limit (reasonableness) and range checks, self-checking digits, sequence checks, and zero balance checks.

Answer 28

Online input controls

Question 29

Ensure that data are complete and accurate during updating.

Answer 29

Processing controls

Question 30

Ensures that processing results are complete, accurate, and properly distributed.

Answer 30

Output controls