IT Systems and Business Continuity Flashcards
Organizational controls concern the proper segregation of
Duties and responsibilities within the information systems department.
The responsibilities of systems analysts, programmers, operators, file librarians, the control group, and others should be
Assigned to different individuals, and proper supervision should be provided.
Traditional segregation of responsibilities for authorization, recording, and access to assets
May not be feasible in an IT environment
IT personnel in an organization are
1) Systems analysts
2) Database Administrator (DBA)
3) Programmers
4) Operators
Are specifically qualified to analyze and design computer information systems. They survey the existing system, analyze the organization’s information requirements, and design new systems to meet those needs. They should not have access to data center operations, production programs, or data files.
Systems analysts
Is the individual who has overall responsibility for developing and maintaining the database and for establishing controls to protect its integrity.
Database administrator (DBA)
Design, write, test, and document the specific programs according to specifications developed by the analysts. They should not have access to the data center operations or to production programs or data.
Programmers
Are responsible for the day-to-day functioning of the data center, whether the organization runs a mainframe, servers, or anything in between. They load data, mount storage devices, and operate the equipment. Should not be assigned programming duties or responsibility for system design.
Operators
Was an early attempt to create an integrated computer-based information system. It was designed to plan and control materials used in a production setting
Materials requirements planning (MRP)
Is intended to integrated enterprise-wide information systems across the organization by creating one database linked to all the entity’s applications.
The Traditional ERP system
Has added front-office functions. These connect the organization with customers, suppliers, shareholders or other owners, creditors, and strategic allies.
The current generation of ERP software (ERP II)
Is a network of networks all over the world.
Internet
The three main parts of the Internet are:
1) Servers - that hold information
2) The clients - that view the information
3) The Transmission Control Protocol/Internet Protocol (TCP/IP) - suite of protocols that connect the two
Is generally a dedicated computer or device that manages specific resources.
Server
Was later developed as an open standard usable with many programs and platforms
Extensible Markup Language (XML)
For financial statements is the specification developed by an AICPA-led consortium for commercial and industrial entities that report in accordance with U.S. GAAP.
Extensible Business Reporting Language (XBRL)
Performs the fundamental tasks needed to manage computer resources.
Systems software
The most basic piece of systems software. Is an interface among users, application software, and the computer’s hardware.
Operating system
Controls over operating systems include
(a) Segregation of duties
(b) Testing before use
(c) Marking back-out plans and implementing changes in off-hours, and
(d) Keeping detailed logs of all changes
Consist of (1) the hardware devices being connected and (2) the medium through which the connection is made.
Networks
Connects devices within a single office or home or among buildings in an office park. Is owned entirely by a single organization.
Local area network (LAN)
Connects devices across an urban area, for instance, two or more office parks.
Metropolitan area network (MAN)
Consists of a group of LANs operating over widely separated locations. Can be either publicly or privately owned.
Wide area network (WAN)
Examples of privately owned WANs include:
1) Value-added networks (VANs)
2) Virtual private networks (VPNs)
3) Private branch exchange (PBX)
Includes the activity of disaster recovery and business continuity
Contingency planning
Is the process of resuming normal information processing operations after the occurrence of a major interruption.
Disaster recovery
Should describe IT recovery strategies, including details about procedures, vendors, and systems.
Disaster recovery plan (DRP)
Is the continuation of business by other means during the period in which computer processing is unavailable or less than normal.
Business continuity
Is the most basic part of any disaster recovery or business continuity plan
Periodic backup and offsite rotation of computer files
Is a physical location maintained by an outside contractor for the purpose of providing processing facilities for customers in case of disaster.
Alternative processing facility
Recovery centers take two basic forms:
A hot site or a cold site
Is a fully operational processing facility that is immediately available.
Hot site
Is a shell facility with sufficient electrical power, environmental controls, and communications lines to permit the organization to install its own newly acquired equipment.
Cold site