Mid-Term Test Flashcards

Question

DFD: Context diagram

Answer 1

Highest level DFD, which show inputs and outputs into a system and their destinations and sources.

Answer 2

Level-0: Show all major activity steps of a system. (labeled 1.0, 2.0) Level-1: Show one major activity, divided into sub activities. (labeled 1.1, 2.1)

Answer 3

Use symbols to logically depict transaction processing and the flow of data through a system.

Answer 4

Document: illustrates flow of document through an organisation, useful to analyse internal controls. System: representation of system inputs, procedures and outputs, useful to analyse systems and design. Program: represent logical sequence or program logic.

Answer 5

- natural disasters - software errors and/or equipment malfunction - unintentional and intentional (sabotage) acts

Answer 6

Any and all means a person uses to gain an unfair advantage over another person.

Answer 7

- a false statement/representation/disclosure - a material fact that induces a person to act - an intent to deceive - justifiable reliance - an injury/loss suffered by the victim

Answer 8

Misappropriation of assets - theft of company assets by employees. Fraudulent financial reporting - intentional/reckless conduct resulting in materially misleading financial statements.

Answer 9

1) establish environment which supports integrity of financial reporting 2) identification of factors that lead to fraud 3) asses risk of fraud within company 4) design and implement internal controls

Answer 10

Motivation or incentive to commit fraud. | Either by employee or financial reporting

Answer 11

Condition/situation that allows a person or organisation: - commit fraud - conceal fraud: lapping - convert theft to personal gain

Answer 12

Justification of illegal behaviour - justification - attitude - lack of personal integrity

Answer 13

Any illegal act in which computer technology knowledge is necessary to perpetrate.

Answer 14

1) definition is not agreed on 2) often undetected 3) high percentage not reported 4) lack of network security 5) step by step guides are easily available 6) law enforcement is overburdened 7) difficulty calculating loss

Answer 15

Unauthorised access, modification or use of a computer system/electronic device.

Answer 16

Techniques, usually psychological tricks to gain access to sensitive data/information.

Answer 17

Any software used to cause harm.

Answer 18

- Botnet - Robot Network - Denial-of-service (DOS) attack - Spamming - Spoofing

Answer 19

- salami technique: small amounts from many different accounts - economic espionage: theft of information, trade secrets and intellectual property - cyberbullying: harassment online - internet terrorism: disrupting electronic commerce and harming computer communication

Answer 20

A segment of self-replicating, executable code that attaches itself to a file/program.

Answer 21

A standalone malware computer program that replicates itself in order to spread to other computers.

Answer 22

The processes and procedures implemented to provide reasonable assurance that control objectives are met.

Answer 23

- Preventive controls - Detective controls - Corrective controls

Answer 24

Allows management to benchmark security and control practices, users to be assured adequate information system security and control exist, and auditors to substantiate their internal controls.

Answer 25

1) Meeting stakeholder needs 2) Covering enterprise end-to-end 3) Applying a single, integrated framework 4) Enabling a holistic approach 5) Separating governance from management

Answer 26

A COSO framework that improves the risk management process by expanding COSO's internal control.

Answer 27

The company culture that is the foundation for all other ERM components, as it influences how organisations establish strategies and objectives.

Answer 28

Management sets objectives at the corporate level then subdivides them into more specific objectives; - strategic - operational - reporting - compliance

Answer 29

A positive or negative, incident from internal or external sources, that affects the implementation of strategy or achievement of objectives.

Answer 30

- Identify risk: likelihood and whether impact positive or negative - Type of risk: inherent: exists before plans to control it residual: remaining risk after controls in place to reduce

Answer 31

- reduce - accept - share - avoid

Answer 32

To ensure no employee has too much responsibility, and therefore minimise risk of fraud. need to separate: authorisation, recording & custody

Answer 33

TSF provides the means to consolidate COBIT - Security - Confidentiality - Privacy - Processing integrity - Availability

Answer 34

Combination of detective/corrective controls. P = time takes for attacker to break through D = time takes to detect attack in process C = time takes to respond to attack P must be greater than D + C

Answer 35

Verifies who a person is: passwords, ID cards, biometric characteristics.

Answer 36

Determines what a person can access: files and applications.

Answer 37

What to protect? - strategic plans - trade secrets - cost information - legal documents - process improvements

Answer 38

1) Identification and classification - data inventory 2) Encryption - making info unreadable without special knowledge 3) Controlling access 4) Training employees

Answer 39

- spam | - identity theft

Answer 40

- key length: number of bits used to convert text into blocks - algorithm: manner in which key and text is combined - policies concerning keys: stored securely with strong codes

Answer 41

one key used to both encrypt and decrypt - pro: fast - con: vulnerable

Answer 42

different key used to encrypt than decrypt - pro: very secure - con: very slow

Answer 43

use symmetric for encrypting information and use asymmetric for encrypting symmetric key for decryption.

Answer 44

Transforming plaintext of any length into a short code called hash.

Answer 45

1) document creator uses a hashing algorithm to generate hash of the original document 2) document creator uses his/her private key to encrypt the hash created in step 1 RESULT - encrypted hash is legally binding signature

Answer 46

- all forms should be sequentially numbered - use of turnaround documents and eliminates input error - cancellation and storage of source documents

Answer 47

input multiple source documents at once in a group

Answer 48

Back-up: incremental - copy only data that changed from last period back-up differential - copy only data that changed from last full back-up Business continuity plan - How to resume all operations including IT.

Answer 49

Procedures to restore an organisation's IT function in the event that it's data centre is destroyed.

Answer 50

Cold site - an empty building that is prewired for necessary telephone and internet access. Hot site - a facility prewired for necessary telephone and internet access, along with all the computing and office equipment organisation needs to perform its essential business activities. Site data centre: used for back-up and site monitoring.

Answer 51

Systematic process of obtaining and evaluating evidence regarding assertions about economic actions/events to determine how well they correspond with established criteria.

Answer 52

An independent, objective consulting activity designed to add value and prove organisational effectiveness and efficiency. (including assisting in design of AIS)

Answer 53

- financial (integrity of accounting records) - information system (assess AIS controls with internal policies) - operational (efficient use of resources for goals) - compliance (entities comply with laws) - investigative (incidents of possible fraud)

Answer 54

Responsible to corporate shareholders. - gathers evidence to share opinion on financial statements - indirectly concerned with AIS effectiveness - assess how auditing strategy affected by AIS - evaluate IT controls through tests

Answer 55

- planning - collecting evidence - evaluating evidence - communicating audit results

Answer 56

Audit scope and objectives: why, when, how, whom? - inherent risk ( error or omission as a result of factors) - control risk (absence or failure in the operation of relevant controls) - detection risk (fail to detect a material misstatement in the financial statements)

Answer 57

Samples collected and observes activities to be audited. - review documentation - test balances 3rd parties - recalculate test values - examine supporting materials - examine relationships & trends

Answer 58

Does the evidence support favourable/unfavourable conclusion? How significant is evidence (errors)?

Answer 59

A written report summarising audit findings and recommendations to management, the audit committee, the board of directors and other appropriate parties.

Answer 60

To review and evaluate internal controls that protect a system.

Answer 61

1) overall information security (threats) 2) program development and acquisition 3) program modification (source code comparison) 4) computer processing (concurrent audits) 5) source data (input control and data control) 6) data files (accuracy, integrity, security of data, and auditing by objectives)

Answer 62

Take customer order, approve customer credit, check stock availability and respond to customer.

Answer 63

Pick and pack order, then ship order.

Answer 64

Process customer payment and update their account balance, then deposit payments to bank.

Answer 65

Identify what, when and how much to purchase, then choose a supplier.

Answer 66

Goods arrive

Answer 67

Match supplier invoice to purchase order and receiving order, approve supplier for payment and then pay vendor.

Answer 68

- project development plan | - master plan

Answer 69

- cost/benefit analysis - developmental and operational requirements - schedule of activities required to develop and operate a new application

Answer 70

What will system consist of? How will it be developed? Who will develop it? How will needed resources be acquired? Where the AIS is headed?

Answer 71

- PERT chart | - GANTT chart

Answer 72

Network of arrows and nodes representing project activities that require an expenditure of time and resources and completion and initiation of activities.

Answer 73

A bar chart with project activities on the left-hand side and units of time across the top. it graphically shows entire schedule for a large, complex project.

Answer 74

Does it make sense to proceed with new system? Consider economic, technical, legal, scheduling and operational factors.

Answer 75

Benefits and costs estimated and compared to determine whether system is cost beneficial.

Answer 76

- lack of management support - lack of communication - disruptive change - biasness and emotions

Answer 77

- offer support and communication lines - meet user needs and involve users - provide user training - stress new opportunities are created

Answer 78

System study provides understanding of company objectives, data and information flow, AIS strengths and weaknesses and available hardware, software and personnel.

Answer 79

Once data gathered, document findings and model exisiting system.

Answer 80

Report outlines and documents analysis activities and provides recommendations that result from the system analysis.

Answer 81

1) initial investigation (go-no occurs) 2) system survey - determine needs 3) feasibility analysis (go-no at end) 4) identify needs and capture requirements 5) system documentation: systems analysis report (go no occurs at end)

Answer 82

Developer creates general framework for user requirements and solving problems identified in analysis phase. Evaluate design alternatives, prepare design specifications and prepare conceptual design report.

Answer 83

Conceptual designs are translated into detailed specifications that are used to code and test computer programs.

Answer 84

Determine nature, format, content and timing of reports, documents and screen displays.

Answer 85

1) determine user needs 2) create and document development plan 3) write program instructions 4) test program 5) document program 6) train users 7) intall system 8) use and modify system

Answer 86

Process of installing hardware and software and getting AIS up and running.

Answer 87

1) planning 2) prepare site 3) test hardware 4) train personnel 5) complete 6) test system 7) conversion

Answer 88

- development documentation - operations documentation - user documentation

Answer 89

A system description of copies of output, input and file, and database layouts, program flowcharts, test results and acceptance forms.

Answer 90

Documentation includes operating schedules, files and databases accessed, and equipment, security and file-retention requirements.

Answer 91

Teaches users how to operate AIS, and includes procedures manual and training materials.

Answer 92

Direct - terminates old AIS and introduces new one Parallel - operates old and new system simultaneously Phase-in - replaces elements with new one Pilot - implements system in one part of organisation

Answer 93

Determines whether system meets its planned objectives.

Answer 94

- purchase software - develop software in-house - hire and extend company to develop and maintain new software

Answer 95

- System capabilities for user with similar requirements - Hardware and software sold as a package - Driven by 'pay-per-use' model - Software is provided to user via the internet

Answer 96

System developed in-house provides a significant competitive advantage.

Answer 97

- time consuming - complex system - poor requirements - insufficient planning - inadequate communication - lack of qualified staff

Answer 98

Hands-on development, control, use of CBIS by users.

Answer 99

- user creation, control and implementation - system meets user needs - timeliness - free up system resources - versatility and ease of use

Answer 100

- logic and development errors - poorly controlled and documented - incompatible systems - redundant data - increased costs

Answer 101

- business solution: concentrates on core competencies - access to greater expertise and technology - facilitates downsizing - less development time - asset utilisation

Answer 102

- inflexibility - loss of control - reduced competitive advantage - locked-in system by contract - unfulfilled goals

Answer 103

- business process management (bpm) - prototyping - computer-aided software engineering (CASE) tools

Answer 104

Systematic approach to continually improve and optimise an organisations business process.

Answer 105

Automate and facilitate business process improvements. 1) process engine 2) business analytics 3) collaboration tools 4) content manager

Answer 106

BPMS uses business process rules to determine correct person to perform task and authorise them. - improved segregation - strengthened application controls - built-in audit trial

Answer 107

- better definition of user needs - higher user involvement - faster development time - few errors - more opportunity for changes - less costly

Answer 108

- significant user time - less efficient use of system - inadequate testing - negative behavioural reactions - never-ending development

Answer 109

Software to help plan, analyse, design, program and maintain an information system.

Answer 110

- improved productivity - -improved program quality - cost savings - improved control procedures - simplified documentation

Answer 111

- incompatibility - cost - unmet expectations

Answer 112

Attributes - facts about the entity Fields - where attributes are stored Records - group of related attributes about an entity File - group of related records

Answer 113

ERP systems are data-centred and BPMS are process-centred. Manufacturers of ERP systems are integrating BPM into their systems.

Answer 114

- data integration - data sharing - minimising data redundancy - data independence - cross-functional analysis

Answer 115

Relational data model represents the conceptual and external level schemas as if data are stored in tables. Each row = record and Each column = field

Answer 116

Primary key - attributes to uniquely identify a specific record Foreign key - attribute in one table that is a primary key in another table

Answer 117

- update anomaly (data changes not recorded correctly) - insert anomaly (unable to add record) - delete anomaly (removing record removes unintended data)

Answer 118

1) every column must be single value 2) entity integrity rule: primary keys must contain data 3) referential integrity rule: foreign keys must contain same data as primary key in another table 4) non-key attributes must identify characteristics of table identified by primary key

Answer 119

1) system analysis 2) conceptual design 3) physical design 4) implementation and conversion 5) operation and maintenance

Answer 120

Process of defining an information system so it represents an organisations requirements, and it occurs at the systems analysis stage and conceptual design stage.

Answer 121

- flowcharts - data flow diagrams - entity relationship diagrams

Answer 122

Used to graphically represent a database schema. It depicts entities and the relationships between entities.

Answer 123

1) each event linked to at least one resource 2) each event linked to at least one other event (get, give and participation events) 3) each event is linked to at least two other agents

Answer 124

Describes the nature of relationship between entities.

Answer 125

- one to one - one to many - many to many

Answer 126

1) event linked to at least one resource 2) event linked to two agents 3) disposition event must be linked to acquisition event 4) increment event must be linked to decrement event 5) if event linked to more than one event, but cannot be linked to all other events, then REA must show event is linked to a minimum of 0 of each of those other events

Answer 127

1) create table for entity and many-to-many relationship 2) assign attributes to appropriate tables 3) use foreign keys to implement one-to-one and one-to-many relationships

Answer 128

Extensible business reporting language is a standard for the electronic communication of business and financial data.

Answer 129

- specify what piece of data is - specify how it is used - make data searchable - represent a standard for the business environment

Answer 130

Taxonomies are the dictionaries that define each accounting item that can be tagged in XBRL.

Answer 131

XBRL tagging is applied to a file containing data.

Answer 132

``` External Users - lenders - regulators - government departments - investors Internal users - quick and efficient production of reports, and consolidation of acquisitions ```

Answer 133

1) attach XBRL to accounting system | 2) attach XBRL tags after financial accounts have been prepared

Answer 134

1a) data entry edit controls b) restrict access to mater data 2) signature to authorise sales 3) credit limits checked and if sale exceeds limit, special authorisation needed 4a) perpetual inventory system b) RFID or bar code technology c) physical inventory counts

Answer 135

1a) reconcile invoices with sales orders and shipping documents b) seperate shipping and billing functions 2a) data entry edit controls b) configure system for automatically enter price data 3) reconcile subsidiary accounts receivable balance to the amount for accounts 4) segregate authorisation and recording function for credit memos

Answer 136

1a) segregation of cash handling and posting to customer accounts, authorise credit memos or reconcile bank account. b) use lockbox c) deposit all cash receipts daily 2a) lockbox b) discounts for early payment c) cash flow budgeting

Answer 137

1a) perpetual inventory system b) bar-coding, RFID 2) review and approval of purchase requisitions 3a) price lists b) competitive bids 4) use approved suppliers 5a) monitor supplier performance b) require quality certification 6) purchase from approved supplier 7a) supplier audits b) prohibit gifts

Answer 138

1) authorised purchase orders needed before receiving goods 2) bar codes or RFID 3) budget controls and audits 4a) restrict physical access to inventory b) document all inventory transfers c) segregate receiving inventory

Answer 139

1) verify invoice accuracy 2a) data entry audit controls b) reconcile detailed accounts payable records to the general ledger accounts payable accounts

Answer 140

1) file invoices by due date to get discount 2) match supplier invoice to documents 3a) pay original invoices b) cancel supporting document when payment made 4a) physical security of checks b) separation of duties c) reconcile bank accounts 5) check protection machines 6) cash flow budgets