Mid-Term Test Flashcards
System
A set of two or more interrelated components interacting to achieve a goal.
Goal Conflict
When components acting in their own interest contribute do not toward the overall goal.
Goal Congruence
When components acting in their own interest contribute toward the overall goal.
Business transactions
An agreement between two entities to exchange goods/services or other event, that can be measured in economic terms by an organisation.
Accounting Information System (AIS)
A system that collects, records, stores and processes data to produce information for decision-making.
Components of an Accounting Information System (6)
- Users
- Procedures and instructions used
- Data about organisation and its activities
- Software used to process data
- Information technology infrastructure
- Internal controls and security measures
The six components of an Accounting Information System enable three business functions to be fulfilled…(3)
1) Collect and store data about organisational activities, resources and personnel.
2) Transform data into information, for management to plan, execute, control and evaluate activities, resources and personnel.
3) Provide controls to safeguard assets and data.
How can an AIS add value to an organisation? (6)
1) Improving the quality and reducing the costs of products or services
2) Improve efficiency
3) Sharing knowledge
4) Improve efficiency and effectiveness of supply chain
5) Improve internal control structure
6) Improve decision making
Value chain
The set of primary and secondary activities a product/service moves along before output.
Value chain: primary activities
Value chain activities that produce, market and deliver products/services to customers and provide post-delivery support.
Supply chain
An extended system that includes an organisation’s value chain, as well as its suppliers, distributors and customers.
Support activities
Value chain activities such as infrastructure, technology, purchasing and human resources.
Data processing cycle
The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information.
Data input: Capture
Data must be collected about 3 facets of each business activity as it occurs.
1) Each activity of interest
2) Resource(s) affected by each activity
3) People who participate in each activity
Source documents
Documents used to capture transaction data as its source - when the transaction occurs.
Turnaround documents
Records of company data sent to an external party and then returned to the system as input.
Coding
The systematic assignment of numbers/letters to items to classify and organise them.
Coding types (4)
- sequence codes: items are numbered consecutively
- group codes: two/more subgroups of digits used to code items
- mnemonic codes: letters & numbers (description) used to identify an item
- chart of accounts: listing of numbers assigned to balance sheet and income statement accounts
Data processing activities (4)
1) Create new data records
2) Read, retrieve or view existing data records
3) Update existing stored data records
4) Delete data or records
Enterprise resource planning (ERP)
A system that integrates all aspects of an organisations activities (Financial, Human resources, Marketing, ect.)
ERP Advantages (7)
- integration of organisation data and financial information
- data is captured once
- greater management visibility, increased monitoring
- better access control
- standardises business operating procedures
- improved customer service
- more efficient manufacturing
ERP Disadvantages (5)
- cost
- time consuming to implement
- complex
- resistance to change
- changes to an organisations existing business processes can be disruptive
Data flow diagram (DFD)
- data sources
- data flows
- data destination
- transformation processes
- data store
A graphical description of the flow of data within an organisation. This includes:
- data sources/destinations: square
- data flows: curved/straight arrow
- internal control: red square
- transformation processes: circle
- data store: two horizontal lines
Data flow diagram levels (3)
1) Context
2) Level-0
3) Level-1
DFD: Context diagram
Highest level DFD, which show inputs and outputs into a system and their destinations and sources.
DFD:
Level-0
Level-1
Level-0: Show all major activity steps of a system. (labeled 1.0, 2.0)
Level-1: Show one major activity, divided into sub activities. (labeled 1.1, 2.1)
Flow charts
Use symbols to logically depict transaction processing and the flow of data through a system.
Types of flow charts (3)
- Document
- System
- Program
Document: illustrates flow of document through an organisation, useful to analyse internal controls.
System: representation of system inputs, procedures and outputs, useful to analyse systems and design.
Program: represent logical sequence or program logic.
Common threats to AIS (3)
- natural disasters
- software errors and/or equipment malfunction
- unintentional and intentional (sabotage) acts
Fraud
Any and all means a person uses to gain an unfair advantage over another person.
Legally for an act to be fraudulent there must be: (5)
- a false statement/representation/disclosure
- a material fact that induces a person to act
- an intent to deceive
- justifiable reliance
- an injury/loss suffered by the victim
Forms of fraud
- misappropriation of assets
- fraudulent financial reporting
Misappropriation of assets - theft of company assets by employees.
Fraudulent financial reporting - intentional/reckless conduct resulting in materially misleading financial statements.
Tread-way commission actions to reduce fraud (4)
1) establish environment which supports integrity of financial reporting
2) identification of factors that lead to fraud
3) asses risk of fraud within company
4) design and implement internal controls
Pressure
Motivation or incentive to commit fraud.
Either by employee or financial reporting
Opportunity
Condition/situation that allows a person or organisation:
- commit fraud
- conceal fraud: lapping
- convert theft to personal gain
Rationalisation
Justification of illegal behaviour
- justification
- attitude
- lack of personal integrity
Computer fraud
Any illegal act in which computer technology knowledge is necessary to perpetrate.
Why computer fraud is on the rise? (7)
1) definition is not agreed on
2) often undetected
3) high percentage not reported
4) lack of network security
5) step by step guides are easily available
6) law enforcement is overburdened
7) difficulty calculating loss
Hacking
Unauthorised access, modification or use of a computer system/electronic device.
Social Engineering
Techniques, usually psychological tricks to gain access to sensitive data/information.
Malware
Any software used to cause harm.
Types of computer attacks (4)
- Botnet - Robot Network
- Denial-of-service (DOS) attack
- Spamming
- Spoofing
Hacking embezzlement schemes
- salami technique
- economic espionage
- cyberbullying
- internet terrorism
- salami technique: small amounts from many different accounts
- economic espionage: theft of information, trade secrets and intellectual property
- cyberbullying: harassment online
- internet terrorism: disrupting electronic commerce and harming computer communication
Virus
A segment of self-replicating, executable code that attaches itself to a file/program.
Worm
A standalone malware computer program that replicates itself in order to spread to other computers.
Internal controls
The processes and procedures implemented to provide reasonable assurance that control objectives are met.
Internal controls perform 3 important functions:
- Preventive controls
- Detective controls
- Corrective controls
COBIT - Control objectives for information and related technology
Allows management to benchmark security and control practices, users to be assured adequate information system security and control exist, and auditors to substantiate their internal controls.
The COBIT 5 framework
1) Meeting stakeholder needs
2) Covering enterprise end-to-end
3) Applying a single, integrated framework
4) Enabling a holistic approach
5) Separating governance from management
Enterprise risk management model (ERM)
A COSO framework that improves the risk management process by expanding COSO’s internal control.
ERM - Internal Environment
The company culture that is the foundation for all other ERM components, as it influences how organisations establish strategies and objectives.
ERM - Objective Setting
Management sets objectives at the corporate level then subdivides them into more specific objectives;
- strategic
- operational
- reporting
- compliance
ERM - Event Identification
A positive or negative, incident from internal or external sources, that affects the implementation of strategy or achievement of objectives.
ERM - Risk Assessment
- Identify risk: likelihood and whether impact positive or negative
- Type of risk:
inherent: exists before plans to control it
residual: remaining risk after controls in place to reduce
ERM - Risk Response (4)
- reduce
- accept
- share
- avoid
Why is it important to seperate accounting duties?
To ensure no employee has too much responsibility, and therefore minimise risk of fraud.
need to separate: authorisation, recording & custody
Trust services framework (TSF)
TSF provides the means to consolidate COBIT
- Security
- Confidentiality
- Privacy
- Processing integrity
- Availability
Time-based model
Combination of detective/corrective controls.
P = time takes for attacker to break through
D = time takes to detect attack in process
C = time takes to respond to attack
P must be greater than D + C
Authentification
Verifies who a person is: passwords, ID cards, biometric characteristics.
Authorisation
Determines what a person can access: files and applications.
Intellectual property (IP)
What to protect?
- strategic plans
- trade secrets
- cost information
- legal documents
- process improvements
Steps to secure intellectual property (4)
1) Identification and classification - data inventory
2) Encryption - making info unreadable without special knowledge
3) Controlling access
4) Training employees
Privacy concerns (2)
- spam
- identity theft
Encryption strength
- key length
- algorithm
- policies concerning keys
- key length: number of bits used to convert text into blocks
- algorithm: manner in which key and text is combined
- policies concerning keys: stored securely with strong codes
Symmetric encryption
one key used to both encrypt and decrypt
- pro: fast
- con: vulnerable
