Unit 4: Technologies in Accounting Information

Question 1

Define Data Definition Language (DDL)

Answer 1

A programming language used to define the physical database to the DBMS. The definition includes the names and the relationship of all data elements, records, and files that constitute the database.

The DDL defines the database on three levels called views: the internal view, the conceptual view (schema), and the user view (subschema).

Question 2

Define Data Manipulation Language (DML)

Answer 2

The proprietary programming language, which a particular DBMS uses to retrieve, process, and store data.

Question 3

What occurs in the normalization process when an unnormalized table is brought to 1NF?

Answer 3

Repeating groups in the table tuple are removed

ex. If the primary key in a Sales Invoice table is “Invoice Num,” the table tuple containing each line item will include repeating data. Each line item would contain the same invoice number, order date, ship date, customer number, etc. To remove the repeating groups, that information is put into a Line Item Table where the primary key is “Invoice Num” + “Prod Num” and then removed from the Sales Invoice table.

Question 4

What occurs in the normalization process when a table is brought from 1NF to 2NF?

Answer 4

Partial Dependencies are removed

A Partial Dependency is present any time one or more nonkey attributes are dependent on only part of the primary key rather than the whole key

ex. A Line Item Table is created where the primary key is “Invoice Num” + “Prod Num” The Production Description and Unit Price are two attributes that are only dependent on “Prod Num” and not “Invoice Num.” To remove Partial Dependencies, the Product Description and Unit price data will be moved to an Inventory Table where the only primary key is “Product Num”

Question 5

What occurs in the normalization process when a table is brought from 2NF to 3NF?

Answer 5

Transitive Dependencies are removed

ex. If the primary key in a Sales Invoice table is “Invoice Num”, that primary key can uniquely and wholly identify the Order Date and Ship Date. It does not uniquely identify the customer attributes such as Cust Name, Street Address, Telephone Number. These customer attributes are identified with Cust Num which is a non-key attribute. The customer attributes in this table are Transitive Dependencies and need to be removed and added to a new Customer Table where “Cust Num” is the primary key.

Question 6

What is the normalization process used for?

Answer 6

Removing anomalies from data tables that could cause update, insertion, and deletion anomalies

After normalization process, the table will meet two conditions:
-all non-key attributes in the table are dependent on the primary key
-all non-key attributes are independent of all other non-key attributes

Question 7

What is a problem usually associated with the flat-file approach to data management?

Answer 7

Data Redundancy.

Excel spreadsheets are an example of a flat-file database. There is no simple way to determine if a particular data item is already in the spreadsheet, especially as the spreadsheet grows.

The only way to determine if data is available in the file is to sequentially read through the entire file from beginning to end, or until the desired data is encountered.

Question 8

Which View (the internal view, the conceptual view (schema), and the user view (subschema)) is a description of the physical arrangement of records in the database?

Answer 8

Internal View

The internal view shows the way that the data is organized in the database. This is also known as the hierarchical view.

Question 9

Which View (the internal view, the conceptual view (schema), and the user view (subschema)) may provide many distinct views of the database?

Answer 9

User View

The user view (subschema) shows that segment of the database that the user can access. This access with vary by user as their requirements vary by business function.

Question 10

What causes the update anomaly in unnormalized tables?

Answer 10

The update anomaly occurs because of data redundancy in unnormalized tables.

Because data can appear multiple times in an unnormalized database, it is difficult to ensure that all occurrences get updated when a change occurs.

Question 11

What is an ERP?

Answer 11

ERP systems are multiple module software packages that integrates key processes of the organization.

ERP systems support a smooth and seamless flow of information across the organization by providing a standardized environment for a firm’s business processes and a common operational database that supports communications.

Under the traditional model, each functional area or department has its own computer system optimized to the way it does its daily business. ERP combines all of these into a single, integrated system that accesses a single database to facilitate the sharing of information and to improve communications across the organization.

Question 12

What are the disadvantages to a traditional model that employs closed database architecture?

Answer 12

As with the flat-file approach, the data remain the property of the application. Thus, distinct, separate, and independent databases exist. There is a high degree of data redundancy.

When a customer places an order, the order begins a paper-based journey around the company, where it is keyed and rekeyed into the systems of several different departments. These redundant tasks cause delays and lost orders and promote data entry errors. During transit through various systems, the order status may be unknown at any point.

Question 13

What are the two general groups of applications of ERP functionality?

Answer 13

Core Applications

Business Analysis Applications

Question 14

What are Core Applications?

Answer 14

Core applications are those applications that operationally support the day-to-day activities of the business. If these applications fail, so does the business.

Ex. sales and distribution, business planning, production planning, shop floor control, logistics

AKA online transaction processing (OLTP)

Question 15

What is a data mart?

Answer 15

When a data warehouse is organized for a single department or function, it is often called a data mart. Rather than containing hundreds of gigabytes of data for the entire enterprise, a data mart may have only tens of gigabytes of data.

Question 16

What are the five stages of the data warehousing process?

Answer 16

Modeling data for the data warehouse

Extracting data from operational databases

Cleansing extracted data

Transforming data into the warehouse model

Loading data into the data warehouse database

Question 17

What is the difference between private key and public key encryption techniques?

Answer 17

Private Key - Both the sender and the receiver use the same encryption key.

Public Key - Technique that uses two encryption keys: one for encoding the message, the other for decoding it.

Question 18

What is the difference between network-level firewall and application-level firewall?

Answer 18

Network-Level Firewall: System that provides basic screening of low-security messages (e.g., e-mail) and routes them to their destinations based on the source and destination addresses attached.

Application-Level Firewall: Provide high-level network security.

Question 19

What are Intelligent Control Agents?

Answer 19

Computer programs that embody auditor-defined heuristics that search electronic transactions for anomalies.

Question 20

What is Verisign?

Answer 20

Verisign is a for-profit organization that provides assurance regarding the security of transmitted data.

Its mission is to provide digital certificate solutions that enable trusted commerce and communications. Its products allow customers to transmit encrypted data and verify the source and destination of transmissions.

Question 21

What is a VAN?

Answer 21

In an EDI environment, a client’s trading parnter’s computer automatically generates electronic transactions, which are relayed across a value-added network (VAN), and the client’s computer processes the transactions without human intervention.

Question 22

What is a firewall?

Answer 22

A firewall is a system used to insulate an organization’s intranet from the Internet. It can be used to authenticate an outside user of the network, verify his or her level of access authority, and then direct the user to the program, data, or service requested. In addition to insulating the organization’s network from external networks, firewalls can also be used to protect LANs from unauthorized internal access.

Question 23

What are Seals of Assurance?

Answer 23

In response to consumer demand for evidence that a web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their website home pages. To legitimately bear the seal, the company must show that it complies with certain business practices, capabilities, and controls. This best known six seal-granting organizations are - Better Business Bureau (BBB), TRUSTe, Verisign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.

Question 24

What is a digital signature?

Answer 24

A digital signature is derived from the digest of a document that has been encrypted with the sender’s private key. A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.

Question 25

What is continuous auditing?

Answer 25

Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur. The growth of electronic commerce requires the auditors to rethink their traditional practices. Using intelligent electronic agents, transactions can be continuously monitored, and alarms can sound when an anomaly occurs.

Question 26

What is the International Computer Security Association?

Answer 26

The ICSA established its web certification program in 1996. ICSA certification addresses data security and privacy concerns. It does not deal with concerns about business policy and business processes. Organizations that qualify to display the ICSA seal have undergone an extensive review of firewall security from outside hackers. Organizations must be recertified annually and undergo at least two surprise checks each year.

Question 27

What is the AICPA/CICA WebTrust?

Answer 27

The AICPA and CICA established the WebTrust program in 1997. To display the AICPA/CICA WebTrust seal, the organization undergoes an examination according to the AICPA’s Standards for Attestation Engagements, No. 1, by a specially web-certified CPA or CA. The examination focuses on the areas of business practices (policies), transaction integrity (business process), and information protection (data security). The seal must be renewed every 90 days.

Question 28

What is the AICPA/CICA SysTrust?

Answer 28

In July 1999, the AICPA/CICA introduced an exposure draft describing a new assurance service called SysTrust. It is designed to increase management, customer, and trading partner confidence in systems that support entire businesses or specific processes. The assurance service involves the public accountant evaluating the system’s reliability against four essential criteria: availability, security, integrity, and maintainability.

The potential users of SysTrust are trading partners, creditors, shareholders, and others who rely on the integrity and capability of the system. For example, Virtual Company is considering outsourcing some of its vital functions to third-party organizations. Virtual needs assurance that the third-party systems are reliable and adequate to provide the contracted services. As part of the outsourcing contract, Virtual requires the servicing organizations to produce a clean SysTrust report every three months.

In theory, the SysTrust service will enable organizations to differentiate themselves from their competitors. Those organizations that undergo a SysTrust engagement will be perceived as competent service providers and trustworthy. They will be more attuned to the risks in their environment and equipped with the necessary controls to deal with the risks.

Question 29

What three types of data management problems are a result of data redundancy?

Answer 29

Data storage

Data Updating

Currency of Information

Question 30

What list shows the detail of vendor shipments and expected receipts of products and components needed for an order?

Answer 30

Materials requirements list

Question 31

What was designed to overcome a private key encryption security weakness?

Answer 31

The correct answer is “Public key.” Public key encryption uses two different keys: one for encoding messages and the other for decoding. Receivers never need to share private keys with senders, which reduces the likelihood the keys will fall into the hands of an intruder.

Question 32

Which third-party trust organization issues three classes of certificates?

Answer 32

The correct answer is “Verisign, Inc.” Verisign, Inc. issues three classes of certificates to individuals, businesses, and organizations.

Question 33

An organization uses a flat-file data management system. The shipping department receives notice that shipping costs are increasing by 10% effective immediately. Customers placing new orders are still billed with the old shipping costs.
Which problem is exemplified in this scenario?

Answer 33

The correct answer is “ Currency of information.” The shipping department must inform the billing department of any changes in shipping costs, or the bills will be issued based on outdated information.

Question 34

What attributes are used to describe data that are reliable for use according to the Safe Harbor Agreement?

Answer 34

Accurate, complete, and current

Question 35

Define the Safe Harbor Agreement’s onward transfer condition.

Answer 35

Unless they have the individual’s permission to do otherwise, organizations may share information only with those third parties that belong to the Safe Harbor Agreement or that follow its principles.

Question 36

How many surprise checks must an organization undergo annually to maintain the International Computer Security Association seal?

Answer 36

Two