VI - Information Technology Flashcards
Which IT personnel roles should always be segregated?
Operators
Programmers
Librarians
What are the duties of a systems analyst?
Designs or purchases IT system
Responsible for flowcharts
Liaison between Users and Programmers
Note: Think IT Manager
What is the primary duty of a Systems Administrator?
A Systems Administrator controls database access.
What are the duties of a Systems Programmer?
Writes- Updates- Maintains- & Tests software- systems- and compilers
Which duties should a Systems Programmer NOT have?
In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.
What are the duties of a Systems Operator?
Schedules and Monitors Jobs
Runs IT Help Desk
What duties should a System Operator NOT have?
For internal control purposes- they should not be a Programmer on the system.
If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?
Include Computer Logs.
Control Group should review the logs.
What is the purpose of a Management Information System (MIS)?
To assist with decision making.
What is an Accounting Information System (AIS)?
A type of Management Information System (MIS) that processes accounting transactions.
What are the characteristics of an Executive Information System (EIS)?
Specialized for Company Executive needs
Assists with Strategy Only
No Decision-Making Capabilities
What are the characteristics of an Expert System (ES)?
Computer uses reasoning
Structured
No human interpretation needed
What are the characteristics of a Decision Support System (DSS)?
Computer provides data
Gives Interactive Support
Human interpretation needed
What are the characteristics of an Ad Hoc computer report?
User initiates the report.
The report is created upon demand.
When are Exception reports generated?
Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem
What is a query?
A type of Ad Hoc report- initiated by a user.
What is End-User Computing?
The User develops and executes their own application.
What is the primary benefit of E-commerce?
E-commerce makes business transactions easier.
What are the risks of E-commerce?
Compromised data or theft.
Less paper trail for auditors.
What are the benefits of Electronic Data Interchange?
Uses globally-accepted standards
Efficient
What is a File Server?
A file server stores shared programs and documents.
What is the purpose of a Database?
Located on a File Server- a Database allows users to share documents.
What is the purpose of a LAN (Local Area Network)?
It connects computers in close proximity.
What is the purpose of a WAN (Wide Area Network)?
It connects computers that are far apart.
What are the characteristics of a VAN (Value-Added Network)?
Privately-owned Network
Serves as 3rd Party Between 2 Companies
Routes EDI Transactions
Accepts wide range of Protocols
Very Costly
What is the purpose of a Firewall?
Prevents unauthorized access to a network.
What are the characteristics of a virus?
Takes over a computer
Needs a host program to run
What are the characteristics of a computer worm?
Takes over multiple computers
Doesn’t need a host program to run
What is the purpose of Automated Equipment Controls?
They prevent and detect hardware errors.
What is RAM?
Random Access Memory.
Internal memory in the computer used during immediate processing.
What is a CPU?
Computer Processing Unit
It processes commands within a computer.
What is Job Control Language?
It schedules and allocates system resources.
What are examples of input devices?
Keyboard
Mouse
Scanner
Magnetic Ink Reader
Magnetic Tape Reader
EDI
Point of Sale Scanner
What are examples of Output Devices?
Speakers
Monitors
Printers
What are the characteristics of Magnetic Tape storage?
Sequential Access - Sorts data in order
Slower data retrieval
Header Label prevents Operator error by loading wrong tape
External Labels prevent accidental destruction by operator
What are the characteristics of Magnetic Disks?
Random Access - Finds data in random spots
Faster data retrieval
Uses Boundary Protection for data
What is a Gateway?
Connects one network to another
Note: the Internet is connected by Gateways
What are Parity Checks?
A control that detects internal data errors.
A bit is added to each character- it checks to see if a bit was lost.
What is an Echo Check?
Transmitted data is returned to the sender for verification (it echoes back to the sender)
What is a Change Control?
It authorizes program changes and approves program test results.
What is security software?
Software that controls access to IT systems.
Note: Don’t confuse this with anti-virus software
What is the purpose of a Digital Signature?
It confirms a message has not been altered.
List the types of computers from smallest to largest
PDA/Smartphone/Tablet
Microcomputer - PC- Laptop (cost-effective)
Minicomputer - Like a Mainframe- but smaller
Mainframe - Large computer with terminals attached
Supercomputer - Very powerful and very big
What are the units of computer data from smallest to largest?
Bit - 1 (on) and 0 (off)
Byte - 8 bits to a byte/character
Field - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
Record - Group of related fields (i.e. Member name- address- phone number)
File - Group of related records (i.e. Membership directory)
What is the duty of a design engineer?
Determine language used for a specific computer- on a computer-to-computer basis
What are object programs?
Programs written in base computer language- not similar to English.
How can source programs be recognized?
They are written in a language close to English.
What is the purpose of a Compiler?
Takes Source language (English) and converts to Object (Computer) Language
How does Online Analytical Processing work?
It uses a Data Warehouse to support management decision making.
What is Data Mining?
Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.
What is the purpose of online transaction processing?
To process a company’s routine transactions.
What are the characteristics of batch processing?
Data held- updates multiple files all at once
Leaves a better audit trail
Uses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)
What does an output control check for?
Checks to see if output data is valid- distributed and used in an authorized manner.
What does a processing control check?
Checks if data processing produced proper output
What is a hash total?
An input control number- a meaningless sum of values included in the input.
Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.
What is a validity check?
Checks to see if data in existing tables or files belongs in the set
For example- is there a # in an alpha-only field or a letter in a numeric-only field
What is a limit check?
Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.
What is a check digit?
An input control that adds an identification number to a set of
digits - usually at the end
What is a field check?
An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field
What is a Hot Site?
A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.
What is a Cold Site?
If a main system goes down- a Cold Site will take time to get set up and running.
What is the most common database language?
SQL - Structured Query Language
What is a Data Definition Language?
Defines SQL Database
Controls SQL Tables
What is a Data Manipulation Language?
Queries SQL Database tables
What is a Data Control Language?
Controls Access to SQL Database
What are the characteristics of a Relational Database?
Logical structure
Uses rows and columns similar to spreadsheet
What are the characteristics of a Hierarchical Database?
Has various levels
Uses trees to store data
What are the advantages of a database?
Data is more accessible
Reduced redundancy
What are the disadvantages of a database?
Cost of installation
Skilled personnel required to maintain
What are the components of a database?
Desktop client
Application Server
Database Server
Think: Your desktop computer runs applications and saves to a database
Which of the following statements is (are) true.
I. A greater level of control is necessary in automated than manual systems.
II. The uniformity of transaction processing is higher in automated than manual systems.
II only
C auto leasing is a small co. with six employees. The best action that it can take to increase its internal control effectiveness is
- Hire temporary employees to aid in the segregation of duties.
- Hire a bookkeeper to perform monthly “write up” work.
- Clearly delegate responsibilities to each employee for the functions that they are assigned.
- Engage the owner in direct participation in the activities, including financial record-keeping, of the business.
Engage the owner in direct participation in the activities, including financial record-keeping, of the business.
This is the best answer since engaging the owner in the activities of the business is an important compensating control in small organizations.
M Inc. recently switched from a manual acct system to a computerized acct system. The system supports online real-time processing in a networked environment, and six employees have been granted access to various parts of the system in order to perform their jobs. Relative to the manual system, M can expect to see
- That functions that had previously been spread across multiple employees have been combined.
- An increase in the incidence of clerical errors.
- A decrease in the incidence of systemic errors.
- A decrease in the need for access controls to the accounting records.
That functions that had previously been spread across multiple employees have been combined.
It is common for computerized systems to combine functions that would be considered incompatible in a manual system
This can occur because the system limits the transactions that it is possible for the employee to record, creating a compensating control.
What is the COBIT framework? (3 parts)
Busin Reqs
IT Resources
IT Processes
In COBIT, the process of reviewing system response time logs falls within the __ control process domain.
- Acquire and implement.
- Deliver and support.
- Monitor and evaluate.
- Plan and organize.
Monitor and evaluate
The process of reviewing system response logs is within the “monitor the processes” (M1) activity, which falls within the “monitor and evaluate” domain
In COBIT, the process of ensuring security and continuous service falls within the __ control process domain.
- Acquire and implement.
- Deliver and support.
- Monitor and evaluate.
- Plan and organize.
Deliver and support
In COBIT, the process of developing tactics to realize the strategic vision for IT falls within the __ control process domain.
- Acquire and implement.
- Deliver and support.
- Monitor and evaluate.
- Plan and organize.
Plan and organize
One important purpose of COBIT is to
- Guide managers, users, and auditors to adopt best practices related to the management of information technology.
- Identify specific control plans that should be implemented to reduce the occurrences of fraud.
- Specify the components of an information system that should be installed in an e-commerce environment.
- Suggest the type of information that should be made available for management decision-making.
Guide managers, users, and auditors to adopt best practices related to the management of information technology.
In COBIT, the process of identifying automated solutions falls within the __ control process domain.
- Acquire and implement.
- Deliver and support.
- Monitor and evaluate.
- Plan and organize.
Acquire and impelment