13: IT Flashcards

1
Q

Some of the implications of manual versus computerized systems for internal control are:

A

Segregation of duties: In a computerized environment, transaction processing often results in the combination of functions that are normally separated in a manual environment.
Disappearing audit trail
Uniform transaction processing – Computer programs are uniformly executed algorithms
Computer-initiated transactions – Many computerized systems gain efficiency by automatically generating transactions when specified conditions occur.
Potential for increased errors and irregularities – Several characteristics of computerized processing act to increase the likelihood that fraud may occur and remain undetected for long periods.
Potential for increased management review – Computer-based systems increase the availability of raw data and afford more opportunities to perform analytical reviews and produce management reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is purpose of COBIT

A

Guide managers, users, and auditors to adopt best practices related to the management of information technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 4 domains

A

Planning and Organization—How can IT best contribute to business objectives? Establish a strategic vision for IT. Develop tactics to plan, communicate, and realize the strategic vision.
Acquisition and Implementation—How can we acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process?
Delivery and Support—How can we best deliver required IT services including operations, security, and training?
Monitoring—How can we best periodically assess IT quality and compliance with control requirements?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is the primary objective of enterprise resource planning system

A

to integrate data from all aspects of an organization’s activities into a centralized data repository.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Goals of ERP systems:

A

global visibility, cost reduction, employee empowerment, best practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

components of ERP system

A
  1. Online transaction processing (OLTP) system – The modules comprising the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.
  2. Online analytical processing (OLAP) system – Incorporates data warehouse and data mining capabilities within the ERP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

examples of cloud based system applications

A
  1. Infrastructure as a service (IaaS) – Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite;
  2. Platform as a service (PaaS) – Creating cloud-based software and programs using cloud-based services. Salesforce.com’s Force.com is an example of PaaS;
  3. Software as a service (SaaS) – Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

benefits of cloud based systems

A

universal access, cost reduction, outsourcing, scalability, enterprise wide intergration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

risks of cloud based systems

A

data loss, system penetration by hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is a business continuity plan

A

The disaster recovery plan discussion above relates to organizational processes and structures that will enable an organization to recover from a disaster. Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for such occurrences and embedding this plan in an organization’s culture. Hence, BCM is one element of organizational risk management. It consists of identifying events that may threaten an organization’s ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is a disaster recovery plan

A

DRPs enable organizations to recover from disasters and to enable continuing operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Disaster recovery plans are frequently classified by the types of backup facilities maintained and the time required to resume processing:

A

cold site, warm site, hot site, reciprocal agreements, mirrored site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is a cold site

A

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization. If on a mobile unit (e.g., a truck bed), called a mobile cold site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is a warm site

A

A location where the business can relocate to after the disaster that is already stocked with computer hardware similar to that of the original site, but does not contain backed-up copies of data and information. If on a mobile unit, called a mobile warm site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is a hot site

A

a. An off-site location completely equipped to quickly resume data processing.
b. All equipment plus backup copies of essential data files and programs are often at the site.
c. Enables resumed operations with minimal disruption, typically within a few hours.
d. More expensive than warm and cold sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is a reciprocal agreement

A

These are shared use facilities governed by inter-organizational agreements that house IT facilities. May be cold, warm, or hot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is a mirrored site

A

Fully redundant, fully staffed, and fully equipped site with real-time data replication of mission critical systems. Expensive and used for mission critical systems (e.g., credit card processing at VISA and MasterCard).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

three main functional areas within many IT Departments:

A

A. Applications Development
B. Systems Administration and Programming
C. Computer Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what is the responsibility of applications development and the roles

A

This department is responsible for creating new end-user computer applications and for maintaining existing applications.
1.
Systems analysts – Responsible for analyzing and designing computer systems; systems analysts generally lead a team of programmers who complete the actual coding for the system; they also work with end users to define the problem and identify the appropriate solution.
2.
Application programmers – Work under the direction of the systems analyst to write the actual programs that process data and produce reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

what is the responsibility of systems administration and programming and the roles

A

This department maintains the computer hardware and computing infrastructure and grants access to system resources.
1.
System administrators – The database administrator, network administrator, and web administrators are responsible for management activities associated with the system they control. For example, they grant access to their system resources, usually with user-names and passwords. System administrators, by virtue of the influence they wield, must not be permitted to participate directly in these systems’ operations.
2.
System programmers – Maintain the various operating systems and related hardware. For example, they are responsible for updating the system for new software releases and installing new hardware. Because their jobs require that they be in direct contact with the production programs and data, it is imperative that they are not permitted to have access to information about application programs or data files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is the responsibility of computer operations and its roles

A

This department is responsible for the day-to-day operations of the computer system, including receipt of batch input to the system, conversion of the data to electronic media, scheduling computer activities, running programs, etc.
1.
Data control – This position controls the flow of all documents into and out of Computer Operations; for batch processing, schedules batches through data entry and editing, monitors processing, and ensures that batch totals are reconciled; data control should not access the data, equipment, or programs. This position is called “quality assurance” in some organizations.
2.
Data entry clerk (data conversion operator) – For systems still using manual data entry (which is rare), this function keys (enters) handwritten or printed records to convert them into electronic media; the data entry clerk should not be responsible for reconciling batch totals, should not run programs, access system output, or have any involvement in application development and programming.
3.
Computer operators – Responsible for operating the computer: loading program and data files, running the programs, and producing output. Computer operators should not enter data into the system or reconcile control totals for the data they process. (That job belongs to Data Control.)
4.
File librarian – Files and data not online are usually stored in a secure environment called the file library; the file librarian is responsible for maintaining control over the files, checking them in and out only as necessary to support scheduled jobs. The file librarian should not have access to any of the operating equipment or data (unless it has been checked into the library).

22
Q

what is the role of IT steering Commitee

A

This group’s principal duty is to approve and prioritize systems proposals for development.

23
Q

what is the role of lead systems anaylst

A

This individual is usually responsible for all direct contact with the end user and for developing overall programming logic and functionality.

24
Q

what is the role of application programmers

A

This team, under the direction of the lead analyst, is responsible for writing and testing the programs.

25
Q

what is role of end users

A

This group has the primary responsibility of identifying problems and proposing initial solutions.

26
Q

what are the stages in a SDLC system

A

planning and feasibility, analysis, design, development, testing, implementation, maintenance

27
Q

Four levels of documentation

A

Systems documentation, Program documentation, Operator documentation, user documentation

28
Q

Application controls concern the accuracy, validity, and completeness of data processing in specific application programs. They can be placed in one of three categories:

A
  1. Input and origination controls – Control over data entry and data origination process
  2. Processing and file controls – Controls over processing and files, including the master file update process
  3. Output controls – Control over the production of reports
29
Q

what is ebusiness

A

E-business is the generic name given to any business process that relies on electronic dissemination of information or on automated transaction processing. This lesson distinguishes e-business from e-commerce and describes the benefits, risks, and some common business models of e-commerce.

30
Q

what is ecommerce

A

E-commerce is a narrower term used to refer to transactions between the organization and its trading partners.

31
Q

what are the risks of ecommerce

A
  1. System availability – Online systems must be stable and availability. This was an early challenge to eBay. In its early days, it asked users to stay off of the system during peak hours!
  2. Security and confidentiality – Data breaches—for example, the 2013 Target credit and debit card breach—can irreparably harm trust in systems and companies.
  3. Authentication – Is an online person or company who they say they are? Increasingly, e-commerce sites (e.g., e-lance) include verification of identity as a prerequisite to site use.
  4. Nonrepudiation – This is, essentially, the existence of an audit trail that renders actions verifiable. Hence, one cannot deny, after a transaction, one’s role in it.
  5. Integrity – Is the system secure from hackers and crackers? Creating a system that is immune to hacks is a formidable undertaking. Even the FBI website has been hacked.
32
Q

what are the risks of not implementing ecommerce

A
  1. Your customers find it cheaper and easier to buy online.
  2. Limited growth – E-commerce offers global reach.
  3. Limited markets – E-commerce turns what once were small, highly specialized markets (e.g., collecting antique fountain pens) into large, worldwide markets.
33
Q

what are operational systems

A

support day to day activities. sometimes called transaction processing systems. process financial and non financial trransactions

34
Q

what are management information systems (MIS)

A

systems designed to support routine management problems.

35
Q

what are accounting information systems (AIS)

A

take the financial data from transaction processing systems and use it to produce financial statements and control reports for managment

36
Q

what is decision support systems (DSS)

A

provide information to mid- to upper-level managers to assist them in managing non routine problems

37
Q

what are executive support systems (ESS)

A

provide senior executives with immediate access to internal and external info

38
Q

what is data mining

A

the process of sorting through data maintained in a data warehouse in an effort to identify relationships between data fields or events. These relationships are often classified as sequences (one event leads to another) or associations (one event is correlated with another event). The ability to recognize these patterns is, thus, critical to successful data mining.

39
Q

what is data warehouse

A

a database archive of an organization’s operational transactions (sales, purchases, production, payroll, etc.) over a period of years; external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, are also included

40
Q

what is data mart

A

A data mart is focused on a particular market or purpose and contains only information specific to that objective.

41
Q

what is there a great need for within a small business computing enviornment

A

There is a great need for third-party review and testing within the small business computing environment, Backup procedures are important. Additional supervision of computing may be necessary.

42
Q

what is database management system

A

The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.

43
Q

what is data manipulation language

A

The data manipulation language allows the user to add new records, delete old records, and update existing records.

44
Q

what is data query language

A

Data query language (DQL) is used to extract information from the database.

45
Q

what is data definition language

A

Data definition language (DDL) is used to create tables and fields of information within the fields

46
Q

what is a central processing unit

A

Central processing unit (CPU) – The CPU is the control center of the computer system. The CPU has three principal components:
1.
Control unit – Interprets program instructions.
2.
Arithmetic logic unit (ALU) – Performs arithmetic calculations.
3.
Primary storage (main memory)

47
Q

what is batch processing

A

in batch processing, transactions are first gathered together in a group and then keyed into a transaction file. Periodically, the transaction file is edited, sorted, and then the transactions are used to update the master file.

48
Q

what is real time systems

A

Online/real-time systems are updated as transactions occur and consequently require networked information systems based on random access storage devices.
Because the information system is updated immediately, errors are detected as soon as the transaction occurs.

49
Q

what is extensible business reporting language

A

XBRL is specifically designed to exchange financial information over the World Wide Web.

50
Q

what are network firewalls

A

Network firewalls perform relatively low-level filtering capabilities

51
Q

what are application firewalls

A

application firewalls have the ability to do much more sophisticated checks and provide much better control.