8 - IT Systems and Controls Flashcards Preview

ABS > 8 - IT Systems and Controls > Flashcards

Flashcards in 8 - IT Systems and Controls Deck (29)
Loading flashcards...
1

What is an information system?

System for processing data and information that may involve people based activities and or computer based functions

2

What are separate systems?

Wholly separate IT systems in place
Integration only though transfers initiated by staff
Simpler
Significant and costly human intervention
Scope for error, omission and duplication

Some IT controls but mostly manual

3

What are enterprise systems?

Systems from across different areas of a business that are connected to a central data system
E.g oracle
Integrates everything

Performed quickly so minimised errors and waste

IT controls in place over central data
Manual controls over inputs and outputs

4

What is straight through processing?

Removes need for human intervention
Fully automated

Almost entirely IT controls
Manual controls only for exceptions and reviewing

5

Remit of IT department?

Develop IT strategy
Develop IT policy
Procedures and address controls
Reporting lines
Scope
Monitor
Integration

6

4 steps to develop IT Strategy?

Starting position GOT
Identify ideal systems WANT
Analyse gaps GAP
Project plan PLAN - bridge gaps

7

What are the elements of ITGCs?

Access to programs and data
Programme changes and development
computer Operations
Continuity of operations

8

What are ITGCs?

Manual, automated or a combination of both
Within info systems and end user computing

9

What are IT application controls?

Automated procedures that typically operate at a transaction level and are designed to ensure integrity of data

Used to initiate, authorise, record, process and report transactions

E.g audit logs
Batch controls
Programmed editing
Calculation
Check digits

10

What is a master file?

Standing or permanent source data needed to process transactions

May affect more than one processing cycle

11

Master file change controls?

Changes recorded on a change request form and authorised

Records of before and after position kept and reviewed

Segregation of duties between those who amend and process transactions

Audit log, reviewed

Batch controls

Complete listing reviewed periodically

12

Program changes and development considerations?

Development
Authorisation
Testing
Approval

Changes should be made in separate test environment

13

How to mitigate risk of program changes?

Separate test environment
Migration to production environment
Configuration changes
Emergency changes
Program development

14

Project management controls applicable ?

Initiation
Planning
Risk management approach
Execution
Completion

15

Stages of systems development life cycle?

Business analysis - want from new
Feasibility study - what’s on offer
System analysis - whether will suit
Design - detail process
Development - off shelf or bespoke
Testing
Implementation - methods
Maintenance
Wish list / enhancement - future upgrades

(Bopping Frank Sometimes Dances Down To Indie Pop Music Well)

16

Disadvantages of packaged systems?

Unlikely to fully fit needs
Inefficiency from extra functions not needed
Third party reliance
Difficult to integrate
Same system as everyone

17

Advantages of packaged systems?

Lower cost
Faster implementation
Documentation
Limited risk of faults
Functional features reflecting marketplace changes
Developer knowledge

18

Advantages of bespoke systems?

Good fit to needs
Can include specialised features
Less inefficiency
Integrate well
Unique system may give competitive advantage

19

Disadvantages of bespoke systems?

Cost
Slower development and implementation
May require debugging
Developer may not have extensive knowledge
Reliance on third party oi

20

What are the methods of implementation?

Pilot
Parallel
Phased
Direct

21

Direct method?

Stop old and start new

Lowest cost
Faster
Minimise maintenance work

High risk of damage
High stress for IT

22

Parallel method?

Operating both at same time

Lowest risk
Comfort of retaining old
Flexibility

Doubles workload
Increased overall cost
Doubles commitment for staff
May prevent new application implemented

23

Phased implementation?

Introduce a bit at a time e.g in departments

Risks controlled
Compromise approach
Get used to look and feel

High burden on IT
Integrate manually

24

Pilot implementation?

Trial in regions first

Unexpected problems identified
Users maintain control
Less IT staff
Minimise risks

Implementation lengthy so costly
Boredom for IT staff as continuous

25

Best practice for continuity of operations?

Second site or server back up alternatives

Cloud computing
Mutual aid pact
Cold site
Hot site

26

Mutual aid pact?

Agreement between two companies to share resources in case of disaster

No additional cost

Must have excess capacity
Must have compatible platforms
All must not be impacted by the disaster
Must trust

27

Cold site?

Leases space to hold computer equipment

Easier to implement
Cheaper than hot site
More convenient that mutual aid pact

Costs more than mutual aid
Slower time to implement
Cold site may not hold all equip
May not be reliable

28

Hot site?

Equipped and functioning recovery centre
Mirroring data is a technique used to backup data

Ready to go

Highest cost
Natural disaster

29

Cloud computing?

Remote servers

Rapid recovery

Dependence on third party hosting