Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

BEC > Info Technology - Module 41 > Flashcards

Info Technology - Module 41 Flashcards

(155 cards)

Start Studying
1
Q

Which IT personnel roles should always be segregated?

A

Operators

Programmers

Librarians

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the duties of a systems analyst?

A

Designs or purchases IT system

Responsible for flowcharts

Liaison between Users and Programmers

Note: Think IT Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary duty of a Systems Administrator?

A

A Systems Administrator controls database access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the duties of a Systems Programmer?

A

Writes- Updates- Maintains- & Tests software- systems- and compilers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which duties should a Systems Programmer NOT have?

A

In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the duties of a Systems Operator?

A

Schedules and Monitors JobsRuns IT Help Desk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What duties should a System Operator NOT have?

A

For internal control purposes- they should not be a Programmer on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?

A

Include Computer Logs.

Control Group should review the logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of a Management Information System (MIS)?

A

To assist with decision making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an Accounting Information System (AIS)?

A

A type of Management Information System (MIS) that processes accounting transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the characteristics of an Executive Information System (EIS)?

A

Specialized for Company Executive needs

Assists with Strategy Only

No Decision-Making Capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the characteristics of an Expert System (ES)?

A

Computer uses reasoning

Structured

No human interpretation needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the characteristics of a Decision Support System (DSS)?

A

Computer provides data

Gives Interactive Support

Human interpretation needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the characteristics of an Ad Hoc computer report?

A

User initiates the report.

The report is created upon demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When are Exception reports generated?

A

Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a query?

A

A type of Ad Hoc report- initiated by a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is End-User Computing?

A

The User develops and executes their own application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the primary benefit of E-commerce?

A

E-commerce makes business transactions easier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the risks of E-commerce?

A

Compromised data or theft.

Less paper trail for auditors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the benefits of Electronic Data Interchange?

A

Uses globally-accepted standards

Efficient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a File Server?

A

A file server stores shared programs and documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the purpose of a Database?

A

Located on a File Server- a Database allows users to share documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the purpose of a LAN (Local Area Network)?

A

It connects computers in close proximity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the purpose of a WAN (Wide Area Network)?

A

It connects computers that are far apart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are the characteristics of a VAN (Value-Added Network)? (5)
Privately-owned Network Serves as 3rd Party Between 2 Companies Routes EDI Transactions Accepts wide range of Protocols Very Costly
26
What is the purpose of a Firewall?
Prevents unauthorized access to a network.
27
What are the characteristics of a virus? (2)
Takes over a computer Needs a host program to run
28
What are the characteristics of a computer worm? (2)
Takes over multiple computers Doesn't need a host program to run
29
What is the purpose of Automated Equipment Controls?
They prevent and detect hardware errors.
30
What is RAM?
Random Access Memory. Internal memory in the computer used during immediate processing.
31
What is a CPU?
Computer Processing Unit It processes commands within a computer.
32
What is Job Control Language?
It schedules and allocates system resources.
33
What are examples of input devices? (7) (pg. 68)
Keyboard Mouse Scanner Magnetic Ink Reader Magnetic Tape Reader EDI Point of Sale Scanner
34
What are examples of Output Devices? (3)
Speakers Monitors Printers
35
What are the characteristics of Magnetic Tape storage? (4)
Sequential Access - Sorts data in order Slower data retrieval Header Label prevents Operator error by loading wrong tape Buck External Labels prevent accidental destruction by operator
36
What are the characteristics of Magnetic Disks? (3)
Random Access - Finds data in random spots Faster data retrieval Uses Boundary Protection for data
37
What is a Gateway?
Connects one network to another Note: the Internet is connected by Gateways
38
What are Parity Checks?
A control that detects internal data errors. A bit is added to each character- it checks to see if a bit was lost.
39
What is an Echo Check?
Transmitted data is returned to the sender for verification (it echoes back to the sender)
40
What is a Change Control?
It authorizes program changes and approves program test results.
41
What is security software?
Software that controls access to IT systems. Note: Don't confuse this with anti-virus software
42
What is the purpose of a Digital Signature?
It confirms a message has not been altered.
43
List the types of computers from smallest to largest (5) (pg. 66)
PDA/Smartphone/Tablet Microcomputer - PC- Laptop (cost-effective) Minicomputer - Like a Mainframe- but smaller Mainframe - Large computer with terminals attached Supercomputer - Very powerful and very big
44
What are the units of computer data from smallest to largest? (5) (pg. 71)
Bit - 1 (on) and 0 (off) Byte - 8 bits to a byte/character Field - group of related characters/bytes (i.e. Name-Zip Code-Serial #) Record - Group of related fields (i.e. Member name- address- phone number) File - Group of related records (i.e. Membership directory)
45
What is the duty of a design engineer?
Determine language used for a specific computer- on a computer-to-computer basis
46
What are object programs?
Programs written in base computer language- not similar to English.
47
How can source programs be recognized?
They are written in a language close to English.
48
What is the purpose of a Compiler?
Takes Source language (English) and converts to Object (Computer) Language
49
How does Online Analytical Processing work?
It uses a Data Warehouse to support management decision making.
50
What is Data Mining? (pg. 70)
Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.
51
What is the purpose of online transaction processing? (pg. 70)
To process a company's routine transactions.
52
What are the characteristics of batch processing? (3) (pg. 70)
Data held- updates multiple files all at once Leaves a better audit trail Uses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)
53
What does an output control check for? (pg. 90)
Checks to see if output data is valid- distributed and used in an authorized manner.
54
What does a processing control check? (pg. 89)
Checks if data processing produced proper output
55
What is a hash total? (pg. 89)
An input control number- a meaningless sum of values included in the input. Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.
56
What is a validity check? (pg. 89)
Checks to see if data in existing tables or files belongs in the set For example- is there a # in an alpha-only field or a letter in a numeric-only field
57
What is a limit check? (pg. 89)
Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.
58
What is a check digit? (pg. 89)
An input control that adds an identification number to a set of digits - usually at the end
59
What is a field check? (pg. 89)
An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field
60
What is a Hot Site? (pg. 90)
A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.
61
What is a Cold Site? (pg. 91)
If a main system goes down- a Cold Site will take time to get set up and running.
62
What is the most common database language? (pg. 69)
SQL - Standard Query Language
63
What is a Data Definition Language? (pg. 73)
Defines SQL Database Controls SQL Tables
64
What is a Data Manipulation Language? (pg. 73)
Queries SQL Database tables
65
What is a Data Control Language? (pg. 73)
Controls Access to SQL Database
66
What are the characteristics of a Relational Database? (2) (pg. 73)
Logical structure Uses rows and columns similar to spreadsheet
67
What are the characteristics of a Hierarchical Database? (2) (pg. 73)
Has various levels Uses trees to store data
68
What are the advantages of a database? (2) (pg. 74)
Data is more accessible Reduced redundancy
69
What are the disadvantages of a database? (pg. 74)
Cost of installation Skilled personnel required to maintain
70
What are the components of a database? (3)
Desktop client Application Server Database Server Think: Your desktop computer runs applications and saves to a database
71
General Types of IT Systems (4)
1. **Office Automation System**: daily work of employees ## Footnote 2. **Transaction Processing System:** PR recording, cash receipts 3. **Management Reporting Systems:** *(a)* *_management info system:_* past, present & future info for planning, organizing, & controlling operations *(b)* *_decision support system:_* computer based info system that combines models & data to resolve nonstructured problems *(c) _expert systems:_* apply reasoning methods to data to render advice or recommendations
72
Phases of the Systems Design & Process Improvement (7)
1. **Planning:** identify the problem, define the system to be developed, determine the project scope, develop project plan, evaluate initial feasibility 2. **Analysis:** processing, data & logic models are produced, needs assessment performed, analysis performed on existing system, gap analysis 3. **Design:** technical blueprint, components designed are databases, user interfaces, required reports, programs, infrastructure & controls 4. **Development:** design phase transformed into actual system 5. **Testing:** unit testing, system testing, integration testing & user acceptance testing 6. **Implementation:** parallel, plunge, pilot, & phased 7. **Maintenance**
73
Types of Computers (in order of size & power) (pg. 66)
**1. Supercomputers** **2. Mainframe Computers** **3. Servers (often configured as "virtual machines")** **4. Microcomputers (laptops, desktops)** **5. Tablets/Smart Phones/Personal Digital Assistants**
74
Central Processing Unit (CPU) (pg. 67)
Principal hardware component of a computer. Contains arithmetic/logic units, primary memory & a control unit. Major function is to fetch stored instructions & data, decode instructions & carry them out.
75
Storage Devices (secondary storage) (6) (pg. 67)
1. **Magnetic Tape:** slowest type, used for archiving purposes today 2. **Magnetic Disks:** most common, hard disk drive 3. **RAID** (Redundant Array of Independent Disks) 4. **Compact Disks:** CD's & DVD's 5. **Solid State Drives:** use microchips to store data & require no moving parts for read/write operations (jump drive) 6. **Cloud-Based Storage:** aka "storage as a service" (SaaS), hosted offsite, typically by third parties
76
Manner in which info is represented in a computer (2) (pg. 67)
1. **Digital**: binary digits 2. **Analog:** fluctuations of a continuous signal
77
Related Computer Terms (7) (pg. 67)
1. **Online** 2. **Offline** 3. **Console:** terminal used for communication between operator & computer 4. **Peripheral Equipment:** all non-cpu hardware that may be placed under control of central processor 5. **Controllers:** hardware units designed to operate specific input/output units 6. **Buffer:** temporary storage during computer operations 7. **MIPS:** millions of instructions per second, unit for measuring speed of computer
78
Input Devices (5) (pg. 68)
1. **Visual Display Terminal/Monitors:** *(a)* Input Interface *(b)* Graphical User Interface--i.e. icons, pics, menus *(c)* Command Line Interface 2. **Mouse, Joystick, Light Pens** 3. **Touch Sensitive Screens** 4. **Turnaround Docs** 5. **Key to tape & key-to-disk** (keying data) 1, 2, & 3 are online entry
79
Input Devices (Automated Source Data Input Devices) (7) (pg. 68)
1. **Magnetic Tape Recorder:** senses info recorded as magnetic spots 2. **Magnetic Ink Character Reader (MICR):** reads characters that have been encoded with magnetic ink 3. **Scanner:** reads characters on printed pages 4. **Automatic Teller Machine (ATM):** execute & record transactions with financial institutions 5. **Radio Frequency Identification (RFID):** uses radio waves, read wirelessly (toll roads) 6. **Point-of-Sale (POS) recorders:** allows one to record & track customer orders, process debit and credit cards 7. **Voice Recognition**
80
Electronic Commerce & Electronic Data Interchange (pg. 68)
Involves one company's computer communicating with another's computer
81
Output Devices (4) (pg. 68)
1. **Monitors** 2. **Printers** 3. **Plotters** 4. Computer output to microfilm or microfiche Also, many input devices can be output devices
82
Systems Software (3) (pg. 69)
1. **Operating System:** manages input, output, processing & storage devices & operations of a computer (i.e. Windows, Linux, Unix). Performs scheduling, resource allocation & data retrieval based on instructions provided in job control language 2. **Utility Programs:** handle common file, data manipulation & "housekeeping" tasks 3. **Communications Software:** controls & supports transmissions between computers & monitors & accesses various databases
83
Applications Software (2) (pg. 69)
Programs designed for specific uses such as: 1. **Word Processing, Spreadsheet, Email & database systems** 2. **Accounting Software:** *(a)* low end (small organizations--QB) *(b)* high end (ordinarily in Modules--GL, Recs), *(c)* Enterprise Resource Planning (Relatively complete information system "suites" for large & medium size organizations). Advantages are integration of various portions of the info system, direct electronic communication with suppliers & increased responsiveness to info requests for decisions. Disadvantages are complexity, costs & integration with supplier & customer systems are more difficult
84
Software Terms (7) (pg. 69)
1. **Compiler:** produces a machine language object program from a source program language 2. **Multiprocessing:** simultaneous execution of 2 or more tasks, usually between 2+ CPU's, part of same system 3. **Multitasking:** simultaneous processing of several jobs 4. **Object Program**: converted source program that was changed using a compiler to create a set of machine readable instructions that CPU understands 5. **Source Program:** translated into machine readable language 6. **Virtual Memory (storage):** 2nd memory used as an extension of primary memory 7. **Protocol:** rules determining required format & method of transmission data
85
Source Program Generations (5) (pg. 69)
1. **Machine Language** (1's & 0's) 2. **Assembly Language** (words instead of #'s) 3. **High-Level Programming Languages** (COBOL, Basic Fortran, C++, & Java) 4. **Application Specific Language** (usually built around database systems) 5. Relatively new & developing form that includes visual or graphical interfaces used to create source language that is usually compiled with a 3rd or 4th generation language compiler
86
Programming Terms (7) (pg. 70)
1. **Desk Checking:** review of a program by the programmer for errors before the program is ran & debugged on the computer 2. **Debug:** find & eliminate errors in computer program 3. **Edit:** correct input data prior to processing 4. **Loop:** set of program instructions performed repetitively a predetermined # of times, or until data is processed 5. **Memory Dump:** listing of contents of storage 6. **Patch:** section of coding inserted into a program to correct a mistake or alter a routine 7. **Run:** complete cycle of programs (input, processing & output)
87
Methods of Processing (2) (pg. 70)
1. **Batch:** transactions flow through the system in groups of like transactions. Ordinarily leaves a relatively easy-to-follow audit trail 2. **Online Real-Time:** (aka Direct Access Processing) Transactions processed in order they occur. Data files stored online. 2 types: Online Transaction Processing & Online Analytical Processing
88
Online Analytical Processing (pg. 70)
Enables user to query the system. Primarily used for analytical analysis. Uses statistical & graphical tools that provide users with various views of data. Techniques are used as *Decision Support Systems* (computer based info systems that combine models and data in an attempt to solve relatively unstructured problems with extensive user involvement)
89
Data Warehouse (pg. 70)
A subject oriented, integrated collection of data used to support management decision making processes. **Data Mining:** using sophisticated techniques from statistics, artificial intelligence, & computer graphics to explain, confirm & explore relationship among data
90
Artificial Intelligence (pg. 71)
Computer software designed to help humans make decisions
91
Business Intelligence (pg. 71)
A combination of systems that help aggregate, access & analyze business data and assist in the business decision making process
92
Data Organization for Computer Operations (10) (pg. 71)
1. **Bit:** binary digit which is the smallest storage unit 2. **Byte:** group adjacent bits (usually 8) treated as a single unit--not just #'s 3. **Field:** group of related characters 4. **Record:** ordered set of logically related fields 5. **File:** group of related records 6. **Table:** group of related records in relational database with a unique identifier in each record 7. **Database:** group of related files or tables 8. **Array:** consists of data objects with attributes 9. **Master File** 10. **Transaction or Detail File**
93
Decentralized (pg. 71)
Processing & data are stored on computers at multiple locations. Not interconnected by a network. Viewed as a collection of independent databases, rather than a single database
94
Distributed (pg. 71)
Transactions for a single database are processed at various sites. May be either batch or online real time. Overall single database available through various sites.
95
1. Database 2. Normalization ## Footnote (pg. 72)
1. A collections of interrelated files, ordinarily most of which are stored online 2. The process of separating the database into logical tables to avoid certain kinds of updating difficulties (anomalies)
96
Database System (pg. 72)
Computer hardware & software that enables the databases to be implemented
97
Database Management System (pg. 72)
Software that provides a facility for communications between various applications programs and the database
98
(1) Data Modeling (2) Entity-Relationship Modeling (3) Primary Key (4) Foreign Key (5) REA Data Model (pg. 72)
*(1)* Identifying & organizing a database's data, both logically & physically ## Footnote * (2)* Model divides database in 2 logical parts: entities & relations * (3)* Field that makes a record in a relational database table unique * (4)* Field that is common to 2 or more related tables * (5)* Designed for use in designing account info databases. Objectives: resources, events, agents
99
Meta Data (pg. 73)
Definitional data that provides info about or docs of other data managed within an application or environment. A data dictionary (aka data repository or data dictionary) stores meta data.
100
Database Structures (6) (pg. 73)
1. **Hierarchical:** data elements at one level "own" data elements at the next lower level (organization chart) 2. **Networked:** matrix type structure--several owners & can own several elements 3. **Relational:** logical structure of a group of related spreadsheets--each row represents a record 4. **Object-Oriented:** information (attributes & methods)--the newest database system technology 5. **Object-Relational:** includes both relational & object oriented features 6. **Distributed:** a single database spread physically across computers in multiple locations connected by a data communications link
101
Database Controls (5) (pg. 73)
1. **User Department**: strict controls over who is authorized to read and/or change the database 2. **Access Controls:** limits user to reading and/or changing only authorized portions of the database (within the database)--restricting privileges limits access of users and logical views-users can only view portions of the database 3. **Backup & Recovery:** 3 methods--*(a)* backup of database & logs of transactions--back up the entire database several times per week to a magnetic tape *(b)* database replication and *(c)* backup facility 4. **Database Administrator** 5. **Audit Software:** used by auditors to test database
102
Advantages (5) and Disadvantages (4) of Database Systems (pg. 74)
**_Advantages_** 1. Data Independence 2. Minimal data redundancy: info recorded in only 1 place 3. Data Sharing: is easy 4. Reduced program maintenance 5. Commercial applications are available for modification to a company's needs **_Disadvantages_** 1. Need for specialized personnel with database expertise 2. Installation of database costly 3. Conversion of traditional file systems costly 4. Comprehensive backup & recovery procedures needed
103
(1) Network (2) Telecommunications (pg. 74)
* (1)* a group of interconnected computers and terminals * (2)* the electronic transmission by radio, fiber optics, wire, microwave, laser & other electromagnetic systems
104
Networks classified by geographical scope (4) (pg. 74)
1. **PAN:** Personal Area Network--centered around an individual 2. **LAN:** Local Area Network--privately owned networks within a single building--few miles in size 3. **MAN:** Metropolitan Area Network--larger version of LAN 4. **WAN:** Wide Area Network--large geographical area
105
Networks classified by ownership (3) (pg. 74)
1. **Private:** network resources dedicated to small number of applicants & lease telephone lines--EDI systems use this. Advantages--secure, flexible, performance better than public. Disadvantages--costly 2. **Public:** owned by 3rd party companies and leased on usage basis. Access is through dial up circuits (apps using the Internet). Disadvantage--less secure 3. **Cloud Services:** use and access of multiple server based computational resources via a digital network. Users to not download & install apps. Risks are info security & privacy, continuity of services, & migration
106
(1) Hypertext Markup Language (HTML) (2) Extensible Markup Language (XML) (3) Extensible Business Reporting Language (XBRL) (pg. 75)
Languages used to create and format documents, link documents to other web pages, and communicate between web browsers. **XBRL:** developed specifically for the automation of business information requirements, such as the prep, sharing & analysis of financial reports, statements & audit schedules
107
Internet (definition) & the primary applications of the Internet (5) (pg. 75)
* Definition*: international collection of networks made up of independently owned computers that operate as a large computing network--require protocols & shared routing system (IP). * Applications include:* 1. email 2. news dissemination 3. remote login of computers 4. file transfers among computers 5. electronic commerce
108
(1) Hypertext Transfer Protocol (HTTP) (2) Uniform Resource Locator (URL) (3) World Wide Web (WWW) (4) Web Browser (5) Web Servers (6) Firewall (7) Router (8) Bridge (9) Switch (10) Gateway (pg. 75)
* 1.* The primary Internet protocol for data communication on the web * 2.* Standard for finding a document by typing an address * 3.* Framework for accessing linked resources spread out over millions of machines over the Internet * 4.* Client software that provides user with ability to locate and display web resources * 5.* Software that "serves" web resources to software clients--typically runs on server hardware * 6.* Method for protecting an organization's computers & computer info from outsiders--consists of security algorithms and router communications * 7.* A communications interface device that connects two networks and determines the best way for data packets to move forward to destinations * 8*. A device that divides a LAN into two segments, selectively forwarding traffic across the network boundary it defines--similar to a switch * 9.* A device that channels income data from any of multiple input ports to the specific output port that will take the data toward its intended destination * 10.* A combination of hardware & software that links to different types of networks. ex: gateways between email systems allow users of differing email systems to exchange messages
109
(11) Proxy Server (12) Web 2.0-Blog-Wiki-Twitter-RSS/Atom Feeds (13) TCP/IP (Transmission Control Protocol/Internet Protocol) (14) IP Address (15) ISP (Internet Service Provider) (pg. 76) .
* 11.* Server that saves & serves copies of web pages to those who request them. Can increase both efficiency of Internet operations & helps assure security * 12.* 2nd generation of the web. Refers to era of web-based collaboration & community generated content via Web-based software tools: (a) blog--a discussion, or weblog, led by a moderator on a single topic, (b) wiki--info gathering & knowledge sharing website, (c) twitter--micro variation of a blog--can only use 140 characters (d) RSS/ATOM Feeds--XML app that facilitates the sharing & syndication of website content by subscription * 13.* The basic communication language or protocol of the Internet. 2 layers: higher layer assembles messages or files into smaller packets that are transmitted over the Internet. Lower layer assigns IP addresses & insures messages are delivered to appropriate computer * 14.* The number that identifies a machine as unique on the Internet * 15.* An entity that provides access to the Internet
110
(1) Virus (2) Trojan Horse (3) Worm (4) Antivirus Software (5) Botnet (pg. 76)
* 1.* Program that requests the computer operating system to perform certain activities not authorized by computer user. A macro is a stored set of instructions & functions that are organized to perform a repetitive task & can be easily activated. Unexpected changes in, or loss of data, may be an indication of a virus. Email attachments & public domain software are notorious sources of viruses. * 2.* A malicious, security breaking program that's disguised as something benign, such as a game, but is actually intended to cause damage. * 3.* Program that propogates itself over a network, reproducing itself as it goes * 4.* Is used to attempt to avoid above problems * 5.* Network of computers controlled by a computer code, called a "bot" that's designed to perform a repetitive task such as sending spam, spreading a virus, or creating a distributed denial of service attack
111
(1) Intranet (2) Extranet (pg. 76)
* 1.* A local area network, usually limited to an organization, that uses Internet based technology to communicate within the organization * 2.* Similar to an intranet, but includes an organization's external customers and/or suppliers in the network
112
Input/Processing/Storage Database Client-Server Architecture Overall Client-Server Systems Sub Types of Client/Server Architectures (3) (pg. 77)
1. **File Servers:** manages file operations & is shared by each of the client PC's. 3 responsibilities divided in a manner in which most input/output occurs on client computers rather than the server 2. **Database Servers:** similar to file servers, but contains the database management system & performs more of the processing 3. **Three Tier Architectures:** client/server configuration that includes 3 tiers. Other servers that may be added *(n-tier)* are: print server, communications server, fax server & web server
113
Distributed Systems (pg. 77)
Connect all company locations to form a distributed network in which each location has its own input/output, processing, and storage capabilities.
114
Local Area Network (LAN) - Definition LAN Software (4) LAN Hardware Components (4) LAN Control Implications (6)
**LAN:** privately owned networks within a single builkding or campus of up to a few miles in size * *Software:** allows devices to function cooperatively & share network resources such as printers & disk storage space * 1.* Network server * 2.* File server * 3.* Print server * 4.* Communications server * *_Hardware Components_** 1. **Workstations:** ordinarily microcomputers 2. **Peripherals:** printers, fax board, scanners 3. **Transmission media:** physical path that connect components of LAN--twisted-pair wire, coaxial cable--called wifi or WLAN networks if wireless 4. **Network interface cards:** connect workstation & transmission media * *_Control Implications_** * 1.* General controls often weak * 2.* Controls often rely upon end users * 3.* Users may not be provided adequate resources for problem resolution, troubleshooting, & recovery support * 4.* Controlling access & gaining accountibility through logging of transactions enforces a segregation of duties * 5.* Good management controls are essential (passwords) * 6.* LAN software ordinarily doesn't provide security features available in larger scale environments
115
When small computers are involved (microcomputers), the following needs to be considered: (3) (pg. 78)
1. **Security:** most companies can easily replace the hardware, but may suffer a severe setback if the data and/or in house developed software is lost. Backups should be made 2. **Verification of processing:** an independent verification of the applications being processed should be made to prevent the system from being used for personal projects. 3. **Personnel:** central authorization should be required to purchase hardware & software
116
A company may control possible software piracy (the use of unlicensed software) by employees by procedures such as (3): (pg. 79)
* 1.* Establishing a corporate software policy * 2.* Maintaining a log of all software purchases * 3.* Auditing individual computers to identify installed software
117
End User Computing (EUC) - definition Risks Include (4) Control Implications (8) (pg. 79)
**Definition:** the end user is responsible for the development & execution of the computer app that generates the info used by that same end user * *_Risks_** * 1.* End-user apps not alway adequately tested before implemented * 2.* More client personnel need to understand control concepts * 3.* Mgmt often does not review results of apps appropriately * 4.* Old or existing apps may not be updated for current capability & accuracy * *_Control Implications_** * 1.* Require apps to be adequetely tested before they are implemented * 2.* Diskless workstations that require download of files * 3.* Physical access controls including *(a)* clamps or chains to prevent removal of hard disks or internal boards *(b)* diskless workstations that require download of files *(c)* regular backup *(d)* security software to limit access *(e)* control over access from outside *(f)* committment to security matters written into job descriptions, employee contracts, & personnel evaluation procedures. * 4.* Control access to appropriate users--passwords & user ids, menus for EUC access, protect system by restricting user ability to load data, require validation, authorization, & reporting control, independent review of transactions, record access to company databases by EUC apps * 5.* Control use of incorrect versions of data files--use control totals for batch processing of uploaded data * 6.* Require backup of files * 7.* Provide app controls--edit checks, range tests, etc * 8. *Support programmed or user reconciliations to provide assurance that processing is correct
118
Electronic Commerce Risks (5) (pg. 80)
1. Security 2. Availability 3. Processing Integrity 4. Online Privacy 5. Confidentiality
119
WebTrust Seal of Assurance (pg. 80)
Tells potential customers that the firm has evaluated a website's business practices & controls to determine whether they are in conformity with WebTrust principles
120
Digital Certificates (pg. 80)
Allows an individual to digitally sign a message so the recipient knows that it actually came from that individual and was not modified in any manner Ordinarily the message is encrypted and the recipient decrypts it and is able to read the contents
121
(1) Encryption (2) Decryption (3) Algorithm (4) Key (5) Private Key System (pg. 80)
(1) the conversion of data into a form called a cipher text, that cannot be easily understood by unauthorized ppl (2) the process of converting encrypted data back into its original form so it can be understood (3) detailed sequence of actions to perform to accomplish some task (4) a value that must be fed into the algorithm used to decode an encrypted message in order to reproduce the original plain text (5) encryption system in which both the sender & receiver have access to the electronic key, but do not allow others access
122
Electronic Funds Transfer (EFT) Sytem Controls Include (4) (pg. 80)
1. Control of physical access to network facilities 2. Electronic identification should be required for all network terminals authorized to use EFT 3. Access should be controlled through passwords 4. Encryption should be used to secure stored data and data being transmitted
123
Electronic Data Interchange (EDI) Risks Include (2) (pg. 80)
* The speed at which transactions occur often reduces amounts receivable due to electronic processing of receipts. * Docs such as purchase orders, invoices, shipping forms are replaced by electronic transactions * Electronic transactions replace checks as a means of payment * Effective audit trails needed * Portions of documentation of transactions are kept for only a short period of time; auditors need to test controls on a timely basis when records remain available
124
Methods of Communication between trading partners (4) (pg. 81)
1. Point-to-Point: direct computer to computer private network link 2. Value-added Network (VAN): privately owned network that routes EDI transactions b/w trading partners & provides translation, storage, & other processing 3. Public Networks: Internet-based commerce 4. Proprietary networks: healthcare or banking organizations that have developed their own network for their own transactions--costly but extremely reliable
125
Advantages & Disadvantages of point-to-point, VAN's, & public networks (pg. 81)
**_Point-to-point Advantages_** 1. No reliance on 3rd parties for computer processing 2. Organization controls who has access 3. Organization can enforce its own software standard in dealings with all trading partners 4. Timeliness of delivery improved b/c no 3rd party **_Point-to-point Disadvantages_** 1. Must establish connection w/ each trading partner 2. High initial cost 3. Computer scheduling issues 4. Need for common protocols b/w partners 5. Need for hardware & software compatibility **_VAN Advantages_** 1. Reduces communication & data protocol problems 2. Partners don't have to establish point-to-point connections 3. Reduces scheduling problems since receiver can request delivery of transactions it wishes 4. Can translate app to a standard format the partner doesn't have to reformat 5. Can provide increased security **_VAN Disadvantages_** 1. Cost 2. Dependence upon VAN's systems & controls 3. Possible loss of data confidentiality **_Public Network Advantages_** 1. Avoids cost of proprietary lines 2. Avoids cost of VAN 3. Directly communicates transactions to trading partners 4. Software is being developed which allows communication b/w differing systems **_Public Network Disadvantages_** 1. Possible loss of data confidentiality on Internet 2. Computer or transmission disruption 3. Hackers & viruses 4. Attempted electronic frauds
126
Controls Required for other network systems (3) (pg. 82)
1. Authentication: controls must exist over the origin, proper submission, & proper delivery of EDI communications 2. Packets: block of data that's transmitted from one computer to another 3. Encryption: conversion of plain text data into cipher data used by an algorithm & key which only the users control
127
Benefits (6) and Exposures (9) of Electronic Data Interchange (pg. 82)
**_Benefits_** 1. Quick response & access to information 2. Cost efficiency 3. Reduced paperwork 4. Accuracy & reduced errors & error correction 5. Better communications & customer service 6. Necessary to remain competitive **_Exposures_** 1. Total dependence upon computer system 2. Possible loss of confidentiality of sensitive info 3. Increased opportunity for unauthorized transactions 4. Concentration of control among a few ppl 5. Reliance on 3rd parties (trading partners, VAN's) 6. Data processing, app & communication errors 7. Potential legal liablity due to errors 8. Potential loss of audit trails & info needed by mgmt 9. Reliance on trading partner's system
128
While telecommunications is not an end of itself, it enables technologies such as: (5) Telecommunications controls needed are: (7) (pg. 82)
1. Electronic data interchange 2. Electronic funds transfer 3. Point of sale systems 4. Commercial databases 5. Airline reservation systems ## Footnote Controls needed: 1. System integrity at remote sites 2. Data entry 3. Central computer security 4. Dial-in security 5. Transmission accuracy & completeness 6. Physical security over telecommunications facilities 7. Encryption during transmission
129
Computer Service Organizations (pg. 83)
Record & process data for companies--allow companies to do away with part of the data processing function
130
Control Objectives for Information & Related Technology (COBIT) COBIT 5 takes a stakeholder approach to addressing info needs and incorporates what 5 principles? (pg. 83)
1. Meeting stakeholder needs 2. Covering the enterprise end-to-end 3. Applying a single integrated framework 4. Enabling a holistic approach 5. Separating goverance from management
131
What are the COBIT 5 enablers? (7) (pg. 83)
1. Processes: organized set of practices & activities to achieve certain objectives 2. Organizational structures: key decision-making entities in the organization 3. Culture, ethics, & behavior of individuals 4. Principles, policies & frameworks: the vehicle to translate the desired behavior into guidance for day-to-day management 5. Info produced & used by the enterprise 6. Services, infrastructure & apps: provide the enterprise with info technology processing & servers 7. People, skills & competencies required for successful completion of all activities & for making correct decisions
132
A reliable system is one that is capable of operating without material error, fault or failure during a specified period in a specified environment. One framework for analyzing a reliable system is presented by the AICPA's trust Services. What are the 5 principles of a reliable system? (pg. 83)
1. Security: system is protected against unauthorized access (both physical & logical) 2. Availability: system is available for operation & use as committed or agreed 3. Processing Integrity: system processing is complete, accurate, timely, & authorized 4. Online Privacy: personal info obtained as a result of e-commerce is collected, used, disclosed and retained as committed or agreed 5. Confidentiality: info designated as confidential is protected as committed or agreed
133
Steps in the System Development Lifecycle (5) (pg. 84)
1. Software concept: identify the need for the new system 2. Requirement analysis: determine the needs of the users 3. Architectural design: determining the hardware, software, people, etc needed 4. Coding & debugging: acquiring & testing the software 5. System testing: testing & evaluating the functionality of the system
134
* Control Environment * Segregation Controls * (a) * (b) * (c) * (d)
(a) Segregate functions b/w info systems dept & user dept (b) Do not allow the info systems dept to initiate or authorize transactions (c) Segregate programming, data entry, operations, & the library function w/i the info systems dept (d) a more complete segregation of key functions w/i the info systems dept may be possible
135
1. Systems Analysis 2. Systems Programming 3. Applications Programming 4. Database Administration ## Footnote (pg. 85)
1. Analyzes the present user environment & requirements and may recommend specific changes, the purchase of a new system or design new system 2. Responsible for implementing, modifying, & debugging the software necessary for making the hardware work 3. Responsible for writing, testing & debugging the apps programs from specifications provided by systems analyst 4. Responsible for maintaining the database & restricting access to the database
136
1. Data Preparation 2. Operations 3. Data Library 4. Data Control ## Footnote (pg. 85)
1. Data may be prepped by user departments & input by key to storage devices 2. Responsible for the daily computer operations of both the hardware & software. *Help desks* are usually a responsibility of operations. 3. Responsible for custody of the removable media 4. Acts as a liason between users & the processing center
137
At a minimum, an attempt should be made to segregate what three segregation control functions? (pg. 85)
1. Programming 2. Operations 3. Library
138
Electronic commerce has resulted in a number of new web-related positions, including: (6) (pg. 86)
1. **Web Administrator (web manager):** oversees development, planning & implementation of website. 2. **Web Master:** provides expertise & leadership in the development of a website, including design, analysis, security, maintenance, content, updates 3. **Web Designer:** creates the visual content o 4. **Web Coordinator:** responsible for daily operations 5. **Internet Developer:** writes programs for commerical use 6. **Intranet/Extranet Developer:** writes programs based on the needs of the company
139
Control Activities in which a computer is involved may be divided into what 3 categories? (pg. 86)
1. Computer **general** control activities 2. Computer **application** control activities * **Programmed** app control activities * **Manual** follow-up of computer exception reports 3. **User** control activities to test the completeness & accuracy of computer processed controls
140
Definition Computer General Control Activities? What are the 4 types of general controls? (pg. 87)
*Definition:* controls program development, program changes, computer operations, & access to programs & data--increase the assurance that programmed control activities operate effectively during the period 1. Developing new programs & systems 2. Changing existing programs & systems 3. Controlling access to programs & data 4. Controlling computer operations
141
Developing new programs and systems Segregation Controls (5) (pg. 87)
1. User depts participate in systems design 2. Both users & info systems personnel test new systems 3. Mgmt, users & info systems personnel approve new systems before they're placed into operation 4. All master & verification file conversions should be controlled to prevent unauthorized changes & to verify accuracy of results 5. Programs & systems should be properly documented
142
Developing new programs and systems Hardware & software controls (5) (pg. 87)
1. **Parity check:** a special bit is added to each character that can detect if the hardware loses a bit during the internal movement of a character 2. **Echo check:** during the sending & receiving of characters, the receiving hardware repeats back to the sending hardware what it received & the sending hardware automatically resends any characters that were received incorrectly 3. **Diagnostic routines:** hardware or software supplied by the manufacturer to check the internal operations & devices within the computer system 4. **Boundary protection:** to ensure the simultaneous jobs can't destroy or change the memory of another job 5. **Periodic maintenance:** system should be examined periodically
143
Changing existing programs & systems Proper change control procedures aka modification controls should be in place including (4): (pg. 88)
1. The info systems manager should review all changes 2. The modified program should be appropriately tested (often using test data) 3. Details of all changes should be documented 4. A code comparison program may be used to compare source and/or object codes of a controlled copy of a program with the program currently being used to process data--this will identify any unauthorized changes
144
Controlling access to programs & data 1. Segregation Controls (3) 2. Physical access to computer facility (2) 3. Hardware & software access controls (3) (pg. 88)
1. **Segregation Controls** * Access to program docs should be limited * Access to data files & programs should be limited to those who process data * Access to computer hardware should be limited to computer operators & supervisors 2. **Physical Access to Computer Facility** * Limited physical access * Visitor entry logs 3. **Hardware & software access controls** * Access control software--passwords * Callback * Encryption--performed by physically secure hardware is ordinarily more secure, but more costly
145
Controlling computer operations 1. Segregation Controls (2) 2. Other Controls (3) (pg. 88)
1. **Segregation Controls** * Operators should have access to an operations manual that contains the instructions for processing programs and solving routine program issues * The control group should monitor the operator's activities 2. **Other Controls** * Backup & recovery * Contingency processing: to prep for system failures * Internal & external labels
146
Definition Programmed Control Activities 1. Input Controls * Overall Controls (3) (pg. 89)
Definition: apply to a specific application rather than multiple apps. These controls operate to assure the proper input & processing of data. The input step converts human readable data into computer readable data. Embedded in the computer program 1. **Input Controls - Overall** * Inputs should be properly authorized & approved * System should verify all significant data fields used to record info * Conversion of data into machine-readable form should be conrolled & verified for accuracy
147
Programmed Control Activities 1. Input Controls * Input validation (edit) controls (14) (pg. 89)
1. Preprinted form 2. Check digit 3. Control, batch or proof total (total sales dollars) 4. Hash total (total is meaningless) 5. Record count (total records processed) 6. Limit (reasonableness) test 7. Menu driven input 8. Field check (limits the types of characters) 9. Validity check (allows only valid transactions) 10. Missing data check (blanks missed) 11. Field size check (exact # of characters input) 12. Logic check (no illogical combos of input) 13. Redundant data check 14. Closed loop verification
148
Programmed Control Activities 1. Input Controls * Processing Controls (pg. 89)
When the input has been accepted by the computer, it usually is processed throught multiple steps. Processing controls are essential to ensure the integrity of the data. Essentially all the controls listed for input may also be incorporated during processing. Previously, the professional standards divided app controls into 3 categories--input, processing, & output. The current categories of app controls (programmed & manual) and user controls have replaced that breakdown.
149
Application Controls - Manual Follow-Up of Computer Exception Reports (pg. 90)
Involves employee followup of items listed on computer exception reports. Their effectiveness depends on the effectiveness of both the programmed control activites that produce the reports & the manual follow-up activities.
150
User Control Activities to Test the Completeness & Accuracy of Computer-Processed Controls aka *output controls* include (3): (pg. 90)
1. Checks of computer output against source docs, control totals, or other input to provide assurance that programmed aspects of the financial reporting system & all control activities have operated efficiently 2. Reviewing computer processing logs to determine that all the correct computer jobs executed properly 3. Maintaining proper procedures & communications specifying authorized recipients of output ## Footnote Often controlled by the control group & users User depts may evaluate the reliability of output from the computer by extensive review & testing or reasonableness of the output
151
Disaster Recovery & Business Continuity A plan should allow the firm to (4) (pg. 90)
1. Minimize the extent of disruption, damage, etc 2. Establish an alternate method for processing info 3. Resume normal operations asap 4. Train & familiarize personnel to perform emergency operations
152
Disaster Recovery & Business Continuity A plan should include (6) (pg. 90)
1. Priorities: what apps are most critical? 2. Insurance to defer costs 3. Backup approaches * **Batch systems**: *Grandfather-Father-Son* method--if the son is destroyed, it could be reconstructed by rerunning the father file * **Online Databases & master files systems:** checkpoint, rollback, backup facilities (reciprocal agreement, hot site, cold site, internal site, or mirrored web server) 4. Specific assigments, including having individuals involved with: * Arranging for new facilities * Computer operations * Installing software * Establishing data communications facilities * Recovering vital records * Arranging for forms & supplies 5. Periodic tesing & updating of plan 6. Documentation of plan
153
Common Flowcharting Symbols (18) (pg. 91--review to see the shapes)
1. **Document:** can be manual or computer printout 2. **Computer Operation:** Transforms data into useful info 3. **Manual Operation:** Human process to prep docs, make entries 4. **Decision:** determines which alternative path is followed 5. **Input/Output:** general input or output to a process 6. **Online Storage:** direct access computer storage 7. **Disc Storage:** data stored on a magnetic disk 8. **Off-Line Storage:** a file or mailing of a doc 9. **Display:** visual display of data and/or output on a screen 10. **Batch Total Tape:** manually computed total before processing 11. **Magnetic Tape:** used for reading, writing or storage 12. **Manual Data Entry:** data entered through a keyboard 13. **Annotation:** provides add'l description or info connected to symbol to which it annotates by a dotted line 14. **Flowline:** shows direction of data flow, operations & docs 15. **Communication Link:** telecommunication link linking computer system to remote locations 16. **Start/Termination:** used to begin or end a flowchart 17. **On Page Connector:** connects parts of flowchart on same page 18. **Off Page Connector:** connects parts of flowchart on separate pages
154
Flowcharting Types & Definitions (3) (pg. 92)
1. **System Flowchart:** graphic representation of a data processing app that depicts the interaction of all the computer programs for a given system, rather than the logic for an individual computer program 2. **Program Flowchart:** graphic representation of the logic (processing steps) of a computer program 3. **Internal control (audit) flowchart or document flowchart:** graphic representation of the flow of docs from one dept to another, showing the source flow & final dispostion of the various copies of all docs.
155
Flowcharting Other Documentation Charting Techniques (2) (pg. 92)
1. Decision Table: uses a matrix format that lists sets of conditions, and the actions that result from various combos of these conditions 2. Data flow diagram (DFD): presents logical flows of data & functions in a system. Example: a DFD for the delivery of goods to a customer

BEC (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions