Information Technology Flashcards Preview

BEC > Information Technology > Flashcards

Flashcards in Information Technology Deck (133):

What is a central processing unit (CPU)?

The main component of computer hardware -- includes (a) primary storage, (b) a control unit, and (c) an arithmetic/logic unit


What is the primary storage of a CPU?

The part which holds the program, data, and results during processing (and thus involves only temporary storage)

Divided between RAM (random-access memory) and ROM (read-only memory)


What is the control unit of a CPU?

The part which directs the computer's operations


What is the arithmetic/logic unit of a CPU?

The part with special capabilities to do arithmetic calculations and logical operations


As regards computers, what is a bus?

A communication system for transferring data inside a computer or between computers


What is magnetic tape?

Thin magnetic tape on which data can be imprinted as magnetized dots (e.g. magnetic strips on credit cards)


What is a redundant array of independent disks (RAID)?

A collection of disks that all have the same data written on it -- good for backup purposes, but often unnecessary


What is the difference between randomly accessible data and sequentially accessible data?

Randomly = records can be directly accessed

Sequentially = records can be accessed only by reading through previous info


How does software differ from hardware?

Hardware refers to the required physical devices, while software refers to the internal programming and data needed to run the technology


What are the five generations of programming languages?

(1) machine language -- simple binary
(2) assembly language -- includes short commands for repetitive tasks
(3) procedural language -- closer to human language; source code in procedural language can be translated into machine-readable object code
(4) fourth-generation language (4GL) -- many routine procedures are preprogrammed
(5) object-oriented programming (OOP) -- has a modular approach; focused on the objective rather than the procedure

(3)-(5) are machine-independent


What are some examples of procedural language?

(i) FORTRAN -- Formula Translation
(ii) COBOL -- Common Business-Oriented Language
(iii) BASIC -- Beginners All-Purpose Symbolic Instruction Code


What are some examples of object-oriented programming (OOP)?

(i) C++
(ii) Java


What is a graphical user interface (GUI)?

A display where users can interact with icons, scroll bars, etc. rather than just line-by-line commands


What is a patch?

An additional part added to a program, usually to update it and/or correct a problem


What is an operating system (OS)?

Software that coordinates various computer functions and applications/programs

Also provides a graphical user interface (GUI)


What are some examples of operating systems?

(1) Windows XP
(2) Unix
(3) Linux -- a modified version of Unix


What is a job control language (JCL)?

A language used by an OS to do its work


What are multiprocessing and multiprogramming?

Multiprocessing -- uses more than one CPU to run more than one program simultaneously

Multiprogramming -- a program processes until it needs an input or delivers an output, at which point the OS switches to another program instantly


What is virtual storage?

Occurs when an OS subdivides programs into "pages" and only uses the needed pages to execute the instructions it's trying to carry out -- thus lowers processing costs


What are application programs?

Programs designed to process a particular application


As regards application programs, what is a "pass" or a "run"?

A full round done by the program -- input, processing, and output


What are collaborative computing applications?

Any applications where multiple people have access and where the changes made by different people can be tracked to them


What are management information systems (MIS)?

Systems used in a company to provide management with the data it needs


What is enterprise resource planning (ERP)?

A software arrangement that addresses the enterprise’s needs (including financial reporting, inventory management, etc.), seeking to meet the organizational goals by tightly integrating all functions of an enterprise


What is a database management system (DBMS)?

Any set of programs which manages a database, whether by creating it, maintaining it, updating it, allowing access to it, etc.


What is a relational database model?

A model that seeks to relate common data (e.g. customer info) in one integrated database to meet the needs of different users accessing the data


What are utility programs and library programs?

(1) utility programs = programs which perform standard/routine functions, such as merging or sorting
(2) library programs = programs often utilized by other programs, being stored and then "called up" when needed (e.g. random number generation)

Can also be called utility routines or library routines


What is a network?

An arrangement where multiple computers and multiple users have access to common hardware, software, or data


What are an internet, an intranet, and an extranet?

(1) internet = a network of networks (with *the* internet being a public network of networks)
(2) intranet = a network closed off, usually just to employees
(3) extranet = an internet that is not entirely closed off, but password-protected


What are different kinds of networks?

(1) local area network (LAN) = an intranet within a relatively small physical area
(2) wide area network (WAN) = a network across a very large areas, e.g. a city or country
(3) value-added network (VAN) = a network which provides services beyond Internet capabilities (usually EDI-related)
(4) virtual private network (VPN) = a network where it appears that a remote user accesses a private network, even though it is through public lines


What is a concentrator?

An apparatus which concentrates several communication channels into one


What is a multiplexer?

An apparatus that, for communication purpsoes, converts multiple low-speed transmissions into one high-speed transmission and then back


What is a proxy server?

A server acting as an intermediary for requests from clients involving info from other servers


What is a router?

An apparatus that transfers packets of data outward using the most efficient route possible


What is a firewall?

Software separating segments with the aim of prohibiting anyone from gaining unwarranted access


What is a gateway?

Any software or hardware linking computer networks together


What is a web crawler?

A program that searches the internet to find files for the user


What is topology?

A network's physical arrangement

Different kinds are (i) bus, (ii) ring, (iii) tree, and (iv) star arrangements


As regards topology, what is a bus arrangement?

Resembles the arrangement of people on a bus: there is one central line (the "bus aisle") to which several computers are connected

Easy to add more computers with this arrangement, but communication can be cut off by a failed device in the middle


As regards topology, what is a ring arrangement?

Each computer is connected to one on each side, such that all effectively form a circle

Easy to add more computers with this arrangement, and a failed device does not cut off communication (failed devices on each side would), though communication can be slower


As regards topology, what is a tree arrangement?

A hierarchical arrangement where each device can have a number of other devices connected to it as branches


As regards topology, what is a star arrangement?

Each computer is connected to a central device

Generally the most expensive topology


What are data transmission protocols?

Sets of procedures/rules governing the transferal of data among devices


What is the difference between serial and parallel data transmission?

Serial = each bit (of a byte) are transmitted singularly

Parallel = all bits are transmitted simultaneously on parallel lines, one bit per line

Parallel is practicable only with short network distances


What is the difference between circuit switching and packet switching?

Switching mechanisms route bits to take different paths
-circuit switching sends a message in its entirety through oen path
-packet switching sends messages in packets, sometimes through separate paths


What is a common example of packet switching?

TCP/IP -- transmission control protocol/internal protocol

Provides protocols for internet packing switching


What is bandwidth?

The degree to which a channel can handle data transmission

Narrow bandwidth signifies a low rate of transmission; broad bandwidth a high rate


What is client-server architecture?

An arrangement where computers on a network are either clients or servers
-clients are workstations or PCs
-servers are powerful machines which can manage networks, disk drives, etc.


As regards client-server architecture, what is the difference between a file server and a database server?

File = the server primarily stores files and processes data; used as the only server in a two-tier client-server architecture arrangement

Database = the server primarily stores software for database management; does some processing


What is a three-tier (or more) client-server architecture?

Any arrangement where two or more servers are needed

The other ones can be print servers, web servers, application servers, fax servers, and so on


What are some different network languages?

(1) hypertext markup language (HTML) -- used for internet display
(2) hypertext transfer protocol (HTTP) -- protocols governing the coding, transferal, and viewing of data
(3) extensible markup language (XML) -- also used for internet display, but further identifies the nature of the info displayed (e.g. phone #s)
(4) extensible business reporting language (XBRL) -- required by the SEC, helpful for reading financial statements


What is an internet protocol (IP) number?

A specific number used to identify a particular computer within a network


What does URL stand for?

Uniform resource locator


What are different levels of data?

(1) bit -- binary digit, smallest unit of data
(2) byte -- group of bits
(3) character -- group of bytes
(4) field -- group of related characters (e.g. a name)
(5) record -- group of related fields (e.g. customer record with name, address, phone #)
(6) file -- group of related records


What is the difference between a master file and a transaction/detail file?

Master = data is generally permanent

Transaction/detail = data is more current and temporary, used for updating a master file


What are the steps involved in updating a master file?

(i) records from both the master file and the transaction file are read into the CPU
(ii) master file records are updated in the CPU
(iii) updated records are written onto an output reel to create a new updated master file

Thus at the end, there are three files: a master file, a transaction file, and an updated master file


What is parallel processing?

Running a new system-to-be-implemented at the same as the old system, comparing their results

This makes the conversion smoother (providing a stepping stone) and can avoid disaster if the new system crashes

Also called parallel operating


What is volume testing?

Testing the ability of a new system to handle various volumes of data


What are two different transaction processing models?

Batch processing and online processing


What is batch processing?

Accumulating transactions into groups that can then be processed all at once, as one batch, rather than each being processed individually as they arose


What is a disadvantage of batch processing?

Since transactions are not processed immediately, errors will not be detected as quickly


What is online processing?

Immediately processing transactions online as they occur


What is an OLRT system?

An online, real-time system -- it processes data quickly enough to interact with and receive responses for other data

E.g. for airline reservations, a customer's data can be inputted, and then the available flights are returned, and then the customer can select the flight


What is an integrated system?

A system where a transaction affects all the relevant files at once, rather than needing separate actions

E.g. a sale can update revenues, accounts receivable, and inventory at once


What are different ways to do external information processing?

(1) block time = renting the use of another entity's computer
(2) time-sharing = having equal access with other users to one system
(3) service bureau = an outside entity which provides data service at a cost


What are some general controls restricting IT department activity?

(1) Segregating functions of users and the IT department
(2) Barring IT people from making or authorizing transactions
(3) Segregating duties within the IT department


What are different IT functions that ought to be segregated?

(1) Control group
(2) Operators
(3) Programmers
(4) Analysts
(5) Librarians


What is the role of a control group in the IT department?

It oversees internal control


What is the role of operators in the IT department?

They convert data into a machine-readable form


What is the role of programmers in the IT department?

They write and debug programs

-Applications programmers = deal with application programs
-Systems programmers = deal with software that runs the hardware


What is the role of analysts in the IT department?

They design the overall system, mapping it out with a flowchart


What is the role of librarians in the IT department?

They track the access, use, and storage of programs or other files, including backups


What are different professionals needed to develop a business website well?

(i) accountant or auditor -- for understanding business processes and safety, e.g. fraud prevention
(ii) graphics designer
(iii) marketer
(iv) usability specialist
(v) webmaster -- main programmer
(vi) writer


What are control objectives for information technology (COBIT)?

Objectives developed to help fulfill Section 404 of SOX, which requires their oversight of the company’s internal controls

COBIT serves as a generally accepted standard for IT to provide security and control, with three main objectives:
(i) ensuring that data systems help fulfill the company’s goals
(ii) optimizing investments in IT
(iii) managing risks and opportunities related to IT


What is important to know about documentation for IT systems?

Control procedures for IT systems often do not leave documentary evidence behind


What is important to know regarding a change in IT system?

IT systems are more difficult to change than manual systems


What are some ways in which paper data is superior to electronic data?

(i) more difficult to alter
(ii) more credible in its source (direct mailing rather than through electronic system)
(iii) often includes approvals in the documentation
(iv) easier to use


What are some benefits to an IT system over a traditional/manual system?

-can perform large and complex calculations
-increases how timely, available, and accurate info is
-allows further analysis
-allows further monitoring
-can have stricter controls


What are some risks to an IT system?

-errors can be systematic
-unauthorized access can give the user great power
-data can be lost
-programs can be neglected/not updated


What are some examples of transaction processing systems?

(i) sales
(ii) purchasing
(iii) payroll
(iv) general ledger


What is data mining?

Taking large amounts of data and acquiring new info (specifically, patterns or trends) from it

Good for checking for fraud, e.g. checking employee addresses to vendor addresses, vendor records with P.O. box addresses, etc.


What is a fraud profile?

A set of data characteristics which would signify a higher chance of fraud, given the entity's internal controls


What is EDI?

Electronic Data Interchange

Business conducted electronically between customers and vendors


What is a connectionless environment?

A medium or environment where a customer is not in contact with a specific representative of the company

Websites are connectionless environments, since many people can simultaneously utilize them


What is one of the advantages of IT for public companies?

Updating and generating financial statements becomes much simpler, faster, and more accurate

Also can use data mining to find relevant financial info for management, rather than having them read the entire statements


What is an ad hoc financial report?

A special report created as the circumstances arise -- i.e. not one ordinarily generated by IT


What are hackers and crackers?

Hackers = people who intentionally intrude into IT systems to violate laws, obtain information, etc.
-sometimes this term refers to general tech enthusiasts, in which case "crackers" (criminal hackers) would refer to the malicious types


What are some tools of hackers?

(1) demon dialers = rapidly dial through phone numbers to find modems and then use usernames and passwords to break into the system
(2) port scanners = scan a network and its devices to find services that are available and unsecured
(3) scripts = search through machines to find accounts on the machine and whether password attempts to access the machine are limited
(4) sniffers = identify and report all usernames and passwords it can find
(5) Trojan horses = apparently good programs which operate unexpectedly (and usually harmfully) if a user permits the program
(6) viruses = self-replicating programs which affix themselves to other programs and cause harm


What are digital signatures?

They provide assurance that data hasn't been altered -- thus they can establish the legitimacy of a file, but not other things (like privacy)


What is encryption?

Coding data so it can't be read by those who aren't authorized to read it

Decryption = changing encrypted data to a readable format


As regards encryption, what is the key?

The entire set of operations done on data to encrypt, and done in reverse on encrypted data to decrypt it

Often includes both an original set of random variables + a set of algorithms acting on the data


What is symmetric encryption?

The same key (a "private key") is used for encryption and decryption

Not useful for parties who send a few messages to a large number of correspondents, since each message would require a separate private key


What is asymmetric encryption?

Uses a public key to encrypt data and a private key to decrypt it

Both the public key and the private key are particular to the recipient, and the private key is mathematically related to the public key though not deducible from it, so as long as public keys are truly publicly available, parties can transfer messages to others without needing to agree in advance on a shared private key


What are different kinds of IT controls?

(1) preventive
(2) detective
(3) compliance
(4) application
(5) general


What are some minimum requirements for a company in a disaster recovery situation?

(i) backup data
(ii) additional hardware off-site


What are two different kinds of off-site locations for disaster recovery situations?

(1) hot sites = mostly ready for continued operations
(2) cold sites = mostly unready for continued operations

There are also degrees of "warmth" between the two


What are some important elements of a disaster recovery plan?

(i) procedures for how parties will communicate with each other
(ii) testing the plan under different hypothetical scenarios
(3) temporary locations and procedures for continuing operations, e.g. working from home


What is important about IT documentation?

It provides all sorts of info concerning the system's purpose, input and output, users, controls, etc., which can be very useful to the auditor


What are the first three kinds of IT documentation?

(1) problem definition -- gaining a general understanding of the reason a system was implemented
(2) systems -- how to trace accounting info from input to output
(3) program -- a summary of how a program works: its flowchart, controls, instructions, special features, etc.


What are the last three kinds of IT documentation?

(4) operations -- provided by the computer operator on how to run/administer the system
(5) user -- how to use the system (e.g. required input and expected output)
(6) operator -- documentation for the jobs done on the computer by the operator


What are some general controls restricting IT department activity?

(1) segregating functions of users and the IT department
(2) barring IT people from making or authorizing transactions
(3) segregating duties within the IT department


What are some general controls related to systems development?

-users should be involved in the procedures for system design and the choice of software
-systems testing should involve both users and IT people
-there should be controls barring unauthorized changes
-mgmt should require documentation for choices made regarding the system


What is a parity bit?

A way to test hardware for malfunctions

Odd parity = characters are represented by some odd number of magnetized dots
Even parity = characters are represented by some even number

A parity bit tests for whether a character has the wrong number (e.g. due to dust)


What is an echo check?

Signal is sent to activate a device, which sends a signal back, and the computer "checks" this "echo"


What is a hardware check?

The computer checks the hardware equipment


What is boundary protection?

Separates files or programs when they are shared in a common place (e.g. in time-sharing)


What are two different kinds of internal file labels?

(1) header label = at beginning of file
-contains name, ID #, tape reel #
(2) trailer label = at end of file
-contains # of records in file, end-of-file code


What is an external label?

A label that is attached to some secondary storage device rather than inside the file, readable by humans rather than machines


What is a file protection ring?

A plastic ring placed around magnetic tape to avoid accidentally erasing information through physical writing or marking


What are different file protection plans?

(1) duplicate files
(2) disk reconstruction plan
(3) grandfather-father-son retention


What is a disk reconstruction plan?

Periodically saves a disk file, so that the file can be reconstructed at any given point in time


What is grandfather-father-son retention?

When a master file has a day's transactions processed against it, the new master file will be the father and the old one the grandfather. When the father master file has the next day's transactions processed against it, the new file will be the son.

The terms "grandfather," "father," and "son" are relative, referring to how far back in the chain older files are retained. For instance, when the son master file (mentioned above) has a new day's transactions processed against it, the new master file is effectively the son, the old son file is the father, the old father is the grandfather, and the old grandfather is erased. The important point is that two older files are retained for backup purposes at any given time -- the grandfather and father are the two backups for the son.


What are some important factors to consider concerning physical safeguards?

(1) temperature, humidity, dust, and other factors are not problematic/extreme
(2) the environment is prepared for physical disaster (e.g. basement flooding)
(3) other facilities are ready in case of disaster


What do microcomputers signify for internal controls?

A weakness in internal controls -- since they are usually not in isolated areas, and since they can more easily be modified (including at home)


What are different types of inputs which should have internal controls as safeguards?

(1) transaction entries
(2) file maintenance
(3) inquiries
(4) error corrections


What are control totals?

A type of internal control meant to double-check data inputted into the system

Can be financial totals (e.g. total $ in A/Rs), hash totals (e.g. sum of account #s), or record/document counts (# of transactions processed)


What are edit tests?

Checks performed by a computer to test data being inputted


What is a limit test?

An edit test to see whether a value is not greater than or lesser than certain amounts

Also called a reasonableness test


What is a character test?

An edit test to see whether an input has a proper size and composition (e.g. if an input ought to always have 7 numbers)

Also called a valid field test


What is a code test?

An edit test to ensure that a wrong number is not used (e.g. if a company has four stores, the entry should not be greater than 4)

Also called a valid number test


What is a sequence check?

An edit test that ensures data is inputted in the right order


What is a missing data test?

An edit test to see whether all fields contain data


What is a valid transaction test?

An edit test that sees whether an inputted transaction is the right kind for the file (e.g. for A/R, it might be that all inputted transactions are either debits or credits to A/R)


What is a valid combination of fields test?

An edit test that sees whether certain data, when combined, is reasonable (e.g. selling a large quantity of washers and dryers to a single customer -- this might show that the wrong quantity was entered)


What is a self-checking digit?

An edit test where a digit is added to some number (e.g. an order ID number) based off the number itself, and then checked for accuracy later

E.g. there might be a formula to add the sum of the 2nd and 5th digits of an order ID, so an order ID of 41853 would be changed to 418534, since 1+3=4. This can help ensure that other data is inputted correctly.


What is a valid sign test?

An edit test that checks whether a sign (i.e. positive or negative) is accurate for a record


What is an error log?

A record of transactions that aren't processed due to some error -- exists to ensure that transactions skipped over (due to error) will later be corrected

Also called an error listing


What are some application controls related to processing?

(1) Reconciling control totals with inputs
(2) Prevention of processing the wrong files
(3) Limit tests built into programs


What are some application controls related to output?

(1) Reconciling output totals with input totals
(2) Comparing scanned outputs to original documents
(3) Distributing outputs only to authorized users


What two segregation controls are important in small-business IT environments?

-between data entry and processing
-between IT and transaction authorization for users


What might an auditor do if a company does not document changes made to an IT program?

Obtain the original software from the manufacturer and see what changes have been made


What are distributed systems?

Systems with a main/central computer system and several remote computer sites


What are important factors to remember if a client utilizes an IT service center?

(1) transmission
(2) error correction
(3) audit trail
(4) master file changes
(5) output
(6) security