Flashcards in Information Technology Deck (133):
What is a central processing unit (CPU)?
The main component of computer hardware -- includes (a) primary storage, (b) a control unit, and (c) an arithmetic/logic unit
What is the primary storage of a CPU?
The part which holds the program, data, and results during processing (and thus involves only temporary storage)
Divided between RAM (random-access memory) and ROM (read-only memory)
What is the control unit of a CPU?
The part which directs the computer's operations
What is the arithmetic/logic unit of a CPU?
The part with special capabilities to do arithmetic calculations and logical operations
As regards computers, what is a bus?
A communication system for transferring data inside a computer or between computers
What is magnetic tape?
Thin magnetic tape on which data can be imprinted as magnetized dots (e.g. magnetic strips on credit cards)
What is a redundant array of independent disks (RAID)?
A collection of disks that all have the same data written on it -- good for backup purposes, but often unnecessary
What is the difference between randomly accessible data and sequentially accessible data?
Randomly = records can be directly accessed
Sequentially = records can be accessed only by reading through previous info
How does software differ from hardware?
Hardware refers to the required physical devices, while software refers to the internal programming and data needed to run the technology
What are the five generations of programming languages?
(1) machine language -- simple binary
(2) assembly language -- includes short commands for repetitive tasks
(3) procedural language -- closer to human language; source code in procedural language can be translated into machine-readable object code
(4) fourth-generation language (4GL) -- many routine procedures are preprogrammed
(5) object-oriented programming (OOP) -- has a modular approach; focused on the objective rather than the procedure
(3)-(5) are machine-independent
What are some examples of procedural language?
(i) FORTRAN -- Formula Translation
(ii) COBOL -- Common Business-Oriented Language
(iii) BASIC -- Beginners All-Purpose Symbolic Instruction Code
What are some examples of object-oriented programming (OOP)?
What is a graphical user interface (GUI)?
A display where users can interact with icons, scroll bars, etc. rather than just line-by-line commands
What is a patch?
An additional part added to a program, usually to update it and/or correct a problem
What is an operating system (OS)?
Software that coordinates various computer functions and applications/programs
Also provides a graphical user interface (GUI)
What are some examples of operating systems?
(1) Windows XP
(3) Linux -- a modified version of Unix
What is a job control language (JCL)?
A language used by an OS to do its work
What are multiprocessing and multiprogramming?
Multiprocessing -- uses more than one CPU to run more than one program simultaneously
Multiprogramming -- a program processes until it needs an input or delivers an output, at which point the OS switches to another program instantly
What is virtual storage?
Occurs when an OS subdivides programs into "pages" and only uses the needed pages to execute the instructions it's trying to carry out -- thus lowers processing costs
What are application programs?
Programs designed to process a particular application
As regards application programs, what is a "pass" or a "run"?
A full round done by the program -- input, processing, and output
What are collaborative computing applications?
Any applications where multiple people have access and where the changes made by different people can be tracked to them
What are management information systems (MIS)?
Systems used in a company to provide management with the data it needs
What is enterprise resource planning (ERP)?
A software arrangement that addresses the enterprise’s needs (including financial reporting, inventory management, etc.), seeking to meet the organizational goals by tightly integrating all functions of an enterprise
What is a database management system (DBMS)?
Any set of programs which manages a database, whether by creating it, maintaining it, updating it, allowing access to it, etc.
What is a relational database model?
A model that seeks to relate common data (e.g. customer info) in one integrated database to meet the needs of different users accessing the data
What are utility programs and library programs?
(1) utility programs = programs which perform standard/routine functions, such as merging or sorting
(2) library programs = programs often utilized by other programs, being stored and then "called up" when needed (e.g. random number generation)
Can also be called utility routines or library routines
What is a network?
An arrangement where multiple computers and multiple users have access to common hardware, software, or data
What are an internet, an intranet, and an extranet?
(1) internet = a network of networks (with *the* internet being a public network of networks)
(2) intranet = a network closed off, usually just to employees
(3) extranet = an internet that is not entirely closed off, but password-protected
What are different kinds of networks?
(1) local area network (LAN) = an intranet within a relatively small physical area
(2) wide area network (WAN) = a network across a very large areas, e.g. a city or country
(3) value-added network (VAN) = a network which provides services beyond Internet capabilities (usually EDI-related)
(4) virtual private network (VPN) = a network where it appears that a remote user accesses a private network, even though it is through public lines
What is a concentrator?
An apparatus which concentrates several communication channels into one
What is a multiplexer?
An apparatus that, for communication purpsoes, converts multiple low-speed transmissions into one high-speed transmission and then back
What is a proxy server?
A server acting as an intermediary for requests from clients involving info from other servers
What is a router?
An apparatus that transfers packets of data outward using the most efficient route possible
What is a firewall?
Software separating segments with the aim of prohibiting anyone from gaining unwarranted access
What is a gateway?
Any software or hardware linking computer networks together
What is a web crawler?
A program that searches the internet to find files for the user
What is topology?
A network's physical arrangement
Different kinds are (i) bus, (ii) ring, (iii) tree, and (iv) star arrangements
As regards topology, what is a bus arrangement?
Resembles the arrangement of people on a bus: there is one central line (the "bus aisle") to which several computers are connected
Easy to add more computers with this arrangement, but communication can be cut off by a failed device in the middle
As regards topology, what is a ring arrangement?
Each computer is connected to one on each side, such that all effectively form a circle
Easy to add more computers with this arrangement, and a failed device does not cut off communication (failed devices on each side would), though communication can be slower
As regards topology, what is a tree arrangement?
A hierarchical arrangement where each device can have a number of other devices connected to it as branches
As regards topology, what is a star arrangement?
Each computer is connected to a central device
Generally the most expensive topology
What are data transmission protocols?
Sets of procedures/rules governing the transferal of data among devices
What is the difference between serial and parallel data transmission?
Serial = each bit (of a byte) are transmitted singularly
Parallel = all bits are transmitted simultaneously on parallel lines, one bit per line
Parallel is practicable only with short network distances
What is the difference between circuit switching and packet switching?
Switching mechanisms route bits to take different paths
-circuit switching sends a message in its entirety through oen path
-packet switching sends messages in packets, sometimes through separate paths
What is a common example of packet switching?
TCP/IP -- transmission control protocol/internal protocol
Provides protocols for internet packing switching
What is bandwidth?
The degree to which a channel can handle data transmission
Narrow bandwidth signifies a low rate of transmission; broad bandwidth a high rate
What is client-server architecture?
An arrangement where computers on a network are either clients or servers
-clients are workstations or PCs
-servers are powerful machines which can manage networks, disk drives, etc.
As regards client-server architecture, what is the difference between a file server and a database server?
File = the server primarily stores files and processes data; used as the only server in a two-tier client-server architecture arrangement
Database = the server primarily stores software for database management; does some processing
What is a three-tier (or more) client-server architecture?
Any arrangement where two or more servers are needed
The other ones can be print servers, web servers, application servers, fax servers, and so on
What are some different network languages?
(1) hypertext markup language (HTML) -- used for internet display
(2) hypertext transfer protocol (HTTP) -- protocols governing the coding, transferal, and viewing of data
(3) extensible markup language (XML) -- also used for internet display, but further identifies the nature of the info displayed (e.g. phone #s)
(4) extensible business reporting language (XBRL) -- required by the SEC, helpful for reading financial statements
What is an internet protocol (IP) number?
A specific number used to identify a particular computer within a network
What does URL stand for?
Uniform resource locator
What are different levels of data?
(1) bit -- binary digit, smallest unit of data
(2) byte -- group of bits
(3) character -- group of bytes
(4) field -- group of related characters (e.g. a name)
(5) record -- group of related fields (e.g. customer record with name, address, phone #)
(6) file -- group of related records
What is the difference between a master file and a transaction/detail file?
Master = data is generally permanent
Transaction/detail = data is more current and temporary, used for updating a master file
What are the steps involved in updating a master file?
(i) records from both the master file and the transaction file are read into the CPU
(ii) master file records are updated in the CPU
(iii) updated records are written onto an output reel to create a new updated master file
Thus at the end, there are three files: a master file, a transaction file, and an updated master file
What is parallel processing?
Running a new system-to-be-implemented at the same as the old system, comparing their results
This makes the conversion smoother (providing a stepping stone) and can avoid disaster if the new system crashes
Also called parallel operating
What is volume testing?
Testing the ability of a new system to handle various volumes of data
What are two different transaction processing models?
Batch processing and online processing
What is batch processing?
Accumulating transactions into groups that can then be processed all at once, as one batch, rather than each being processed individually as they arose
What is a disadvantage of batch processing?
Since transactions are not processed immediately, errors will not be detected as quickly
What is online processing?
Immediately processing transactions online as they occur
What is an OLRT system?
An online, real-time system -- it processes data quickly enough to interact with and receive responses for other data
E.g. for airline reservations, a customer's data can be inputted, and then the available flights are returned, and then the customer can select the flight
What is an integrated system?
A system where a transaction affects all the relevant files at once, rather than needing separate actions
E.g. a sale can update revenues, accounts receivable, and inventory at once
What are different ways to do external information processing?
(1) block time = renting the use of another entity's computer
(2) time-sharing = having equal access with other users to one system
(3) service bureau = an outside entity which provides data service at a cost
What are some general controls restricting IT department activity?
(1) Segregating functions of users and the IT department
(2) Barring IT people from making or authorizing transactions
(3) Segregating duties within the IT department
What are different IT functions that ought to be segregated?
(1) Control group
What is the role of a control group in the IT department?
It oversees internal control
What is the role of operators in the IT department?
They convert data into a machine-readable form
What is the role of programmers in the IT department?
They write and debug programs
-Applications programmers = deal with application programs
-Systems programmers = deal with software that runs the hardware
What is the role of analysts in the IT department?
They design the overall system, mapping it out with a flowchart
What is the role of librarians in the IT department?
They track the access, use, and storage of programs or other files, including backups
What are different professionals needed to develop a business website well?
(i) accountant or auditor -- for understanding business processes and safety, e.g. fraud prevention
(ii) graphics designer
(iv) usability specialist
(v) webmaster -- main programmer
What are control objectives for information technology (COBIT)?
Objectives developed to help fulfill Section 404 of SOX, which requires their oversight of the company’s internal controls
COBIT serves as a generally accepted standard for IT to provide security and control, with three main objectives:
(i) ensuring that data systems help fulfill the company’s goals
(ii) optimizing investments in IT
(iii) managing risks and opportunities related to IT
What is important to know about documentation for IT systems?
Control procedures for IT systems often do not leave documentary evidence behind
What is important to know regarding a change in IT system?
IT systems are more difficult to change than manual systems
What are some ways in which paper data is superior to electronic data?
(i) more difficult to alter
(ii) more credible in its source (direct mailing rather than through electronic system)
(iii) often includes approvals in the documentation
(iv) easier to use
What are some benefits to an IT system over a traditional/manual system?
-can perform large and complex calculations
-increases how timely, available, and accurate info is
-allows further analysis
-allows further monitoring
-can have stricter controls
What are some risks to an IT system?
-errors can be systematic
-unauthorized access can give the user great power
-data can be lost
-programs can be neglected/not updated
What are some examples of transaction processing systems?
(iv) general ledger
What is data mining?
Taking large amounts of data and acquiring new info (specifically, patterns or trends) from it
Good for checking for fraud, e.g. checking employee addresses to vendor addresses, vendor records with P.O. box addresses, etc.
What is a fraud profile?
A set of data characteristics which would signify a higher chance of fraud, given the entity's internal controls
What is EDI?
Electronic Data Interchange
Business conducted electronically between customers and vendors
What is a connectionless environment?
A medium or environment where a customer is not in contact with a specific representative of the company
Websites are connectionless environments, since many people can simultaneously utilize them
What is one of the advantages of IT for public companies?
Updating and generating financial statements becomes much simpler, faster, and more accurate
Also can use data mining to find relevant financial info for management, rather than having them read the entire statements
What is an ad hoc financial report?
A special report created as the circumstances arise -- i.e. not one ordinarily generated by IT
What are hackers and crackers?
Hackers = people who intentionally intrude into IT systems to violate laws, obtain information, etc.
-sometimes this term refers to general tech enthusiasts, in which case "crackers" (criminal hackers) would refer to the malicious types
What are some tools of hackers?
(1) demon dialers = rapidly dial through phone numbers to find modems and then use usernames and passwords to break into the system
(2) port scanners = scan a network and its devices to find services that are available and unsecured
(3) scripts = search through machines to find accounts on the machine and whether password attempts to access the machine are limited
(4) sniffers = identify and report all usernames and passwords it can find
(5) Trojan horses = apparently good programs which operate unexpectedly (and usually harmfully) if a user permits the program
(6) viruses = self-replicating programs which affix themselves to other programs and cause harm
What are digital signatures?
They provide assurance that data hasn't been altered -- thus they can establish the legitimacy of a file, but not other things (like privacy)
What is encryption?
Coding data so it can't be read by those who aren't authorized to read it
Decryption = changing encrypted data to a readable format
As regards encryption, what is the key?
The entire set of operations done on data to encrypt, and done in reverse on encrypted data to decrypt it
Often includes both an original set of random variables + a set of algorithms acting on the data
What is symmetric encryption?
The same key (a "private key") is used for encryption and decryption
Not useful for parties who send a few messages to a large number of correspondents, since each message would require a separate private key
What is asymmetric encryption?
Uses a public key to encrypt data and a private key to decrypt it
Both the public key and the private key are particular to the recipient, and the private key is mathematically related to the public key though not deducible from it, so as long as public keys are truly publicly available, parties can transfer messages to others without needing to agree in advance on a shared private key
What are different kinds of IT controls?
What are some minimum requirements for a company in a disaster recovery situation?
(i) backup data
(ii) additional hardware off-site
What are two different kinds of off-site locations for disaster recovery situations?
(1) hot sites = mostly ready for continued operations
(2) cold sites = mostly unready for continued operations
There are also degrees of "warmth" between the two
What are some important elements of a disaster recovery plan?
(i) procedures for how parties will communicate with each other
(ii) testing the plan under different hypothetical scenarios
(3) temporary locations and procedures for continuing operations, e.g. working from home
What is important about IT documentation?
It provides all sorts of info concerning the system's purpose, input and output, users, controls, etc., which can be very useful to the auditor
What are the first three kinds of IT documentation?
(1) problem definition -- gaining a general understanding of the reason a system was implemented
(2) systems -- how to trace accounting info from input to output
(3) program -- a summary of how a program works: its flowchart, controls, instructions, special features, etc.
What are the last three kinds of IT documentation?
(4) operations -- provided by the computer operator on how to run/administer the system
(5) user -- how to use the system (e.g. required input and expected output)
(6) operator -- documentation for the jobs done on the computer by the operator
What are some general controls restricting IT department activity?
(1) segregating functions of users and the IT department
(2) barring IT people from making or authorizing transactions
(3) segregating duties within the IT department
What are some general controls related to systems development?
-users should be involved in the procedures for system design and the choice of software
-systems testing should involve both users and IT people
-there should be controls barring unauthorized changes
-mgmt should require documentation for choices made regarding the system
What is a parity bit?
A way to test hardware for malfunctions
Odd parity = characters are represented by some odd number of magnetized dots
Even parity = characters are represented by some even number
A parity bit tests for whether a character has the wrong number (e.g. due to dust)
What is an echo check?
Signal is sent to activate a device, which sends a signal back, and the computer "checks" this "echo"
What is a hardware check?
The computer checks the hardware equipment
What is boundary protection?
Separates files or programs when they are shared in a common place (e.g. in time-sharing)
What are two different kinds of internal file labels?
(1) header label = at beginning of file
-contains name, ID #, tape reel #
(2) trailer label = at end of file
-contains # of records in file, end-of-file code
What is an external label?
A label that is attached to some secondary storage device rather than inside the file, readable by humans rather than machines
What is a file protection ring?
A plastic ring placed around magnetic tape to avoid accidentally erasing information through physical writing or marking
What are different file protection plans?
(1) duplicate files
(2) disk reconstruction plan
(3) grandfather-father-son retention
What is a disk reconstruction plan?
Periodically saves a disk file, so that the file can be reconstructed at any given point in time
What is grandfather-father-son retention?
When a master file has a day's transactions processed against it, the new master file will be the father and the old one the grandfather. When the father master file has the next day's transactions processed against it, the new file will be the son.
The terms "grandfather," "father," and "son" are relative, referring to how far back in the chain older files are retained. For instance, when the son master file (mentioned above) has a new day's transactions processed against it, the new master file is effectively the son, the old son file is the father, the old father is the grandfather, and the old grandfather is erased. The important point is that two older files are retained for backup purposes at any given time -- the grandfather and father are the two backups for the son.
What are some important factors to consider concerning physical safeguards?
(1) temperature, humidity, dust, and other factors are not problematic/extreme
(2) the environment is prepared for physical disaster (e.g. basement flooding)
(3) other facilities are ready in case of disaster
What do microcomputers signify for internal controls?
A weakness in internal controls -- since they are usually not in isolated areas, and since they can more easily be modified (including at home)
What are different types of inputs which should have internal controls as safeguards?
(1) transaction entries
(2) file maintenance
(4) error corrections
What are control totals?
A type of internal control meant to double-check data inputted into the system
Can be financial totals (e.g. total $ in A/Rs), hash totals (e.g. sum of account #s), or record/document counts (# of transactions processed)
What are edit tests?
Checks performed by a computer to test data being inputted
What is a limit test?
An edit test to see whether a value is not greater than or lesser than certain amounts
Also called a reasonableness test
What is a character test?
An edit test to see whether an input has a proper size and composition (e.g. if an input ought to always have 7 numbers)
Also called a valid field test
What is a code test?
An edit test to ensure that a wrong number is not used (e.g. if a company has four stores, the entry should not be greater than 4)
Also called a valid number test
What is a sequence check?
An edit test that ensures data is inputted in the right order
What is a missing data test?
An edit test to see whether all fields contain data
What is a valid transaction test?
An edit test that sees whether an inputted transaction is the right kind for the file (e.g. for A/R, it might be that all inputted transactions are either debits or credits to A/R)
What is a valid combination of fields test?
An edit test that sees whether certain data, when combined, is reasonable (e.g. selling a large quantity of washers and dryers to a single customer -- this might show that the wrong quantity was entered)
What is a self-checking digit?
An edit test where a digit is added to some number (e.g. an order ID number) based off the number itself, and then checked for accuracy later
E.g. there might be a formula to add the sum of the 2nd and 5th digits of an order ID, so an order ID of 41853 would be changed to 418534, since 1+3=4. This can help ensure that other data is inputted correctly.
What is a valid sign test?
An edit test that checks whether a sign (i.e. positive or negative) is accurate for a record
What is an error log?
A record of transactions that aren't processed due to some error -- exists to ensure that transactions skipped over (due to error) will later be corrected
Also called an error listing
What are some application controls related to processing?
(1) Reconciling control totals with inputs
(2) Prevention of processing the wrong files
(3) Limit tests built into programs
What are some application controls related to output?
(1) Reconciling output totals with input totals
(2) Comparing scanned outputs to original documents
(3) Distributing outputs only to authorized users
What two segregation controls are important in small-business IT environments?
-between data entry and processing
-between IT and transaction authorization for users
What might an auditor do if a company does not document changes made to an IT program?
Obtain the original software from the manufacturer and see what changes have been made
What are distributed systems?
Systems with a main/central computer system and several remote computer sites