Information Technology

Question 1

Which IT personnel roles should always be segregated?

Answer 1

Operators

Programmers

Librarians

Question 2

What are the duties of a systems analyst?

Answer 2

Designs or purchases IT system

Responsible for flowcharts

Liaison between Users and Programmers

Note: Think IT Manager

Question 3

What is the primary duty of a Systems Administrator?

Answer 3

A Systems Administrator controls database access.

Question 4

What are the duties of a Systems Programmer?

Answer 4

Writes- Updates- Maintains- & Tests software- systems- and compilers

Question 5

Which duties should a Systems Programmer NOT have?

Answer 5

In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.

Question 6

What are the duties of a Systems Operator?

Answer 6

Schedules and Monitors Jobs

Runs IT Help Desk

Question 7

What duties should a System Operator NOT have?

Answer 7

For internal control purposes- they should not be a Programmer on the system.

Question 8

If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?

Answer 8

Include Computer Logs.

Control Group should review the logs.

Question 9

What is the purpose of a Management Information System (MIS)?

Answer 9

To assist with decision making.

Question 10

What is an Accounting Information System (AIS)?

Answer 10

A type of Management Information System (MIS) that processes accounting transactions.

Question 11

What are the characteristics of an Executive Information System (EIS)?

Answer 11

Specialized for Company Executive needs

Assists with Strategy Only

No Decision-Making Capabilities

Question 12

What are the characteristics of an Expert System (ES)?

Answer 12

Computer uses reasoning

Structured

No human interpretation needed

Question 13

What are the characteristics of a Decision Support System (DSS)?

Answer 13

Computer provides data

Gives Interactive Support

Human interpretation needed

Question 14

What are the characteristics of an Ad Hoc computer report?

Answer 14

User initiates the report.

The report is created upon demand.

Question 15

When are Exception reports generated?

Answer 15

Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem

Question 16

What is a query?

Answer 16

A type of Ad Hoc report- initiated by a user.

Question 17

What is End-User Computing?

Answer 17

The User develops and executes their own application.

Question 18

What is the primary benefit of E-commerce?

Answer 18

E-commerce makes business transactions easier.

Question 19

What are the risks of E-commerce?

Answer 19

Compromised data or theft.

Less paper trail for auditors.

Question 20

What are the benefits of Electronic Data Interchange?

Answer 20

Uses globally-accepted standardsEfficient

EDI: more expensive, secure, slower batch, VAN( private)

Question 21

What is a File Server?

Answer 21

A file server stores shared programs and documents.

Question 22

What is the purpose of a Database?

Database : files that are interrelated and coordinated

Answer 22

Located on a File Server- a Database allows users to share documents.

Question 23

What is the purpose of a LAN (Local Area Network)?

Answer 23

It connects computers in close proximity.

Question 24

What is the purpose of a WAN (Wide Area Network)?

Answer 24

It connects computers that are far apart.

Question 25

What are the characteristics of a VAN (Value-Added Network)?

Answer 25

Privately-owned Network

Serves as 3rd Party Between 2 Companies

Routes EDI Transactions

Accepts wide range of Protocols

Very Costly

Question 26

What is the purpose of a Firewall?

Answer 26

Prevents unauthorized access to a network.

Question 27

What are the characteristics of a virus?

Answer 27

Takes over a computer

Needs a host program to run

Question 28

What are the characteristics of a computer worm?

Answer 28

Takes over multiple computers

Doesn’t need a host program to run

Question 29

What is the purpose of Automated Equipment Controls?

Answer 29

They prevent and detect hardware errors.

Question 30

What is RAM?

Answer 30

Random Access Memory.

Internal memory in the computer used during immediate processing.

Question 31

What is a CPU?

Answer 31

Computer Processing Unit

It processes commands within a computer.

Question 32

What is Job Control Language?

Answer 32

It schedules and allocates system resources.

Question 33

What are examples of input devices?

Answer 33

Keyboard
Mouse
Scanner
Magnetic Ink Reader
Magnetic Tape Reader
EDI
Point of Sale Scanner

Question 34

What are examples of Output Devices?

Answer 34

Speakers

Monitors

Printers

Question 35

What are the characteristics of Magnetic Tape storage?

Answer 35

Sequential Access - Sorts data in order

Slower data retrieval

Header Label prevents Operator error by loading wrong tape

External Labels prevent accidental destruction by operator

Question 36

What are the characteristics of Magnetic Disks?

Answer 36

Random Access - Finds data in random spots

Faster data retrieval

Uses Boundary Protection for data

Question 37

What is a Gateway?

Answer 37

Connects one network to another

Note: the Internet is connected by Gateways

Question 38

What are Parity Checks?

Answer 38

A control that detects internal data errors.

A bit is added to each character- it checks to see if a bit was lost.

Question 39

What is an Echo Check?

Answer 39

Transmitted data is returned to the sender for verification (it echoes back to the sender)

Question 40

What is a Change Control?

Answer 40

It authorizes program changes and approves program test results.

Question 41

What is security software?

Answer 41

Software that controls access to IT systems.

Note: Don’t confuse this with anti-virus software

Question 42

What is the purpose of a Digital Signature?

Answer 42

It confirms a message has not been altered.

Question 43

List the types of computers from smallest to largest

Answer 43

PDA/Smartphone/Tablet

Microcomputer - PC- Laptop (cost-effective)

Minicomputer - Like a Mainframe- but smaller

Mainframe - Large computer with terminals attached

Supercomputer - Very powerful and very big

Question 44

What are the units of computer data from smallest to largest?

Answer 44

Bit - 1 (on) and 0 (off)
Byte - 8 bits to a byte/character
Field - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
Record - Group of related fields (i.e. Member name- address- phone number)
File - Group of related records (i.e. Membership directory)

Question 45

What is the duty of a design engineer?

Answer 45

Determine language used for a specific computer- on a computer-to-computer basis

Question 46

What are object programs?

Answer 46

Programs written in base computer language- not similar to English.

Question 47

How can source programs be recognized?

Answer 47

They are written in a language close to English.

Question 48

What is the purpose of a Compiler?

Answer 48

Takes Source language (English) and converts to Object (Computer) Language

Question 49

How does Online Analytical Processing work?

Answer 49

It uses a Data Warehouse to support management decision making.

Question 50

What is Data Mining?

Answer 50

Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.

Question 51

What is the purpose of online transaction processing?

Answer 51

To process a company’s routine transactions - master files updates as transaction entered
Req random access storage device
Immediate processing - point of sale/ supermarket/ retail

Question 52

What are the characteristics of batch processing?

Answer 52

Data held- updates multiple files all at onceLeaves a better audit trailUses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)
Always a time delay
Often used in traditional system - payroll; GL system - data do not need to be current all the time
Compare manual and computed generated bacth control totals
Uses both random access and/or sequential

Question 53

What does an output control check for?

Answer 53

Checks to see if output data is valid- distributed and used in an authorized manner.

Question 54

What does a processing control check?

Answer 54

Checks if data processing produced proper output

Question 55

What is a hash total?

Answer 55

An input control number- a meaningless sum of values included in the input.

Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.

Question 56

What is a validity check?

Answer 56

Checks to see if data in existing tables or files belongs in the set

For example- is there a # in an alpha-only field or a letter in a numeric-only field

Question 57

What is a limit check?

Answer 57

Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.

Question 58

What is a check digit?

Answer 58

An input control that adds an identification number to a set of
digits - usually at the end

Question 59

What is a field check?

Answer 59

An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field

Question 60

What is a Hot Site?

Answer 60

A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.

Question 61

What is a Cold Site?

Answer 61

If a main system goes down- a Cold Site will take time to get set up and running.

Question 62

What is the most common database language?

Answer 62

SQL - Structured Query Language

Question 63

What is a Data Definition Language?

Answer 63

Defines SQL Database

Controls SQL Tables

Question 64

What is a Data Manipulation Language?

Answer 64

Queries SQL Database tables

Question 65

What is a Data Control Language?

Answer 65

Controls Access to SQL Database

Question 66

What are the characteristics of a Relational Database?

Answer 66

Logical structure

Uses rows and columns similar to spreadsheet

Question 67

What are the characteristics of a Hierarchical Database?

Answer 67

Has various levels

Uses trees to store data

Question 68

What are the advantages of a database?

Answer 68

Data is more accessible

Reduced redundancy

Question 69

What are the disadvantages of a database?

Answer 69

Cost of installation

Skilled personnel required to maintain

Question 70

What are the components of a database?

Answer 70

Desktop client

Application Server

Database Server

Think: Your desktop computer runs applications and saves to a database

Question 71

Data input : input verification

Answer 71

trace data to appropriate supporting evidence contributes to validation of the accuracy of the transaction and its authorization

Question 72

Data processing - transactions processed to keep info curent

Answer 72

whats done to the data: addition, update, and deletion.

methods: batch processing and OLRT

Question 73

System development life cycle (SDLC)

Answer 73

framework for planning and controlling the detailed activities associated w system development. Ex: waterfall approach

Question 74

SDLC : A DITTO

Answer 74

System Analysis - first step
Design - conceptual and physical
Implementation
Training
Testing
Operations and Maintenance

Question 75

Participants in Business Process Design

Answer 75

• Management - top lvl
• Accountants
• Info system steering committee: oversee. high lvl management : controllers, user dptment management. set gov policies for AIS, ensure top mgment participation, and facilitate integration of info system
• Project development team - responsible for successful design and implementation of bus system
• External Parties: major customers or suppliers

Question 76

Control objectives for information and related technology : COBIT

Answer 76

measures, indicators, processes and best practices to max benefit of information technology

Question 77

COBIT framework ( 5 )

Answer 77

1) Business objectives: effective decision support, compliance
2) Governance objectives: strategic alignment, value delivery, resource management, risk management, performance measure
3) Information criteria : ICE RACE: integrity, confidentiality, efficiency, reliability, availability, compliance, and effectiveness.
4) IT resources: applications, information, infrastructure, people
5) Domains and Processes: PO AIDS ME

Question 78

Control Monitoring:

General Controls

Answer 78

apply to org lvl / control environment and includes:

• system development standards
• security management
• change management procedures
• software acquisition, development, operations, and maintenance controls

general controls that regulate the computer activity: Segregation of duties, proper authorization of transactions, and safeguarding assets

Question 79

Control Monitoring:

Application Controls

Answer 79

application specific subject to I/C - authority, recording, and custody

Prevent, detect, and correct transaction error and fraud

provide reasonable assurance as to the system: accuracy, completeness, validity, and authorization

Question 80

Input controls - make sure data is reliable (integrity)

Answer 80

Data validation at field lvl: edit checks, meaningful error messages, input masks, ect

Prenumering forms, making it possible to verify that all inputs is accounted for and that no duplicate entry exists

Well-defined source data preparation procedures. Ex collect and prepare source docs, but sometimes no source doc exist bcoz data entered via web application

Question 81

Processing Controls

Answer 81

• Data matching
• File labels
• Recalculation batch totals
• Cross footing and zero balances
• Write-protection mechanism: against overwrite or erasing
• Database processing integrity procedures - procedures for accessing and updating database by administrators, concurrent updates protect records from errors when two users attempt to update same record

Question 82

Outputs controls:

Answer 82

• User Review of output
• Reconciliation procedures (input control totals vs output control totals)
• External data reconciliation - payroll database and ficticious employees
• Output encryption - reduce data interception, error. protect data authenticity and integrity. ex: parity check and message ackwoledgement

Question 83

Managing Control Activities/ Control procedures - controls related to use of information technology resources

Answer 83

• Appropriate segregation of duties to reduce opportunies to anyone to both perpetrate and conceal errors in the normal course of his/her duties
• Design and use adequate docs and records to help ensure proper recording of transactions
• Limit to asset access in accordance to management’s authorization. Ex data librarian controls production data and allow access to it only to authorized ppl
• Info processing controls to ensure proper authorization, accuracy, and completeness of individual transaction.
• Implementation of security measures and contingency plans: security measures/ data security prevent and detect threats - authorization needed to access, change, and destroy storage media. Contingency plans to minimize disruptions of processing while maintaining data integrity.

Question 84

Technologies and Security management features

Answer 84

• Safeguard Records and Files
• Backup files: son-father-grandfather, backup of system that can be shut down, and that do not shut down
• Uninterrupted Power Supply
• Program modification controls: track program changes and prevent changes from unauthorized ppl used in production applications
• Data encryption : digital certificates, digital signatures
• Managing passwords: length, complexity
• User Access: initial access, change in position access

Question 85

Security Policies - how to protect info

Answer 85

secure info in stored info, processed info, and transmitted info

Program lvl policy - highest lvl
Program framework policy
Issue-specific
System-specific

Question 86

Risk Event identification

Answer 86

Strategic - choose inappropiate technology
Operating - do right things in wrong way
Financial - resources lost, wasted, stolen
Information - loss data integrity, incomplete transaction, hackers
Specific risks: errors, intentional acts, disasters

Question 87

Risk assessment and control activities

Answer 87

Risk - possibility of harm or loss
Threat - danger
Vulnerability - renders system susceptible to a threat
Safeguards and controls: policies and procedures to reduce vulnerability
Risk assessment: first assess risks and then they can be managed.
Evaluation and types of controls

Question 88

Risk assessment - steps

Answer 88

1) identify risks
2) evaluate possibility that threat will occur
3) evaluate exposure - potential loss from threat
4) identify controls to guard against threats
5) evaluate costs and benefits of implementing controls
6) implement controls that are cost effective

Question 89

Access Controls

Answer 89

limit access to program documentation, data files, programs, and computer hardware to those who require it in the performance of their job responsibilities.
Include multilevel security, user identification, user authorization (passwords), limited access room, use of file-level access attributes and firewalls.

Question 90

Physical Access

Answer 90

access to computer rooms limited to computer operators and other IT ppl. Restriction by specially coded ID cards or keys to entry. Manual key locks. ID cards can be lost or stolen

Question 91

Electronic Access - unathorized access to data and application programs

Answer 91

User identification codes - w change of passwords. backdoors should be eliminated.

Disconnect hardware devices and deactivate use ID when consecutive failed attempts to access to system occur

Req hardware devices to log-off when not in use or automatically log them off after inactive for certain time

Use password scanning to detect weak passwords

Req dual authentication. ex log in and use a code that was sent by text msg.

File-lvl access attributes: ex. read only access

Firewalls : protect against unauthorized access - hardware and software. Packet filtering (examine data coming in according to established rules
), circuit level gateways (allow data inside network only when inside computer request it). Application gateway/ Proxy (examine data in a more sophisticated way - more secure but slow)

Question 92

Disaster recovery steps

Answer 92

assess risks
identify mission critical application and data
develop plan for handling mission critical application
determine responsibility of ppl involved
test disaster recovery plan

Question 93

Internal check

Answer 93

Examples of internal checks are as follows:

Limit check, which identifies if data have a value higher or lower than a predetermined amount
Identification, which determines if the data is valid
Sequence check, which checks sequencing
Error log, which is simply an up-to-date log of all identified errors
Transaction log, which provides the basic audit trail
Arithmetic proof, which computes the calculation in order to validate the result - recalculation

Question 94

Edit checks

Answer 94

accuracy checks performed by an edit program.

accuracy controls include the following:

Use of a current, approved price list
Verification of multiplication and addition
Matching of quantities ordered, received, and invoiced

Question 95

A DBMS (database management system)

Answer 95

A tool - consists of computer program(s) for organizing, accessing, and modifying a database. It is a collection of programs that enables users to store, modify, or extract information from a database.

A database is a collection of interrelated information that can be used for a variety of purposes. A database is managed by a computer program called a database management system (DBMS).

Question 96

data security of an online computer system protected by an internal user-to-data access control program

Answer 96

Security dependent upon the controls over the issuance of user IDs and user authentication is the key to enforcing personal accountability

Question 97

Data integrity

Answer 97

relates to using data for its intended purpose. A local area network would promote data integrity by making data available only to those users having a legitimate reason for access. Centralized access controls would help promote data integrity.

Integrity is the protection of data from unauthorized tampering

Question 98

Online access controls

Answer 98

Online access controls are absolutely essential in controlling access to and operation of modern computer systems. These controls include:

• user code numbers that restrict access to only authorized users,
• passwords that create a second barrier for access after user code numbers, and
• lists of files and programs along with lists of the type and extent of access a user is entitled to have to those files and programs.

Question 99

Enterprise resource planning (ERP)

Answer 99

integrates all aspects of an organization's activities into one accounting information system. By combining financial and nonfinancial information, the entity can be more flexible and responsive while having more information available for decision making.
however changes to one module can flow throughout the system

Question 100

Run-to-run controls

Answer 100

for an online system are able to accumulate separate totals for all transactions processed during the day and then agree the totals to the total of items accepted for processing.

One-for-one checking generally requires manual comparisons of input data elements to processing results.

Question 101

general controls: user authentication procedures

Answer 101

seeks to determine if the person seeking access is who they say they are. Password masking is a part of this process. Password masking is the technique of either hiding the password as it is typed or displaying other characters so that observers cannot see what characters the user is actually entering.

Question 102

Public Key Infrastructure (PKI)

Answer 102

PKI refers to the system and processes used to issue and manage asymmetric keys and digital certificates

Question 103

compatibility test for users

Answer 103

procedure for checking a password to determine if its user is authorized to initiate the type of transaction or inquiry he or she is attempting to initiate.

Use of a compatibility test for users would assure that an employee used a CRT only for purposes related to that employee’s job description. For example, an accounts receivable clerk would not be allowed access to inventory or fixed asset records since those records would not be compatible with the duties of an accounts receivable clerk.