Flashcards in Information Technology Deck (95):
Which IT personnel roles should always be segregated?
C - Control group
O - Operators
P - Programmers
A - Systems Analyst
L - Librarians
What are the duties of a systems analyst?
Designs or purchases IT system
Responsible for flowcharts
Liaison between Users and Programmers
Note: Think IT Manager
What is the primary duty of a Systems Administrator?
A Systems Administrator controls database access.
What are the duties of a Systems Programmer?
Application Programer - Application/Software developer (software engineers) is the person responsible for writing and/or maintaining application programs.
SHOULD NOT be given write/update access to data in production systems or unrestricted and uncontrolled access to application program change management systems.
System Programers - are responsible for installing, supporting (troubleshooting), monitoring, and maintaining the operating system. May also perform capacity planing functions and testing and applying upgrades.
Writes- Updates- Maintains- & Tests software- systems- and compilers
SHOULD NOT be given write/update access to data in production systems or access to change management systems.
Which duties should a Systems Programmer NOT have?
In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.
What are the duties of a Systems Operator?
Schedules and Monitors JobsRuns IT Help Desk.
SHOULD NOT be a Programmer on the system.
What is the primary function of a database management system?
To create and modify the database.
If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?
Include Computer Logs.
Control Group should review the logs.
What is the purpose of a Management Information System (MIS)?
To assist with decision making. More broad than DSS.
Provides users predefined reports that support effective business decisions. MIS reports may provide feedback on daily operations.
What are the characteristics of an Executive Information System (EIS)?
Specialized for Company Executive needs
Assists with Strategy Only
No Decision-Making Capabilities
What are the characteristics of an Expert System (ES)?
See Decision Support System
Computer uses reasoning
No human interpretation needed
What are the characteristics of a Decision Support System (DSS)?
Sometimes called Expert System.
It is an extension of an MIS that provides interactive tools to support decision making. It may provide information, facilitate the preparation of forecasts, or allow modeling of various aspects of a decision.
Computer provides data
Gives Interactive Support
Human interpretation needed
What are the characteristics of an Ad Hoc computer report?
User initiates the report.
The report is created upon demand.
When are Exception reports generated?
Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem
What is a query?
A type of Ad Hoc report- initiated by a user.
What is End-User Computing?
The User develops and executes their own application.
What is the primary benefit of E-commerce?
E-commerce makes business transactions easier.
What are the risks of E-commerce?
Compromised data or theft.
Less paper trail for auditors.
What are the benefits of Electronic Data Interchange?
Uses globally-accepted standards
What is a File Server?
A file server stores shared programs and documents.
What is the purpose of a Database?
Located on a File Server- a Database allows users to share documents.
What is the purpose of a LAN (Local Area Network)?
It connects computers in close proximity.
What is the purpose of a WAN (Wide Area Network)?
It connects computers that are far apart.
What are the characteristics of a VAN (Value-Added Network)?
Serves as 3rd Party Between 2 Companies
Routes EDI Transactions
Accepts wide range of Protocols
What is the purpose of a Firewall?
Prevents unauthorized access to a network.
What are the characteristics of a virus?
Takes over a computer
Needs a host program to run
What are the characteristics of a computer worm?
Takes over multiple computers
Doesn't need a host program to run
What is the purpose of Automated Equipment Controls?
They prevent and detect hardware errors.
What is RAM?
Random Access Memory.
Internal memory in the computer used during immediate processing.
What is a CPU?
Computer Processing Unit
It processes commands within a computer.
What is Job Control Language?
It schedules and allocates system resources.
What are examples of input devices?
Magnetic Ink Reader
Magnetic Tape Reader
Point of Sale Scanner
What are examples of Output Devices?
What are the characteristics of Magnetic Tape storage?
Sequential Access - Sorts data in order
Slower data retrieval
Header Label prevents Operator error by loading wrong tape
External Labels prevent accidental destruction by operator
What are the characteristics of Magnetic Disks?
Random Access - Finds data in random spots
Faster data retrieval
Uses Boundary Protection for data
What is a Gateway?
Connects one network to another
Note: the Internet is connected by Gateways
What are Parity Checks?
Output Encryption control
A control that detects internal data errors.
A bit is added to each character- it checks to see if a bit was lost.
What is an Echo Check?
Output Encryption control
Transmitted data is returned to the sender for verification (it echoes back to the sender)
It minimizes the risk of data transmission errors
What is a Change Control?
It authorizes program changes and approves program test results.
What is security software?
Software that controls access to IT systems.
Note: Don't confuse this with anti-virus software
What is the purpose of a Digital Signature?
It confirms a message has not been altered.
List the types of computers from smallest to largest
Microcomputer - PC- Laptop (cost-effective)
Minicomputer - Like a Mainframe- but smaller
Mainframe - Large computer with terminals attached
Supercomputer - Very powerful and very big
What are the units of computer data from smallest to largest?
> Bit - 1 (on) and 0 (off)
> Byte - 8 bits to a byte/characterField - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
> Record - Group of related fields (i.e. Member name- address- phone number)
> File - Group of related records (i.e. Membership directory)
What is the duty of a design engineer?
Determine language used for a specific computer- on a computer-to-computer basis
What are object programs?
Programs written in base computer language- not similar to English.
How can source programs be recognized?
They are written in a language close to English.
What is the purpose of a Compiler?
Takes Source language (English) and converts to Object (Computer) Language
How does Online Analytical Processing work?
It uses a Data Warehouse to support management decision making.
What is Data Mining?
Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.
What is the purpose of online transaction processing?
To process a company's routine transactions.
What does an output control check for?
Checks to see if output data is valid- distributed and used in an authorized manner.
What does a processing control check?
Checks if data processing produced proper output
What is a hash total?
An INPUT CONTROL number- a meaningless sum of values included in the input.Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.
What is a validity check?
An INPUT CONTROL that checks to see if data in existing tables or files belongs in the set
For example- is there a # in an alpha-only field or a letter in a numeric-only field
What is a limit check?
In INPUT CONTROL. Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.
What is a check digit?
An INPUT CONTROL that adds an identification number to a set of digits - usually at the end
What is a field check?
An INPUT CHECK that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field
What is a Hot Site?
A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.
Building, hardware, and backup tapes.
Few hours to 1/2 day to operate.
What is a Cold Site?
If a main system goes down- a Cold Site will take time to get set up and running. 1 - 3 days.
Provides only infrastructure - building.
Does not have the equipment.
What is the most common database language?
SQL - Structured Query Language
What is a Data Definition Language?
DEFINES SQL Database
CONTROLS SQL Tables
What is a Data Manipulation Language?
Queries SQL Database tables
What is a Data Control Language?
Controls ACCESS to SQL Database
What are the characteristics of a Relational Database?
Uses rows and columns similar to spreadsheet
What are the characteristics of a Hierarchical Database?
Has various LEVELS
Uses TREES to store data
What are the advantages of a database?
Data is more accessible
What are the disadvantages of a database?
Cost of installation
Skilled personnel required to maintain
What are the components of a database?
Think: Your desktop computer runs applications and saves to a database
What is Information Technology
It is a term relating to the development,installation, and maintenance of computers, applications systems, and the associated programs and telecommunications infrastructure.
It also includes the data stored and transmitted and the people working in the industry.
Today's economy could not exist without IT. Information and technology requirements are specialized to each industry and business and require assessment. Integral to the needs assessment is an understanding of the nature of data, information, and systems.
What are the components of IT?
What are the roles of Business Information Systems?
The primary roles are in Business Operations are:
> To process detailed data
> To provide info for decision making
> To provide info for strategy development
> To take order from customers
What are the information systems viewed from a functional perspective? HAMS
Sales & marketing systems
Manufacturing & Production systems
Accounting & Finance systems
Human Resources systems
What is the first step in data capture?
Capture the data pertaining to the transaction and enter the data into the system.
> A business event or transaction is necessary for the data capture process. (Can't capture if didn't happen)
> Capture through manual entries or automation devices
> Ensure data is accurate and complete, - uses well-designed input screens and auto-entry fields
What are the functions performed on data?
What is an Accounting Information System (AIS)?
A type of Management Information System (MIS) that processes accounting transactions.
What do the objectives of an entity's AIS include?
Transaction recorded must be:
> Properly classified
> Properly valued
> Recorded in proper accounting period
> Properly presented with related information in the FS
What are the 5 primary transaction cycles in an AIS?
> Revenue cycle
> Expenditure cycle
> Production cycle
> HR/Payroll cycle
> Financing cycle
What are the sequence of events in an AIS?
> Transaction data is entered by end user or internet customer
> Transactions are journalized and posted to ledgers
> Trial balance is prepared
> Adjustments, accruals, and corrections are recorded
> Financial reports are produced
The data processing cycle consists of 4 functional areas. What are they?
> Data input via manual source document input or electronic data capture.
> Data storage, which includes the following methods of keeping data: journals and ledgers, coding, chart of accounts, and files.
> Data processing (batch or OLRT)
> Information output (documents, queries, and reports)
What is an audit trail?
A well-designed AIS creates an audit trail for accounting transactions which allows a user to trace a transaction from a source foment to the ledger and from the ledger back to the source documents. This is particularly important for auditing. (directional testing)
What is batch processing and its characteristics?
In batch processing, data (transactions) is processed in batches or groups with the database(s) updated on a periodic (hourly, daily, monthly) basis. There is always some kind of delay, however short, in batch processing.
> Data held- updates multiple files all at once
> Leaves a better audit trail
> Uses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)
What is OLRT - Online, Real-Time Processing?
With OLRT processing, there is instantaneous processing and updating of database(s).
OLRT systems require random access storage devices, whereas batch processing systems do not.
Generally, companies have to pick OLRT or batch. They may use different processes for different functions, but its really a binary choice.
What is a centralized vs. decentralized distributed processing?
Centralized maintains all data and performs all processing in a central location. Decentralized are spread over more than one processor or locations
What are the advantages of centralized processing?
> Better security
What are the disadvantages of centralized processing?
> High transmission costs
> Increased processing power/storage for central processor
> Reduction of local accountability
> Bottlenecks at busy times
> Delay in réponse time to remote locations
> Increased vulnerability to problems occurring at the central location.
What is End-User Computing (EUC)?
Functional end users who perform their own information processing activities with hardware, software and professional resources provided by the organization. - do it yourself - (excel)
What are the basic types of reports?
Periodic - produced each month, day, hour
Exception - triggers when outside of parameters
Demand - produced when requested - push button
Ad Hoc - Query - Sales by month or region
Push Report - Spits out without request. log in computer and report shows up in screen
Dashboard-Style - At a glance report - graph
What is the role of IT in Business Strategy
Technology is a core input to the development of strategy.
Technology evolves and due t the speed at which changes, strategy development must be a continual process.
Technology plays an important role in enabling the flow of information in the organization, including information directly relevant to enterprise risk management across strategy setting and the whole organization.
What are boundary protection?
The primary purpose is to prevent mixing of data on a magnetic disk or storage unit.
What are the firewall methodology and what do they do?
Can be deeded into several different categories, and they can be used individually or combined in a specific product.
> Packet Filtering is the simplest type. It examines data as it passes through the firewall
> Circuit Level - Allows data to pass only when requested by an internal computer.
> Application Level Gateways or "Proxies" - examine data coming into the gateway in a more sophisticated fashion. Proxies are more secure, but can also be slow.
Which activity should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?
Independently verify the transactions.
lists several Data Validation Edits and Controls
Validity check - comparison of input to a list of valid items. (detect transposition errors)
Reasonableness check - would not allow invalid date to be accepted
Check digit - adds an identification number to a set of digits - usually at the endCompleteness check
Logical Relationship check
What does Access Control Software does?
It is a preventive control designed to prevent a misstatement from occurring. Access control software prevens unauthorized individuals from gaining access to a system or application and therefore prevents unauthorized transactions or changes in data.
Which model evaluate the sophistication of IT processes?
Maturity Models rates from maturity level of nonexistent (0) to optimized (5)