IS and Comm B - Systems Design and Other Elements Flashcards Preview

JA BEC Flashcards > IS and Comm B - Systems Design and Other Elements > Flashcards

Flashcards in IS and Comm B - Systems Design and Other Elements Deck (228)
1

An employee mistaken enters 4/31 in the date field. The best programmed edit check to detect this error is

reasonableness

2

Expert systems have ______ that represent the facts and inferences it knows

knowledge bases

3

Features in Traditional programs that are not in an Expert system include

- sequential control structures
- distinct input/output variables
- passive data elements

4

In a large database system maintained on a mainframe computer, the most common medium for data files for the database is

hard disk

5

When implemented, the control ______ would best assist in meeting the control objective that a system have the capability to hold users accountable for functions performed

activity logging

6

The following task would be included in a document flowchart for processing cash receipts:

compare control and remittance totals

7

Routines that utilize the computer to check the validity and accuracy of transaction data during input are called

edit programs

8

Operating system is

a software program that controls the overall operation of a computer system

9

A compiler is

a computer program that converts a source program into an object program

10

Compatibility check/test is

a procedure for checking a password to determine if its user is authorized to initiate the type of transaction or inquiry he or she is attempting to initiate

11

A checkpoint/restart procedure is primarily designed to recover from

hardware failure

12

Internal checks are

- limit check
- identification
- sequence check
- error log
- transaction log
- arithmetic proof

13

Limit check is

a check to identify if data have a value higher or lower than a predetermined amount

14

Identification is

a check to determine if data is valid

15

Sequence check is

a check on the sequencing of info

16

Error log is

an up-to-date log of all identified errors

17

Transaction log is

a detailed record of every transaction entered in a system through data entry and provides the basic audit trail

18

Arithmetic proof is

a check to compute the calculation and validate the result

19

Characteristics of computer machine language include

- internal binary code
- hexadecimal code
- on/off electrical switches

20

Assembly language is

a programming language in which each machine language instruction is represented by mnemonic characters (symbolic language)

21

Many companies and government organizations would like to convert to open systems in order to

use less expensive computing equipment

22

In general, running open systems:

- increases # of available vendors
- decreases the average purchase from one vendor
- decreases volume discounts
- reduce economies of scale
- reduce reliance on proprietary components

23

The purpose of a software monitor is to

collect data on the use of various hardware components during a computer run

24

Specialized programs that are made available to users of computer system to perform routine and repetitive functions are referred to as

service "canned" programs

25

Relationship between source, object, and compiler programs

A source program "source code" is a computer program written in a source language which is translated into the object program by using a translation program like a compiler

26

A decision table indicates the

alternative logic conditions and actions to be taken in a program

27

Example of a decision table is

a chart that indicates shipping costs based on total purchase price

Purch. Ship
$ 1-$50 $4
$50-$100 $5
$101-$250 $7

28

An ERP system has the following advantages over multiple independent functional systems:

increased responsiveness and flexibility while aiding in the decision making process

29

The _______ transaction processing mode provides the most accurate and complete information for decision making

online

30

An application is

a computer program for performing a specific function ex. payroll program

31

Batch processing is

a method where items to be processed are collected in groups to permit fast and convenient processing

32

Distributed data processing is

a network or interdependent computers where certain functions are centralized, other functions are decentralized, and processing is shared among two or more computers

33

_______ could be used to reduce the cost of preparing and updating flowcharts

Flowcharting software

34

The batch processing of business transactions can be the appropriate mode when

economy of scale can be gained because of high volumes of transactions

35

A disk storage unit is preferred over a magnetic tape drive because the disk storage unit

offers random access to data files

36

Real time system is characterized by

- online files
- prompt input from users
- an extensive communication network
- random access
- immediate update
- low level language

37

Decision tables differ from program flowcharts in that decision tables emphasize

logical relationships among conditions and actions

38

A flowchart is

a graphic depiction using symbols to show the control flow, primary actions, and interrelationships of a task or a set of tasks

39

Compared to online, real-time processing, batch processing has the disadvantage of

stored data only being current after the update process

40

The implementation phase of an accounting software application would include

- obtaining and installing hardware
- documenting user procedures
- training users
- entering and verifying test data

41

Identifying inputs and outputs would occur in the ________ phase which _______ implementation

systems design and development phase; precedes

42

The best depiction of the path of data as it moves through an IS is

system flowcharts

43

A data dictionary is

an organized description of the data items stored in a database and their meaning

44

Source code application is

a description of record layouts used by application programs

45

Data control language is

a way to describe the privileges and security rules governing database users

46

Database recovery log file is

a record of the before and after images of updated records in a database

47

A characteristic common to companies that have converted to a database system is that before conversion the companies had

redundant data fields

48

A tool useful in conducting a preliminary analysis of internal controls in an organization or organizational unit is

flowcharting

49

CCI developed a mgmt reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. This is known as

an online analytical processing system

50

A key difference in controls when changing from a manual system to a computer system is

the methodology for implementing controls change

51

A primary function of a database mgmt system (DBMS) is

the capability to create and modify the database

52

A fundamental purpose of a DBMS is to

reduce data redundancy

53

Master file is

where cumulative info about an organization is stored and is similar to a ledger in a manual system

54

Transaction file is

where data about transaction that occur during a specific period of time is contained and similar to a journal in a manual system

55

A new policy on e-mail would not include

erasing EE email immediately upon terminiation

56

Prompting is

an online data entry control that uses the computer to control the data entry process

57

An online data entry technique that can be employed when inexperienced personnel input data is the use of

prompting

58

An advantage of a computer-based system for transaction processing over a manual system is that

the computer-based system will be more efficient at producing F/S

59

A type of flowchart representing areas of responsibility (such as depts.) as columns is called horizontal or _______ flowcharts

document

60

A control designed to catch errors at the point of data entry is

a self-checking digit

61

If a database has integrity, this means that the

database has only consistent data

62

A modem is a device that

allows computer signals to be sent over a telephone line

63

Devices that used only to perform sequential file processing will not permit

data to be edited on a real-time basis

64

Sequential file processing is

a system where files are arranged serially, one after another, and the program must start at the first record and read all succeeding records until the required record is found or until the end of the file reached

65

A systems program

manipulates application programs

66

An AP clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in

transaction logs

67

ROM (read only memory) is

a memory component for the storage of elementary software info that cannot be modified by the user of the system or program

68

RAM (random access memory) is

a temporary read-write memory component of a computer that can be accessed at any point in time without accessing other info

69

In a microcomputer system, the place where parts of the operating system program and language translator program are permanently stored is

ROM

70

A central element of mgmt IS is

the processing of data items is based on decision models

71

Phases of System Development Life Cycle (SDLC) are

PAD-ID-TIM

1 system Planning
2 system Analysis
3 system Design
4 Implementation and Deployment
5 Testing and Integration
6 system Maintenance

72

The type of control plan particular to a specific process or subsystem, rather than related to timing of occurrence is

application controls

73

Operational Risk controls can be broken down into the 3 types:

preventive
detective
corrective

74

A value added network (VAN) is a privately owned network that performs the function of

routing data transactions between trading partners

75

An input validation routine not appropriate in a real-time operation is

sequence check

76

Input validation checks and controls that should be performed in a real-time operation include

field check, sign check, and redundant data check

77

Check digit is

an input control consisting of a single digit at the end of an id code that is computed from the other digits in a field. If the id code is mis-keyed, a formula will reveal that the check digit is not correct and the field will not accept the entry

78

Field check is

an edit check in which the characters in a field are examined to ensure they are of the correct field type

ex. # in # field

79

Redundant data check is

an edit check that requires the inclusion of 2 identifiers in each input record and if these values do not match those on record, the record will not be updated

80

Sign check is

an edit check that verifies that the data in a field has the appropriate arithmetic sign

81

During the ______ phase of the SDLC is when training would occur

implementation

82

The greatest financial threat to an organization that implemented the financial accounting module of an ERP system from a major vendor exists from errors detected during

implementation

83

In the systems development cycle, coding is

part of the detailed design phase

84

An integrated group of programs that supervises and supports the operations of a computer system as it executes user's application programs is

an operating system

85

The data processing cycle (DPC) includes

collection (input), refinement, processing, maintenance, and output

86

Multiprocessing is

the simultaneous execution of 2 or more tasks usually by using 2 or more processing units that are part of the same system

87

Multiprogramming is

the appearance of simultaneous execution of 2 programs as a single processing unit switches back and forth between the programs

*it does not allow multiple programs to be executed at exactly the same time

88

In the business information systems, the term "stakeholder" refers to

anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks

89

Change control is

the process of modifying application software, including requesting a change, reviewing the effectiveness of the change, approving the change, and implementing the change

90

Mgmt of company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in

change control

91

In a continuous improvement environment, automated monitoring of controls is

optional

*helpful but not necessary

92

Manual monitoring of controls can also help in a

continuous improvement environment

93

The strategy a CPA would most likely consider in auditing an entity that processes most of its financial data only in electronic form is

continuous monitoring and analysis of transaction processing with an embedded audit module

94

An advantage of having a computer maintain an automated error log in conjunction with computer edit programs is that

reports can be developed that summarize the errors by type, cause, and person responsible

95

Change mgmt control policies

put into place the proper processes and approval channels to make changes to an organization's systems

96

At a minimum, change mgmt control policies should include

- formal channels for requesting and approving changes
- preventing unauthorized changes
- ensuring that any changes made do not impair or negatively impact the other system functions
- ensuring that viability of the whole system is not impaired
- requiring appropriate testing of all changes before implementation to production environments occur

97

Six Sigma, TQM, and other process improvement methodologies all follow the same basic steps which are:

- identify what the issue is
- understand more about the issue
- determine what is causing the issue
- remediate the issue
- implement monitoring and control capabilities

98

Record count is

a total of the # of input documents to a process or the # of records processed in a run

99

The procedure managers use to identify whether the company has info that unauthorized individuals want, how they could obtain the info, the value of the info, and the probability of unauthorized access occurring is

Risk Assessment

100

Disaster recovery plan is

the process, policies, and procedures of restoring operations critical to the resumption of business

101

An AP clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in

the transaction logs

102

A risk of using test library programs in emergency situations is that

the programs may not be further tested before being placed in production permanently

103

In a large organization, the biggest risk in not having an adequately staffed information center help desk is

persistent errors in user interaction with systems

104

In traditional IS, computer operators are generally responsible for backing up software and data files on a regular basis. In distributed or cooperative systems, ensuring that adequate backups are taken is the responsibility of

user management

105

Embedded audit modules enable

continuous monitoring of transaction processing

106

An edit of individual transactions in a direct access file processing system usually

takes place in an online mode as transactions are entered

107

General controls are

applied to all applications processed by the computerized system

108

An example of a general control for a computerized system is

restricting access to the computer center by use of biometric devices

109

Application controls are

specific to an application and ensure the completeness and accuracy of the records and the validity of the entries made

110

Application controls consist of 3 types:

- input controls
- processing controls
- output controls

111

Examples of application controls are

- limiting entry of sales transactions to only valid credit customers
- creating hash totals from SSN for the weekly payroll
- restricting entry of AP transaction to only authorized users

112

A national retailer required more detailed data to help stock its stores with the right products and to increase its turnover. Such data amounted to several gigabytes per data from each store. A new high-speed company-wide network was needed to transmit and analyze the data. Management recognized the need to prepare the company for changes resulting from the enhanced network services. For this purpose, the appropriate management action would be to

optimize in-house networks to avoid bottlenecks that would limit the benefits offered by the telecommunications provider

113

To mitigate the risk of system development personnel being tempted to make unauthorized changes to the software or system to meet user needs, mgmt should implement

change mgmt controls

114

One purpose of an embedded audit module is

to enable continuous monitoring of transaction processing

115

Some of the more important controls that relate to automated AIS are validity checks, limit checks, field checks, and sign tests. These are classified as

input validation routines

116

A preventive control is one that is designed to discover and eliminate problems before they occur. Examples of preventive controls include:

- access control software
- hiring well-qualified personnel and training them well
- segregating EE duties
- controlling physical access to facilities and info

117

Image processing system have the potential to reduce the volume of paper circulated throughout an organization. To reduce the likelihood of users relying on the wrong images, mgmt should ensure that appropriate controls exist to maintain the

integrity of index data

118

The identification of users who have permission to access data elements in a database is found in the

database schema

119

Schema is

a description of the types of data elements that are in the DB, the relationship among the data elements, and the structure or overall logical model used to organize and describe the data

120

The ________ computer assisted auditing technique allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process

integrated test facility

121

Both _____ and _____ are processing controls designed to ensure the reliability and accuracy of data processing

validity checks and limit tests

122

______ authorize and record transaction and correct errors

Users

123

Data control group is

responsible for logging data inputs, processing, and outputs and makes sure that transactions have been authorized

124

Computer operator is

responsible for maintaining and running daily computer operations

125

Security mgmt is

responsible for preventing unauthorized physical and logical access to the system

126

The internal control procedures that would prevent an EE from being paid an inappropriate hourly wage is

limiting access to EE master files to authorized EEs in the personnel dept

127

When a company authorizes EE access only to data required for accomplishing their jobs, the approach is known as

access on a need-to-know basis

128

Individual accountability is

individuals with access to data are responsible for the use and security of data obtained via their access privileges

129

Mgmt-by-exception is

spending mgmt time on exception conditions vs spending time of things operating as normal

130

To maintain effective segregation of duties within the IT function, an application programmer should have the responsibility of

coding approved changes to a payroll system

131

Programmers

- use the design developed by the analysts to develop an IS
- write computer programs

132

Users should have update access for

production data

133

Application programmers should not have

update or change access for production data or production programs

134

Examples of good internal control in an IT system include

- design and implementation is performed in accordance with mgmt specific authorization
- provisions exist to ensure the accuracy and integrity of computer processing of all files and reports
- provisions exist to protect data files from unauthorized access, modification, or destruction

135

In a large firm, custody of an entity's data is most appropriately maintained by

data librarians

136

System analysts

design the system

137

Application programmers

code the specific application programs

138

Computer operators

ensure data is entered and processed and proper output is produced

139

Data librarians

control actual data

140

The functions of a database administrator are

database design, database operation, and database security

141

An organization's computer help-desk function is usually a responsibility of the

computer operations unit

142

Certain utility software may have privileged access to software and data. Tom compensate for the risk of unauthorized use of privileged software IS mgmt can

limit the use of privileged software

143

System analysts

analyze info needs and design systems that meet those needs

144

The role of the systems analyst in an IT environment is

designing systems, preparing specs for programmers, and serving as an intermediary between users and programmers

145

Long range plans and the direction of app development and computer ops are performed by

system administrators

146

The completeness, accuracy, and distribution of input and output is performed by the

data control group

147

The selection and maintenance of system software, including operating systems, network software, and the DB mgmt system is performed by

database and network managers

148

In the organization of the IS function, the most important segregation of duties is

assuring that those responsible for programming the system do not have access to data processing operations

149

Your firm recently converted its purchasing cycle from a manual process to an online computer system. A probably result associated with conversion to the new automated system is

that traditional duties are less segregated

150

Conversion to an automated data processing system usually

- reduces processing errors
- has little to no effect on risk exposure
- reduces processing time

151

Systems analysts are the personnel within an organization who are responsible for the development of the company's IS. The least likely function they are to perform is

developing, coding, and testing computer programs

152

Systems analysts typically perform the

- design of computer applications
- prep of specs for computer programming
- examining user info requirements

153

The system librarian maintains segregation of duties by

only accepting properly tested and approved programs into the production library

154

For sound controls over computer program libraries

only the program librarian should be allowed to make changes to the production library ----this appropriately restricts access to the program modules that are running

155

Programmers should be restricted from

accessing the production library

156

Programmers should be responsible for update access for

making program changes

157

Users should be responsible for

testing the changes

158

If a computer operator had access to both the production library and source code library then

the operator would be in a position to make unauthorized and undetected changes to the computer programs

159

The IT dept responsibilities of ______ and ______ should be delegated to separate individuals

data entry and application programming

160

System programmers are normally assigned

operating systems and compilers

161

Ryan Company has an AIS that operates in a client/server environment. The least likely situation to provide an appropriate security environment is

placing complete systems application controls under one individual

162

In a client/server environment, useful security procedures include

- use of application passwords
- power-on passwords for personal computers
- installation of anti-virus programs

163

A systems analyst is least like to perform the function

develop and code computer programs

164

A systems analyst would

- analyze the present system
- prepare computer program specs
- design computer apps

165

The following is an example of proper segregation of duties within the IT function:

a computer operator must request needed files and programs from the data librarian to process transactions

166

Violation of segregation of duties? A programmer is allowed to make minor changes in the current production version of the program that updates customer accounts

Yes, violoation

167

Violation of segregation of duties? The IS librarian also fills in as a programmer when projects must be completed quickly

Yes, violation

168

Violation of segregation of duties? Systems analysts also work as computer operators when needed

Yes, violation

169

A control to incorporate to prevent an EE from making an unauthorized change to computer records unrelated to that EE's job would be to

apply a compatibility test to transactions or inquiries entered by the user

170

At a remote computer center, mgmt installed an automated scheduling system to load data files and execute programs at specific times during the day. The best approach for verifying that the scheduling system performs as intended is to

audit job accounting data for file accesses and job initiation/termination messages

171

A problem related to computer-based IS in organizations is that end-users require technical support and assistance in the development of their own computer apps. The best solution to this problem would be

information center and help desk

172

The _______ is responsible for making sure that the IS operates efficiently and effectively

Systems administrator

173

An Information Security officer should not

maintain and update a list of user passwords

174

Appropriate duties of the Information Security Officer include

- developing an info security policy
- commenting on security controls in new apps
- monitoring and investigating unsuccessful access attempts

175

The following function should prevent a programmer from altering a program and then using that program in a production run

the IS librarian secures production programs and data

176

When a business implements an online gift registry system for customers such as those about to be married, the system should have the following restrictions on access:

customers have read privileges and salespeople have update privileges

177

In a large multinational organization, the network administrator should have the responsibility of

managing remote access

178

A company planned a major change to its accounting system. The system analyst interviewed users and managers and designed the new system to meet their needs. The analyst then wrote the computer programs to implement the needed modifications. The programs were thoroughly tested by change mgmt based on the criteria of the revised system design. The action that violated segregation of duties was

Systems analyst acted as a programmer

179

Fact or Fiction? The system librarian accepting a program into the production library after it had been tested by the programmer is a violation of segregation of duties?

Yes, fact

*someone independent should have tested it

180

Managing the IS function is likely to involve

- a system for charging user dept for computer services
- project development plans
- responsibility accounting principles

181

The ______ is responsible for ensuring that transactions are processed correctly and that input and output are reconciled

data control group

182

The data control group makes sure that:

- a log is kept of all inputs, data processing ops, stored data, and system output
- source data have been properly approved
- transactions are processed correctly
- input and output are reconciled
- records of input errors are maintained so they can be corrected and resubmitted
- data-related errors are sent to the users who originated the transaction for correction
- system output is distributed to the intended and proper user
- there is adequate rotation of operator duties

183

The database control that would be most effective in maintaining a segregation of duties appropriate to the users' reporting structure within an org is

access security features

184

An EDP control used to assure that paychecks were written for all EE for a pay period would be the use of

hash totals on EE SSN

185

Adle Supply Company recently installed an integrated order-entry and invoicing system. The basic inputs to the system consist of one record for each line on the customers' orders, the inventory master file, and the customer master file. Individual items ordered by the customer may be rejected at the computer entry audit or when the items are validated by comparing them with data in the inventory master file. Complete orders may be rejected when data from the orders are compared with data in the customer master file. All orders that are found to be valid are posted to the inventory and customer files. For data control personnel to account for all inventory items and customer orders processed, the system should include:

run-to-run control totals and error lists

186

A control procedure that could be used in an online system to provide an immediate check on whether an account number has been entered on a terminal accurately is

self-checking digit

187

When evaluating internal control of an entity that processes sales transactions on the internet, an auditor would be most concerned about the

potential for computer disruptions in recording sales

188

Compared to batch processing, real-time processing has the advantage of

timeliness of info

189

An input clerk enters an EE number and the computer responds with the message "EE # is not assigned to an active EE. Please reenter." The technique being used is

existence check

190

Range checking

reduces the risk of reprocessing ledger transactions of an earlier month by checking a number in a transaction (such as a date) to determine whether that number falls within a specified range

191

In reviewing data in excel a brand manager suspected that several days of POS data from one grocery chain was missing. The best approach for detecting missing rows in the data would be to

compare product id codes by store for consecutive periods

192

An update program for bank account balances calculates check digits for account numbers. This is an example of

an input control

193

An online database mgmt system for sales and receivables was recently expanded to include credit approval transactions. An evaluation of controls was not performed prior to implementation. To prevent unauthorized access to specific data elements, the database mgmt system should contain

password specs for each data file or element

194

Preventative controls generally are _____ important than detective controls in EDI systems

more

195

COBIT stands for

Control Objs for Information and Related Technology

196

COBIT applies to

information technology

197

Edit checks in a computerized accounting system

should be performed on transactions prior to updating a master file

198

Using standard procedures developed by information center personnel, staff members download specific subsets of financial and operating data as they need it. The staff members analyze the data on their own personal computers (PCs) and share results with each other. Over time, the staff members learn to modify the standard procedures to get subsets of financial and operating data that were not accessible through the original procedures. The greatest risk associated with this situation is that:

the data obtained might be incomplete or lack currency

199

A customer order was never filled due to transposition error. The _______ control would most likely have detected the transposition

validity check

200

The linked list form of file organization is characterized by

pointer field

201

Examine ________ to determine if an IS is operating according to prescribed procedures

system control

202

Online access controls are critical for the successful operation of today's computer systems. To assist in maintaining control over such access, many systems use tests that are maintained through an internet access control matrix which consists of:

authorized user code #, passwords, lists of all files and programs, and a record of the type of access each user is entitled to have for each file and program

203

The situation that would most likely provide the best way to secure data integrity for a personal computer environment is

all computers linked to a LAN

204

An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual would be an example of

preventive controls

205

The input control to prevent an incorrect state abbreviation from being accepted as legitimate data is

validity check

206

A digital signature is used primarily to determine that a message is

unaltered in transmission

207

A validation check used to determine if a quantity ordered field contains only numbers is an example of

an input control

208

In order to assure the accuracy of computerized output, it is necessary to have controls related to

input, processing/storage, and output

209

EDP accounting control procedures are referred to as general controls or application controls. The primary objective of application controls in a computer environment is to

maintain the accuracy of the input, files, and outputs for specific applications

210

A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. The data processing input control that appears to be missing is

a validity test

211

To ensure the completeness of update in an online system, separate totals are accumulated for all transactions processed throughout the day. The computer then agrees these totals to the total of items accepted for processing. This is an example of

run-to-run controls

212

The most important control objective in the audit of an online order entry system that maintains information critical to mgmt decisions is

data integrity

213

The EDP control used to assure that hours an individual worked in one week do not exceed a designated maximum is

a limit check

214

EE numbers have all numeric characters. To prevent the input of alphabetic characters, the technique to use is

a field check

215

Erroneous mgmt decisions might be the result of incomplete information. The best control to detect a failure to process all valid transactions is

user review of selected output and transactions rejected by edit checks

216

To avoid invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This techniques is known as

a check digit

217

An example of how specific internal controls in a database environment may differ from controls in a nondatabase environment is

controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access

218

Data input validation routines include

hash totals

219

To ensure the completeness of a file update, the user department retains copies of all unnumbered documents submitted for processing and checks these off individually against a report of transactions processed. This is an example of the use of

one-for-one checking

220

In an automated payroll processing environment, a department manager substituted the time card for a terminated EE with a time card for a fictitious EE. The fictitious EE had the same pay rate and hours worked as the terminated EE. The best control technique to detect this action using EE id number would be

hash total

221

A retail entity uses EDI in executing and recording most of its purchase transactions. The entity's auditor recognizes that the documentation of the transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would

perform tests several times during the year, rather than only at year end

222

In order to prevent, detect, and correct errors and unauthorized tampering, a payroll system should have adequate controls. The best set of controls for a payroll system includes

batch and hash total, record counts of each run, proper separation of duties, passwords and user codes, and backup of activity and master files

223

A new AR clerk, working for a wholesaler, noticed that a customer had apparently changed addresses. The clerk had accessed the customer's computer file and revised all addresses. One week later the customer complained that goods were being sent to the wrong address. The primary control to prevent this occurrence is

database security

224

An access control matrix consists of

- a list of all authorized user code numbers and passwords
- a list of all files and programs maintained on the system
- a record of the type of access to which each user is entitled

225

The most effective computerized control procedure to ensure data uploaded from a PC to a mainframe are complete and that no additional data are added is

batch control totals, including control totals and hash totals

226

Program documentation is a control designed primarily to ensure that

programs are kept up to data and perform as intended

227

A control activity to take to reduce the risk of incorrect processing in a newly installed computerized accounting system is to

independently verify the transactions

228

A bank wants to reject erroneous checking account numbers to avoid invalid input. The auditors recommended adding another number at the end of the account numbers. The computer would subject the other numbers to an algorithm and compare it to the extra number. This technique recommended by the auditors is

check digit