IT Chapter 3 Flashcards Preview

Information Technology CPA > IT Chapter 3 > Flashcards

Flashcards in IT Chapter 3 Deck (30)
Loading flashcards...
1

Where is the greatest information security risk?

Accidental employee error.

2

What are the three control environment sub componenets?

Managerial philosophy
Org Structure
Steering committee

3

What is logical security concerned with?

Safeguarding software to protect software and data.

4

What is org security concerned with?

Segregating the functions of the IS department and the end user

5

Restricting documentation, hardware and data follows into what control?

Access control

6

What are output controls there for?

Procedures ensure the accuracy of output including reports, data updates.

7

What is SOX? What is the policy in Canada?

Requirement to have external auditors examine the internal controls. In Canada, does not have to be external auditors.

8

What is COBIT a governance model of?

IT Governance.

9

What is a disaster recovery plan?

Set of policies and procedures to protect and recover IT infrastructure in the even of disaster.

10

What is Infrastrcture-as-a-service?

Cloud-computing categary where an org oursoucres hardware, storage, servers and networking to a service prodiver.

11

What is the most common computer crime?

Input manipulation

12

What is program manipulation?

Involves changing or altering existing programs in the computer system or inserting new programs.

13

What is the salami technique?

Nearly unnoticeable thin slices of financial transactions are repeatedly removed and transferred to another account.

14

What is the focus of a financial audit?

Focused on providing reasonable assurance over financial records and documentattion of financial information.

15

What is an IT audit?

Evaluates if information systems are safeguarding assets, and maintaining data integrity.

16

What are the stages of a financial audit?

1.Client acceptance
2. Audit planning stage
3. Control testing stage
4. Substantive testing stage
5. Opinion formulation stage

17

What are the auditing process for IT audits?

1. Physical and environment review
2. System admin review
3. Network security review
4. Business continuity review
5. Data integrity review

18

What is substantive testing?

Focuses on finding direct evidence that certain activities are happening as they should.

19

What does CAAT stand for?

Computer assisted audit techniques

20

What are the functions of CAAT?

Can sift through records looking for patterns.
100% verification
Detect fraud.

21

Which two control procedures are classified as access,input, processing, output, procedural and documentation control procedures?

Physical and logical

22

What are three features of physical security?

Safeguarding hardware
Network authentication of users
Server room security

23

What is the subset goal of data input controls?

To protect data integrity

24

What are the two most common IT governance framework for SOX compliance?

COBIT and COSO

25

What has resulted in simplifying disaster recovery plans?

Virtualization

26

What is the formal term for the collected techniques of securing communications?

Cryptology

27

Three types of data processing fraud?

Input, program, output

28

What is the main focus of substantive testing?

Direct evidence that certain activities such as calculations are happening as they should.

29

What is the most common BI method deployed using CAAT?

Pattern recognition.

30

What is COSO

A model to ensure accurate financial reporting, efficient operations and law compliance.