Module 41: Information Technology Flashcards

Question

Analog

Answer 1

The representation that is produced by the fluctuations of a continuous signature (speech, temperature, weight, speed). Use electrical, mechanical, hydraulic or pneumatic devices to transmit the fluctuations in the signal itself to represent information.

Answer 2

Equipment in direct communication with, and under the control of, the CPU. Online also refers to having a connection to the Internet.

Answer 3

Equipment not in direct communication with the CPU; the operator generally must intervene to connect off-line equipment or data to the CPU. Off-line also refers to the absence of an Internet connection.

Answer 4

Terminal used for communication between the operator and the computer

Answer 5

All non-CPU hardware that may be placed under the control of the central processor. Classified as online or off-line, this equipment consists of input, storage, output and communication.

Answer 6

Hardware units designed to operate specific input-output units.

Answer 7

Temporary store unit used to hold data during computer operations.

Answer 8

Millions of instructions per second; a unit for measuring the execution speed of computers.

Answer 9

Data is entered on a magnetic tape and/or disk respectively, and then read into a computer

Answer 10

Uses keyboard to directly enter data into computer.

Answer 11

A program that controls the display for the user (usually on a computer monitor) that allows the user to interact with the system

Answer 12

Uses icons, pictures, and menus instead of text for inputs (e.g. Windows)

Answer 13

Uses text-type commands

Answer 14

Familiar devices that allow data entry

Answer 15

Allows users to enter data from a menu of items by touching the surface of the monitor

Answer 16

Documents that are sent to the customer and returned as inputs (e.g. utility bills)

Answer 17

A device capable of sensing information recorded as magnetic spots on magnetic tape

Answer 18

Device that reads characters that have been encoded with a magnetic ink (e.g. bank check readers)

Answer 19

A device that reads characters on printed pages

Answer 20

A machine used to execute and record transactions with financial institutions

Answer 21

Uses radio waves to track and input data. Increasingly used for inventory and contactless payment systems. Does not require line-of-sight access like bar code technology (e.g. FasTrak)

Answer 22

Devices that read price and product code data (e.g. recall purchasing groceries - items are frequently passed over a POS recorder). POS processing allows one to record and track customer orders, process credit and debit cards, connect to other systems in a network and manage inventory.

Answer 23

A system that understands spoken words and transmits them into a computer.

Answer 24

Invoices one company's computer communicating with another's computer. E.g a buyer electronically sending a purchase order to a supplier.

Answer 25

Visually display output

Answer 26

Produce paper output

Answer 27

Produce paper output of graphs

Answer 28

Makes use of photographic process to store output

Answer 29

Manages the input, output, processing and storage devices and operations of a computer (e.g. Windows, Linux, Unix)

Answer 30

Handle common file, data manipulation and housekeeping tasks

Answer 31

Controls and supports transmission between computers, computers and monitors, and accesses various databases.

Answer 32

All in one package, designed for small organizations

Answer 33

Ordinarily in modules (e.g. general ledger, receivables)

Answer 34

Designed as relatively complete information system "suites" for large and medium size organizations (e.g. HR, financial applications, manufacturing, distribution). Major vendors are SAP, PeopleSoft, Oracle, and J.D. Edwards

Answer 35

Produces a machine language object program from a source program language

Answer 36

Simultaneous execution of two or more tasks, usually by two or more CPUs that are part of the same system

Answer 37

The simultaneous processing of several jobs on a computer

Answer 38

The converted source program that was changed using a compiler to create a set of machine readable instructions that the CPU understands

Answer 39

A program written in a language from which statements are translated into machine language; computer programming has developed in generations

Answer 40

Composed of combinations of 1's and 0's that are meaningful to the computer

Answer 41

Low-level programming language that uses words (mnemonics) instead of numbers to perform an operation. Must be translated to machine language by an assembler. Assembly language is specific to a computer architecture and not portable.

Answer 42

COBOL, Basic, Fortran, C++, Java

Answer 43

C++ and Java; based on concept of an objcet which is a data structure that uses a set of routines called methods which operate on the data. Keep together data structures and procedures (methods) through a procedure referred to as encapsulation.

Answer 44

Built around database systems. These programs are ordinarily closer to human languages than the first three generations (e.g. SQL, Structures Query Language)

Answer 45

Online secondary memory that is used as an extension of primary memory, thus giving the appearance of larger, virtually unlimited internal memory

Answer 46

Rules determining the required format and methods for transmission of data

Answer 47

Review of a program by the programmer for errors before the program is run and debugged on the computer.

Answer 48

To find and eliminate errors in a computer program. Many compilers assist debugging by listing errors in a program such as invalid commands.

Answer 49

To correct input data prior to processing

Answer 50

A set of program instructions performed repetitively a predetermined number of times, or until all of a particular type of data has been processed.

Answer 51

A listing of the contents of storage

Answer 52

A section of coding inserted into a program to correct a mistake or to alter a routine

Answer 53

A complete cycle of a program including input, processing, and output

Answer 54

Transactions flow through the system in groups of like transactions (batches) E.g. all cash receipts on accounts receivable for a day may be aggregated and run as a batch.

Answer 55

General: Transactions are processed in the order in which they occur, regardless of type. data files and programs are stored online so that updating can take place as the edited data flows to the application. System security must be in place to restrict access to programs and data to authorized personals.

Answer 56

Databases that support day-to-day operations. E.g. airline reservation systems, bank automatic teller systems, and internet website sales systems

Answer 57

Category of software technology that enables the user to query the system (retrieve data) and conduct an analysis ordinarily while the user is at a PC

Answer 58

Subject-oriented, integrated collection of data used to support management decision-making processes

Answer 59

Data warehouse that is limited in scope

Answer 60

Using sophisticated techniques from statistics, artificial intelligence and computer graphics to explain, confirm and explore relationships among data

Answer 61

A combination of systems that help aggregate, access, and analyze business data and assist in the business decision-making process

Answer 62

Computer software designed to help humans make decisions. AI may be viewed as an attempt to mode aspects of human thought on computers.

Answer 63

Form of AI. A computerized information system that guides decision processes within a well-defined area and allows decisions comparable to those of an expert. Modeled into a mathematical system.

Answer 64

Used by a credit card department to authorize credit card purchases so as to minimize fraud and credit losses.

Answer 65

-Processing occurs at one location -This is the model used in which a mainframe computer processes data submitted to it through terminals

Answer 66

-Processing (and data) are stored on computers at multiple locations -Computers involved are not interconnected by a network, so users at various sites cannot share data. -Viewed as a collection of independent databases, rather than a single database -End-user computing is relatively decentralized.

Answer 67

-Transactions for a single database are processed at various sites -Processing may be on either a batch or online real-time basis -Overall single data base is ordinarily updated for these transactions and available at the various sites

Answer 68

Binary digit (0 or 1) which is the smallest storage unit in a computer

Answer 69

A group of adjacent bits (usually 8) that is treated as a single unit, or character, by the computer

Answer 70

A group of related characters (e.g. social security number)

Answer 71

An ordered set of logically related fields. E.g. all payroll data (included the SSN field and others) relating to a single employee

Answer 72

A group of related records (e.g. all the weekly pay records YTD), which is usually arranged in a sequence.

Answer 73

Group of related records in a relational database with a unique identifier (primary key field) in each record

Answer 74

A group of related files or a group of related tables (if a relational database)

Answer 75

An aggregate that consists of data objects with attributes, each of which may be uniquely referenced by an index (address). E.g. an array may be used to request input of various payroll information for a new employee in one step. Thus an array could include: employee name, SSN, withholdings, pay rate

Answer 76

A file containing relatively permanent information used as a source of reference and periodically updated with a detail (transaction) file (e.g. permanent payroll records)

Answer 77

A file containing current transaction information used to update the master file (e.g. hours worked by each employee during the current period used to update the payroll master file)

Answer 78

Systems focus upon data processing needs of individual departments. Each application program or system is developed to meet needs of particular requesting department or user group.

Answer 79

-Currently operational for many existing (legacy) systems -Cost effective for simple applications

Answer 80

-Data files are dependent upon a particular application program -In complex business situation there is much duplication of data b/w data files -Each application must be developed individually -Program maintenance is expensive -Data may be isolated and difficult to share b/w functional areas

Answer 81

Collection of interrelated files, ordinarily most of which are stored online

Answer 82

The process of separating the database into logical tables to avoid certain kinds of updating difficulties (referred to as anomalies)

Answer 83

Computer hardware and software that enables the database to be implemented

Answer 84

Software that provides a facility for communications between various applications programs (e.g. a payroll prep program) and the database (e.g. a payroll master file containing the earnings records of the employees)

Answer 85

Basic to database systems is this concept which separates the data from the related application programs

Answer 86

Identifying and organizing a database's data, both logically and physically. Determines what information is to be contained in a database, how the info will be used and how the items in the database will be related to each other

Answer 87

An approach to data modeling. Divides the database in two logical parts. E.g. Customer, product and relations are buys and pays for

Answer 88

The field(s) that make a record in a relational database table unique

Answer 89

The field(s) that are common to two (or more) related tables in a relational database

Answer 90

Data model designed for use in designing accounting information databases. REA is an acronym for the model's basic types of objects: Resources - Identifiable objects that have economic value Events - An organization's business activities Agents - People or organizations about which data is collected

Answer 91

AKA data repository or data directory system; a data structure that stores meta-data

Answer 92

Definitional data that provides information about or documentation of other data managed within an application or environment. For example, data about data elements, and data structures (length, fields, columns, etc.)

Answer 93

The most common language used for creating and querying relational databases

Answer 94

Used to define a database, including creating, altering, and deleting tables and establishing various constraints.

Answer 95

Commands used to maintain and query a database, including updating, inserting in, modifying and querying (asking for data). E.g. frequent query involves the joining of information from more than one table

Answer 96

Commands used to control a database, including controlling which users have various privileges (e.g. who is able to read from and write to various portions of the database)

Answer 97

The data elements at one level "own" the data elements at the next lower level (think of an organization chart in which one manager supervises several assistants, who in turn each supervise several lower level employees)

Answer 98

Each data element can have several owners and can own several other elements (think of a matrix type structure in which various relationships can be supported)

Answer 99

A database with the logical structure of a group of related spreadsheets. Each row represents a record, which is an accumulation of all the fields related to the same identifier or key; each column represents a field common to all of the records

Answer 100

Information (attributes and methods) are included in structures called object classes. This is the newest database management system technology.

Answer 101

Includes both relational and object-oriented features

Answer 102

A single database that is spread physically across computers in multiple locations that are connected by a data communications link.

Answer 103

Because users directly input data, strict controls over who is authorized to read and/or change the database are necessary.

Answer 104

In addition to the usual controls over terminals and access to the system, database processing also maintains controls within the database itself. These controls limit the user to reading and/or changing (updating) only authorized portions of the database.

Answer 105

This limits the access of users to the database, as well as operations a particular user may be able to perform. For example, certain employees and customers may have only read and not write privileges

Answer 106

Users may be provided with authorized views of only the portions of the database for which they have a valid need.

Answer 107

Database is updated on a continuous basis during the day.

Answer 108

Approach is to backup the entire database several times per week, generally to magnetic tape. A log of all transactions is also maintained.

Answer 109

To avoid catastrophic failure, another approach is to replicate the database at one or more locations. Thus, all data may be recorded to both sets of the database.

Answer 110

Another approach is to maintain a backup facility with a vendor who will process data in case of an emergency.

Answer 111

Individual responsible for maintaining the database and restricting access to the database to authorized personnel

Answer 112

Usually used by auditors to test the database

Answer 113

Data can be used relatively easily by differing applications

Answer 114

Manner in which data is structured results in information being recorded in only one place, thus making updating much easier than is the case with traditional file systems

Answer 115

The sharing of data between individuals and applications is relatively easy

Answer 116

-Data independence -Minimal data redundancy -Data sharing -Reduced program maintenance -Commercial applications are available for modification to a company's needs

Answer 117

-Need for specialized personnel with database expertise -Installation of database costly -Conversion of traditional file systems (legacy systems) costly -Comprehensive backup and recovery procedures are necessary

Answer 118

A network is a group of interconnected computers and terminals.

Answer 119

Electronic transmission of information by radio, fiber optics, wire, microwave, laser, and other electromagnetic systems has made possible the electronic transfer of information between networks of computers.

Answer 120

A computer network that is centered around an individual and the personal communication devices he/she uses. PANs associated with both wireless and wired communication device.

Answer 121

Privately owned networks within a single building or campus of up to a few miles in size.

Answer 122

Larger version of a LAN. E.g. it might include a group of nearby offices within a city

Answer 123

Networks that span a large geographical area, often a country or continent. It is composed of a collection of computers and other hardware and software for running user programs.

Answer 124

One in which network resources are usually dedicated to a small number of applications or a restricted set of users, as in a corporation's network

Answer 125

Secure, flexible, performance often exceeds that of public

Answer 126

Resources are owned by third-party companies and leased to users on a usage basis (aka public-switched networks)) PSN

Answer 127

Access is typically through dial-up circuits E.g. applications using the internet

Answer 128

The use and access of multiple server-based computational resources via a digital network (WAN, Internet connection using the World Wide Web). Applications are provided and managed by the cloud server and data is stored remotely in the cloud configuration. Users do not download and install applications on their own device or computer; all processing and storage is maintained by the cloud server.

Answer 129

-Information security and privacy - users must rely on cloud's providers' data access controls -Continuity of services - user problems may occur if the cloud provider has disruptions in service -Migration - users may have difficulty in changing cloud providers because there are no data standards

Answer 130

Hypertext Markup Language; language used to create and format documents, link documents to other Web pages and communicate between Web browsers

Answer 131

Extensible Markup Language; language used to create and format documents, link documents to other Web pages and communicate between Web browsers

Answer 132

Superior ability to tag (i.e. label) and format documents that are communicated among trading partners

Answer 133

Extensible Business Reporting Language is an XML based language being developed specifically for the automation of business information requirements. Used in filings with the SEC that made available on EDGAR, the SEC's Electronic Data Gathering and Retrieval database.

Answer 134

An international collection of networks made up of independently owned computers that operate as a large computing network. Internetwork communication requires the use of a common set of rules, or protocols (TCP) and a shared routing system (IP)

Answer 135

Hypertext Transfer Protocol - the primary Internet protocol for data communication on the WWW

Answer 136

Uniform Resource Locator - a standard for finding a document by typing in an address

Answer 137

World Wide Web - a framework for accessing linked resources spread out over millions of machines all over the Internet

Answer 138

Client software (e.g. IE, Firefox, Chrome, Mosaic) that provides the user with the ability to locate and display web resources

Answer 139

The software that serves web resources to software clients.

Answer 140

A method for protecting an organization's computers and computer information from outsiders. A firewall consists of security algorithms and router communications protocols that prevent outsiders from tapping into corporate database and e-mail systems

Answer 141

A Communications interface device that connects two networks and determines the best way for data packets to move forward to their destinations

Answer 142

A device that divides a LAN into two segments, selectively forwarding traffic across the network boundary it defines; similar to a switch

Answer 143

A device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination

Answer 144

Combination of hardware and software that links to different types of networks. E.g. gateways between e-mail systems allow users of differing e-email systems to exchange messages

Answer 145

A server the saves and serves copies of web pages to those who request them. When a web page is requested, the proxy server is able to access that page either through its cache or by obtaining it through the original server. Can both increase efficiency of internet operations and help assura data security.

Answer 146

2nd generation of the web

Answer 147

An asynchronous discussion, or web log, led by a moderator that typically focuses on a single topic

Answer 148

An information-gathering and knowledge-sharing website that is developed collaboratively by a community or group, all of whom can freely add, modify or delete content.

Answer 149

A micro-variation of a blog. Restricts input (tweet) to 140 characters

Answer 150

An XML application that facilitates the sharing and syndication of website content by subscription. RSS feeds are automatically checked by RSS-enabled client software for new website content on a regular basis

Answer 151

The basic communication language or protocol of the Internet. Two layers: 1. Higher layer assembles messages or files into smaller packets that are transmitted over the Internet 2. The lower layer assigns IP addresses and insures that messages are delivered to the appropriate computer

Answer 152

The number that identifies a machine as unique on the internet

Answer 153

An entity that provides access to the internet

Answer 154

A program or piece of code that requests the computer operating system to perform certain activities not authorized by the computer user. Can be easily transmitted through use of files that contain macros that are sent as attachment to e-mail messages.

Answer 155

A stored set of instructions and functions that are organized to perform a repetitive task and can be easily activated, often by a simple keystroke combination

Answer 156

Malicious, security-breaking program that is disguised as something benign, such as a game, but actually is intended to cause IT damage

Answer 157

A program that propagates itself over a network, reproducing itself as it goes

Answer 158

Used to attempt to avoid problems.

Answer 159

Network of computers that are controlled by computer code, called a bot that is designed to perform a repetitive task such as sending spam, spreading a virus, or creating a distributed denial of service attack

Answer 160

Local network, usually limited to an organization, that uses internet-based technology to communicate within the organization

Answer 161

Similar to an intranet, but includes an organization's external customers and/or suppliers in the network

Answer 162

A networked computing model (usually LAN) in which database software on a server performs database commands sent to it from client computers

Answer 163

The file server manages file operations and is shared by each of the client PCs (ordinarily attached to a LAN).

Answer 164

Server contains the database management system and thus performs more of the processing

Answer 165

A client/server configuration that includes three tiers. A two-tier architecture includes the client tier and server database tier.

Answer 166

-Print server - make shared printers available to various clients -Communications server - serve a variety of tasks; such as acting as a gateway to internet or to the corporate intranet -Fax server - Allow clients on the network to share the hardware for incoming and outgoing fax transmissions -Web server - stores and serves web pages on request

Answer 167

These systems connect all company locations to form a distributed network in which each location has its own input/output, processing, and storage capabilities

Answer 168

Privately owned networks within a single building or campus of up to a few miles in size

Answer 169

Allows devices to function cooperatively and share network resources such as printers and disk storage space

Answer 170

Ordinarily microcomputers

Answer 171

Printers, network attached storage (NAS) devices, optical scanners, fax board

Answer 172

Physical path that connect components of LAN, ordinarily twisted-pair wire, coaxial cable, or optical fiber. LANs that are connected wirelessly are called WLANs or WiFi networks.

Answer 173

Connect workstation and transmission media

Answer 174

The end user is responsible for the development and execution of the computer application that generates the information used by the same end user

Answer 175

Substantially eliminates many of the services offered by an MIS department

Answer 176

-End-user applications are not always adequately tested before implemented -More client personnel need to understand control concepts -Management often does not review the results of applications appropriately -Old or existing applications may not be updated for current applicability and accuracy -Physical access controls become more difficult

Answer 177

-Clamps or chains to prevent removal of hard disks or internal boards -Diskless workstations that require download of files -Regular backup -Security software to limit access to those who know user ID and password -Control over access from outside -Commitment to security matters written into job descriptions, employee contacts, and personnel evaluation procedures

Answer 178

Involves individuals and organizations engaging in a variety of electronic transactions with computers and telecommunication networks. Can be publicly or privately available.

Answer 179

-security -availability -processing integrity -online privacy -confidentiality

Answer 180

Developed by AICPA and Canadian Institute of Chartered Accountants -Tells potential customers that the firm has evaluated a website's business practices and controls to determine whether they are in conformity with WebTrust principles

Answer 181

Aka digital IDs. Means of assuring data integrity.

Answer 182

Allows an individual to digitally sign a message so the recipient knows that it actually came from that individual and was not modified in any manner.

Answer 183

The conversion of data into a form called a cipher text, that cannot be easily understood by unauthorized people.

Answer 184

Process of converting encrypted data back into its original form so it can be understood. The conversion is performed using an algorithm and key which only the users control.

Answer 185

A detailed sequence of actions to perform to accomplish some task.

Answer 186

In the content of encryption, a value that must be fed into the algorithm used to decode an encrypted message in order to reproduce the original plain text.

Answer 187

An encryption system in which both the sender and receiver have access to the electronic key, but do not allow others access. The primary disadvantage is that both parties must have the key.

Answer 188

Slow down the rate of processing

Answer 189

Making cash payments between two or more organizations or individuals electronically rather than by using checks (or cash).

Answer 190

Risk of unauthorized access to proprietary data and to the risk of fraudulent fund transfers

Answer 191

-Control of physical access to network facilities -Electronic identification required for all network terminals authorized to use EFT -Access controlled through passwords -Encryption used to secure stored data and data being transmitted

Answer 192

Electronic exchange of business transactions, in a standard format, from one entity's computer to another entity's computer through an electronic communications network. Web-based commerce is replacing a portion of these EDI systems.

Answer 193

-Reduces amounts receivable (payables) due to electronic processing of receipts (payments) -Preventive controls desirable versus detective controls

Answer 194

A direct computer-to-computer private network link. Automakers and governments have traditionally used this method.

Answer 195

-No reliance on third parties for computer processing -Organization controls who has access to the network -Organization can enforce propriety (its own) software standard in dealings with all trading partners -Timeliness of delivery may be improved since no third party is involved

Answer 196

-Must establish connection with each trading partner -High initial cost -Computer scheduling issues -Need for common protocols between partners -Need for hardware and software compatibility

Answer 197

Privately owned network that routes the EDI transactions between trading partners and in many cases provides translation, storage, and other processing. Designed and maintained by an independent company that offers specialized support to improve the transmission effectiveness of network.

Answer 198

A VAN receives data from sender, determines intended recipient, and places data in the recipient's electronic mailbox.

Answer 199

-Reduces communication and data protocol problems since VANs can deal with differing protocols -Partners do not have to establish the numerous point-to-point connections -Reduces scheduling problems since receiver can request delivery of transactions when it wishes -VAN translates application to a standard format the partner does not have to reformat -Provide increased security

Answer 200

-Cost of VAN -Dependence upon VAN's systems and controls -Possible loss of data confidentiality

Answer 201

Internet-based commerce

Answer 202

-Avoids cost of proprietary lines -Avoids cost of VAN -Directly communicates transactions to trading partners -Software is being developed which allows communication between differing systems

Answer 203

-Possible loss of data confidentiality on the Internet -Computer or transmission disruption -Hackers and viruses -Attempted electronic frauds

Answer 204

Organizations have developed their own network for their own transactions. Costly to develop and operate, although they are often extremely reliable.

Answer 205

Controls must exist over the origin, proper submission, and proper delivery of EDI communications. Receiver of the message must have proof of the origin of the message, as well as its proper submission and delivery.

Answer 206

A block of data that is transmitted from one computer to another. It contains data and authentication information.

Answer 207

The conversion of plain text data into cipher text data used by an algorithm and key which only the users control.

Answer 208

-Quick response and access to information -Cost efficiency -Reduced paperwork -Accuracy and reduced errors and error-correction costs -Better communications and customer service -Necessary to remain competitive

Answer 209

-Total dependence upon computer system for operation -Possible loss of confidentiality of sensitive information -Increased opportunity for unauthorized transactions and fraud -Concentration of control among a few people involved in EDI -Reliance on third parties -Data processing, application and communications errors -Potential legal liability due to errors -Potential loss of audit trails and info needed by management due to limited retention policies -Reliance on trading partner's system

Answer 210

The electronic transmission of information by radio, wire, fiber optic, coaxial cable, microwave, laser or other electromagnetic system

Answer 211

-Computers for communications control and switching -Transmission facilities such as copper wire, fiber optic cables, microwave stations and communications satellites -Models may be used to provide compatibility of format, speed

Answer 212

Technologies such as: -EDI (Electronic data interchange) -EFT (Electronic funds transfer) -Point of sale systems -Commercial databases -Airline reservation systems

Answer 213

-System integrity at remote sites -Data entry -Central computer security -Dial-in security -Transmission accuracy and completeness -Physical security over telecommunications facilities

Answer 214

Computer service organizations record and process data for companies. These orgs allow companies (users) to do away with part of the data processing function.

Answer 215

Developed by the Information Systems Audit and Control Association (ISACA) to assist enterprises in achieving their objectives for governance and management of enterprise IT

Answer 216

COBIT 5 - business-oriented in that it provides a systematic way of integrating IT with business strategy and governance

Answer 217

-Meeting stakeholder needs -Covering the enterprise end-to-end -Applying a single integrated framework -Enabling a holistic approach -Separating governance from management

Answer 218

Factors that individually and collectively influence whether something will work in an organization. -Processes - an organized set of practices and activities to achieve certain objectives -Organizational structures - the key decision-making entities in an organization -Culture, ethics, and behavior of individuals and the organization -Principles, policies and frameworks - the vehicle to translate the desired behavior into guidance for day-to-day management -Information produced and used by the enterprise -Services, infrastructure and applications - the infrastructure, technology, and applications that provide the enterprise with information technology processing and servicers -People, skills, and competencies required for successful completion of all activities and for making correct decisions.

Answer 219

Reliable system is one that is capable of operating without material error, fault, or failure during a specified period in a specified environment

Answer 220

The AICPA's Trust Services. Provides assurance on information systems, use a framework with five principles of a reliable system.

Answer 221

-Security -Availability -Processing integrity -Online Privacy -Confidentiality If a principle is not met a risk exists

Answer 222

System is protected against unauthorized access (both physical and logical)

Answer 223

The system is available for operation and use as committed or agreed. The system is available for operation and use in conformity with the entity's availability policies

Answer 224

System processing is complete, accurate, timely, and authorized

Answer 225

Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed

Answer 226

Information designated as confidential is protected as committed or agreed

Answer 227

I - Integrity and ethical values C - Commitment to competence H - Human resource policies and practices A - Assignment of authority and responsibility M - Management's philosophy and operating style B - BOD or audit committee participation O - Organizational structure

Answer 228

-Software concept - identify the need for the new system -Requirements analysis - determine the needs of the users -Architectural design - determining the hardware, software, people, etc. needed -Coding and debugging - acquiring and testing the software -System testing - testing and evaluating the functionality of the system

Answer 229

Segregates functions between information systems department and user departments

Answer 230

-Do not allow the information systems department to initiate or authorize transactions -Segregate programming, data entry, operations, and the library function within the information systems department

Answer 231

The systems analyst analyzes the present user environment and requirements and: -Recommend specific changes -Recommend the purchase of a new system -Design a new information system

Answer 232

The systems programmer is responsible for implementing, modifying, and debugging the software necessary for making the hardware work (operating system, telecommunications monitor, and the database management system)

Answer 233

Responsible for writing, testing, and debugging the application programs from the specifications provided by the systems analyst. Program flowchart is one tool used by the applications programmer to define the program logic.

Answer 234

In a database environment, a DBA is responsible for maintaining the database and restricting access to the database to authorized personnel.

Answer 235

Data may be prepared by user departments and input by key to storage devices

Answer 236

The operator is responsible for the daily computer operations of both the hardware and software. Should have adequate documentation available to run the program, but should not have detailed program information.

Answer 237

The librarian is responsible for custody of the removable media (magnetic tapes or disks) and for the maintenance of program and system documentation.

Answer 238

The control group acts as liaison between users and the processing center. This group records input data in a control log, follows the progress of processing, distributes output, and ensures compliance with control totals.

Answer 239

Programming, operations, and library functions

Answer 240

Responsible for overseeing the development, planning, and the implementation of a website.

Answer 241

Responsible for providing expertise and leadership in the development of a website, including the design, analysis, security, maintenance, content development, and updates.

Answer 242

Responsible for creating the visual content of the website.

Answer 243

Responsible for the daily operations of the website.

Answer 244

Responsible for writing programs for commercial use. Similar to a software engineer or systems programmer.

Answer 245

Responsible for writing programs based on the needs of the company.

Answer 246

Risk of improper financial reporting.

Answer 247

Review of system-access log; IT can also facilitate monitoring.

Answer 248

1. Computer general control activities 2. Computer application control activities; programmed application control activities;manual follow-up of computer exception reports 3. User control activities to test the completeness and accuracy of computer processed controls

Answer 249

Affect all computer applications. There are four types of general controls: 1. Develop new programs and systems 2. Changing existing programs and systems 3. Controlling access to programs and data 4. Controlling computer operations

Answer 250

Primarily due to chip technology. Also due to the controls built into the hardware and systems software to provide for a self-diagnostic mechanism to detect and prevent equipment failures.

Answer 251

A special bit is added to each character that can detect if the hardware loses a bit during the internal movement of a character.

Answer 252

Primarily used in telecommunications transmissions. During the sending and receiving of characters, the receiving hardware repeats back to the sending hardware what it received and the sending hardware automatically resends any characters that were received incorrectly.

Answer 253

Hardware or software supplied by the manufacturer to check the internal operations and devices within the computer system. These routines are often activated when the system is booted up.

Answer 254

Most CPUs have multiple jobs running simultaneously (multiprogramming environment). To ensure that these simultaneous jobs cannot destroy or change the allocated memory of another job, the systems software contains boundary protection controls.

Answer 255

The system should be examined periodically (often weekly) by a qualified service technician.

Answer 256

Systems and programs should be adequately documented. System specification documents should detail such matters as performance levels, reliability, security and privacy, constraints and limitations, functional capabilities, and data structure elements.

Answer 257

Where all suggestions for changes (from users and information system personnel) should be documented.

Answer 258

The information systems manager should review all changes

Answer 259

May be used to compare source and/or object codes of a controlled copy of a program with the program currently being used to process data.

Answer 260

The physical facility that houses the computer equipment, files and documentation should have controls to limit access only to authorized individuals.

Answer 261

Used to document those who have had access to the area

Answer 262

The most used control is a combination of a unique identification code and a confidential password

Answer 263

Specialized form of user identification in which the user dials the system, identifies him/herself, and is disconnected from the system. Then either (1) an individual manually finds the authorized telephone number or (2) the system automatically finds the authorized telephone number of the individual and calls back

Answer 264

Data is encoded when stored in computer files and/or before transmission to or from remote locations (e.g. through use of modems and telephone lines). This coding protects data, since to use the data unauthorized users must not only obtain access, but must also translate the coded form of the data.

Answer 265

Have access to an operations manual that contains the instructions for processing programs and solving routine operational program issues, but not with detailed program documentation

Answer 266

Prepare for system failures. Plans should detail the responsibilities of individuals as well as the alternate processing sites that should be utilized.

Answer 267

External labels are gummed-paper labels attached to storage media which identify the file. Internal labels perform the same function through the use of machine readable identification in the first record of a file. The use of labels allows the computer operator to determine whether the correct file has been selected for processing.

Answer 268

-Inputs should be properly authorized and approved -System should verify all significant data fields used to record information (editing the data) -Conversion of data into machine-readable form should be controlled and verified for accuracy

Answer 269

Information is preassigned a place and a format on the input form

Answer 270

An extra digit added to an identification number to detect certain types of data transmission errors.

Answer 271

A bank may add a check digit to individuals' 7-digit account numbers. The computer will calculate the correct check digit based on performing predetermined numbers. The computer will calculate the correct check digit based on performing predetermined mathematical operations on the 7-digit account number and will then compare it to the check digit.

Answer 272

Total of one numerical field for all the records of a batch that normally would be added (e.g. total sales $)

Answer 273

A control total where the total is meaningless for financial purposes (e.g. mathematical sum of employee social security numbers)

Answer 274

A control total of the total records processed

Answer 275

A test of the reasonableness of a field of data, given a predetermined upper and/or lower limit (e.g. for a field that indicates auditing exam scores, a limit check would test for scores over 100)

Answer 276

As input is entered, the operator responds to a menu prompting the proper response (e.g. What score did you get on the Auditing part of the CPA exam?)

Answer 277

A control that allows only valid transactions or data to be entered into the system. (e.g. a field indicating sex of an individual where 1 = female and 2 = male). If the field is coded in any other manner it would not be accepted.

Answer 278

A control that searches for blanks inappropriately existing in input data (e.g. if an employee's division number were left blank an error message would result)

Answer 279

A control of an exact number of characters to be input (e.g. if part numbers all have 6 digits, an error message would result if more or less than 6 characters were input)

Answer 280

Ensures that illogical combinations of input are not accepted (e.g. if the Tuba City branch has no company officers, an error message would result if two fields for a specified employee indicated that the employee worked as an officer in Tuba City)

Answer 281

Uses two identifiers in each transaction record (e.g. customer account number and the first five letters of customer's name) to confirm that the correct master file record is being updated.

Answer 282

A control that allows data entry personnel to check the accuracy of input data. For example, the system might retrieve an account name of a record that is being updated, and display it on the operator's terminal. This control may be used instead of a redundant data check.

Answer 283

-Minimize the extent of disruption, damage, and loss -Establish an alternate (temporary) method for processing information -Resume normal operations as quickly as possible -Train and familiarize personnel to perform emergency operations

Answer 284

A master file (e.g. accounts receivable) is updated with the day's transactions files (e.g. files of cash receipts and credit sales). After the update, the new file master file is the son. The file from which the father was developed with the transaction files of the appropriate day is the grandfather. The grandfather and son files are stored in different locations. If the son were destroyed, it could be reconstructed by rerunning the father file and the related transaction files.

Answer 285

Similar to grandfather-father-son, but at certain points, "checkpoints," the system makes a copy of the database and this checkpoint file is stored on a separate disk or tape. If a problem occurs the system is restarted at the last checkpoint and updated with subsequent transactions.

Answer 286

As a part of recovery, to undo changes made to a database to a point at which it was functioning properly.

Answer 287

An agreement between two or more organizations (with compatible computer facilities) to aid each other with their data processing needs in the event of a disaster. Sometimes referred to as a mutual aid pact.

Answer 288

A commercial disaster recovery service that allows a business to continue computer operations in the event of computer disaster. E.g. If a company's data processing center becomes inoperable, that enterprise can move all processing to a hot site that has all the equipment needed to continue operation. Also referred to as a recovery operations center (ROC) approach

Answer 289

Similar to a hot site, but the customer provides and installs the equipment needed to continue operations. Less expensive, but takes longer to get in full operation after a disaster. Sometimes referred to as an empty shell in that the shell is available and ready to receive whatever hardware the temp user needs.

Answer 290

Large orgs with multiple data processing centers sometimes rely upon their own sites for backup in the event of a disaster.

Answer 291

An exact copy of a website which is the best way to back up the website

Answer 292

This can be a manual form or a computer printout.

Answer 293

Computer process which transforms input data into useful information

Answer 294

Manual (human) process to prepare documents, make entries, check output, etc.

Answer 295

Determines which alternative path is followed (IF/THEN/ELSE conditions)

Answer 296

General input or output to a process. Often used to represent accounting journals and ledgers on document flowcharts.

Answer 297

Refers to direct access computer storage connected directly to the CPU. Data is available on a random access basis.

Answer 298

Refers to data stored on a magnetic disk

Answer 299

Refers to a file or indicates the mailing of a document (e.g. invoices or statements to customers). A letter in the symbol below the line indicates the order in which the file is stored (N - Numerical, C- Chronological, A - Alphabetical)

Answer 300

Visual display of data and/or output on a terminal screen

Answer 301

Manually computed total before processing (such as the number of records to be processed). This total is recomputed by the computer and compared after processing is completed.

Answer 302

Used for reading, writing, or storage on sequential storage media

Answer 303

Refers to data entered through a terminal keyboard or key-to-tape or key-to-disk device

Answer 304

Provides additional description or information connected to symbol to which it annotates by a dotted line (not a flowline)

Answer 305

Shows direction of data flow, operations, and documents

Answer 306

Telecommunication line linking computer system to remote locations

Answer 307

Used to begin or end a flowchart May be used to show connections to other procedures or receipt/sending of documens to/from outsiders

Answer 308

Connects parts of flowchart on the same page

Answer 309

Connects parts of flowchart on separate pages

Answer 310

A graphic representation of a data processing application that depicts the interaction of all the computer programs for a given system, rather than the logic for an individual computer program

Answer 311

A graphic representation of the logic (processing steps) of a computer program

Answer 312

A graphic representation of the flow of documents from one department to another, showing the source flow and final disposition of the various copies of all documents.

Answer 313

Use a matrix format that lists sets of conditions, and the actions that result from various combinations of these conditions.

Answer 314

Presents logical flows of data and functions in a system. E.g. a data flow diagram for the delivery of goods to a customer would include a symbol for the warehouse from which the goods are shipped and a symbol representing the customer. Would not emphasize details such as computer processing and paper outputs.