Study unit 8.5 Flashcards
What is the different types of networks
Within one organisation - LAN and WAN
Between different organisations - VAN and internet
What is the risks in terms of a network environment
Unauthorised access
What is the controls in a network environment to ensure validity/occurrence of data communication
physical and logical access controls
restricting access to dial-up lines
call back facility
automatic lockout after 3 unsuccessful log-in attempts
sophisticated user authentication techniques
encryption methods
use of firewalls
What is the definition of an EDI
A computer to computer exchange of business documents in a standard electronic format between business partners
Via what does it take place
It takes place via a private network and a public network
What does EDI translator mean
Translates data from EDI format to a readable format by an internal application. It can be an in-house software or via service provider
What is an EDI document
Data being transmitted in a standard electronic format
What is EDI envelopes
Message envelopes is the different purchase orders
Group envelopes is the purchase order group
Interchange envelope is the purchase order group from one sender to one receiver
What is the advantages of using EDI’s
Survival - pre-requisite for doing business
Improved client services - speed of sending/receiving messages and processing of transactions
cost benefits - less human preparation and capturing time
reduced risk of errors - transaction only captured once
cost savings relating to storage documents
improve accuracy and timeliness of information for decision making
What will the audit approach be in a computer environment
Combined:
*transactions are performed and accounted for electronically - lack of visible audit trail
*large number of transactions
*transactions are stored in electronic format for short period of time
*reliance have to be placed on automated controls
test of controls
*test general controls
*test automated application controls
*test controls relating to transmission of data
What is the business continuity risks
dependence on technology
dependence on service provider/trading partners
increased reliance on networks and data communication
What is the business continuity controls
Data interchange agreement *method of data interchange *accountability for creation transmission and receipt of messages *standard format of messages *responsibilities and duties *security audits *format of acknowledgement of messages *legal implications of unauthorised transactions Disaster recovery plan Back-up procedures Contractual agreements *format of messages *acknowledgement of messages *security considerations *independent review of controls *log of transactions
What is the security risks
Unauthorised access to confidential data
Unauthorised processing of data
Unauthorised use of facilities
What is the security controls
Logical access controls
Physical security
What is the implementation risks
Implementation risk