Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
48 Cards in this Set
- Front
- Back
|
What are the core functions of an Enterprise Resource Planning system?
|
Sales and Distribution
Business Planning Shop Floor Control Logistics |
|
|
Involves the electronic processing and transmission of data
|
Electronic (E) Commerce
|
|
|
The document format used to produce web pages. Defines the page layout, fonts and graphic elements as well hypertext links to other documents on the web
|
Hypertext Mark up language (HTML)
|
|
|
A metalanguage for describing markup languages. Any markup language can be created using this.
|
XML - extensible markup language
|
|
|
Designed to provide the financial community with a standardized method for preparing, publishing and automatically exchanging financial information, including financial statements of publicly held companies.
|
XBRL extensible business reporting language
|
|
|
- Focus on the computer based aspects of an organizations information system
- Assess the proper implementation, operation, and control of computer resources |
IT audits
|
|
|
What are the three phases of an audit?
|
Audit planning phase
Tests of controls phase Substantive testing phase |
|
|
tests to determine if appropriate IC are in place and functioning effectively
|
Tests of Controls
|
|
|
detailed examinations of account balances and transactions
|
Substantive testing
|
|
|
the probability the auditor will issue an unqualified opinion (clean) when in fact the financial statements are materially misstated
|
audit risk
|
|
|
associated with the unique characteristics of the business or industry of the client
|
inherent risk
|
|
|
What is a control risk?
|
The likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts
|
|
|
the risk that auditors are willing to take that errors not detected or prevented by control structure will also not be detected by the auditor
|
Detection Risk
|
|
|
COSO identifies two groups of IT controls
|
application controls
General controls What are they? |
|
|
What are the two IT structures?
|
Centralized and Distributed
|
|
|
Examples of Second site backups for disaster recovery
|
Empty Shell
Recovery operations center Internally provided backup |
|
|
involves two or more user orgs that buy or lease a building and remodel it into a computer site, but without computer equipment
|
empty shell
|
|
|
a completely equipped site, very costly and typically shared among many companies
|
Recovery operations center
|
|
|
companies with multiple data processing centers may create internal excess capacity
|
Internally provided backup
|
|
|
What is an Enterprise Resource Planning System?
|
a multi module application software that helps a company manage the important parts of its business in a n integrated fashion
|
|
|
What are key features of an Enterprise Resource Planning System?
|
smooth and seamless flow of information across org. boundries
standardized environment with shared database independent of applications and integrated applications |
|
|
For years ______ software had been the leading ERP software
|
SAP R/3
|
|
|
What can ERP do for a company?
|
It can:
Integrate workflow Improve data access Standardize technology |
|
|
What are some of the ERP Benefits?
|
# of employees can be reduced
however, knowledge workers can cost more Inventory and holding cost should be reduced Sales could increase due to more information |
|
|
What are the costs to an Enterprise Resource Planning system?
|
Implementation team
Training and learning curve Software, hardware and maintenance Costs can easily be many millions based on company size and number of modules installed |
|
|
What are the risks associated with ERP Implementation
|
Pace of Implementation
Opposition to change Choosing the wrong ERP Choosing the wrong consultant Disruptions to operations |
|
|
What are the 8 areas that are included in an audit on an ERP system
|
Transaction Authorization
Segregation of Duties Supervision Accounting Records Access Controls Access to Data Warehouse Contingency Planning Independent Verification |
|
|
Implications for Internal Control and Auditing
1. Corrupted data may be passed from external sources and from legacy systems 2.Supervisors need to acquire a technical and operational understanding of the new system 3.Critical concern with confidentiality of information 4.Data warhouses often involve sharing information with suppliers and customers 5.Keeping a business going in case of disaster 6.traditional verifications are meaningless 7.Controls are needed to validate transactions before they are accepted by other modules 8. Manual processes that normally require segregation of duties are often eliminated |
Implications for Internal Control and Auditing
a. Supervision b. Transaction Authorization c.Segregation of Duties d.Accounting Records e.Access Controls f.Access to data warehouse g.Contingency planning h. Independent verification |
|
|
What is a data warehouse?
|
A summary of transactional data and outside data to aid the identification of patterns and trends.
More on handout... |
|
|
What does the user do in data mining?
|
The user specifies what he or she wants to find out and on what he or she wants the answer to depend
|
|
|
What are the keys to data mining?
|
Understanding business processes and transactions
- What questions to ask and which answers to ignore Utilizing statistical patterns from prior decisions - Does past predict the future? - Which technique is appropriate |
|
|
What are the risks associated with Electronic Commerce?
|
Intranet risks
Internet risks Risks to consumers Risks to businesses |
|
|
What are the network types?
|
Local Area Networks (LAN)
Wide Area Networks (WAN) |
|
|
What are the four network topologies?
|
Star
Hierarchical Ring Bus |
|
|
What is a firewall?
|
hardware or software placed between an organization's internal network and external network that prevents outsiders from invading private networks
|
|
|
What is an encryption?
|
A computer program transforms a clear message into a coded (cipher text) form using an algorithm.
|
|
|
What is a digital signature?
|
electronic authentication technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied
|
|
|
What is a digital certificate?
|
like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender
|
|
|
Uses computer to computer communications technologies to automate B2B purchases
|
EDI Electronic Data Interchange
|
|
|
What are the IT governance controls that are desirable in the use of IT?
|
Organizational Structure
Computer Center Disaster Recovery Planning Operating Systems Database Management Systems Networks |
|
|
What three tasks does an operating system perform?
|
Translates high level languages into the machine level language
Allocates computer resources to user applications Manages the tasks of job scheduling and multiprogramming |
|
|
What are the four security components that are found in secure operating systems?
Explain each one |
Log On Procedure
Access Token Access Control List Discretionary Access Privileges |
|
|
What are the four operating system controls?... And what are the tests of controls?
|
Access Privileges
Password Control Malicious & Destructive Programs Audit Trail Controls |
|
|
What are two crucial database management control issues?.. And what are the Audit objectives?
|
Access Controls
Back Up Controls |
|
|
What are some Access Controls?... And what are the audit procedures?
|
User views
Database authorization table (diagram) User-defined procedures Data Encryption Biometric devices |
|
|
What are the examples of back up controls?... And what are the audit procedures?
|
Database backup
Transaction Log Checkpoint features Recovery Module |
|
|
What are the internal controls for Subversive threats dealing with intranet and internet risks?
|
Message sequence numbering
Message transaction log Request-response technique Call-back devices |
|
|
What are two techniques to detect and correct data errors to do with equipment failure?
|
Echo Check
Parity Check (Vertical and Horizontal Parity) |
