Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
79 Cards in this Set
- Front
- Back
|
the narrative, flowcharts, diagrams, and other written materials that explain how a system works. It covers the who, what, when, where, why, and how of data entry, processing, storage, information output, and system controls.
|
documentation
|
|
|
Written, step-by-step explanation of system components and how the components interact.
|
narrative description
|
|
|
A diagram that graphically describes the flow of data within an organization. It is used to document existing systems and to plan and design new ones.
|
data flow diagram
|
|
|
A component of a data flow diagram that represents the people and organizations that send data that the system being modeled uses or produces.
|
data source
|
|
|
A component of data flow diagrams that represents an entity outside of the system who receives data produced by the system.
|
data destination
|
|
|
A component of a data flow diagram that represents data flowing into or out of a process.
|
data flow
|
|
|
A set of actions, automated or manual, that transform data into other data of information
|
process
|
|
|
A component of a data flow diagram that represents the storage of data within a system.
|
data store
|
|
|
The highest level of a data flow diagram. It provides a summary-level view of a system. It shows the data processing system, the input(s) and output(s) of the system, and the external entities that are the sources and destinations of the system's input(s) and output(s).
|
context diagram
|
|
|
An analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner. Flowcharts use a standard set of symbols to describe pictorially the transaction processing procedures a company uses and the flow of data through a system.
|
flowchart
|
|
|
A piece of hard flexible plastic on which the shapes of flowcharting symbols have been die cut.
|
flowcharting template
|
|
|
Trace a document from its cradle to its grave. They show where each document originates, its distribution, the purposes for which it is use, its ultimate disposition, and everything that happens as it flows through the system. They illustrate the flow of documents and information among areas of responsibility within an organization.
|
document flowchart
|
|
|
A document flowchart that describes and evaluates internal controls. Often used by auditors in the planning stage of an audit.
|
internal control flowchart
|
|
|
A diagrammatical representation that shows the flow of data through a series of operations in an automated data processing system. It shows how data are captured and put into the system, the processes that operate on the data, and system outputs.
|
system flowchart
|
|
|
A diagrammatical representation of the sequence of logical operations performed by a computer in executing a program. Describes the specific logic to perform a process shown on a system flowchart.
|
program flowchart
|
|
|
An intentional act where the intent is to destroy a system or some of its components.
|
sabotage
|
|
|
A text file created by a website and stored on a visitors hard drive. Cookies store information about who the user is and what the user has done on the site.
|
cookie
|
|
|
Any and all means a person uses to gain an unfair advantage over another person.
|
fraud
|
|
|
Typically business people who commit fraud. White-collar criminals usually resort to trickery or cunning and their crimes usually involve a violation of trust or confidence.
|
white-collar criminal
|
|
|
An internal fraud in which an employee of group of employees use or steal company resources for personal gain.
|
employee fraud
|
|
|
Intentional or reckless conduct, whether by act or omission, that result in materially misleading financial statements.
|
fraudulent financial reporting
|
|
|
A persons incentive or motivation for committing fraud.
|
pressure
|
|
|
The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain.
|
opportunity
|
|
|
Concealing the theft of cash by means of a series of delays in posting collections to accounts. For example, a perpetrator steals customer A's accounts receivable payment. Funds received at a later date from customer B are used to pay off customer A's balance. Funds from customer C are used to pay of customer B's balance, and so forth.
|
lapping
|
|
|
The theft of company assets often referred to as employee fraud.
|
misappropriation of assets
|
|
|
A fraud scheme where the perpetrator conceals a theft of cash by creating cash through the transfer of money between banks.
|
kiting
|
|
|
The excuse that fraud perpetrators use to justify their illegal behavior.
|
rationalization
|
|
|
Unauthorized access and use of computer systems, usually by means of a personal computer and telecommunications networks.
|
hacking
|
|
|
Searching for an idol modem by programming a computer to dial thousands of phone lines. Finding an idol modem often enables a hacker to gain access to the network to which it is connected.
|
war dialing
|
|
|
The practice of driving around in cars looking for unprotected home or corporate wireless networks.
|
war driving
|
|
|
The practice of drawing chalk symbols on sidewalks to mark unprotected wireless networks.
|
war chalking
|
|
|
Gaining control of someone else's computer to carry out elicit activities, such as sending spam without the computer users knowledge.
|
hijacking
|
|
|
An attacker sends so many email bombs (thousands per second), often from randomly generated false addresses that the internet service providers email server is overloaded and shuts down. Another denial-of-service attack is sending so many requests for web pages that the web server crashes.
|
denial-of-service attack
|
|
|
Simultaneously emailing the same unsolicited message to many people, often in an attempt to sell them some product.
|
spamming
|
|
|
Using special software to guess company addresses and send them blank email messages. Unreturned messages are usually valid email addresses that can be added to spammers email lists.
|
dictionary attack
|
|
|
Altering an email message to make it look as if someone else sent it.
|
spoofing
|
|
|
Code released by software developers that fixes a particular vulnerability.
|
patch
|
|
|
Any potential adverse occurrence of unwanted event that could be injurious to either the AIS of the organization.
|
threat
|
|
|
The potential dollar loss should a particular threat become a reality.
|
impact/exposure
|
|
|
The probability that threat to an AIS will come to pass.
|
likelihood
|
|
|
Controls within a business organization that ensure information is processed correctly.
|
internal control
|
|
|
Controls that deter problems before they arrive.
|
preventive control
|
|
|
Controls designed to discover control problems soon after they arise.
|
detective control
|
|
|
Procedures established to remedy problems that are discovered through detective controls.
|
corrective control
|
|
|
Controls designed to make sure an organizations control environment is stable and well managed. Apply to all sizes of systems from large and complex mainframe systems to client/server systems, to desktop and laptop computer systems.
|
general control
|
|
|
Controls that prevent, detect, and correct transaction errors and fraud. They are concerned with the accuracy, completeness, validity and authorization of the data captured, entered into the system, processed, stored, transmitted to other systems, and reported.
|
application control
|
|
|
A corporate attitude instilled by upper management that communicates company core values to employees and inspires them to live by them.
|
belief system
|
|
|
An established system that helps employees act ethically by setting limits beyond which an employee must not pass.
|
boundary system
|
|
|
A performance measurement system that compares actual performance to planned performance.
|
diagnostic control system
|
|
|
Help top-level managers with high-level activities that demant frequent and regular attention such as developing company strategy, setting company objectives, understanding and assessing threats and risks, monitoring changes in competitive conditions and emerging technologies and developing responses and action plans to proactively deal with these high-level issues.
|
interactive control system
|
|
|
High-level goals that are aligned with and support the company's mission.
|
strategic objective
|
|
|
The tone or culture of a company that helps determine the risk consciousness of employees. It is the foundation for all other ERM components, providing discipline and structure. It is essentially the same thing as the control environment in the internal control framework.
|
internal environment
|
|
|
The amount of risk a company is willing to accept to achieve its goals and objectives.
|
risk appetite
|
|
|
Computing systems that imitate the brain's learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically. Recognize and understand voice, face and word patterns much more successfully than do regular computer and humans.
|
neural network
|
|
|
The recurring set of business activities and information processing operations associated with providing goods and services to customers and collecting cash in payment for those sales.
|
revenue cycle
|
|
|
The document created during sales order order entry listing the item numbers, quantities, prices, and terms of the sale.
|
sales order
|
|
|
Interactive sales order entry systems that allow customers to customize the products that they are ordering.
|
choiceboards
|
|
|
When managers and distributors manage a retail customers inventory using an EDI.
|
vendor managed inventory
|
|
|
A document authorizing the inventory control function to release merchandise to the shipping department. The picking ticket is often printed so that the item numbers and quantities are listed in the sequence in which the can be most efficiently retrieved from the warehouse.
|
picking ticket
|
|
|
A document listing the quantity and description of each item included in a shipment.
|
packing slip
|
|
|
A legal contract that defines responsibility for goods while they are in transit. It identifies the carrier, source, destination, any special shipping instructions, and indicates which party must pay the carrier.
|
bill of lading
|
|
|
A document notifying customers of the amount of a sale and where to send payment.
|
sales invoice
|
|
|
Method for maintaining accounts receivable in which customers typically pay according to each invoice. Usually, two copies of the invoice are mailed to the customer, who is requested to return one copy with the payment.
|
open invoice method
|
|
|
An enclosure included with the customers payment that indicates the invoices, statements, or other items paid.
|
remittance advice
|
|
|
Method of maintaining accounts receivable in which customers typically pay according to the amount shown on a monthly statement, rather than by individual invoices. Remittances are applied against the total account balance rather than against specific invoices.
|
balance forward method
|
|
|
A document summarizing all transaction that occurred during the past month and informing customers of their current account balance.
|
monthly statement
|
|
|
A procedure for producing monthly statements for subsets of customers at different times.
|
cycle billing
|
|
|
A document authorizing the billing department to credit the customers account. Usually issued for sales returns, allowances granted for damaged goods kept by the customer, or to write off uncollectible accounts approved by the credit manager.
|
credit memo
|
|
|
A document listing all checks received in the mail.
|
remittance list
|
|
|
A postal address to which customers send their remittances.
|
lockbox
|
|
|
A lockbox arrangement in which the bank electronically sends the company information about the customer account number and the amount remitted as soon as it receives and scans those checks. This enables the company to begin applying remittances to customer accounts before the photocopies of the checks arrive.
|
electronic lockbox
|
|
|
The transfer of funds between two or more organizations or individuals using computers and other automated technology.
|
electronic funds transfer
|
|
|
The combination of EFT and EDI that enables both remittance and funds transfer instructions to be included in one electronic package.
|
financial electronic data interchange
|
|
|
The recurring set of business activities and related data processing operations associated with the purchase of and payment for goods and services.
|
expenditure cycle
|
|
|
The optimal order size so as to minimize the sum of ordering, carrying and stock-out costs.
|
economic order quantity
|
|
|
The level to which the inventory balance of an item must fall before and order to replenish stock is initiated.
|
reorder point
|
|
|
An approach to inventory management that seeks to reduce required inventory levels by improving the accuracy of forecasting techniques to better schedule purchases to satisfy production needs.
|
materials requirements planning
|
|
|
A system that minimizes of virtually eliminates manufacturing inventories by scheduling inventory deliveries at the precise times and locations needed.
|
just in time inventory system
|
|
|
A document of electronic form the identifies the requisitioner, specifies the delivery location and date needed; identifies the item numbers, descriptions, quantity, and price of each item requested; and may suggest a vendor.
|
purchase requisition
|
