Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
49 Cards in this Set
- Front
- Back
|
What is a patch?
|
A patch is a chg or modification to an existing program that may or may not be authorized.
|
|
|
What is a Job Control Language(JCL)?
|
A JCL is a language that prioritized & controls when application programs are initiated.
|
|
|
What does virtual storage do?
|
The oper sys divides a program into pgs/segments and brings only the pgs of the program required for execution into memory. Saves time & money as unneeded portions of the program remain in less exp secondary storage.
|
|
|
What is a Enterprise Resource Planning system?
|
“Enterprise resource planning (ERP) is an enterprise-wide information system designed to coordinate all the resources, information, and activities needed to complete business processes such as order fulfillment or billing. An ERP system supports most of the business system that maintains - in a single database - the data needed for a variety of business functions such as manufacturing, supply chain management, financials, projects, human resources and customer relationship management.
|
|
|
What is a LAN
|
Local Area Network-private computer network within a single building or relatively small geographic area.
|
|
|
Disaster Recovery & Business Continuation Plan
|
A Disaster Recovery & Business Continuation Plan should allow the firm to (A) Minimize the extent of disruption, damage and loss, (C) Resume normal operations as quickly as possible, (D) train and familiarize personnel to perform emergency operations as well as establish an alternate (temporary) method for processing information.
|
|
|
Disaster Recovery & Business Continuity Plans include:
|
priorities, insurance, backup approach, specific assignments, period testing and updating and documentation.
|
|
|
Two general types of computer processing systems are:
|
Transaction processing and management reporting
|
|
|
Mgmt Info Sys(MIS) are:
|
designed to provide information for planning organizing and controlling the operations of the business.
|
|
|
Decision Support Systems are:
|
designed to combine data and models, not resolve problems.
|
|
|
Expert systems:
|
apply specific models to data to provide a specific type of recommendation.
|
|
|
What is the main difference between transaction processing and management reporting systems?
|
Transaction processing systems generally process a large volume of transactions where management reporting systems provide information used to support business decisions.
|
|
|
Methods to control access to appropriate users include:
|
passwords and user IDs, menus for EUC access databases, independent review of transactions, restricting user ability to load data, requirement of appropriate validation, authorization and reporting control when the end user uploads data and record access to company databases by the EUC application.
|
|
|
Forms of physical access controls include:
|
Clamps or chains to prevent removal of hard disks or internal boards, regular backup and control over access from outside are all
|
|
|
Risks associated w/ End User Computing(EUC) include:
|
-Management often does not review the results of applications appropriately
-More client personnel need to understand control concepts -End-User applications are not always adequately tested before being implemented . |
|
|
Procedures to control the small computer issue of software piracy are:
|
Establishing a corporate software policy, maintaining a log of all software purchases and auditing individual computers to identify installed software.
|
|
|
What are some security consideration for small computers?
|
-Verification of applications being processed shld be made to prevent the system from being used for personal projects.
-Security over data and in-house developed software is important as most companies can easily replace hardware but may suffer a severe setback if the data and/or in-house developed software is lost. -Purchases of hardware & software shld be reviewed for compatibility, piracy & other issues. |
|
|
Methods to control access to appropriate users include:
|
Passwords and user IDs, menus for EUC access databases, independent review of transactions, restricting user ability to load data, requirement of appropriate validation, authorization and reporting control when the end user uploads data and record access to company databases by the EUC application.
|
|
|
Control implications require that:
|
Applications be adequately tested before use, backup of files, control access to appropriate users, adequate documentation, & application controls & are all examples of control implications.
|
|
|
AICPA's Trust Services provide:
|
assurance on information systems & present one framework for analyzing a reliable system.
|
|
|
Physical access controls:
|
Prevent damage or other loss including theft, acts of war, weather, disgruntled employees or others.
|
|
|
The seven factors of the control environment are:
|
- Integrity and ethical values
- Commitment to competence - Human resource policies and practices - Assignment of authority and responsibility - Management's philosophy and operating style - Board of director's or audit committee participation - Organization |
|
|
The systems analyst:
|
Analyzes the user environment & requirements & may recommend changes to the current system, the purchase of a new system or design a new system. .
|
|
|
A systems flowchart:
|
A tool or diagram used by the systems analyst to define system requirements.
|
|
|
The systems analyst is responsible for:
|
ensuring programming and that end user needs are met.
|
|
|
Systems Programmer:
|
is responsible for implementing, debugging and modifying software. E.g. include to the operating systems, telecommunications monitoring & database management systems.
|
|
|
The Applications Programmer:
|
is responsible for writing testing & debugging applications software. These specifications are usually provided by the Systems Analyst.
|
|
|
Program flowchart:
|
is a tool or diagram used by the Applications Programmer to document program logic.
|
|
|
Database Administrator (DBA):
|
is responsible for maintaining the database and restricting access to the database to authorized users only.
|
|
|
The Operator:
|
is responsible for the daily omputer operations of both the hardware and software. The Operator mounts tapes, supervises operations on a console, accepts inputs and distributes outputs. The Operator should have documentation available to run programs but is not responsible for detailed program information.
|
|
|
The Librarian:
|
is responsible for custody of the removable media (e.g. magnetic tape, disks) and for the maintenance of program and systems documentation. Many of these services have been automated.
|
|
|
The Web Administrator/Web Manager:
|
is responsible of overseeing the development, planning and the implementation of a website. This is generally a management position.
|
|
|
The Web Master:
|
is responsible for providing expertise and leadership in the development of a website, including but not limited to design, analysis, security, maintenance, content development and updates.
|
|
|
The Web Designer:
|
is responsible for creating the visual content of the website.
|
|
|
The Web Coordinator:
|
is responsible for the daily operations of the website.
|
|
|
The Internet Developer:
|
is responsible for writing programs for commercial use. Similar to a software engineer or a systems programmer.
|
|
|
The Intranet/Extranet Developer:
|
is responsible for writing programs based on the needs of the company.
|
|
|
Control activities categories:
|
-general
-application -user |
|
|
General system control activities:
|
affect all computer applications e.g.:
1-developing new programs and systems, 2-changing existing programs and systems, 3-controlling access to programs and data and 4-controlling computer operations. |
|
|
The five components of internal control are:
|
a) Control Environment - this is the foundation of all other components;
b) Risk Assessment - the identification and analysis of relevant risks to achieve the entity's objectives c) Control Activities - the policies and procedures to ensure management directives are carried out d) Information and Communication - identification, capture, and exchange of data in a format and time to allow proper tasks and responsibilities to be performed e) Monitor - The process that assesses the quality of internal control performance over time |
|
|
Process objectives that internal control systems should be designed to achieve include:
|
Operations and Information process goals.
|
|
|
Operations Process Goals should ensure:
|
(1) Effectiveness of operations - Strives to ensure than an intended process is fulfilling its intended purpose (such as proper management authorization for overrides)
(2) Efficient resources - to have enough resources to ensure benefits of controls exceed the costs of those controls (3) Security of resources - protect all tangible and intangible resources. |
|
|
Information Process Control Goals should ensure:
|
(1) Input validity - where input data be approved and reflect accurate economic events
(2) Input completeness - all valid events are captured (3) Input accuracy - all events are captured correctly (4) Update completeness - all events are reflected in respective master files (5) Update accuracy - all events are reflected correctly within master file. |
|
|
Control Plans:
|
are policies & procedures that assist in accomplishing control goals.
|
|
|
A combination of control plans must be used to maximize effectiveness. Three levels are
|
-Control Environment (top level),
- Pervasive Control Plans (mid-level) -Application Control (detail level) Plans. |
|
|
Another way to view control plans is in relation to the timing of their occurrence:
|
-Preventive control plans stop problems from occurring;
-Detective control plans discover problems that have already occurred; -Corrective control plans correct problems that have already occurred. |
|
|
Control Objectives for Information and Related Technology - [cobiT] developed by the Information Systems Audit and Control Foundation to provide:
|
guidance on best practices for management and Information technology.
|
|
|
[cobiT] groups IT control processes into four domains:
|
a) Planning & Organization Establish strategic vision for the IT area; develop plan to achieve vision.
b) Acquisition & Implementation Identify automated and IT solutions; integrate the solutions; manage changes to existing systems; Manage Change with users. c) Delivery & Support Deliver required IT services; ensure security; provide on-going support. d) Monitor operations. |
|
|
Three main types of system documentation used by auditors and analysts are:
|
(a) Data Flow Diagrams (DFDs) that illustrate the system components and functions, data flows among the components and sources, destinations and storage of the data;
(b) System Flowcharts that illustrate Informational Processes (such as logic flows, inputs, outputs, data storage), Operational Processes (such as physical flows) and (c) Entity Relationship Diagrams that illustrate the system's key entities and the relationships among those entities. |
