Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
|
Name the three broad classifications of controls used in connection with computers operating within accounting systems.
|
1. general controls
2. application controls 3. user control procedures |
|
|
Describe general controls.
|
They relate to the operation of the entire computer system.
|
|
|
Describe application controls.
|
They relate to a specific program or specified task.
|
|
|
Name the two types of application controls.
|
1. programmed application controls
2. manual follow-up of exception reports |
|
|
Describe user control procedures.
|
They are designed to test the completeness and accuracy of computer controls.
|
|
|
Name the four categories of general controls.
|
1. development of new programs
2. changes in functioning programs 3. access to computer, programs, and data 4. safeguarding of computer facility |
|
|
What is a detailed run manual?
|
It is usually created to document a new program for follow up and testing purposes.
|
|
|
What must be done before a new program is approved for actual use?
|
New programs should be properly tested (test data can be used) and reviewed and authorized by management, user departments, and information systems analysts.
|
|
|
What is test data?
|
Data that is run through the computer to test all conceivable valid and invalid situations and determine whether the program reacts correctly.
|
|
|
How can reliability be ensured in computer hardware?
|
Proper programming.
|
|
|
How should changes to the computer system be handled?
|
Details and reasons for all changes should be documented, reviewed, and authorized.
|
|
|
How is test data used after the new program has been developed?
|
Test data can be rerun periodically to ensure that the program still handles all situations properly.
|
|
|
What is an integrated test facility?
|
Test data is included whenever a program is run to verify current processing daily.
|
|
|
How is test data separated from live data in an integrated test facility?
|
By coding the test data.
|
|
|
How can computers and files be secured?
|
They should be locked and access should be limited to authorized individuals using passwords and identification numbers that change regularly.
|
|
|
What access should computer operators have?
|
Operators have access to the run manual but do not have an in-depth understanding of the program.
|
|
|
How can computer programs be safeguarded?
|
Duplicate copies of programs and backup information should be stored at a separate location so that files can be reconstructed if destroyed.
|
|
|
What is a self-checking number?
|
The computer uses the number in a mathematical test to verify that it is proper.
|
|
|
What is a check digit?
|
One digit placed within a self-checking number to create a mathematical verification.
|
|
|
What are control totals?
|
Predetermined totals that have been computed for data and can be verified at each step to ensure that information has not been changed.
|
|
|
Name five control totals.
|
1. item count
2. batch total 3. hash total 4. limit test 5. validity test |
|
|
What is an item count?
|
The total of the number of transactions to be processed.
|
|
|
What is a batch total?
|
A total derived from some element of the data being processed that has some meaning or importance.
|
|
|
What is a hash total?
|
A total derived from some element of the data being processed that would normally not be processed and is only computed for control purposes.
|
|
|
What is a limit test?
|
An upper boundary established for processing purposes.
|
|
|
What is a validity test?
|
An internal reconciliation of data within the computer ensure that it is legitimate.
|
|
|
What is an exception (or error) report?
|
A manual report printed whenever the computer processes data that may be in error (stops processing).
|
|
|
What is a control group?
|
An independent team established for review that resolves exception report problems so that processing can continue.
|
|
|
What human testing is performed with user control procedures?
|
Output should be tested before distribution and use, control totals should be verified against actual output, an individual input items should be verified against computer output on a test basis.
|
|
|
What is electronic data interchange (EDI)?
|
The transmittal of documents directly from a computer in one entity to a computer in another.
|
|
|
How is data usually exchanged in EDI?
|
Though the Internet.
|
|
|
What are the benefits of EDI?
|
Increased the speed of transmittal and reduces the chance for clerical errors.
|
|
|
How are authenticaiton controls used in EDI?
|
To ensure proper submission and delivery of EDI communications.
|
|
|
How can the misuse of confidential data be avoided in EDI?
|
Encryption to make messages unreadable to unauthorized parties.
|
|
|
What is a value added network (VAN)?
|
An organization that gathers and transmits EDI communications.
|
|
|
What is an on-line, real-time (OLRT) computer system?
|
The computer terminal has direct access to files within the main computer, and all changes are made immediately to data without any immediate step.
|
|
|
What controls should be in place for an OLRT system?
|
No audit trail since changes can be made without documentation, so access controls are heavily relied on.
|
|
|
What access controls are used for an OLRT system?
|
Input or password numbers are used for access (and changed frequently), access is only allowed from approved terminals and at approved times, large changes require secondary approval, and unsuccessful attempts at entry are recorded.
|
|
|
How can controls be improved in an OLRT system?
|
Documentation can be required for control purposes only (to reconcile with computer totals).
|
|
|
What is a database?
|
A collection of interrelated files.
|
|
|
What database controls are needed for user departments?
|
Strict controls over who is authorized to read and/or change the database, as users directly input data.
|
|
|
What access controls are needed for databases?
|
Restricting privileges and logical views prevent access to data.
|
|
|
What are the backup and recovery procedures for databases?
|
Backup of the database and log of transactions, database replication, and a backup facility.
|
|
|
What is end-user computing?
|
The end user is responsible for the development and execution of the computer application that generates the information used by the same end user.
|
|
|
What are the characteristics of end-user computing?
|
A need to test and document applications, control over access to applicaitons and data, and a need to backup data.
|
|
|
What are the two backup approaches for disaster recovery?
|
Batch systems and online systems.
|
|
|
What is the batch system approach to disaster recovery?
|
The grandfather-father-son approach.
|
|
|
What are the on-line systems approaches to disaster recovery?
|
The checkpoint system makes a copy of the database at various points and the rollback system rolls back to a point where the database is correct.
|
|
|
Name the four types of backup facilities.
|
1. reciprocal agreement
2. hot site 3. cold site 4. internal site |
|
|
What is a reciprocal agreement?
|
An agreement between two or more organizations to aid in case of disaster.
|
|
|
What is a hot site?
|
A commercial disaster recovery service.
|
|
|
What is a cold site?
|
A commercial disaster recovery service where the company provides the equipment.
|
|
|
What is an internal site?
|
A large company with multiple sites for backup.
|
|
|
Describe flowcharting.
|
The symbolic presentation of a system in a sequential order designed to show what each department does and the creation and disposition of all documents.
|
|
|
What are the advantages of flowcharting?
|
Provides an excellent depiction of the system and problems may be easier to spot.
|
|
|
What is a disadvantage of flowcharting?
|
Creating and reading a flowchart both take skill.
|
