Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
66 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
tasks that must be separated
|
1.systems development-->(new SD and maintence)
2.database admin 3.data processing |
SDAP
Sally the Dud Adores Pussy |
|
|
message sequence numbering
|
a sequence number is inserted into each message so that an intruder cannot delete, copy, or change the order of the messages recieved by a compnay
|
|
|
|
message transactions log
|
all incoming and outgoing messages and attempted (and failed)access' should be recoreded in this log
should include: user id time of access location accessed from |
|
|
|
New 6 Systems Development controls
|
1. Authorization
2. User Specification 3. Technical Design 4. Internal Audit Participation 5. Program Testing 6. user test and acceptance procedures |
|
|
|
Program Change Controls
|
Source Program Library control
--> mechanism by which changes are made, cannot be flawed |
|
|
|
run-to-run control
|
the use of batch figures to monitor the batch as it moves from one procedure to another
--> ensures competeness and correctness |
|
|
|
check digit
|
a control used to detect when data code of transaction is input incorectly to preevnt a transaction processing error (ex. adding the digits and dropping the 10's place using as a check)
-->add check digit to the orig. code |
|
|
|
missing data check
|
when there are gaps in the data this can be flagged (ex. some systems cannot handle blanks and will fail b/c of it)
|
|
|
|
numeric/alpha check
|
identifies when data is in the wrong form (sometimes if there is a number in the alpha feild this could cause a failure)
|
|
|
|
limit check
|
program that places a limit on values such as hours worked (ex. no one works more than 40 hr/week so the control would detect this)
|
|
|
|
range check
|
checking upper and lower limits (only detects keystroke errors)
|
|
|
|
reasonableness check
|
reasonable when considered against other data fields in the record (ex. a janitor should not be earning the upper limit from payroll)
|
|
|
|
imputs controls
|
programmed procedures that preform tests on transaction data to ensure they are free from errors
|
|
|
|
validity check
|
compares actual field values against known accptable values
ex. vendor number is matched with valid vendor database frequently used in cash disbursments |
|
|
|
Batch Control
|
used to manage the flow of high volumes of transactions through batch processing systems (control record of all transactions made to ensure that all are recorded exactly once)
|
|
|
|
hash total
|
the total of a unique nonfiancial field ex. adding all the sales order numbers
|
|
|
|
digital certificate
|
verifies the senders identity by a trusted third party ("cerification authority") used with public key to authenticate the sender of the message
|
|
|
|
digital signature
|
electronic authenticication that cannot be forged (ensures that the message was not tampered with after the signature was applied)
--> use a one way hasing algorithm tot calculate digest which is then encrypted using the senders private key to produce a signature |
|
|
|
public v. private key
|
Private:DES uses a single key known to both the sender and reciver (only effective in small groups- otherwise dangerous)
Public: uses two diffent keys (one for encoding and one for decoding)each has their own private and there is a public key that is published |
|
|
|
encryption
|
conversion of data into a secret code for storage in databases and transmission over networks
58-128 bits (the longer the stronger) |
|
|
|
firewalls
(network level and application level) |
system that enforces access controls between two networks
Network Level: uses screening router (examines source and destination router) Application Level: Proxies/Dual Homed System (can preform more sophistocated functions) |
|
|
|
spooling
|
directing output to a magnetic disk file instead of directly to a printer (to avoid bottlenecks)
|
|
|
|
output controls
|
combination of programmed routines and other procedures to ensure that system output is not lost misdirected or corrupted and that privacy is not voilated
|
|
|
|
controlling waste
|
controlling the things that actually go in the garbage (shreadding the right documents etc)
|
|
|
|
output disribution
|
to avoid having precious material tampered with (secure mailboxes, special carriers, or signing for a package can be implemented)
|
|
|
|
request-reponse technique
|
a control the message from the sender and response from the reciever are sent at periodic schornized intervals (to prevent the delay/potential tampering in the mail etc)
|
|
|
|
operating system
|
the computer control program that allows users to share and access common computer resources (ex. main memory)
|
|
|
|
risk from subversive threats
|
computer criminal intercepting a message transmitted between the sender and reciever, gaining access to a system, or denial of service attack
|
|
|
|
biometrics
|
biological authentication procedure which measures varius personal characteristics such as fingerprints
|
|
|
|
Denial of service attacks
|
SYN Packet (initiation code)connects to the server of the company. The company sends back a SYN/ACK packet. But then the hacker doesnt send the responding ACK packet. Cloggs the system
|
|
|
|
source program library
|
in large computer systems -
applications program modules are stored in source code on magnetic disks (similar to spooling) |
|
|
|
6 System Development Activities
|
1.System Authorization
2.User specification 3.Technical Design 4. Internal Audit Participation 5. Program testing 6. User test and acceptance procedures |
|
|
|
Main idea behind SOX
|
requires the management of public companies to assess the effectiveness of their organization's internal controls over financial reporting
|
|
|
|
relationship between general controls and financial reporting
|
general controls are not application spacific (they apply to all systems but they have an effect on transaction integrity (and therefore support the functioning of the application controls which in turn both support accurate financial reporting
|
|
|
|
Redundant arrays of independent disks (RAID)
|
parrallel disks that contain redundant elements of data and applications - "mirrored data" if one fails the other can reconstuct the data lost
|
|
|
|
disaster recovery plan
|
documented tested procedures that will ensure the continuity of operations
|
|
|
|
second site backup
|
empty shell
recovery operations center internally provided backup |
|
|
|
access token
|
who has access to what
|
|
|
|
Data Authorization Table
|
says who has access to what portions of the database and what they can do with the material (ex. delete, edit , etc.)
|
|
|
|
computer center security issues
|
physical location
construction access airconditioning fire suppression fault tolerance controls - the ability of the system to continue operation when part of the hardware fails |
|
|
|
auditors must verify: (3)
|
1. physical security controls
2. insurance coverage on equiptment (comp. center) 3. operator documentation is adequate to deal with routine operations and system failures |
|
|
|
program version numbers
|
each program is assigned a 0 when it is created and then when there are modifications made you add one - there should be the same number of documented modifications and version number when aduiting
|
|
|
|
expenditure cycle controls
|
transaction authorization
segregation of duties accounting records access control Independant verification (TSAAV) Tess stradeled a awaiting vogel. |
|
|
|
blind copy
|
is the PO copy sent to the recieving dept.
has everything except for quantity and price so that accurate checks are done |
|
|
|
RR
|
in the expenditure cycle this is prepared using the PO and blind copy to veryify
- one is sent to the open/close PO file to close out the acct from when the PO opened it - one is sent to inventory to update records -liability is realized |
|
|
|
AP pending file holds:
|
PO, RR,
- then when the invoice gets there there is a 3-way match --> then all three are placed in the OPEN A/P file |
|
|
|
to approve a payment
|
the OPEN AP file is searched daily for payment obligations and then voucher packet is formed (with voucher and 3-way match documents)
|
|
|
|
check register/ cash disbursments journal contains
|
the check #
the $ amount voucher number --> copy of check is attached to the voucher packet (in the AP dept) |
|
|
|
GL Master file
|
based on the companies publish chart of accts
all major files (ex sales) or the control acct for the subsidiary ledger in the system -FRS draws from this file to produce the financial statements -MRS uses this to support and find internal info |
|
|
|
GL History File
|
same format as the master file, provides historical financial data to compare financial statements
|
|
|
|
journal voucher file
|
all the journal vouchers from a period
-records all of the GL transactions -replaces the traditional GL |
|
|
|
journal voucher history file
|
JV from past periods
-important for the audit trail |
|
|
|
formalization of tasks
|
principle suggests that the management should structure the firm around tasks it preforms rather than the individual's unique skill set
-strengthens internal controls |
|
|
|
span of control
|
refers to the number of subordinates directly under his/her control
-narrow: fewer people reporting directly to managment -broad: more subordinates reporting to each manager |
|
|
|
responsibility acct
|
every economic event that affects the organization is the responsibility of and can be traced to an individual manager
two phases: (top-bottom and bottom-top) -creating a set of goals -repoting the actual performance (respinsibility reports) |
|
|
|
responsibility centers
|
to achieve accountability
orgnaization of operations ex. cost centers profit centers investment centers |
|
|
|
task data dependency
|
inability to obtain additional information as users needs change
--> one of the problems with flat file approach |
|
|
|
DDL (data definition language)
|
programing language used to define the database
|
|
|
|
DML (Data manipulation language)
|
programing lang. to retrive store and process data
|
|
|
|
DBA (database administrator)
and data dictionary |
manages the databases' resouces
data dictionary- created by this person. describes every element in the database |
|
|
|
entity
|
anything about which an organization attempts to capture data
(nouns) |
|
|
|
occurance
|
number of records that pertain to a spacific entry (the rows)
|
|
|
|
attributes
|
the data elements that define an entity (describes the entity)
ex. A/R --> the name of the account that needs to be recieved |
|
|
|
associations
|
labeled lines that describe the relationship
|
|
|
|
cardinality
|
degree of association between two entities
1:1 1:M M:M |
|
|
|
data anomalies
|
stuctural problems in tables (dependencies)
1. insertion 2. update 3. deletion |
|
