Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/66

Click to flip

66 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
tasks that must be separated
1.systems development-->(new SD and maintence)
2.database admin
3.data processing
SDAP
Sally the Dud Adores Pussy
message sequence numbering
a sequence number is inserted into each message so that an intruder cannot delete, copy, or change the order of the messages recieved by a compnay
message transactions log
all incoming and outgoing messages and attempted (and failed)access' should be recoreded in this log
should include:
user id
time of access
location accessed from
New 6 Systems Development controls
1. Authorization
2. User Specification
3. Technical Design
4. Internal Audit Participation
5. Program Testing
6. user test and acceptance procedures
Program Change Controls
Source Program Library control
--> mechanism by which changes are made, cannot be flawed
run-to-run control
the use of batch figures to monitor the batch as it moves from one procedure to another
--> ensures competeness and correctness
check digit
a control used to detect when data code of transaction is input incorectly to preevnt a transaction processing error (ex. adding the digits and dropping the 10's place using as a check)
-->add check digit to the orig. code
missing data check
when there are gaps in the data this can be flagged (ex. some systems cannot handle blanks and will fail b/c of it)
numeric/alpha check
identifies when data is in the wrong form (sometimes if there is a number in the alpha feild this could cause a failure)
limit check
program that places a limit on values such as hours worked (ex. no one works more than 40 hr/week so the control would detect this)
range check
checking upper and lower limits (only detects keystroke errors)
reasonableness check
reasonable when considered against other data fields in the record (ex. a janitor should not be earning the upper limit from payroll)
imputs controls
programmed procedures that preform tests on transaction data to ensure they are free from errors
validity check
compares actual field values against known accptable values
ex. vendor number is matched with valid vendor database
frequently used in cash disbursments
Batch Control
used to manage the flow of high volumes of transactions through batch processing systems (control record of all transactions made to ensure that all are recorded exactly once)
hash total
the total of a unique nonfiancial field ex. adding all the sales order numbers
digital certificate
verifies the senders identity by a trusted third party ("cerification authority") used with public key to authenticate the sender of the message
digital signature
electronic authenticication that cannot be forged (ensures that the message was not tampered with after the signature was applied)
--> use a one way hasing algorithm tot calculate digest which is then encrypted using the senders private key to produce a signature
public v. private key
Private:DES uses a single key known to both the sender and reciver (only effective in small groups- otherwise dangerous)
Public: uses two diffent keys (one for encoding and one for decoding)each has their own private and there is a public key that is published
encryption
conversion of data into a secret code for storage in databases and transmission over networks
58-128 bits (the longer the stronger)
firewalls
(network level and application level)
system that enforces access controls between two networks
Network Level: uses screening router (examines source and destination router)
Application Level: Proxies/Dual Homed System (can preform more sophistocated functions)
spooling
directing output to a magnetic disk file instead of directly to a printer (to avoid bottlenecks)
output controls
combination of programmed routines and other procedures to ensure that system output is not lost misdirected or corrupted and that privacy is not voilated
controlling waste
controlling the things that actually go in the garbage (shreadding the right documents etc)
output disribution
to avoid having precious material tampered with (secure mailboxes, special carriers, or signing for a package can be implemented)
request-reponse technique
a control the message from the sender and response from the reciever are sent at periodic schornized intervals (to prevent the delay/potential tampering in the mail etc)
operating system
the computer control program that allows users to share and access common computer resources (ex. main memory)
risk from subversive threats
computer criminal intercepting a message transmitted between the sender and reciever, gaining access to a system, or denial of service attack
biometrics
biological authentication procedure which measures varius personal characteristics such as fingerprints
Denial of service attacks
SYN Packet (initiation code)connects to the server of the company. The company sends back a SYN/ACK packet. But then the hacker doesnt send the responding ACK packet. Cloggs the system
source program library
in large computer systems -
applications program modules are stored in source code on magnetic disks (similar to spooling)
6 System Development Activities
1.System Authorization
2.User specification
3.Technical Design
4. Internal Audit Participation
5. Program testing
6. User test and acceptance procedures
Main idea behind SOX
requires the management of public companies to assess the effectiveness of their organization's internal controls over financial reporting
relationship between general controls and financial reporting
general controls are not application spacific (they apply to all systems but they have an effect on transaction integrity (and therefore support the functioning of the application controls which in turn both support accurate financial reporting
Redundant arrays of independent disks (RAID)
parrallel disks that contain redundant elements of data and applications - "mirrored data" if one fails the other can reconstuct the data lost
disaster recovery plan
documented tested procedures that will ensure the continuity of operations
second site backup
empty shell
recovery operations center
internally provided backup
access token
who has access to what
Data Authorization Table
says who has access to what portions of the database and what they can do with the material (ex. delete, edit , etc.)
computer center security issues
physical location
construction
access
airconditioning
fire suppression
fault tolerance controls - the ability of the system to continue operation when part of the hardware fails
auditors must verify: (3)
1. physical security controls
2. insurance coverage on equiptment (comp. center)
3. operator documentation is adequate to deal with routine operations and system failures
program version numbers
each program is assigned a 0 when it is created and then when there are modifications made you add one - there should be the same number of documented modifications and version number when aduiting
expenditure cycle controls
transaction authorization
segregation of duties
accounting records
access control
Independant verification
(TSAAV)
Tess stradeled a awaiting vogel.
blind copy
is the PO copy sent to the recieving dept.
has everything except for quantity and price so that accurate checks are done
RR
in the expenditure cycle this is prepared using the PO and blind copy to veryify

- one is sent to the open/close PO file to close out the acct from when the PO opened it
- one is sent to inventory to update records
-liability is realized
AP pending file holds:
PO, RR,
- then when the invoice gets there there is a 3-way match
--> then all three are placed in the OPEN A/P file
to approve a payment
the OPEN AP file is searched daily for payment obligations and then voucher packet is formed (with voucher and 3-way match documents)
check register/ cash disbursments journal contains
the check #
the $ amount
voucher number
--> copy of check is attached to the voucher packet (in the AP dept)
GL Master file
based on the companies publish chart of accts
all major files (ex sales)
or the control acct for the subsidiary ledger in the system
-FRS draws from this file to produce the financial statements
-MRS uses this to support and find internal info
GL History File
same format as the master file, provides historical financial data to compare financial statements
journal voucher file
all the journal vouchers from a period
-records all of the GL transactions
-replaces the traditional GL
journal voucher history file
JV from past periods
-important for the audit trail
formalization of tasks
principle suggests that the management should structure the firm around tasks it preforms rather than the individual's unique skill set
-strengthens internal controls
span of control
refers to the number of subordinates directly under his/her control
-narrow: fewer people reporting directly to managment
-broad: more subordinates reporting to each manager
responsibility acct
every economic event that affects the organization is the responsibility of and can be traced to an individual manager
two phases: (top-bottom and bottom-top)
-creating a set of goals
-repoting the actual performance (respinsibility reports)
responsibility centers
to achieve accountability
orgnaization of operations
ex.
cost centers
profit centers
investment centers
task data dependency
inability to obtain additional information as users needs change
--> one of the problems with flat file approach
DDL (data definition language)
programing language used to define the database
DML (Data manipulation language)
programing lang. to retrive store and process data
DBA (database administrator)
and data dictionary
manages the databases' resouces
data dictionary- created by this person.
describes every element in the database
entity
anything about which an organization attempts to capture data
(nouns)
occurance
number of records that pertain to a spacific entry (the rows)
attributes
the data elements that define an entity (describes the entity)
ex. A/R
--> the name of the account that needs to be recieved
associations
labeled lines that describe the relationship
cardinality
degree of association between two entities
1:1
1:M
M:M
data anomalies
stuctural problems in tables (dependencies)
1. insertion
2. update
3. deletion