Shared Flashcard Set

Details

Acctg 320 - MT2
Acctg 320 - MT2
114
Accounting
Undergraduate 3
05/10/2009

Additional Accounting Flashcards

 


 

Cards

Term
Threat.../event
Definition

any potential adverse occurent (or unwanted event)...

 

that could injure the AIS or org.

Term
Exposure / Impact
Definition
$$$ lost if a threat becomes a reality
Term
Likelihood
Definition
probability a threat will turn to reality
Term
Internal Control
Definition

process implemented w/in the company...

 

to provide reasonable assurance...

 

the 7 control objectives are achieved

Term
Control Objectives (x7)
Definition
  1. Safeguard assets
  2. Maintain detailed records
  3. Accurate & reliable info
  4. GAAP accordance
  5. ↑ operational efficiency
  6. ↑ adherence to mgmt policies
  7. comply w/ laws
Term
Preventative Controls
Definition

deter problems before they arise

 

- ex. -

 

hire qualified ppl

segregation of duties

physical security

Term
Detective Controls
Definition

discover problems ASAP

 

- ex. -

 

2x check work

reconciliations

trial balances

Term
Corrective Controls
Definition

remedy control problems that have been discovered

...essentially detective controls + fixes

 

- ex. -

 

master files

data correction procedures

submission guidelines

Term
General Controls
Definition

make sure an org.'s controls are stable & well-managed

 

- ex. -

 

security mgmt

IT infrastructure controls

software controls

Term

Internal Controls

 

Application Controls

Definition

prevent, detect, & correct transaction errors & fraud

 

...accuracy, completeness, validity, authorization, etc.

Term
Foreign Corrupt Practices Act
Definition

prevent bribary of foreign officials in order to obtain business

 

...effectively forced orgs. to ↑ internal controls

Term

Sarbanes-Oxley Act

 

Goals

Definition

prevent financial statement fraud

 

↑ transparency

 

investor protection

 

↑ internal controls

 

punish fraud

Term
Sarbanes-Oxley Act
Definition
  • Public Company Acctg. Oversight Board
  • New Auditor Rules
  • New Role for the Audit Committee
  • New Rules for Mgmt
  • New Internal Control Requirements
Term

Sarbanes-Oxley Act

 

Public Company Accounting Oversight Board (PCAOB)

Definition

controls auditing profession

 

SEC appoints & oversees

 

Enforces quality control, ethics, & independence

Term

Sarbanes-Oxley Act

 

New Auditing Rules

Definition

Rotation rules

 

report to the audit committee

 

prohibits certain non-auditing roles

Term

Sarbanes-Oxley Act

 

Audit Committee Role

Definition

on Board of Directors, but also "Independent" from mgmt.

 

1 must be a "financial expert"

 

oversees external auditors

Term

Sarbanes-Oxley Act

 

Rules for Management

Definition

CEO/CFO certify results

 

Mgmt responsible for internal controls

 

Report concerns w/ auditors

Term

Sarbanes-Oxley Act

 

Internal Control Requirements

Definition

Report stating mgmt's responsibility for internal controls

 

Adequacy of internal control structure

Term
Belief System
Definition

Communicates core values

 

inspires employees to live values

Term
Boundary System
Definition

↑ ethics

 

sets boundaries for actions

Term
Diagnostic Control System
Definition

Measures company progress

 

compares actual vs. planned performance

Term
Interactive Control System
Definition

helps top-level managers w/ high-level activities...

 

that require frequent & regular attention

 

...develops proactive tools

Term

Control Objectives for Information & related Technology

 

(COBIT)

Definition

Generally applicable... IS security & controls

 

  1. mgmt. benchmarks for controls
  2. assures users of controls
  3. auditor opinions & advice
Term

Committee of Sponsoring Organizations

 

(COSO)

Definition

issed the "Internal Control - Integrated Framework"

...generally accepted standard

 

  • defines internal controls
  • guidance for evaluation & enhancement

 

Term

Frameworks

 

IC vs. ERM

Definition
[image]
Term

COSO - ERM Cube

 

Top (x4) - Objectives to acheive org. goals

Definition

Strategic - ↑-level goals, aligned w/ mission

 

Operations - efficiency of operations

 

Reporting - accuracy, completeness, reliability of internal/external reports

 

Compliance - compliance w/ applicable laws, etc.

Term

COSO - ERM Cube

 

8 interrelated risk & control components

 

(horizontal rows)

Definition

Internal Environment - company culture, risk appetite, etc.

 

Objective Setting - process to set up strategic, operational, etc. objectives

 

Event Identification - determine events that could affect objectives

 

Risk Assessment - how to manage them? how will they affect objectives?

 

Risk Response - align identified risks w/ company's risk appetite...take action

 

Control Activities - implemented to enable mgmt's risk response

 

Info & Communication - provide org & ERM info to employees

 

Monitoring - ongoing basis...changed if necessary

Term

ERM

 

Internal Environment Components (x7)

Definition
  1. Mgmt's philosophy, style, risk appetite
  2. Board of Directors
  3. Commitment to integrity, ethics, etc.
  4. Org. Structure
  5. Assigment of authority & responsibility
  6. HR Standards
  7. External Influences
Term
Risk Appetite
Definition

Amount of risk an org. is willing to take on to achieve goals

 

Must align w/ org. strategy

Term

SOX

 

Audit Committee Responsibilities

Definition

oversee org. internal controls

 

works w/ external & internal auditors

 

independent review of mgmt.

Term

Internal Environment

 

HR Standards

Definition

Hire the Right People...need to be qualified

 

Fair & Aligned Compensation

 

Training - ethics, strategy, reponsibilities, etc.

Term
Types of Events
Definition

External

- Economic

- Natural Environment

- Political

- Social

- Technology

 

Internal

- Infrastructure

- Personnel

- Process

- Technology

Term
Inherent Risk
Definition
risk existing before mgmt takes any steps to control risk
Term
Residual Risk
Definition
risk that remains after mgmt implements internal controls, etc.
Term
Risk Responses (x4)
Definition

Reduce

implement effective controls to ↓ risk

...most effective

 

Accept

Take no action...accept likelihood & impact

 

Share

Transfer some risk

...buy insurance, hedging,etc.

 

Avoid

avoid risky activities

...sell a bad division, avoid new products, etc.

Term

Risk Assessment & Response

 

(Steps...x5)

Definition

Estimate likelihood & impact of risk

Identify Controls

Estimate Costs & Benefits

Determine Cost/Benefit Feasibility

Implement Control...or Avoid, Share, Accept risk

Term

ERM

 

Control Activities

Definition

policies, procedures, & rules...

 

that provide reasonable assurance...

 

that mgmt's control objectives are met...

 

& risk response occurs

Term
Authorization
Definition
empowerment to employees to perform mgmt policies
Term

Authorization

 

Digital Signature

Definition
signing a doc. w/ some data that can't be forged
Term

Authorization

 

Specific Authorization

Definition

Major activities/transactions that are...

 

important, big, unique enough

 

...to warrant singular attention

Term

Authorization

 

General Authorization

Definition

authorize employees to handle...

 

routine transactions...

 

w/o special approval

Term

Segregation of Acctg. Duties

 

...what activities need to be seperated

Definition
  • Authorization - approving transactions
  • Recording - source docs, journals, etc.
  • Custody - handling cash, writing checks, inv.
Term

Segregation of Duties

 

System Duties

Definition

Systems Admin - admins ensure smooth operations

 

Ntwk Mgmt - ensure devices are linked

 

Security Mgmt - secure ntwk

 

Change Mgmt - smooth, error-free ntwk changes

 

Users - record transactions, authorize, outputs

 

Systems Analysis - determine needs & develop system

 

Progamming - write programs based on ↑


Comp. Operations - run software on comps.

 

IS Library - maintain storage databases

 

Data Control - monitor data flows, ensure authorizations, etc.

Term

Safeguarding info & physical assets

 

Methods

Definition

Creat & Enforce appropriate policies & procedures

 

Maintain accurate asset records

 

Restrict access to assets

 

Protect records & docs. - offsite backups, etc.

Term
Independent Checks
Definition
  • Top-level reviews
  • Analytical reviews
  • Reconcile 2+ independent records
  • Actual Quantities vs. Recorded amounts
  • Double-entry Acctg.
  • Independent review
Term

ERM - #7. Info & Communication

 

Audit Trail

Definition

trace individual transactions through system from

...start → finish

 

Must Understand How:

  1. transactions are initiated
  2. source docs → machine-readable form
  3. files are updated & accessed
  4. data processed
  5. info is reported to in/external users
Term

Systems Development

 

Reasons to change the system (x8)

Definition
  1. Need changes - user, biz, etc.
  2. Technology change
  3. Improved biz process
  4. Competitive Advantage
  5. ↑ Productivity
  6. Growth
  7. ↓ Costs
  8. System Integration & Age
Term

Systems Development Life Cycle (SDLC)

 

Definition

Definition

5-step process used to role out new systems

 

  1. Systems Analysis
  2. Conceptual Design
  3. Physical Design
  4. Implementation & Conversion
  5. Operations & Maintenance
Term

Systems Development Life Cycle (SDLC)

 

1 - Systems Analysis

Definition

Gather info needed to develop new system

 

 

Initial Investigation - is the current system OK? Improvement needed?

 

Systems Survey - Identify info needs

 

Feasibility Study

 

Determine & Deliver system requirements

Term

Systems Development Life Cycle (SDLC)

 

2 - Conceptual Design

Definition

How to meet user needs?

 

 

Identify & Evaluate Design Alternatives - Boxed? Modified? Custom? (Buy, Develop, Outsource?)

 

Develop & Design Specifications - what should the system accomplish

 

Deliver Conceptual Design Requirements 

       → steering committee

Term

Systems Development Life Cycle (SDLC)

 

3 - Physical Design

Definition

Conceptual Design → detailed specs → code/test programs

 

Design outputs, databases, inputs, controls

 

Develop programs & procedures

 

Deliver developed systems

Term

Systems Development Life Cycle (SDLC)

 

Implementation & Conversion

Definition

bring system together...(capstone)

 

  • Develop implementation & conversion plan
  • Install hard/software
  • Test system
  • Train users
  • Documentation
  • Deliver operational system
Term

Systems Development Life Cycle (SDLC)

 

5 - Operation & Maintenance

Definition

use system & modify as needed

 

  • post-implementation review
  • Operate system
  • Modify system
  • Ongoing maintenance
  • Deliver improved system
Term

Systems Development Life Cycle (SDLC)

 

User Roles

Definition

Management

Support, $$$, staff, big-picture decisions

 

Accountants

specify needs

development or steering committee members

design controls & monitor

 

IS Steering Committee - high-level employees

plan & oversee project

↑ goal congruence

 

Project Development Team -full-time on project

Design, test, review, & sell/deliver system

 

System Analysts & Programmers

Analysts - study, design, & prepare new systems

Programmers - code based on ↑ specs


Term

Systems Development Life Cycle (SDLC)

 

Project Development Plan

 

Master Plan

Definition

Project Development Plan

cost/benefit

requirements/needs

schedule of activities

 

Master Plan

long-range of where AIS is headed

system components, development, players, resources

 

Term
Program Evaluation & Review Technique (PERT)
Definition

identifies all activites & their relationships

 

diagram w/ arrows, nodes, & completion estimates

 

more detailed than Gantt Chart

 

Critical Path

path w/ most time to complete

if delayed...the whole project is delayed

Term
Gantt Chart
Definition
[image]
Term
Feasibility Study
Definition

is the project feasible?...should we continue?, etc.

 

  • Economic - cost/benefit
  • Technical - can existing tech build system?
  • Legal
  • Scheduling - timely? on schedule?
  • Operational - are the right ppl building/using system?
Term
Capital Budgeting Model
Definition

basic framework for feasibility studies

 

 

cost savings, other benefits, intial investments...

 

translated → $$$ estimates

 

- ex. -

 

Payback period

NPV, IRR

Term

SDLC - Systems Analysis

 

Systems Survey

Definition

study the present AIS

 

  • understand operations, policies, strengths, weaknesses, available tech, etc.
  • assess current & future needs
  • relationships w/ users... ↑ support
  • identify user needs (interviews, questionnaires, documents, etc.)
Term
Modeling the System
Definition

Physical Model

how a system functions

describes doc. flow, comp. processes, users, etc.

 

Logical Model

what is being done

essential activities

information flow

Term
System Documentation
Definition
describes how the AIS is intended to work
Term
Purchasing Software (x3)
Definition

Canned Software

sold to users w/ similar requirements

 

Turnkey Systems

vendor installation of entire system

sold as a package

 

Application Service Provider (ASP)

web-based software

"rent" the software

Term
Requst for Proposal (RFP)
Definition

invitation to propose a system

 

Large companies → vendors

Term
Evaluating RFPs
Definition

Benchmark Problem

Measure times for RFP solutions to complete tasks

 

Point Scoring

weight categories

give pts. to vendor solutions

 

Requirements Costing

estimate cost of buying components separately

total...provides a basis of comparison to RFP

 

Term
End-User Computing & Development
Definition

hands-on development, use, & control...

 

of comp.-based IS by users

 

Development

users develop their own applications

best for simple projects

Term
Benefits & Risks of End-User Computing
Definition

Benefits

user interaction

meets user needs

timely

versatile

uses fewer resources

 

Risks

development errors

↓ testing

inefficient

poor documentation

system incompatibility

Term
Business Process Reengineering (BPR)
Definition

analysis & redesign of biz processes & IS...

 

to achieve significant performance improvements

 

 

assisted by BPM - Biz Process Mgmt

Term
Prototyping
Definition

approach to system design...

 

a simplified working model of a system is developed

 

 

Used when:

  • users don't fully know needs
  • requirements are hard to define
  • unknown in/outputs
  • un/semi-structured tasks
  • uncertain technology to use
  • system is needed ASAP
Term

Prototyping

 

Advantages & Disadvantages

Definition

Advantages

clarify user needs

↑ user involvement

timely

↓ cost to implement change

 

Disadvantages

takes up a lot of users' time

↓ efficient use of resources

incomplete system development

possible poor behavioral reactions if abandoned

constant development

Term

Prototyping

 

Operational vs. Non-operational

Definition

Operational

Prototype placed into full-use

Controls, efficiency, backup/recovery, etc. added

 

Non-operational (throwaway)

used to identify needs for 2nd-gen system

used as a model

Term
Computer Aided Software Engineering (CASE)
Definition

integrated package of comp-based tools...

 

automate important aspects of the software development process

 

Used to plan, analyze, design, program, & maintain an IS

Term

SDLC - Conceptual Design

 

Conceptual Design Specifications

Definition

Output - what's necessary? how often? online?

 

Data Storage - what's needed to produce reports?  How should if be stored?

 

Input - how?...based on the output

 

Processing Procedures & Operations - how is info processed? frequency?

Term
Conceptual Systems Design Report
Definition

@ end of conceptual design phase

 

  1. guide physical design
  2. communicate how needs will be met
  3. help steering committee assess feasibility
Term
Categories of Outputs (x4)
Definition

Scheduled Reports

prespecified content & format....regularly prepared

 

Special-Purpose Analysis Reports

opposite of scheduled reports

no pre-perscribed guidelines, etc.

 

Triggered Exception Reports

like schedule reports, but only prepared in response to abnormal conditions

 

Demand Reports

like scheduled reports, but only prepared when requested

Term
Structured Programming
Definition

small, well-defined modules

 

↓ complexity, ↑ reliability & modifiability

Term
Hiearchical Program Design
Definition

designing a program...

 

from the top-down (less → more detailed)

Term
Physical Systems Design Report
Definition

summarizes what was accomplished

 

 

serves as the basis for mgmt's decision...

to proceed to implementation phase

Term

SDLC - Implementation

 

Testing the System

Definition

Walk-throughs

step-by-step reviews of procedures or program logic

 

Processing Test Transactions

determines if a program operates as designed

checks transactions to see if they're handled right

 

Acceptance Tests

use copies of real transactions/files vs. hypothetical ones

Term

Systems Conversion

 

Conversion Approaches (x4)

Definition

Direct Conversion

immediately terminates the old AIS when the new one becomes operational

 

Parallel Conversion

operate the old & new AIS simultaneously for a time

ex. - process sales w/ both, compare outputs, & correct problems w/ new AIS

 

Phase-In Conversion

elements of old AIS are gradually replaced by new AIS

ex. - inv. system → disbursements collections

 

Pilot Conversion

implement new AIS in just one part of the org.

ex. - 1 branch location vs. all

Term
Data Conversion
Definition

necessary to transition between systems

 

mgmt. needs info from old & new AIS

 

 

what data should be transferred? presentation? etc.

Term

SDLC - Operation & Maintenance

 

Post-Implementation Review

Definition

performed on new AIS to ensure it meets its planned objectives

 

results placed in post-implemenation review report

 

  • objectives met?
  • users satisfied?
  • actual costs?
  • reliable, accurate, timely?
Term

Systems Reliability

 

5 Principles

Definition
  1. Security
  2. Confidentiality
  3. Privacy
  4. Processing Integrity
  5. Availibility
Term

Systems Reliability

 

#1 - Security

Definition
controlled access to the system & its data
Term

Systems Reliability

 

#2 - Confidentiality

Definition
protect sensitive info from unauthorized disclosure
Term

Systems Reliability

 

#3 - Privacy

Definition

Appropriately...

 

collect, use, disclose, & maintain...

 

customer's personal info

Term

Systems Reliability

 

#4 - Processing Integrity

Definition

data processed accurately, completely, & timely

 

w/ proper authorization

Term

Systems Reliability

 

#5 - Availability

Definition
system is available to meet operational & contractual obligations
Term
3 Fundamental Info Security Concepts
Definition

1) Security is Mgmt's Issue...not a technical one

SOX requirements

mgmt governing policies

 

2) Time Based Model of Security

time it takes to respond to events that get past detective & preventative controls

 

3) Defense in Depth

Multiple control layers to prevent "single-point" failure

↑ redundancy = ↑ effectiveness

Term

Preventative Controls

 

Authentication

Definition
focuses on verifying the identity of the person or device attempting to access the system
Term

Preventative Controls

 

Multifactor Authentication

Definition

requiring 2+ basic authentication controls

 

  1. something you know: passwords, etc.
  2. something you have: ID cards, etc.
  3. biometric identifier: fingerprints, etc.
Term
Authorization
Definition

restricts access of authenticated users to specific portions of the system

 

specifies what actions they can perform

Term
Access Control Matrix
Definition

implements authorization controls

 

table specifying which portions of the system users can access & what they can then do

 

uses compatibility tests to match user credentials vs. matrix to allow access

Term
Border Router & Firewall
Definition

Border Router - connects org IS to internet

 

Firewall - sits behind the border router...protects access to info

Term
Intrusion Prevention Systems (IPS)
Definition

filters designed to identify & drop packets that are part of an attack

 

includes deep packet inspection - firewalls that examine the data w/in an IP packet

Term

Detective Controls

 

Log Analysis

Definition

examining logs to monitor security

 

- ex. -

 

How many times have ppl tried & failed to access system?

 

How frequently are attacks?

Term

Detective Controls

 

Intrusion Detection Systems (IDS)

Definition

logs of ntwk traffic that was allowed to pass firewall

 

...look for attempted & successful intrusions

Term
Encryption
Definition

turns plaintext → ciphertext

 

ciphertext → plaintext = decryption

Term

Computer Emergency Response Team (CERT)

 

&

 

Steps in incident response (x4)

Definition

response team that deals w/ major incidents

  1. Recognition a problem exists
  2. Contain the problem
  3. Recovery
  4. Follow-up...minimize likelihood of similar incidents
Term
Encryption Methods (x2)
Definition

Symmetric Encryption Systems

uses the same key to encrypt/decrypt

 

Asymmetric Encryption Systems

2 encryption keys: public & private

only private key can decrypt

Term
Digital Certificate
Definition

e-document...

 

created & digitally signed by a 3rd party...

 

verifies the identity of the owner of a public key

Term
Digital Signature
Definition

info encrypted w/ the creator's private key

 

created by asymmetrick encryption & hashing

Term

Detective Controls

 

Managerial Reports

Definition

COBIT mgmt guidelines - performance indicators:

 

  • downtime caused by security incidents
  • # of incidents w/ IDS installed
  • time to react

 

Term

Detective Controls

 

Security Testing

Definition

test the effectiveness of existing security procedures:

 

Vulnerability Scans
automated tools
identifies if well-known vulnerabilities exist

 

Penetration Test

authorized attempt to break into an AIS

Term

5 Principles of System Reliability

 

4 Criteria for Successfully Implementation

Definition
  1. Develop & Document...policies
  2. Communicate #1 to users
  3. Use controls to implement policies
  4. Monitor system & correct as needed
Term
Virtual Privacy Network (VPN)
Definition

encrypting info before sending it over the internet

 

 

...provides the functionality of a private network

Term

AICPA/CICA - 10 Best Practices

 

...for protecting privacy of customer info

Definition
  1. Management - set policies
  2. Notice - privacy policies → customers @ collection
  3. Choice/Consent - opt-out vs. opt-in
  4. Collection - only necessary info
  5. Use & Retention - retain only as long as needed
  6. Access - customers can't delete their info
  7. 3rd Party Disclosure - as described w/ equal protection
  8. Security - protect from loss or unauthorized disclosure
  9. Quality - maintain info integrity
  10. Monitoring & Enforcement - verifies compliance w/ privacy policy
Term

Examples of Data Entry Controls

 

...Checks

Definition

Field Check

are characters right?  ###s vs. letters

 

Sign Check

+ vs. -

 

Limit Check

# value < limit

 

Range Check

# value w/in a range

 

Size Check

input data will fit into field

 

Completeness Check

have all required fields been filled?

 

Validity Check

verifies entered data w/ master record

 

Reasonableness Test

Logical relationship...does the entry make sense?

Term

Processing Integrity

 

Source Data Controls

Definition

Form Design

designed to minimize mistakes

 

Pre-Numbered

ensure all docs are included

 

Turnaround Docs

returned from outsiders...machine-readable form

 

Cancellation & Storage

deface doc (void, paid, etc.)

stored securely

 

Authorization & Duty Segregation

only the right ppl have access

no one person has too much access

 

Visual Scanning

"eye check"...docs should make sense


Term
Data Backup (x2 types)
Definition

Incremental Backup

copying only data changed since last backup

results of one day

 

Differential Backup

copies all changes since the last full backup

Supporting users have an ad free experience!