Shared Flashcard Set

Details

Accounting Information Systems – C242
Accounting Information Systems – C242
194
Accounting
Undergraduate 4
07/31/2017

Additional Accounting Flashcards

 


 

Cards

Term
system
Definition
Two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system.
Term
goal conflict
Definition
When a subsystem’s goals are inconsistent with the goals of another subsystem or the system as a whole.
Term
goal congruence
Definition
When a subsystem achieves its goals while contributing to the organization’s overall goal.
Term
data
Definition
Facts that are collected, recorded, stored, and processed by a system.
Term
information
Definition
Data that have been organized and processed to provide meaning and improve decision-making.
Term
Information technology (IT)
Definition
The computers and other electronic devices used to store, retrieve, transmit and manipulate data.
Term
information overload
Definition
Exceeding the amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information.
Term
Data differ from information in which way?
Definition
Information is output, and data are input
Term
Characteristic that makes information useful
Definition
- It is reliable.
- It is timely.
- It is relevant
Term
What is a primary activity in the value chain?
Definition
post-sales service
Term
Which transaction cycle includes interactions between an organization and its suppliers?
Definition
expenditure
Term
A means by which information improves decision making?
Definition
-reduces uncertainty
-provides feedback about the effectiveness of prior decisions
-identifies situations requiring management action
Term
In the value chain concept, upgrading IT is considered what kind of activity?
Definition
support activity - Technology activities, including investing in IT, are considered a support activity.
Term
In which cycle does a company ship goods to customers?
Definition
revenue cycle [The revenue cycle involves interactions between an organization and its customers, such as shipping them goods.]
Term
Which of the following is a function of an AIS?
Definition
transforming data into useful information [This is one of the primary functions of an AIS.]
Term
A firm, its suppliers, and its customers collectively form which of the following?
Definition
supply chain [The supply chain is made up of the firm, its suppliers, and customers.]
Term
A report telling how well all approved vendors have performed in the prior 12 months is information that is MOST needed in which business process?
Definition
acquiring inventory [Companies want to acquire inventory from companies that have performed well in the past. A vendor performance report would disclose whether the vendor shipped inventory on time, whether the inventory was of the requested quality, whether the prices were as agreed upon, etc.]
Term
value of information
Definition
The benefit provided by information less the cost of producing it.
Term
business process
Definition
A set of related, coordinated, and structured activities and tasks, performed by a person, a computer, or a machine that help accomplish a specific organizational goal
Term
transaction processing
Definition
Process of capturing transaction data, processing it, storing it for later use, and producing information output, such as a managerial report or a financial statement
Term
transaction
Definition
An agreement between two entities to exchange goods or services, such as selling inventory in exchange for cash; any other event that can be measured in economic terms by an organization.
Term
give-get exchange
Definition
Transactions that happen a great many times, such as giving up cash to get inventory from a supplier and giving employees a paycheck in exchange for their labor.
Term
five major business processes or transaction cycles:
Definition
Revenue Cycle, Expenditure Cycle, Production or conversion cycle, HR/payroll cycle and Financing cycle
Term
general ledger and reporting system
Definition
Information-processing operations involved in updating the general ledger and preparing reports for both management and external parties.
Term
accounting information system
Definition
A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures.
Term
There are six components of an AIS:
Definition
1. The people who use the system
2. The procedures and instructions used to collect, process, and store data
3. The data about the organization and its business activities
4. The software used to process the data
5. The information technology infrastructure, including the computers, peripheral devices, and network communications devices used in the AIS
6. The internal controls and security measures that safeguard AIS data
Term
These six components enable an AIS to fulfill three important business functions:
Definition
1. Collect and store data about organizational activities, resources, and personnel. Organizations have a number of business processes, such as making a sale or purchasing raw materials, which are repeated frequently.
2. Transform data into information so management can plan, execute, control, and evaluate activities, resources, and personnel.
3. Provide adequate controls to safeguard the organization’s assets and data
Term
A well-designed AIS can add value to an organization by:
Definition
1. Improving the quality and reducing the costs of products or services
2. Improving efficiency
3. Sharing knowledge
4. Improving the efficiency and effectiveness of its supply chain
5. Improving the internal control structure
6. Improving decision making
Term
predictive analysis
Definition
The use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities.
Term
value chain
Definition
Linking together of all the primary and support activities in a business. Value is added as a product passes through the chain.
Term
primary activities
Definition
Value chain activities that produce, market, and deliver products and services to customers and provide post-delivery service and support.
1. Inbound logistics consists of receiving, storing, and distributing the materials an organization uses to create the services and products it sells. For example, an automobile manufacturer receives, handles, and stores steel, glass, and rubber.
2. Operations activities transform inputs into final products or services. For example, assembly line activities convert raw materials into a finished car.
3. Outbound logistics activities distribute finished products or services to customers. An example is shipping automobiles to car dealers.
4. Marketing and sales activities help customers buy the organization’s products or services. Advertising is an example of a marketing and sales activity.
5. Service activities provide post-sale support to customers. Examples include repair and maintenance services.
Term
Support activities allow the five primary activities to be performed efficiently and effectively. They are grouped into four categories:
Definition
Value chain activities such as firm infrastructure, technology, purchasing, and human resources that enable primary activities to be performed efficiently and effectively.
1. Firm infrastructure is the accounting, finance, legal, and general administration activities that allow an organization to function. The AIS is part of the firm infrastructure.
2. Human resources activities include recruiting, hiring, training, and compensating employees.
3. Technology activities improve a product or service. Examples include research and development, investments in IT, and product design.
4. Purchasing activities procure raw materials, supplies, machineries, and the buildings used to carry out the primary activities.
Term
supply chain
Definition
An extended system that includes an organization’s value chain as well as its suppliers, distributors, and customers
Term
data processing cycle
Definition
The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information.
Term
source documents
Definition
Documents used to capture transaction data at its source – when the transaction takes place. Examples include sales orders, purchase orders, and employee time cards.
Term
turnaround document
Definition
Records of company data sent to an external party and then returned to the system as input. Turnaround documents are in machine-readable form to facilitate their subsequent processing as input records. An example is a utility bill.
Term
source data automation
Definition
The collection of transaction data in machine-readable form at the time and place of origin. Examples are point-of-sale terminals and ATMs.
Term
general ledger
Definition
A ledger that contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization.
Term
subsidiary ledger
Definition
A ledger used to record detailed data for a general ledger account with many individual subaccounts, such as accounts receivable, inventory, and accounts payable.
Term
control account
Definition
A title given to a general ledger account that summarizes the total amounts recorded in a subsidiary ledger. For example, the accounts receivable control account in the general ledger represents the total amount owed by all customers. The balances in the accounts receivable subsidiary ledger indicate the amount owed by each specific customer.
Term
The following guidelines result in a better coding system. The code should:
Definition
● Be consistent with its intended use, which requires that the code designer determine desired system outputs prior to selecting the code.
● Allow for growth. For example, don’t use a three-digit employee code for a fast-growing company with 950 employees.
● Be as simple as possible to minimize costs, facilitate memorization and interpretation, and ensure employee acceptance.
● Be consistent with the company’s organizational structure and across the company’s divisions
Term
general journal
Definition
A journal used to record infrequent or nonroutine transactions, such as loan payments and end-of-period adjusting and closing entries.
Term
specialized journals
Definition
A journal used to record a large number of repetitive transactions such as credit sales, cash receipts, purchases, and cash disbursements.
Term
audit trail
Definition
A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from output to point of origin. It is used to check the accuracy and validity of ledger postings and to trace changes in general ledger accounts from their beginning balance to their ending balance.
Term
The four different types of data processing activities, referred to as CRUD, are as follows:
Definition
1. Creating new data records, such as adding a newly hired employee to the payroll database.
2. Reading, retrieving, or viewing existing data.
3. Updating previously stored data. Figure 2-4 depicts the steps required to update an accounts receivable record with a sales transaction. The two records are matched using the account number. The sale amount ($360) is added to the account balance ($1,500) to get a new current balance ($1,860).
4. Deleting data, such as purging the vendor master file of all vendors the company no longer does business with.
Term
batch processing
Definition
Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted into some sequence (such as numerically or alphabetically) before processing.
Term
What are the steps in the data processing cycle?
Definition
data input, data storage and data processing
Term
All of the information (name, GPA, major, etc.) about a particular student is stored in the same ______.
Definition
record
Term
What would contain the total value of all inventory owned by an organization?
Definition
general ledger
Term
What is most likely to be a general ledger control account?
Definition
accounts receivable
Term
What document is most likely to be used in the expenditure cycle?
Definition
receiving report
Term
What are most likely to be a specialized journal?
Definition
sales journal, cash receipts journal and cash disbursement journal
Term
How does the chart of accounts list general ledger accounts?
Definition
the order in which they appear in financial statements
Term
Records of company data sent to an external party and then returned to the system as input are called ______.
Definition
turnaround documents
Term
Recording and processing information about a transaction at the time it takes place is referred to as ....
Definition
online, real-time processing
Term
Flowcharting symbols are divided into four categories,
Definition
1. Input/output symbols show input to or output from a system.
2. Processing symbols show data processing, either electronically or by hand.
3. Storage symbols show where data is stored.
4. Flow and miscellaneous symbols indicate the flow of data, where flowcharts begin or end, where decisions are made, and how to add explanatory notes to flowcharts.
Term
internal control flowchart
Definition
Used to describe, analyze, and evaluate internal controls, including identifying system strengths, weaknesses, and inefficiencies.
Term
A DFD is a representation of
Definition
flow of data in an organization
Term
Documentation methods such as DFDs, BPDs, and flowcharts save both time and money, adding value to an organization.
Definition
True -A picture is worth a thousand words: Many people learn more and learn it more quickly by studying the DFD, BPD, or flowchart of a system than by reading a narrative description of the same system
Term
A document flowchart emphasizes the flow of documents or records containing data
Definition
True: The reason it is called a document flowchart is that it shows the flow of documents or records containing data
Term
DFDs help convey the timing of events
Definition
True: DFDs show data movement, but not necessarily the timing of the movement
Term
A DFD consists of the following four basic elements: data sources and destinations, data flows, transformation processes, and data stores. Each is represented on a DFD by a different symbol.
Definition

The four elements of DFDs are

Square: Data sources and destinations

Arrow: Data flows

Circle: Transformation processes

Equal sign: Data stores

Triangle/hazard sign: Internal control

Term
All of the following are guidelines that should be followed in naming DFD data elements
Definition

-Process names should include action verbs such as update, edit, prepare, and record.

-Data element names should reflect what is known about the element

-Active and descriptive names should be used in naming data elements

Term
The documentation skills that accountants require vary with their job function. However, all accountants should at least be able to do which of the following?
Definition
Read documentation to determine how the system works. [All accountants should at least be able to read and understand system documentation.
Term
A flowchart is an analytical technique used to
Definition
describe some aspect of an information system in a clear, concise, and logical manner
Term
Flowcharts use a standard set of symbols to
Definition
describe pictorially the flow of documents and data through a system
Term
Flowcharts are easy to prepare and revise when the designer...
Definition
utilizes a flow-charting software package. [There are a number of good flow-charting software packages that make it easy to draw and modify flowcharts.]
Term
What flowchart illustrates the flow of data among areas of responsibility in an organization?
Definition
document flowchart [A document flowchart traces the life of a document from its cradle to its grave as it works its way through the areas of responsibility within an organization.]
Term
All of the following are recommended guidelines for making flowcharts more readable, clear, concise, consistent, and understandable
Definition
-Divide a document flowchart into columns with labels.
-Design the flowchart so that flow proceeds from top to bottom and from left to right.
-Show the final disposition of all documents to prevent loose ends that leave the reader dangling.
Term
How are data sources and destinations represented in a data flow diagram?
Definition
as a square
Term
The relational data model portrays data as being stored in __________.
Definition
tables (The relational data model portrays data as being stored in a table or relation format.)
Term
How a user conceptually organizes and understands data is referred to as the __________
Definition
logical view (The logical view shows how a user conceptually organizes and understands data.)
Term
What is each row in a relational database table called?
Definition
tuple (A tuple is also called a row in a relational database.)
Term
What is an individual user’s view of the database?
Definition
external-level schema (The external-level schema represents an individual user’s view of the database
Term
What would managers most likely use to retrieve information about sales during the month of October?
Definition
DQL (DQL—data query language—is used to retrieve information from a database.)
Term
What attributes would most likely be a primary key?
Definition
supplier number (A unique number can be assigned as a primary key for each entity.)
Term
What is a software program that runs a database system?
Definition
DBMS (A DBMS—database management system—is a software program that acts as an interface between a database and various application programs.)
Term
The constraint that all foreign keys must have either null values or the value of a primary key in another table is referred to as which of the following?
Definition
referential integrity rule (The referential integrity rule stipulates that foreign keys must have values that correspond to the value of a primary key in another table or be empty.)
Term
What attributes in the Cash Receipts table (representing payments received from customers) would most likely be a foreign key?
Definition
customer number (Customer number would be a foreign key in the Cash Receipts table and would link the Cash Receipts table to the Customer Table.)
Term
Internal controls perform three important functions:
Definition
Preventative controls
Detective controls
Corrective controls
Term
Internal controls are often segregated into two categories:
Definition
General controls and Application controls
Term
COBIT 5 is based on the following five key principles of IT governance and management
Definition
1. Meeting stakeholders needs
2. Covering the enterprise end-to-end
3. Applying a single, integrated framework
4. Enabling a holistic approach
5. Separating governance from management
Term
COBIT 5: The 32 management processes are broken down into the following four domains:
Definition
1. Align, plan, and organize (APO)
2. Build, acquire, and implement (BAI)
3. Deliver, service, and support (DSS)
4. Monitor, evaluate, and assess (MEA)
Term
Enterprise Risk Management—Integrated Framework (ERM)
Definition
A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control—Integrated.
Term
The basic principles behind ERM are
Definition
● Companies are formed to create value for their owners.
● Management must decide how much uncertainty it will accept as it creates value.
● Uncertainty results in risk, which is the possibility that something negatively affects the company’s ability to create or preserve value.
● Uncertainty results in opportunity, which is the possibility that something positively affects the company’s ability to create or preserve value.
● The ERM framework can manage uncertainty as well as create and preserve value.
Term
An internal environment consists of the following:
Definition
1. Management’s philosophy, operating style, and risk appetite
2. Commitment to integrity, ethical values, and competence
3. Internal control oversight by the board of directors
4. Organizational structure
5. Methods of assigning authority and responsibility
6. Human resource standards that attract, develop, and retain competent individuals
7. External influences
Term
Expected loss =
Definition
Impact × Likelihood The value of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it.
Term
Control procedures fall into the following categories:
Definition
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Project development and acquisition controls
4. Change management controls
5. Design and use of documents and records
6. Safeguarding assets, records, and data
7. Independent checks on performance
Term
The updated IC framework specifies that the following three principles apply to the information and communication process:
Definition
1. Obtain or generate relevant, high-quality information to support internal control
2. Internally communicate the information, including objectives and responsibilities, necessary to support the other components of internal control
3. Communicate relevant internal control matters to external parties
Term
COSO’s internal control integrated framework has been widely accepted as the authority on internal controls.
Definition
The internal control integrated framework is the accepted authority on internal controls and is incorporated into policies, rules, and regulations that are used to control business activities
Term
All other things being equal, this is true regarding preventive and detective controls
Definition
Preventive controls are superior to detective controls
Term
To achieve effective segregation of duties, certain functions must be separated. what is the correct listing of the accounting-related functions that must be segregated?
Definition
authorization, recording, and custody
Term
Examples of independent checks
Definition
-Bank reconciliation
-Periodic comparison of subsidiary ledger totals to control accounts
-Trial balance-top level analytical review
Term
What is a control procedure relating to both the design and the use of documents and records?
Definition
sequentially prenumbering sales invoices (Designing documents so that they are sequentially prenumbered and then using them in order is a control procedure relating to both the design and the use of documents.)
Term
What is the correct order of the risk assessment steps?
Definition
Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits.
Term
The Trust Services Framework organizes IT-related controls into five principles that jointly contribute to systems reliability:
Definition
1. Security—access (both physical and logical) to the system and its data is controlled and restricted to legitimate users.
2. Confidentiality—sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
3. Privacy—personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
4. Processing Integrity—data are processed accurately, completely, in a timely manner, and only with proper authorization.
5. Availability—the system and its information are available to meet operational and contractual obligations.
Term
time-based model of security
Definition
Implementing a combination of preventive, detective and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised.
Term
P = D = C =
Definition
P = the time it takes an attacker to break through the organization’s preventive controls D = the time it takes to detect that an attack is in progress C = the time it takes to respond to the attack and take corrective action
Term
If P > D + C
Definition
then the organization’s security procedures are effective. Otherwise, security is ineffective.
Term
What is a preventive control?
Definition
training (Training is designed to prevent employees from falling victim to social engineering attacks and unsafe practices such as clicking on links embedded in e-mail from unknown sources.)
Term
The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called ________.
Definition
authorization (Authorization is the process of controlling what actions—read, write, delete, etc.—a user is permitted to perform.)
Term
A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) ________.
Definition
vulnerability (A vulnerability is any weakness that can be used to disable or take control of a system.)
Term
What is a corrective control designed to fix vulnerabilities?
Definition
patch management (Patch management involves replacing flawed code that represents a vulnerability with corrected code, called a patch.)
Term
What is a detective control?
Definition
penetration testing (Penetration testing is a detective control designed to identify how long it takes to exploit a vulnerability.)
Term
Change controls are necessary to
Definition
maintain adequate segregation of duties.
Term
Changes should be tested in a system...
Definition
separate from the one used to process transactions
Term
“Emergency” changes need to be documented...
Definition
once the problem is resolved
Term
What techniques is the most effective way for a firewall to protect the perimeter?
Definition
deep packet inspection (Deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code.)
Term
What combinations of credentials is an example of multifactor authentication?
Definition
a PIN and an ATM card (The PIN is something a person knows, the ATM card is something the person has.)
Term
Difficulties accountants have experienced using the traditional systems development life cycle?
Definition
-AIS development projects are backlogged for years.
-Changes are usually not possible after requirements have been frozen
-The AIS that is developed may not meet their needs
Term
Companies that buy rather than develop an AIS must still go through the systems development life cycle.
Definition
True [Purchasing a system still requires a company to follow the systems development life cycle of analyzing, designing (conceptual and physical), and implementing a new system. Otherwise, the company risks not purchasing the right system for its needs.]
Term
As a general rule, companies should buy rather than develop software if they can
Definition
find a package that meets their needs
Term
Companies can hope to find a package ____ that meets their needs
Definition
there is a greater likelihood that canned software can be found that meets user needs.
Term
A company should not attempt to develop its own custom software unless
Definition
experienced, in-house programming personnel are available and the job can be completed less expensively on the inside
Term
As a general rule, a company should develop custom software
Definition
only when it will provide a significant competitive advantage.
Term
When a company is buying large and complex systems, vendors are invited to submit systems for consideration. What is such a solicitation called?
Definition
request for proposal
Term
To compare system performance, a company can create a data processing task with input, processing, and output jobs. This task is performed on the systems under consideration and the processing times are compared. The AIS with the lowest time is the most efficient. What is this process called?
Definition
benchmarking
Term
what is NOT a benefit of outsourcing
Definition
It offers a great deal of flexibility because it is relatively easy to change outsourcers
Term
What is a true statement with respect to prototyping
Definition

In the early stages of prototyping, system controls and exception handling may be sacrificed in the interests of simplicity, flexibility, and ease of use. 

A prototype is a scaled-down, first-draft model that is quickly and inexpensively built and given to users to evaluate.

The first step in prototyping is to identify system requirements. 

Term
What is NOT an advantage of prototyping?
Definition
adequately tested and documented systems
Term
What are two traits of useful information?
Definition
Accessibility & Reliability
Term
Businesses must pay a variety of taxes.
Definition
Sales tax-Point-of-purchase rate tables
Payroll tax-Total wage expense
Sales tax-Total sales
Term
Which events are part of the revenue cycle?
Definition
Taking orders from customers, shipping finished goods, and depositing payments in the bank
Term
Which three actions are part of the revenue cycle?
Definition
Receiving and answering customer inquires
Approving credit sales of finished goods
Initiating back orders for finished goods that are out of stock
Term
In which two ways does an accounting information system (AIS) safeguard assets?
Definition
By requiring a correct password to be entered to access the company network
By providing tools to alert managers when an unauthorized user attempts to use assets
Term
Improves the effectiveness of the supply chain
Definition
A function that informs a supervisor when manufacturing production performance falls below standards
Term
Improves the internal control structure
Definition
A function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees
Term
Improves the quality and reduces the costs of products or services
Definition
A function that provides up-to-the-minute information about inventory items that are low in stock
Term
A patio furniture store uses its accounting information system to allow salespeople to check the inventory level of an item at the main warehouse.
Definition
By improving knowledge sharing
Term
How can an accounting information system be used for the value chain activity of operations?
Definition
By transforming inputs into final products or services
Term
Which step in the data processing cycle relies on coding techniques, such as sequence codes and block codes, to organize data in ledgers?
Definition
Data storage
Term
Which action improves data accuracy during the data input process?
Definition
Using pre-numbered source data
Term
Which two methods improve the accuracy and completeness of data that is entered into an accounting information system (AIS)?
Definition
Using pull-down menus on the data input screen
Using point-of-sale scanners to capture machine-readable data
Term
How does an audit trail work in an accounting information system?
Definition
By capturing a transaction’s path through the data processing system
Term
Which two guidelines result in a better coding system for storing data in an accounting information system (AIS)?
Definition
The coding system should be consistent with the company’s organizational structure.
The coding system should take into consideration expected company growth.
Term
Which two activities occur during the accounts receivable file updating process?
Definition
Adding a transaction amount to a customer’s account balance
Comparing the customer’s new balance to the customer’s credit limit
Term
Which type of accounting information system (AIS) output is a gross margin analysis by product line?
Definition
A report
Term
Which action is a function of an enterprise resource planning (ERP) system?
Definition
Integrating a company’s business processes with a traditional accounting information system
Term
Which two tasks are part of the process of auditing computer-based information systems?
Definition
Evaluating evidence in a systematic manner
Providing recommendations for improvement
Term
Which task do information systems auditors perform when they audit transaction processing?
Definition
Testing the accuracy of data edit routines
Term
Which two issues do information systems auditors look for when they audit security provisions?
Definition
Proper procedures for assigning user IDs
Effective use of data encryption
Term
What are two advantages of purchasing or renting an accounting information system (AIS)?
Definition
The company can test-drive the system.
Software upgrades are automated.
Term
What is a benefit of a well-designed computer input screen?
Definition
It reduces data entry errors and omissions
Term
Which task is part of the selecting and training personnel step of implementing an accounting information system (AIS)?
Definition
Experimenting with the new system in a controlled environment
Term
Which two recommendations are included in a post-implementation review report?
Definition
Improvements to the new system
Improvements to the development process
Term
Why is system documentation created?
Definition
To help during transitions of information technology employees
Term
Which tool shows the flow of bills of lading and packing slips between the shipping department and the accounts receivable department?
Definition
A document flowchart
Term
Which tool is useful when analyzing internal control procedures?
Definition
Document flowchart
Term
How is cross-functional analysis a database benefit?
Definition
It allows data relationships to be defined so that management reports can be easily prepared
Term
A database contains data that can be used by many authorized users.

Which benefit of a database does this example describe?
Definition
Data sharing
Term
What is the difference between a conceptual-level schema and an internal-level schema?
Definition
A conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database.
Term
What is the difference between a primary key and a foreign key in a database?
Definition
A primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables.
Term
How can information sharing between customers and suppliers contribute to information system failures?
Definition
Customers and suppliers having access to each other’s systems and data can lead to breaches in confidentiality.
Term
Why is data in an Internet-based system sometimes not protected as well as data in a centralized computer system?
Definition
Companies fail to completely understand the control and protection implications of moving to an Internet-based system.
Term
Which two types of functions do internal controls provide?
Definition
Detective
Corrective
Prevenative
Term
What is the function of a corrective control?
Definition
To remedy problems after they occur in an information system
Term
COSO’s enterprise risk management framework
Definition
It uses a three-dimensional model.
Term
COSO’s internal control framework
Definition
It contains only five components.
Term
COBIT framework
Definition
It consolidates control standards from 36 sources into a single framework
Term
When employees start working at a company, they are given a formal job description and a policy and procedures manual. The manual includes the company’s vision statement and code of conduct and explains the expected business practices and procedures used at the company. The job description and manual communicate components of this company’s internal environment.

Which two components do they communicate?
Definition
Methods of assigning authority and responsibility
Commitment to integrity, ethical values, and competence
Term
What is an inherent risk?
Definition
A risk that exists before internal controls are instated
Term
What are cost-effective controls?
Definition
Controls that offer a higher risk reduction benefit than the controls cost
Term
What is the formula to calculate expected loss?
Definition
Impact x likelihood
Term
A company has a policy that all purchase orders $100,000 or greater be approved by the controller prior to being entered into the accounting system.

Which category does this control procedure relate to?
Definition
Proper authorization of transactions and activities
Term
Which 6 tools are project development and acquisition controls?
Definition
1. Steering committee
2. A strategic master plan
3. Project development plan
4. data processing schedule
5. System performance measurements
6. Post implementation review
Term
What is one purpose of the COBIT framework?
Definition
To provide assurance that data produced by an information system is reliable
Term
Which action is an example of a social engineering technique?
Definition
Calling a newly hired assistant and pretending to be an employee who needs help obtaining files
Term
Which step does an attacker perform when conducting research for the purpose of penetrating an information system?
Definition
Finds out the vulnerabilities of the software that the company is using
Term
What does an attacker do when scanning and mapping a target information system?
Definition
Identifies computers that can be remotely accessed
Term
Which tool is an example of a preventive information security control?
Definition
Network access passwords
Term
Which preventive control is designed to stop an attacker from installing a hardware-based keystroke logging device on a computer?
Definition
A physical access control
Term
Which tool is used to identify system vulnerabilities?
Definition
Security testing
Term
Which two security controls detect intrusions?
Definition
Log analysis
Security testing
Term
A company has a procedure that installs updates to all of its security programs and operating systems on a monthly basis.

Which type of corrective control does this scenario describe?
Definition
Patch management
Term
Who designs and implements procedures that prevent attackers from penetrating a company’s accounting information system (AIS)?
Definition
The chief information security officer
Term
What is the purpose of information rights management (IRM) software?
Definition
It controls access to sensitive data.
Term
What is identity theft?
Definition
Unauthorized use of someone’s personal information for the perpetrator’s benefit
Term
What is the process of data encryption?
Definition
Transforming plain text into gibberish
Term
Which type of processing integrity control includes using turnaround documents?
Definition
Input controls
Term
A company’s cash clearing account is debited for the gross value of the weekly accounts payable check run. The cash clearing account is then credited as each amount is allocated to the correct expense account. The cash clearing account should have a zero balance after both sets of entries have been made.

Which type of IT control is employed in this scenario?
Definition
Processing control
Term
Which activity in the revenue cycle involves picking and packing a customer order?
Definition
Shipping
Term
Which action does a company take during the customer order process in the revenue cycle?
Definition
It checks and approves customer credit.
Term
Which activity in the expenditure cycle has the threat of discrepancies between the quoted price and the actual price charged?
Definition
Approving supplier invoices
Term
During which step in the expenditure cycle could an incorrect posting to accounts payable occur?
Definition
Approving supplier invoices
Term
A company changes to a lean manufacturing process to minimize inventories in the manufacturing plant.

Which activity of the production cycle will this impact the most?
Definition
Production operations
Term
What three objectives of cost accounting?
Definition
1. Providing product data to be used for making pricing decisions
2. Collecting information to calculate the cost of goods sold
3. Provide info for planning control and evaluating performance of production objectives
Term
Which activities are part of the human resources management (HRM)/payroll cycle?
Definition
1.Tracking the job assignments of each employee at a company
2. Recruiting/hiring
3. Training
4. Compensation/payroll
5. Performance Evaluations
6. Discharge
Term
Which threat applies to the human resources management (HRM)/payroll cycle?
Definition
Disclosing confidential salary information
Term
Which two steps are part of the human resources management (HRM)/payroll cycle?
Definition
Adding new employees to the master database
Recording rate changes for employees who have received raises
Term
Which threat to the payroll process applies to the disbursement of payroll?
Definition
Wages being issued to a fictitious employee
Term
Which control is applied to the payroll preparation step of the payroll cycle?
Definition
Comparing hash totals of employee numbers
Term
Preventative IT solutions:
Definition
Antimalware controls
Network access controls
Device and software hardening controls
Encryption
Term
How to mitigate risk of attack
Definition
Preventative controls:
People, process, IT solutions, physical security, and change controls and change management
Detective controls:
Log analysis
Intrusion detection systems
Penetration testing
Continuous monitoring
Term
Business process diagram basic symbols
Definition
Circle-start/begining
Bold Circle-End
Rounded rectangle-Activity in process
Diamond-Decision
Arrow-flow
Broken arrow-annotation information
Supporting users have an ad free experience!