Shared Flashcard Set

Details

Title

I understand why accountants are alcoholics . . .

Description

383 Test 1

Total Cards

148

Subject

Accounting

Level

Undergraduate 3

Created

09/20/2009

Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Accounting Flashcards

Cards Return to Set Details

Term

What are typical transactions found in each business cycle?

- Revenue Cycle

-Expenditure Cycle

-Human Resources/Payroll Cycle

Definition

Revnue Cycle - recieve/answer customer inquiries, take customer orders and enter them in AIS, approve credit sales, check inventory availablility

Expenditure Cycle- Request goods and services purchased, prepare, approve, and send purchase orders to vendors, store goods, recieve vendor invoices

Human Resources/Payroll - Recruit, hire, and train new employees, discharge employees, update payroll records, collect and validate time, attendace, and commission data, prepare and disburse payroll

Term

What are typical transactions found in each business cycle?

- Production Cycle

- Financing Cycle

Definition

Production Cycle- Design products, forecast, plan, and schedule production, request raw materials for production, store finished products

Financing Cycle- Forecaset cash needs, Sell stock/securities to investors, Borrow money from lenders, pay dividends to investors and interest to lenders

Term

Source Document

Definition

Contain the initial record of a transaction that takes place.

Examples, which are usually recorded on preprinted forms, include sales invoices, purchase orders, and employee time cards.

Term

Turn-around Document

Definition

Records of company data sent to an external party and then returned to the system as input.

Prepared in machine-readable form to facilitate their subsequent processing as input records.

Example: utility bill that is sent to the customer, returned with the customer's payment, and read by a special scanning device when it is returned.

Term

Source Data Automation

Definition

Devices that capture transaction data in machine-readable form at the time and place of their origin.

Examples include ATMs used by banks, point-of-sale (POS), scanners used in retail stores, and bar code scanners used in warehouses.

Term

Batch vs. Real-Time Processing

Definition

Batch Processing- Periodic updating of data

-legacy method still used for things like payroll that naturally occur at fixed time periods

-disadvantage- stored data are only current and accurate immediately after the periodic batch updating process

Online, Real-Time Processsing- updating as each transaction occurs

- advantages- more accurate because the system can refuse incomplete or erraneous entries, errors can easily be corrected, ensures that it is always current, thereby increasing its usefulness for making decisions

Term

What is the combination of batch processing and online, real-time processing?

Definition

Online Batch Processing

Term

Describe the four basic data processing operations.

Definition

Creating - adding new data records, such as adding a new emploee to the payroll master file or database after they have been hired

Reading - retrieving or viewing existing data

Updating - data previously stored about the activity, the resources affected b the activity, or the people who performed the activity

Deleting data, such as purging the vendor master file of all vendors that the company no longer does business with

Term

Typical Structure for Chart of Accounts

Definition

-Each account number is usually 3 digits long, each serving a specific purpose

     -First digit- represents the major account categories as they appear on financial statements (current assets, noncurrent assets, liabilities, equity accounts, revnues, expenses, and summary accounts)

     -Second Digit- represents the primary financial subaccounts withineach category (match the order of their apprearance in financial statemens)

     -Third Digit- identifies the specific account to which the transaction data will be posted.

Vary, depending on the nature/purpose of the organization is represents (i.e. partnership will have seperate captial/drawing)

Term

What are the three components of the fraud triangle?

Definition

Opportunity, Rationalization, and Pressure

Term

Describe the Opportunity component of the Fraud Triangle.

Definition

Opportunity is the condition or situation that allows a person or organization to do three things:

`1. Commit the fraud.

(theft of assets, such as cash, inventory, tools, supplies, info, and computer time and services, financial reporting consists of the overstatement of assets or revenues, the understatement of liabilities, or failure to disclose info)

2. Conceal the fraud. (charge to an expense account, using a lapping scheme (Panzi scheme), usuing a kiting scheme (taking advantage of check lagging time)

3. Convert the theft or misrepresentation to personal gain.

Examples that give opportunity: failure to enforce internal controls, no audit trails, too much trust in key employees, large, unusual, or complex transactions, nuumerous adjusting entries at year-end, accounting department understaffed and overworked, failure to teach/stress corporate honesty

Term

Describe the Pressure component of the Fraud Triangle.

Definition

Pressure- a person's incentive or motivation for committing fraud.

3 Types:

1. Misappropriation of assets (employee fraud)

-living beyond ones means, having heavy financial losses, or high personal debt

2. Relates to the emotional feelings or problems of employee

-greed, resentment towards company, feel pay is too low or getting taken advantage of)

3. Person's lifestyle

-support gambling habit, support an addition, keep up pace with other people financially

Term

Describe the Rationalization component of the Fraud Triangle.

Definition

Rationalization- allows perpetrators to justify their illegal behavior

     -justification of one's actions

     -lack of personal integrity

         -"I am only borrowing the money and will repay it"

         -"You would understand if you knew how much I need it"

-"What I did was not that serious"

            -"No one will ever know."

Term

War Dialing

Definition

Dialing thousands of phone lines seraching for idle modems that can be used to enter the system, capture the attached computer, and gain access to the networks(s) to which itt is attached.

Term

War Driving/Rocketing

Definition

Looking for unprotected wireless networks using a car or a rocket.

Term

Masquerading/Impersonation

Definition

Accessing a system by pretending to be an authorized user. The impersonator enjoyes the same privileges as the legitimate user.

Term

Social Engineering

Definition

Techniques that trick a person into disclosing confidential information.

Term

Trap Door

Definition

Entering a system using a back door that bypasses normal system controls.

Term

Shoulder Surfing

Definition

Watching people or listening as they enter or give confidential information.

Term

Zero-Day Attack

Definition

An attack between the time a new software vulnerability is discovered and a software patch that fixed the problem is released.

Term

Salami Technique

Definition

Stealing tiny slices of money over time. An example is increasing expenses by a fraction of a percent and placing those funds in a perpetrator-controlled dummy account.

Term

Round Down Fraud

Definition

Truncating interest calculations at two decimal places. The truncated fraction of a cent is placed in an account controlled by the perpetrator.

Term

Software Piracy

Definition

Illegally copying computer software.

Term

Trojan Horse

Definition

Unauthorized code in an authorized and properly functioning program.

Term

Time/Logic Bombs

Definition

Trojan horses that lie idle until triggered by a specified time or circumstance. Once triggered, the bomb goes off, destroying programs, data, or both.

Term

Virus

Definition

A segment of executable code that attaches itself to softare, replicated itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays a message on the monitor.

Term

Adware

Definition

Using software to collect web-surfing and spending data and forward it to advertising or media organizations. It also causes banner ads to pop up on the computer monitors as the internet is surfed.

Term

Spyware

Definition

Using software to monitor computing habits and send that data to someone else, often without the computer user's permission.

Term

Data Leakage

Definition

Copying company data, such as computer files, without permission.

Term

Data Diddling

Definition

Changing data before, during, or after they are entered into the system.

Term

Phishing

Definition

Sending e-mails requesting recipients to visit a Web page and verify data or fill in missing data. The e-mails and Web sites look like legitimate companies, primaryily financial institutions.

Term

Evil Twin

Definition

A wireless network with the same name as a local wireless access point. The hacker disables the legitimate access point, users unknowingly reconnect to the evil twin, and hackers monitor the traffic looking for useful information.

Term

Key Logging

Definition

Using spyware to record a user's keystrokes.

Term

Packet Sniffing

Definition

Using a computer to find confidential information as it travels the Internet and other networks.

Term

Scavenging and Dumpster Diving

Definition

Searching for confidential corporate or personal information by searching trash cans or scanning the contents of computer memory.

Term

What are the eight interrelated risk and control components of COSO?

Definition

1. Internal Environment

2. Objective Settings

3. Event Identification

4. Risk Assessment

5. Risk response

6. Control Activities

7. Information and Communication

8. Monitoring

Term

Definition of Internal Environment with COSO ERM

Definition

This is the tone or culture of a company and helps determine how risk conscious employees are. It is the foundation for all other ERM components, providing discipline and structure. It is essentially the same thing as the control environment in ther internal control integrated framework.

Term

Components of Internal Environment within COSO ERM.

Definition

1. Management's philosophy, operating style, and risk appetite

2. The board of directors

3. Commitment to integrity, ethical values, and competence

4. Organizational structure

5. Methods of assigning authority and responsiblity

6. Human resource standards

7. External influences

Term

Definition of Objective Setting within the COSO ERM framework.

Definition

ERM ensures that company management puts into place a process to formulate strategic, operations, reporting, and compliance objectives that support the company's mission and that are consistent with the company's tolderance for risk.

Term

Definition of Event within the COSO ERM framework.

Definition

ERM requires management to identify events that may affect the company's ability to implement its strategy and achieve its objectives. Management must then determine whether these possible events represent risks or opportunities.

Term

What are COSO ERM's nine event categories?

Definition

External

    -Economic

    -Natural Environment

    -Political

    -Social

    -Technological

Internal

    -Infrastructure

    -Personnel

    -Process

    -Technology

Term

Common techniques used to identify COSO ERM events.

Definition

- Use comprehensive lists of potential events

- Perform an internal analysis

- Monitor leading events and trigger points

- Conduct workshops and interviews

- Perform data mining and analysis

-Analyze business processes

Term

Definition of Risk Assessment in the COSO ERM framework.

Definition

Identified risks are assessed to determine how to manage them and how they affect the company's ability to achieve its objectives. Qualitative and quantitative methods are used to assess risks in several different ways.

Term

Definition of Risk Response in COSO Erm framework.

Definition

To align identified risks with the company's tolerance for risk, management can choose to avoid, reduce, share, or accept the risks. To select a response, management must ake an entity-wide, view of risk and assess risk likelihood and impact, as well as the costs and benefits of the alternative responses.

Term

Inherent Risk

Residual Risk

Definition

Inherent Risk - the risk that exists before management takes any steps to control the likelihood or impact of a risk

Residual Risk - the risk that remains after management implements internal controls, or some other response to risk

Term

4 Ways to Respond to Risk

Definition

1. Reduce - most effect way to reduce the likelhood and impace of risk is to implement an effective system of internal controls

2. Accept - accept the likelihood and impact of the risk by not acting to prevent or mitigate it

3. Share- Share some of the risk or transfer it to someone else (buy insurance, outsource an activity, enter into hedging transactions)

4. Avoid- Risk is avoided by not engaging in the activity that produces the risk. (sell a division, exit a product line, or not expand as anticipated)

Term

Definition of Control Activities within the COSO ERM framework.

Definition

To implement management's risk responses, control policies and procedures are established and implemented throughout the various levels and functions in the organization.

Term

7 Categories of Control Procedures within COSO ERM framework.

Definition

1. Proper authorization of transactions and activities

2. Segregation of Duties

3. Project Ddevelopment and acquisition controls

4. Change management controls

5. Design and use of documents and records

6. Safeguarding assets, records, and data

7. Independent checks on performance.

Term

Three Components of Accounting Segregation of Duties

Definition

Authorization- approving transactions and decisions

Recording- preparing source documents, entering data into online systems, maintaining journals, ledgers, files or databases, preparing reconcilations, and preparing performance reports.

Custody- handling chas, tools, inventory, or fixed assets; receiving incoming customer checks, writing checks on the organization's bank account.

Term

Information and Communication definition within the COSO ERM framework.

Definition

Information about the company and the various ERM components must be identified, captured, and communicated so employees can fullfill their responsibilities. To be communicated effectively, info must have a means of flowing through all levels and functions in the company and to and from all external parties.

Term

Definition of Monitoring within COSO ERM framework.

Definition

To remain effective, ERM processes must be monitored on an ongoing basis and modified as needed. Monitoring is accomplished with ongoing management activities and separate evaluations. Deficiencies in ERM processes are reported to management.

Term

3 Types of High Level Objectives

Definition

Operations

Reporting

Compliance

Term

Monitor Controls

Definition

On-going Basis- (part of normal routine)- monitoring systems, responibility accounting, effective supervision, fraud detection software, fraud hotline

One-Time Evaluations- "fresh" pair of eyes, internal auditors, engage forensic assessment, critical self-assessment

Term

ERM Framework Vs. Internal Control Framework

Definition

COSO originally examined controls without first examining the purposes and risks of business processes provides little context for evaluating the results, making it hard to know which control sysems are most important, whether they adequately deal with risk, and whether important control systems are missing. Focusing on controls first also causes gias toward past problems and concerns. Long-standing internal control systems often have multiple layers of controls to protect against things that are no longer risks or are no longer important.

COSO recognized this and developed the more comprehensive ERM framework, which takes a risk-based, rather than a controls-based, approach to the organization that is orientated towards the future and constant change. It is more comprehensive, and includes three additional elements: setting objectives, identifying positive and negative events that may affect the company's ability to implement its strategy and achieve those objectives, and developing a response to assessed risk. As a result, controls are flexible and relevant b/c they are linked to current objectives.

Also, ERM model recognizes that risk, in addition to being controlled, can be accepted, avoided, diversified, shared, or transferred.

Term

Similarities of COSO and COSO ERM

Definition

Both concentrate on environment, risk, control activities, monitoring, and information and communication, but COSO ERM addresses risk more.

Term

What does it mean to do risk assessment with a qualitative approach?

Definition

One must analyze whether or not the benefits exceed the costs of the internal control.

It's hard sometimes to quantify, especially when its things such as increased sales and productivity, reduced losses, better integration with customers and suppliers, increased customer loyalty, competitive advantages, and lower insurance premiums.

Costs are usually easier to measure than benefits (because they are number based). Usually it refers to personal, including the time to perform control procedures, the costs of hiring additional employees to follow segregation of duties, etc.

Most use the Expected Loss equation to help.

Expect Loss = Impact x Likelihood

The value of a control procedure is the difference between the expected loss with the control procedure(s) and expected loss without it.

Sometimes use graph to compare impact and likelihood.

Term

Identify segregated duties within a computers system function.

Definition

1. Systems Administration- responsible for ensuring that the different parts of an information system operate smoothly and efficiently.

2. Network Managers- snsure that all applicable devices are linked to the organization's internal and external networks and that the neworks operate continuously and properly

3. Security Management- ensures that all aspects of the system are secure and protected from all internal and external threats.

4. Change Management- These individuals manage all changes to an organization's information system to ensure they are made smoothly and efficiently and to prevent errors and fraud.

5. Users- record transactions, authorize data to be processed, and use system output

6. Systems analysis- helps users determine their information needs and then design an information system to meet those needs

7. Programmers tak ethe design proveded by systems analysts and create an information system by writing the computer programs.

8. Computer operations- run the software on the company's computers. They ensure that data are input properly and correctly processed and needed output is produced.

9. Information system library- maintains custody of corporate databases, files, and programs

10. Data control- ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output.

Term

Internal Control

Definition

the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that assets are safeguarded, records are maintained, info is accurate and reliable, financial reporting follows GAAP, promoting and iprovoing operational efficiency, encouraging adherence to prescribed managerial policies, and complying with applicable laws and regulations.

Term

Preventative Controls

Definition

deter problems before they arise

ex. hiring qualified personnel, appropriately segreating employee duties, and effectively controlling physical access to assets,

Term

Detective Controls

Definition

Needed to discover problems as soon as they arise

ex. duplicate checking of calculations and preparing bank reconciliations and monthly trial balances

Term

Corrective Controls

Definition

remedy control problems that have been discovered. They include procedures taken to identify the cause of a problem, corect resultuing errors or difficultues, and modify the system so that future problems are minimized and eliminated.

ex. maintain backup copies, adhering to procedures to correct data entries

Term

General Controls

Definition

designed to make sure an organization's control environment is stable and well managed.

Ex. information systems management controls, security management controls, IT infrastructure controls, and software aquisition, development, and maintenance control.

Term

Application Controls

Definition

Prevent, detect, and correct transaction errors and fraud. They are concerned with the accuracy, completeness, validity, and authorization of the data caputured, entered into the system, processed, stored, trasmitted to other systems, and reported.

Term

What is the Trust Services Framework?

Definition

Focuses specifically on five aspects of information systems controls and governance that most directly pertain to systems reliability:

1. Security- access to the system and its data is controlled and restricted to legitimate users.

2. Confidentiality- sensitive organization information (e.g., marketing plans, trade secrets, etc.) is protected from unauthorized disclosure.

3. Privacy- personal information about customers is collected, used, disclosed and maintained only in compliance with internal policies and external regulatory requirements.

4. Processing Integrity- data is processed accurately, completely, in a timely manner, and only with proper authorization.

5. Availability- the system and its information is available to meet operational and contractual obligations.

It is not a substitute for COBIT, b/c it only addresses a subset of the issues by COBIT, but it provides a useful means for consolidating COBIT's control objectives to focus on a specific of IT governance that has become relevant because of SOX: systems reliablility.

Term

Four essential criteria for successfuly implementing each of the five principles in the Trust Services framework related to systems reliability.

Definition

1. Developing and documenting policies.

2. Effectively communicating policies to all authorized users.

3. Designing and employing appropriate control procedures to implement policies.

4. Monitoring the system and taking corrective action to maintain compliance with policies.

Term

What is the COBIT framework?

Definition

Provides comprehensive guidance for effectively controlling and managing information systems.

Term

What are the seven criterias of the COBIT framework?

Definition

Seven criterias:

     1. Effectiveness- the information must be relevant and timely.

     2. Efficiency- the information must be produced in a cost-effective manner.

     3. Confidentiality- sensitive information must be protected from unauthorized disclosure.

     4. Integrity- the information must be accurate, complete, and valid.

     5. Availability- the information must be available whenever needed.

     6. Compliance- controls must ensure compliance with internal policies and with external legal and regulatory requirements.

     7. Reliability- management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities

Term

What are the 4 domains of the COBIT framework?

Definition

1. Plan and Organize

2. Acquire and Implement

3. Deliver and Support

4. Monitor and Evaluate

Also, 34 processes and 100+detailed objectives.

Term

Time-based model of security

Definition

focuses on the relationship between preventitive, detective, and corrective controls.

It evaluates the effectiveness of an organization's security by measuring and comparing the relationship among the following three variables:

P= the time it takes an atacker to break through the organization's preventitive controls

D = the time it takes to detect that an attack is in progress

C = the time it takes to respond to the attack

If P > D + C, then the organization's security procedures are effective.

Term

Defense-in-Depth

Definition

The idea of defense-in-depth is to employ multiple layers of controls in order to avoid having a single point of failure.

Term

Authentication

Definition

focueses on verifying the identity of the person or device attempting to access the system.

Can be authenticated by verifying:

1. Something you know (passwords)

2. Something you have (ID cards)

3. Some physical characteristic

Term

Biometric Identifier

Definition

some physical characteristic, such as fingerprints or voice

Term

Multifactor Authentication

Definition

the use of two or all three authentication methods in conjunction

Term

Authorization

Definition

restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform.

Term

Access Control Matrix

Definition

a table specifying which portions of the system users are permitted to access and what actions they can perform

Term

Compatibility Test

Definition

matches the user's authentication credentials against the access control matrix to determine whether that employee should be allowd to access that resource and perform the requested action.

Term

Border Router

Definition

connects an organization's information system to the Internet

Term

Firewall

Definition

special-purpose hardware device or software running on a general purpose computer

Term

Demilitarized Zone (DMZ)

Definition

separate network that permits controlled access from the Internet to selected resources, such as the organization's e-commerce Web server

Term

Transmission Control Protocol (TCP)

Definition

specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original document or file at the destination.

Term

Internet Protocol (IP)

Definition

specifies the structure of those packets and how to route them to the proper destination.

Term

routers

Definition

designed to read the destination address fields in IP packet headers to decide where to send (route) the packets next.

Term

access control list

Definition

determines which packets are allowed entry and which are dropped

Term

static packet filtering

Definition

screens individual IP packets based soley on the contents of the source and/or destination fields in the IP packet header

Term

stateful packet filtering

Definition

maintains a table that lists all established connections betweent the organization's computers and the Internet

Term

deep packet inspection

Definition

firewalls that examine the data in the body of an IP packet can provide more effective access control than those that look only at information in the IP header

Term

intrustion prevention systems (IPS)

Definition

designed to identify and drop packets that are part of an attack

Term

Remote Authentication Dial-In User Service (RADIUS)

Definition

standard method for verifying the identity of users attempting to obtain dial-in access.

Term

Hosts

Definition

workstations, servers, printers, and other devices that comprise the organization's network

Term

Vulnerabilities

Definition

flaws in programs which can be exploited to either crash the system or take control of it

Term

Hardening

Definition

the process of turning off unnecessary program features

Term

Encryption

Definition

the process of transforming normal text, called plain text, into unreadable gibberish, called ciphertext. Encryption is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be elecgronically monitored without the user's knowledge.

Term

Plaintext

Definition

normal text that has not been encrypted.

Term

Ciphertext

Definition

Plaintext that has been transformed into unreadable gibberish through the process of encryption

Term

Decryption

Definition

transforming ciphertext back into plaintext

Term

Key Escrow

Definition

process of storing a copy of an encryption key in a secure location

Term

Symmetric Encryption Systems

Definition

encryption systems that use the same key both to encrypt and to decrypt

Term

Asymmetric Encryption Systems

Definition

Uses two keys, one public and one private

Either the public or private key can be used to encrypt, but only the other key can decrypt the ciphertext

Term

Public Key

Definition

widely distributed and available to everyone

Term

Private Key

Definition

kept secret and known only to the owner of that pair of keys

Term

Hashing

Definition

process that takes plaintext of any length and transforms it into a short code called a hash

differs from encryption in two important aspects

1. encryption always produces ciphertext similar in length to the original plaintext, but hasing always produces a hash that is of a fixed short length, regardless of the length of the original plaintext

2. Encryption is reversible, hashing is not b/c it throws away information

Term

Hash

Definition

shorter code or plaintext

Term

Digital Signature

Definition

information encrypted with the creator's private key.

Term

Digital Certificate

Definition

an electronic document, created and digitally signed by a trusted 3rd party, that certifies the identity of the owner of a particular public key

Term

Public Key Infrastructure (PKI)

Definition

refers tot he system and processes used to issue and manage asymmetric keys and digital certificates

Term

Certificate Authority

Definition

the organization that issues public and private keys and records the public key in a digital certificate

Term

E-Signature

Definition

cursive style imprint of a person's name that is applied to an electronic document

Term

log analysis

Definition

the process of examining logs to monitor security

Term

intrusion detection systems

Definition

create lots of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions

Term

vulnerability scans

Definition

use automated tools designed to identify whether a given system possesses any well-kinown vulnerabilities

Term

penetration test

Definition

authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's info system

Term

computer emergency response team (CERT)

Definition

responsible for dealing with major incidents

Recognize, Contain, Recover, and Follow up on major incidents

Term

exploit

Definition

set of instructions for taking advantage of a vulnerability

Term

patch

Definition

code released by software developers that fixes a particular vulnerability

Term

patch management

Definition

process for regularly applying patches and updates to all software used by the organization

Term

Asymmetric Encryption (How it Works)

Definition

Uses two keys

One key, the public key, is widely distributed and available to everyone, the other key, the private key, is kept secret and known only to the owner of the pair of keys. Either the public or private key can be used to encrypt, but only the other key can decrypt the ciphertext.

Original Text-> Encrypt with Public Key->Decrypt with Private Key-> Original Text

or

Original Text->Encrypt with Private Key->Decrypt with Public Key->Original Text

Term

Symmetric Encryption

Definition

Uses the same key both to encrypt and decrypt.

Key must be kept secret.

Term

What source data controls regulare the integrity of input?

Definition

1. Forms design (how forms are designed so you don't forget info)

2. Cancellation and storage of documents

3. Authorization and segregation of duties.

4. Visual scanning

Term

Field Check

Definition

determines if the characters in a field are of the proper type (ex. if only numbers are supposed to be there and letters are included)

Term

sign check

Definition

determines if the data in a field have the appropriate arithmetic sign (the quanitity of order should never be negative)

Term

limit check

Definition

tests a numberical amount to ensure that it does not exceed a perdetermined value (working 40 hours a week and not 400)

Term

range check

Definition

similar to a limit check except that it has both upper and lower limits

Term

size check

Definition

ensures that the input data will fit into the assigned field

Term

completeness check

Definition

on each input record determines if all required data items have been entered

Term

validity check

Definition

compares the ID code or account number in transaction data with similar data in the master file to verifty that the account exists (checking customer account numbers)

Term

reasonableness test

Definition

determines the correctness of the logical relationship between two data items

Term

check digit verification

Definition

authorized ID numbers can contain a check digit that is computed from the other digits (such as the first nine digits of a number calculate the tenth digit to verify the numbers are right)

Term

sequence check

Definition

tests if a batch of input data is in the proper numerical or alphabetical sequence

Term

error log

Definition

info about data input or data processing errors (date they occurred, cause of the error, date corrected and resubmitted), errors should be investiaged, corrected, and resubmitted on a timely basis and reedited suing the same input validation routine

Term

Batch Totals

Definition

summarize key values for a batch of input records should be calculated

Three commonly used batched totals:

1. Financial Total- sums a field that contains dollar values, such as the total dollar amount of all sales for a batch of sales transactions

2. Hash total- sums a nonfinancial numeric field, such as the total of the quantity ordered field in a batch of sales transactions.

3. Record Count- sums the number of records in a batch

Term

Prompting

Definition

the system requests each input data item an dwaits for an acceptable response- ensures all necessary data is entered

Term

Preformmating

Definition

the system displays a document with the highlighted blank spaces and waits for the data to be entered

Term

closed loop verification

Definition

checks the accuracy of input data by using it to retrieve and display other related info

Term

Processing Controls

Definition

Data Matching- two or more items of data must match before an action can take place

File Labels- need to be checked to ensure that the correct and most current files are being updated (both internal, which are readable by machine, and external, which are read my humans)

    -header record- internal label - located at the beginning of each file and contains the file name, expiration date, and other identification data

    -trailer record- internal label- located at the end of the file and ocntains the batch totals calculated during input

Recalculation of batch totals- batch totals can be recomputed as each transaction record is processed and compared to the values in the trailer record

    -if a financial or hash total discrpancy is evenly divisible by 9, the likely cause is a transposition error, in which two adjacent digits were inadvertly reversed

Write-protection mechanisms- protect against the accidental writing over or erasing of data files stored on magnetic media

Database processing integrity procedures - database administrators, data dictionaries, and concurrent update controls to ensure processing inteigrity.

   -The administrator establishes and enforces procedures for accessing and updating the database.

   -The data dictionary ensures that data items are defined and used consistently.

    -Concurrent update controls protect records from eerors that occur when two or more users atempt to update the same record simultaneously.

Term

Output Controls

Definition

User review of output – Users should carefully examine system output for reasonableness, completeness, and that they are the intended recipient.

Reconciliation Procedures – Periodically, all transactions and other system updates should be reconciled to control reports, file status/ update reports, or other control mechanisms. In addition, general ledger accounts hsould be reconciled to subsidiary account totals on a regular basis.

External Data Reconciliation – Database totals should be periodically be reconciled with data maintained outside the system. Ex: The number of employee records in the payroll file can be compared with the total from human resources to detect attempts to add fictitious employees to payroll database.

Term

Parity Checking

Definition

Computers represent characters as a set of binary digits (bits). When data are transmitted, some bits mayb e lost or received incorrectly due to media disruptions or failures.

To detect them, an extra digit, called a parity bit, is added to every character

Term

Message Acknowledgment Techniques

Definition

1. Echo Check - when data are transmitted, the system calculates a summary statistic as the number of bits in the message, the recieving unit performs the same calculation, and sends the results ot the sending unit, if the counts agree, the transmission was accurate

2. Trailer Record- the sending unit stores control totals in a trailer record. The receiving unit uses that info to verify that the entire message was recieved.

3. Numbered Batches- if a large message is transmitted in segments, each can be numbered sequentially so that the receiving unit can properly assemble the segments

Term

Threats to System Availibility Sources

Definition

·         Minimizing risk of system downtime

·         Disaster recovery and business continuity planning

·         Infrastructure Replacement

·         Documentation

·         Testing

Term

Fault Tolerance

Definition

enabling a system to continue functioning in the event that a particular component fails

Term

Key Controls to Ensure System Availablility

Definition

Minimizing Downtime

Recovery

Term

Uninterruptible Power Supply (UPS)

Definition

system provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down.

Term

backup

resoration

Definition

an exact copy of the most current version of a database, file, or software program

process of installing the backup copy for use

Term

full backup

incremental backup

differential backup

Definition

exact copy of the entire database

involves copying only the data items that hae changed since the last backup (makes individual files for each one)

copies all changes made since the last full backup, each new differential backup file contains the cumulative effects of all activity since the last full backup

Term

Recovery Point Objective (RPO)

Definition

represents the max length of time for which it is willing to risk the possible loss of transaction data

Term

Real-time Mirroring

Check Point

Definition

involves maintaining two copies of the dataase at two separate data centers at all times and updating oth copies in real-time as each transaction occurs

making a copy of the dataase at a point in time during the day

Term

Recovery time ojective (RTO)

Definition

represents the time following a disaster y which the organization's info system must be availale again

Term

Hot Site

Cold Site

Definition

facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities

empty building that is prewired for necessary telephone and internet access, plus a contract with one or more vendors to provide all necessary computer and other office equipemtn within a specified period of time-leaves the org wihtout the use of its information system for a period of time

Term

Organizational Management Controls

Definition

organizations constantly modify their info systems to reflect new business practices and to take advantage of advances in info technology, controls are needed to ensure that such changes do not negatively affect systems reliaility. It also necessary to modify existing controles related to the principes of security, confidentiality, privacy, processing integrity, and availability to maintain their effectiveness after implementing the changes to tech and operating procedures.

Include: change requests should be documented and follow a standardized format that clearly identifies the nature of the change, the reason, and the date of it, should be approved by management, should be thoroughly tested prior to implementation, documentation should be updated, emergency changes documented, backout plans should be developed, user rights and privileges need to be carefully monitored during the change process to ensure segregation of duties

Flashcard Machine - create, study and share online flash cards

Shared Flashcard Set

Details

Additional Accounting Flashcards

Cards Return to Set Details

My Flashcards

Flashcard Library

Browse

About

Help

Mobile