Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
BEC 7
Info Technology
| Question | Answer |
|---|---|
| Which system assists w/ nonroutine decisions, serves strategic levels of the organization, & helps answer ? regarding what a co’s competitors are doing, as well as identifies new acquisitions that would protect the co from cyclical business swings? | Executive support system |
| Decision support system | deals w/ data and decision models, more routine transactions |
| Optimizing functionality and process costs, management of change, productivity, and compliance with policies andprocedures are goals related to which category described by COBIT 5 | There are 4 types of goals. the best one for this question is Internal |
| Financial goals (1 of 4 goals related to COBIT 5) | Safe guarding of assets , value of business investments that the Co has made |
| Learning and Growth (1 of 4 goals related to COBIT 5) | well trained personnel, are personnel motivated, are the employees going to help us meet our goals |
| According to COBIT 5, covering the enterprise from end-to-end means that COBIT 5 | Integrates governance of enterprise IT with enterprise governance and management. |
| advantage of EDI (electronic data interchange) | it eliminates the need for human intervention & can be mote efficient than other systems. when inventory is ordered auto @ point of reordered , it eliminates gaps & shortens bus. cycle. PMTS R mad & rec. auto which can reduce A/R balances. |
| EDI (electronic data interchange) adds to complexity of auditing(bad) | -communication w/out paper trail -electronic funds transfers & sales over internet -simplification of recording process using scanning services -sending info to trading partners as transactions occur |
| Which of the following characteristics distinguish electronic data interchange (EDI) from other forms of electronic commerce? | EDI transactions are formatted using strict standards that have been agreed to worldwide. |
| Which of the following allows customersto pay for goods or services from a website while maintaining financial privacy? | Cryptocurrency |
| Which of the following describes the primary purpose of a disaster recovery plan? | To specify the steps required to resume operations- which includes how data will be backed up, location, recover data, to test how well prepared the CO is are all apart of the PRIMARY purpose. |
| what terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site but has not been stocked with equipment. | Cold site |
| what terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site and has been stocked with equipment. | Hot site |
| General controls in an information system include each of the following, except a. Information technology infrastructure. b. Security management. c. Software acquisition. d. Logic tests. | d. Logic tests. (general controls relate to the entire computer system not just a particular application) |
| What is a hash total? | Number that is meaningless |
| Passenger 1 & passenger 2 R booking separately on an airline website for the last available seat on a flight. 1 presses the enter key a few seconds before passenger 2, thus locking out passenger 2 and obtaining the last seat. This is ex of the control? | Concurrent update control |
| Capacity check method of control | is a physical control- making sure you have enough storage on computer |
| Check digit method of control | ex: checking employee ID |
| Sequence check method of control | Ex: sequential- like checking check numbers check 1 check 2 and etc. |
| Reasonableness check method of control | or limit check would say - were inputting what? If hours worked then ex: there shouldn't be more than 8 hours worked per day would be a limit/reasonableness check to make sure total number shouldn't exceed what it should be. |
| A systems engineer is developing the input routines for a payroll system. Which of the following methods validates the proper entry of hours worked for eachemployee? a. Check digit. b. Capacity check. c. Sequence check. d. Reasonableness check. | d. Reasonableness check. |
| An auditor most likely would test for the presence of unauthorized computer program changes by running a a. Program with test data. b. Check digit verification program. c. Source code comparison program. d. Program that computes control totals | c. Source code comparison program. (ran to identify/view changes) |
| Process data w/ use of simulated files provides an auditor w/ info about the operating effectiv. of control policies & procedures, 1 tech involved uses -Controlled reprocessing -integrated test facility -Input validation -Program code checking | integrated test facility |
| Controlled processing method | uses actual data |
| Which of the following is the primary advantage of using a value-added network (VAN)? | It provides increased security for data transmissions. |
| Test data approach to testing an accounting system | Under test data approach, the accountant will run both valid & invalid conditions through a client's computer sys The test data need only consist of the items that the auditor is interested in testing and does not have to include all possible conditions |
| Some truths of the Test data approach to testing an accounting system | Test data are processed by the client's computer programs under the auditor's control, The test data need consist of only those valid and invalid conditions that interest the auditor., & Only one transaction of each type need be tested |
| What is the primary objective of data security controls? | 2 ensure that storage media R subject 2 authorization prior 2 access, change & destruction. data security controls is to protect the data, which means make sure that the data is stored properly & is protected for unauthorized change/ destruction |
| According to COBIT 5, covering the enterprise from end-to-end means that COBIT 5 | Integrates governance of enterprise IT with enterprise governance & applying the systems for the governance & management of IT applying to all components of the enterprise that are involved in the processing of information, internally or externally. |
| Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords? A.) Collusion B.) Data entry errors C.) Failure of server duplicating function D.) Firewall vulnerability | Firewall vulnerability Firewalls can restrict access to information systems by users. Requiring employee use of passwords helps ensure that only authorized individuals can access the information system. |
| A distributed processing environment would B most beneficial N A.) Large volumes of data R generated @ many locations & fast access is required B.) Large volumes of data R generated centrally & fast access is not required C.) Small volumes of data | Large volumes of data are generated at many locations and fast access is required |
| A distributed processing environment is one in which | various processes R performed separately by the people assign 4 them N their area & R integrated into a central sys. It is most beneficial when large volumes of data R generated @ many locations & fast access is required this process avoids time delay w/ |
| To obtain evidence that user identification and password controls are functioning as designed, an auditor would most likely | Examine a sample of assigned passwords and access authority to determine whether password holders have access authority incompatible with their other responsibilities. |
| Which is an advantage of a computer-based system 4 transaction processing over a manual sys? A computer-based sys -Does not require as stringent a set of internal controls -Will produce a more accurate set of fin stmts -Will B more efficient @ produ | Will be more efficient at producing financial statements |
| (4) "v" of Big Data | Volume(how big is data?), Velocity(how fast is data being generated?), Variety(What is the structure & format of data?), & Veracity(is the data accurate , precise, & trusted?) |
| Variety structures (3) of Big data | structured (spreadsheets), Semi structures(tagged HTML), &Unstructured (raw-text/video/photos) |
| Data Analytics | to make decisions/draw conclusions |
| Purpose of Data Analytics | Solve problems, manage risk, inc. market share, inc. other operational efficiencies/effectiveness, analyze changing trends & consumer behavior |
| Types of Data Analytics(4) | Descriptive (what happened?), Diagnostic (Why?), Predictive (future- should happen?), & Prescriptive (desired results) |
| According to COBIT 5, covering the enterprise from end-to-end means that COBIT 5: | Integrates governance of enterprise IT with enterprise governance and management. |
| Which of the following describes the primary purpose of a disaster recovery plan? | To specify the steps required to resume operations |
| Cloud computing can best be defined as a model that | Allows organizations to use the Internet to access and use services and applications that run on remote third-party technology infrastructure. |
| the primary advantage of using a value-added network (VAN)? | It provides increased security for data transmissions. |
| Using microcomputers in auditing may affect the methods used to review the work of staff assistants because | Working paper documentation may not contain readily observable details of calculations. |
| Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system? | Independently verify the transactions, Independent verification of transactions will be the most effective control activity in reducing the risk of incorrect processing in a newly installed computerized accounting system. |
| the greatest risk regarding an entity’s use of electronic data interchange (EDI)? | Improper distribution of EDI transmissions, Under an EDI system, data is transmitted electronically, creating the risk that data may be inadvertently transmitted to an unauthorized or inappropriate user. |
| A value-added network | routes data transactions between trading partners. A value-added network is used to link different companies’ computer files together, helping to facilitate transactions between the trading partners. |
| best defines electronic data interchange (EDI) transactions? | Electronic business information is exchanged between two or more businesses. Electronic Data Interchange (EDI) is the electronic exchange of information for business transactions between two or more businesses’ computer networks. |
| A local area network (LAN) | consists of a group of computers, usually @ the same location, that R linked together 2 enable users 2 share peripheral devices, programs, & data 2 enable this sharing, the computers must have a means of transmitting data to 1 another through common media |
| A manufacturing company that wanted to be able to place material orders more efficiently most likely would utilize? | Electronic data interchange (EDI) is a process of communication between suppliers and customers. EDI uses strict communication standards, encryption, and access controls to ensure orders are placed and processed as expected. |
| The biggest difference between batch processing and online real-time processing is | the time lag, If batch procc. occurs 2/week, the weekly A/R aging report will B inaccurate by collections & new sales of a few days, @ most. Assuming that the batch processing is done immediately before the month-end, the monthly general ledger ba/. will |
| Closed-loop verification(control) | uses input data to find and display other related information. regarding a customer For instance, after a customer’s ID is entered, the customer’s name is displayed—allowing the data entry clerk to recognize and correct the mistake. |
| Checksum(control) | (or check digit) is a digit embedded in an ID#, calc by a pre-determined algorithm; if digits R entered incorrectly, the program recognizes the ID is invalid w/o having 2 confirm that it is assigned 2 any customer, inventory item, etc. ,would allow a prog |
| Field check(control) | confirms that the field of a record holds appropriate, but not necessarily accurate, info. EX:in a date-sold field, "a" would not be appropriate. A field check would not distinguish between 2 valid customers 2 confirm that the pmts were apply 2 right acct |
| Completeness test(control) | confirms that each field of a record or each record of a batch is entered, not that it is entered correctly. |
| What item would be most critical to include in a systems specification document for a financial report? | Data elements needed, A systems specification document details what the program will do and how it will operate. These specifications include the data elements needed for the program to operate properly. |
| Many entities use the Internet as a network to transmit electronic data interchange (EDI) transactions. An advantage of using the Internet for electronic commerce rather than a traditional value-added network (VAN) is that the Internet. | Permits EDI transactions to be sent to trading partners as transactions occur. |
| The use of message encryption software | Increases system overhead, Encryption software encodes messages so that they can only be read by those knowledgeable about, or with a key to, the code. It increases security and, since it is not cost free, adds to system overhead. |
| steps in the development of a business continuity plan Reasons why | By conducting a bus-impact analysis, planners can ensure that all essential functions R identified so those functions R the ones that R maintained by the plan. Critical personnel can't B identified until the procedures 2 B performed R detailed. An emergen |
| steps in the development of a business continuity plan | 1.) conducting a bus-impact analysis(ensure that all essential functions R identified) 2.) identify critical personnel 3.) create an emergency contact list 4.) priorities are assigned to functions 5.) recovery procedures are designed |
| Closed loop verification | is a means by which two parties can verify their identity to enable safe access to data |
| Authentication validation | involves applying tests to data to make certain it is valid. |
| Segregation control testing | is performing tests to make certain that incompatible functions are not inappropriately being performed by the same party or parties. |
| Disaster recovery planning | Testing an alternate ‘hot site’ by switching all processing to an alternate site and verifying connectivity and functionality from the site is most likely to be part of disaster recovery planning. |
| Transaction processing system (TPS) | A transaction processing system is a system for performing routine functions, such as the recording of payroll. |
| Matching | One data analytics technique used to compare data from various sources to identify unexpected differences |
| Sorting | One data analytics technique used to rank a category of data by type, class, percentage, and other qualifiers to identify outliers |
| Trend analysis | One data analytics technique used to compare aggregate totals over time to identify patterns |
| Ratio analysis | One data analytics technique used to calculate ratios for the purpose of discovering relationships among financial and nonfinancial data. |
| An online sales order processing system most likely would have an advantage over a batch sales order processing system by | Enabling shipment of customer orders 2 B initiated as soon as the orders R rec, In an online sys, the inputting of transaction & the updating of journals & ledgers R immediate & simultaneous. In a batch system there R time delays. By using an online sys, |
| Systems Development Life Cycle (SDLC) | Steps: |
| In which of the following phases of computer system development would training occur? | Training should occur during the implementation phase. Training would be ineffective before this because there would be no complete system. |
| data backup should be stored | In a secure off-site location to protect it from theft, sabotage, and natural disasters that affect both the original and backup data. |
| an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation? | Performance of audit tests on a continuous basis, In an environment in which fin data is predominantly in electronic form & w/o paper documentation, the auditor would be concerned as much w/ the sys as w/ individual transactions. |
| A primary goal of IT governance | is to balance risk versus return over IT & its processes, IT gov supports the broader entity objectives, including profitability. A governance system that cripples or bankrupts the IT function is as bad as no governance system. To be most effective, |
| Engaging in traditional electronic data interchange (EDI) provides which of the following benefits? | A traditional EDI commonly utilizes an inventory program which can be used to automatically send an order to a supplier when quantities in stock of an item drop below a certain level. This functionality reduces the likelihood of stock-out costs. |
| electronic data interchange (EDI) and relationship with audit trails | tends to reduce, rather than enhance audit trails, since communication is done electronically without supporting documentation in many cases. |
| electronic data interchange (EDI) and relationship with communication between customer and supplier | enhances communication between customer and supplier but does not guarantee that a customer will make payment. Being technologically advanced may entice new partners but that is not a primary benefit of using EDI. |
| To properly control access to accounting database files, the database administrator should ensure that database system features are in place to permit: | Access only to authorized logical views, Database sys features that permit access only to authorized logical views would be effective in preventing unauthorized views of controlled files. |
| The systems development life cycle has seven steps as follows(7): | (1) the planning phase (2) the analysis phase; (3) the design phase; (4) the development phase (5) the testing phase (6) the implementation phase & (7) the maintenance phase. |
| integrated test facility approach(computer-assisted auditing technique) | the auditor will run fictitious transactions through the client’s system along with the client’s data, to make certain that it is receiving the same treatment and enabling the auditor to compare results to expected results. |
| Parallel simulation (computer-assisted auditing technique) | Parallel simulation involves running the client’s data through an auditor developed software package. The auditor can compare the results to the client’s results to see if the client’s system processed the data similarly. |
| Input controls examples: | input controls matrix, monitoring of data entry, field check, validity check, & check digit |
| The test data approach(computer-assisted auditing technique) | involves running data compiled by the auditor through the client’s IT sys, under the auditor’s control, data will include certain errors & B used 2 determine if the client’s IT sys will deal w/ them, test data will only include errors the auditor wishes 2 |
| Business intelligence (BI) refers to | the technologies & applications used by entities 2 extract both internal & external data in order 2 gain insights 4 strategic planning & informed decision-making. |
| Business intelligence Technologies (3 types) | Cloud computing, Storage, & Software Applications |
| Business intelligence Technologies - Storage | Data warehouse, Data mart, & Data lake |
| Business intelligence Technologies - Cloud Computing | storage, processing on 3rd party infrastructure, & web-based applications |
| Business intelligence Technologies - Software Applications | Data analytics/visualization tools, dashboards, machine learning |
| Controlled reprocessing(computer-assisted auditing technique) | involves running client data threw client’s program, using the auditor’s computer 2 verify the program provided 2 the auditor is same as used 2 process the client’s data, then auditor can run test data threw program 2 verify that it is operating properly |
| statements is correct regarding the Internet as a commercially viable network? | Organizations must use firewalls if they wish to maintain security over internal data, When using the Internet as a commercial network, an entity must be concerned about access to CO info by unauthorized users. This may be min. by the use of firewalls. |
| A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses an EDP system is that the auditor may | Access information stored on computer files while having a limited understanding of the client's hardware and software features |
| primary function of a database management system | Capability to create and modify the database, The primary function of a database management system (DBMS) is its ability to access, summarize, create and modify information contained in an electronic database. |
| A digital signature is used primarily to determine that a message is | Unaltered in transmission, Digital signatures are used on files and emails to verify that the information sent is unaltered in transmission. Digital signatures can be used to verify the sender of a message and its content, but not the recipient. |
| An enterprise resource planning (ERP) system is designed to | Integrate data from all aspects of an org’s activities, ERP is a packaged bus software sys that allows an org 2 automate & integrate the majority of its bus processes, share common data & practices across the orgs, & produce & access info in a real-time e |
| The computer operating system performs scheduling, resource allocation, and data retrieval functions based on a set of instructions provided by the | Job control language, |
| electronic data interchange (EDI) system most important internal control function? | Preventive controls R more important than detective controls N EDI sys, Preventive controls R more significant than detective controls N any sys b/c they R critical in the prevention of errors & fraud. Detective controls assist N detecting errors that can |
| Parity check | It is a hardware control that makes certain that each piece of data, or data byte, has the appropriate odd or even number of data components, or data bits |
| Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment? | Operating systems and compilers, A systems programmer is responsible for updating and maintaining operating systems and compilers. |
| On-line analytical processing systems | enable users to interactively analyze data through operations such as consolidation, drill-down, and slicing and dicing. |
| Limit test (control designed to ensure reliability & accuracy of data processing) | is designed to assure that all input falls within an appropriate range for the applicable data. If the data falls outside of the range (for example, a birth date before 1900), the input will not be accepted. |
| validity check (control designed to ensure reliability & accuracy of data processing) | is designed to match data input to a list located in a permanent file. If the data doesn't match the list, the data is rejected. |
| essential elements of the audit trail in an electronic data interchange (EDI) system? | Network and sender/recipient acknowledgments, provide documentation of the existence of a transaction that becomes part of the audit trail. |
| What is the primary advantage of using an application firewall rather than a network firewall? | It provides additional user authentication, allow additional user authentication features that protect programs & data. Application firewalls generally offer more control over application access, but R more expensive & difficult 2 implement |
| In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator? | Managing remote access, A network administrator should oversee the day-to-day operations of the business’s networks |
| overreliance(risk of IT environment-during Audit) | which is the risk that results will be accepted when it is the output of an IT system despite a lack of clear support, is a risk associated with an IT environment. |
| System conversion approaches | Entities must carefully consider the risk, cost, and time constraints imposed by each type of sys conversion approach: Parallel, Pilot, Phased, & Direct . |
| System conversion approaches level of risks associated with implementation of systems | Parallel & Pilot have the same level of risk then the Phased appraoch has the next level of risk & direct has most risk associatied with implementation |
| Most client/server applications operate on a three-tiered architecture consisting of which of the following layers? | Desktop client, application, and database |
| A company wants to protect its IT system from unauthorized users accessing the system. Which of the following controls would best serve to mitigate this risk? | A biometric device, “reads” a physical aspect (face, fingerprint, eye, etc.) of an authorized user and compares it to a copy on file. It is like a password, except it need not be remembered and is not typed. |
| Programmed edit checks | are designed to check redorded data to make certain that it is in the proper form. Inappropriate data is rejected and a report indicating exceptions is usually generated. |
| What is the correct ascending hierarchy of data in a system? | Character, field, record, file, A single character is the smallest data element. A group of related characters make up a field. A record is a collection of related fields. A file is a collection of related records. |
| A gauge chart | Illustrates the current status in achieving a fin goal or target, (AKA dial charts) represent the current performance point/level against a predefined goal EXa gauge chart can show where a COstands in lowering days outstanding in A/R from 60 to 30 days |
| Which one of the following artificial intelligence information systems cannot learn from experience? | Rule-based expert systems, A rule-based expert system is programmed to simply carry out programming commands which are pre-determined by the programmer(s). Because of this, a rule-based expert system is not designed to “learn” from prior experience |
| Authentication techniques: | Iris reader, fingerprint reader, facial recognition, & smart card reader |
| Multifactor authentication (MFA) | requires 2 or more independent methods of identification. EX: a smart card uses 2-way verification by requiring that the users insert their cards into a slot and either punch in their (PINs) or use their fingerprints to gain access to information. |
| Multimodal authentication | s similar to MFA but requires 2 or more diff types of biometric measures used simultaneously. Biometrics establish a person's identity using a person's unique attributes (eg, chemical, behavioral, or physical), creating a strong internal control that pre |
Created by:
tiffany17ann