BEC 4A
Decoding
is converting encrypted data back to readable data.
Mapping
is establishing correspondence between the system and standard data elements.
Examples of centralized databases are:
- Microsoft Access - DBMS (database management systems) - integrated master files.
The four broad areas that Trust Services criteria are grouped into:
- Monitoring - Policies - Communication - Procedures
Key elements of a management information system (MIS) include
- Timeliness - Accuracy - Consistency - Relevance
Characteristics of source data control:
- requiring all source documents to be properly authorized - restricting source document preparation - prenumbering all documents.
Intranet
- are private networks that behave in much the same manner as the internet. - They are subject to higher security risks but are less costly to operate than local or wide area networks. - a local or restricted communications network, especially a private network created using World Wide Web software. - it can be accessed using conventional hardware and software that works with the World Wide Web (internet)
Some advantages of decentralized data processing facilities are:
- decentralization increases direct access by users -standalone capabilities are distributed to points of need -participation is increased in designs and use - the ability to share computing power, which decreases the significance of system failure.
To successfully implement systems reliability principles, a company must:
- develop and document a comprehensive set of control policies before designing and implementing specific control procedures (not vice versa). - effectively communicate policies to all employees, customers, suppliers, and other authorized users. All users should be sent regular, periodic reminders about security policies and be trained in how to comply with them. - design and employ appropriate and cost-beneficial control procedures to implement the policies. - monitor the system and take corrective action to maintain compliance with policies. Internal audit review and approval is not required prior to taking corrective action.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)'s internal control objectives would include:
- effectiveness and efficiency of operations - reliability of financial reporting - compliance with applicable laws and regulations.
COBIT (Control Objectives for Information and related Technology)
- is an integrated framework for internal control for information technology systems. - It assists with the design and implementation of control activities for 34 processes and four domains using information technology resources (such as applications and people) that help ensure business goals and requirements (such as confidentiality and reliability) are met.
Characteristics that make information useful for decision making:
- relevant - faithfully represented - comparable - timely - understandable - verifiable
Accounting Information System (AIS) has five primary objectives:
1) Identify and record all valid transactions 2) Properly classify transactions 3) Record transactions at their proper monetary value, not fair market value 4) Record transactions in the proper accounting period 5) Properly present transactions and related disclosures in the financial statements (Failing to disclose a lawsuit or a contingent liability could mislead the reader of a financial statement.)
The five core risk principles of Service Organization (SOC) 2
1) Security: The system is protected against unauthorized physical and logical access to prevent or minimize the theft, improper use, alteration, destruction, or disclosure of data and software. 2) Availability: The system is available for operation and use as committed or agreed. Refers to the system, product, or service being available for operation and used as committed or agreed to by a contract or service level agreement (SLA) 3) Processing integrity: System processing is complete, accurate, timely, and authorized. 4) Confidentiality: Information designated as confidential is protected as committed or agreed. 5) Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity's privacy notice and with criteria set forth in GAAP.
Blockchain
A digitized, decentralized, public ledger of all cryptocurrency transactions is a - A blockchain is a shared ledger where transactions are permanently recorded by appending blocks - The blockchain serves as a historical record of all transactions that ever occurred, from the genesis block to the latest block, hence the name blockchain.
Distributed data processing
A network of computers located ("distributed") throughout an organization's different facilities and linked to a centralized computer to fulfill information ("data") processing needs
____ are anonymous and allow payment for purchases from websites.
Cryptocurrencies, such as bitcoins
Neural network systems
Deal with statistical truths rather than literal truths. A neural network is a computer system designed to recognize images and classify them according to the elements they contain, which works on a system of probability—based on data fed to it, it is able to make statements, decisions, or predictions with a degree of certainty. The addition of a feedback loop enables "learning"; by sensing or being told whether its decisions are right or wrong, the computer system modifies the approach it takes in the future.
Data-mining technology
Helps examine large amounts of data to discover previously unknown information and patterns - With data-mining software, companies can sift through all the chaotic and repetitive noise in data, pinpoint what is relevant, use that information to assess likely outcomes, and then accelerate the pace of making informed decisions. - Data mining can identify trends and outcomes that are not easily identifiable by looking at higher-level or summary data.
Business processes are comprised of
Inputs, outputs, actors, and activities
Big Data
Often defined by the three "V's": - Volume - Velocity - Variety
Advantages of an EDI system:
Reduced errors, costs, and processing time
Engaging in traditional electronic data interchange (EDI) provides
Reduced likelihood of stockout costs - EDI should automatically initiate a purchase order to restock before a stockout occurs.
database utilization primary objectives
Reduction of data redundancy and associated costs - Storage of data will occur in multiple files regardless of whether or not a database is used. Minimizing the occurrences of data elements within the files is the key to data organization. - By using a logical view of data, access differences by application programs should be transparent to the programs and programmers. - Utilization of a database will increase complexity of data processing.
Intended users of a Service Organization Control (SOC) 2 reports are:
Restricted and are only for parties that are knowledgeable about the nature of the service provided by the service organization.
Availability
This principle pertains to security-related criteria that may affect availability, monitoring such items as network performance and availability, site failover, and security incident handling.
An information system should
Transform data into information, not the other way around. Once data is collected, it is the job of the information system to transform that data so it can be used by management to make decisions.
___ is a risk which is higher in an EFT environment.
Unauthorized access
Local Area Network (LAN)
a computer network that covers a small area - is a communication network, "locally" distributed, i.e., within a single office, and linked by cables which allows each unit to communicate with the others.
Primary Key
a field that uniquely identifies a record in a table - It uniquely identifies a specific row or record in a table.
relational database
a primary key uniquely identifies a specific row in a table
Revenue Cycle
activities associated with selling goods and services in exchange for cash or a future promise to receive cash - is a recurring set of business and data processing activities associated with selling goods and services to customers in exchange for cash. - The revenue cycle produces information that is used by other accounting cycles, including the expenditure, production/conversion, and payroll cycles, as well as the financial reporting cycle.
Audit trail
allows the auditor to follow a single transaction from inception to recording in the appropriate journal or general ledger. A record of network and sender/recipient acknowledgments in an EDI system would allow the auditor to track a transaction through the system to its ultimate recording. This information would allow the auditor to test controls over such transactions. While message directories, contingency plans, and trading partner security are important to the internal controls of an electronic data interchange, they are not elements of the audit trail.
The use of electronic systems prohibits unauthorized transactions from occurring. It prepares
appropriate, numbered documents and provides an audit trail with totals and subtotals that can be used for independent checks and reconciliations.
Relational databases
are flexible and useful for unplanned, ad hoc queries, do store data in table form, and are maintained on direct access devices.
Value-added networks (VANs)
are telecommunication networks providing communication facilities, enhancing basic telecommunication services by passing, storing, and converting messages using enhanced security techniques. - Value-added networks transmit data to trading partners with additional conversion and auditing steps
Translation
changes computer code from one language to another.
Transaction File
contain data about transactions over a specific period of time - example of a transaction file is a sales journal
The functions of a database administrator are:
database design, database operation, and database security.
Electronic commerce (e-commerce)
derives most of its benefits from savings in clerical costs and transaction processing time. - This is made possible mainly by electronic data interchange (EDI).
Protocols for labeling data files include:
external labels containing contents and date processed, external labels requiring file names, and internal labels containing volume labels that identify the data recording medium.
Intended users of a Service Organization Control (SOC) 1 reports are:
for management of the service organization, user entities, and user auditors - is on the controls at a service organization relevant to user entities' internal control over financial reporting
Intended users of a Service Organization Control (SOC) 3 reports are:
have no restrictions and can be distributed to anyone.
Enterprise resource planning (ERP) system
integrate all aspects of a company's operations in its information system. Such systems integrate financial and nonfinancial operating data, and collect data from external sources.
Database management system (DBMS)
is a specialized computer program that manages and controls data and the interface between data and the application programs. - application independent and does not actually run application programs. - A DBMS allows concurrent use of data, provides access and identification security, and permits users to access information from the database.
Foreign Key
is an attribute in a table that is also a primary key in another table
Closed-loop verification
is an online data entry control
Online Processing
is interactive real-time processing (compared to batch processing) in which the user is in direct communication with the computer, which processes transactions as soon as they are entered.
Customer relationship management (CRM)
is preferably a cloud-based system that stores customer and prospect contact information, accounts, leads, and sales opportunities in one central database (not multiple locations and databases), available to all departments in a business, such as sales, customer service, accounting, marketing, and business development.
Transmission Control Protocol/Internet Protocol (TCP/IP)
is the basic communication language or protocol of the internet that may also be used as a communications protocol in private networks such as intranets.
Database Schema
is the design on which a database and its associated applications are built - is "a view of the entire structure of the database" - It is "the organizational chart showing how the database is structured." - The database schema shows all elements of the database and areas of responsibility of individuals.
Electronic data interchange (EDI)
is the exchange of documents in standardized electronic form between different entities in an automated manner directly from a computer application in one entity to an application in another.
Schema
is unrelated to unique attributes and is used to describe the logical structure of a database.
Encryption
is used to prevent interception of data and to store data so that others cannot read it.
Conceptual-level schema
lists all data elements and the relationships between them.
A strategic information system
provides information that may allow an organization to make strategic, competitive decisions. - Transaction processing systems support basic routine business functions. - An office automation system is used by clerical personnel to process existing information. - Decision support systems process semi-structured and unstructured problems.
Logical and physical access controls
relate to how the service organization implements logical and physical access controls that serve to prevent unauthorized access and protect data assets.
System operations
relate to how the service organization manages the operation of system(s) and detects and mitigates processing deviations, including logical and physical security deviations.
Change management
relates to how service organizations evaluate and determine necessary changes in infrastructure, data, software, and procedures, which gives them the ability to securely make changes and prevent unauthorized changes.
Risk Mitigation
relates to how the service organization identifies, selects, and develops risk mitigation activities arising from potential business disruptions and the use of vendors and business partners.
B2B (business-to-business)
selling merchandise or services from one business to another - A recent development in the acquisition and sale of manufacturing resources is "business-to-business" (B2B) commerce. B2B uses the internet and electronic data interchange technology.
Public Cloud
services offered over the internet. - Customers pay through advertisements or the resources that they consume
Access on a need-to-know basis means
that access is authorized only as is required for employees to perform authorized job functions. - Individual accountability means that individuals with access to data are responsible for the use and security of data obtained via their access privileges. - Just-in-time means arranging delivery of inventory or materials as close to the time they would be incorporated into products as is possible rather than maintaining large quantities of inventory or materials. - Management-by-exception means spending managerial time on exceptional conditions on the grounds that attending to exceptions is a better approach to management than spending time on the transactions or processes that are operating in their normal ranges.
Information systems are composed of
the information technology infrastructure, the software used to process the organization status, and the people who operate the system and perform its various functions.