2. Internal Controls

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Types of Controls

-Access controls -Application controls -Electronic access controls -General controls -Input controls -Physical access controls -Processing controls

Types of Risks

-Financial risk -Information risk -Operating risk -Strategic risk -Validity check

Flowchart

A chart that depicts some aspect of a system. May be a system flowchart of a program flowchart.

Batch Total

A total of a field in a transaction that might normally be added, such as dollar amounts.

Hash Total

A total of a field in a transaction that would not normally be added, such as a total of employee numbers.

Validity Check

A validation step performed on a data element to ensure that it is in a valid code table, such as product numbers, or that the data is within an appropriate range or that the data is otherwise valid in combination with other data elements.

Threat

Any eventuality that represents a danger to an asset or capability linked to hostile intent.

Biometrics

Authentication techniques that rely on measurable physical characteristics that can be automatically checked.

Backup

Cold site and Hot site

General Controls

Controls over data center operations, system software acquisition and maintenance, access security, and application system development and maintenance.

Application Controls

Controls that apply to the processing of individual transactions and are built into the application itself.

Access Controls

Controls that limit access to program documentation, data files, programs, and computer hardware to those who require it in the performance of their job responsibilities. Include physical access controls and electronic access controls.

Segregation of Duties

Dividing responsibilities for different portions of a transaction (authorization, recording, and custody) among several different people/departments. In an IT environment, normally revolves around granting and/or restricting access to production programs and data.

Physical Access Controls

Encompass the physical security of IT assets, including access to facilities and access to programs and data.

Check Digit

Exist when some kind of technique is used to compute a digit to add to an existing number and other programs use the same computation when that number is used.

Vulnerability

For business information systems, a characteristic of a design, implementation, or operation that renders the system susceptible to a threat.

Backup - Cold Site

For disaster recovery - an off-site location that has all the electronic connections and other physical requirements for data processing, but does not have actual equipment. Usually require a few days to become operational. Normally utilize general hardware that can be readily and quickly obtained from hardware vendors.

Backup - Hot Site

For disaster recovery - offsite location that is "completely" equipped to "immediately" take over the company's data processing. Backup copies of essential files and programs may also be maintained at the location or a nearby storage facility. Personnel need to be shipped to the facility to load backup data on standby equipment.

Electronic Access Controls

Non-physical controls over access to data and application programs such as user identification codes, assignment and maintenance of security levels, file attributes, firewalls, etc.

Processing controls

Programmed controls that verify that all transactions are processed correctly during file maintenance.

Input Controls

Programmed controls that verify that transaction data is valid, complete, and accurate.

Strategic Risk

Risk of choosing inappropriate technology.

Operating Risk

Risk of doing the right things in the wrong way.

Financial Risk

Risk of having financial resources lost, wasted, or stolen.

Information Risk

Risk of loss of data integrity, incomplete transactions, or hackers. If a network system that is connected to the internet does not have a firewall, hackers could enter the system and corrupt or destroy data.

Audit Software

Software that is used for audit purposes such as generalized audit software package.


Ensembles d'études connexes

arth 190c exam 2 keywords/concepts

View Set

Exam 3 - Capital Budgeting Quizlet

View Set

BrainPop States of Matter Quiz Part 2 - (Watch Video) - https://www.brainpop.com/science/matterandchemistry/statesofmatter/

View Set

8% CHAPTER 8: Property Rights: Estate and Tenancies, Condominiums, Cooperatives, and Time-Sharing

View Set

chapter 3 oceanography mastering questions

View Set

BIO 106 Exam 2 - Questions based off LBLs

View Set

Differentiating Business Entities - Chapter 12

View Set