IT
In building an electronic data interchange (EDI) system, what process is used to determine which elements in the entity's computer system correspond to the standard data elements?
"Mapping" entails determining which data elements used by the entity correspond to the standard data elements.
Phase 1: Planning
- Evaluate the need for a new or improved information system by defining the problem the organization faces - What business objective would this new system address? Align strategies and resources with proposed system. - Feasibility analysis
Edge enabled devices
Any piece of hardware that controls data flow at the boundary, or edge, between two networks
Which of the following configurations of elements represents the most complete disaster recovery plan? A Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team B Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan C Off-site storage procedures, identification of critical applications, test of the plan D Vendor contract for alternate processing site, names of persons on the disaster recovery team, off-site storage procedures
B Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan
Which of the following items would be most critical to include in a systems specification document created in the planning phase? A Cost-benefit analysis B Data elements needed C Training requirements D Change management considerations
B Data elements needed This lays the foundation for developing the specification document and would need to be known before developing any communication change management considerations, training requirements, or cost/benefit analysis.
What activity is least likely to occur during the analysis stage of system development? A Determine user information needs B Develop program specifications C Evaluate the current system D Identify problems in the current system
B Develop program specifications. This would happen in the Design phase. In the analysis phase, system analysts evaluate the current system, determine user needs, and identifying objectives for the new system
An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems? A Modifications can be made to each module without affecting other modules B Increased responsiveness and flexibility while aiding in the decision-making process C Increased amount of data redundancy since more than one module contains the same information D Reduction in costs for implementation and training
B Increased responsiveness and flexibility while aiding in the decision-making process A. Each module is connected to a centralized repository, so any change to it will affect what every other module sees. C. Is wrong because ERP reduces data redundancy by having everything in one repository. D. is wrong because ERP is very expensive.
Timeliness of data availability is most significant when designing which of the following? A General ledger system B Internet catalog and order system C Payroll system D Purchasing system
B Internet catalog and order system. An Internet catalog and order system generally returns a response to the user almost immediately after data entry. With this system, lack of a speedy response can cost sales as well as diminish goodwill and employee morale. While the general ledger, payroll, and purchasing systems need responses within a reasonable time, their response times generally are measured in seconds, rather than milliseconds. A system supporting retail operations has more significant timeliness needs than, for instance, a payroll system.
Which of the following is the primary advantage of using a value-added network (VAN)? A It provides confidentiality for data transmitted over the Internet. B It provides increased security for data transmissions. C It is more cost effective for the company than transmitting data over the Internet. D It enables the company to obtain trend information on data transmissions.
B It provides increased security for data transmissions. A value-added network (VAN) is a network service that provides additional services beyond mere connections to the Internet, particularly services enabling EDI, including increased security.
Which of the following is not a function of the steering committee? A Setting policies and guidelines for various information systems B Managing risk at all levels C Ensuring support and participation of top management D Coordinating and integrating information systems to increase goal congruence and reduce goal conflicts
B Managing risk at all levels Risk management is the responsibility of the project development team.
The process of determining business rules to incorporate into a system is called system A Requirements Analysis B System Design C Feasibility study D Product Implementation
B System Design. System or software design involves determining specifications for inputs, processing (business rules), security, output, and storage. General business requirements are identified and translated into technical requirements. System analysis involves a gap analysis, which is analyzing the current system and current needs of users to determine what the new system needs.
Black-box, white-box, and grey-box testing
Black box = Test end user's perspective, focusing on interface White box = Test design perspective, focusing on code and design improvement rather than functionality Grey box = Evaluate system from both end-user and design perspective
Phase 3: Design
Build a technical blueprint of how the proposed system will work to meet business requirements. Conceptual design: Broad translation for each system requirements into technical requirements. Logical design: Hardware and software specifications. Physical design: Specific platform, product, brand specifications
Unlike an ERP system, this technology moves everything to an online URL-based system, removing the need for data centers and overpriced IT systems and resources. An accountant was easily able to record transactions in a secure manner, online via single sign-on in real-time. A. Cloud computing B. Automation C. Data analytics D. Firewall protection
Cloud computing
System and Organization Controls (SOC)
Collection of reports developed by the AICPA to evaluate the controls of service-based firms.
The personnel needs of companies with corporate strategies that heavily rely on IT and need faster response time in a catastrophic event differs from companies that rely less on IT in that
Companies with corporate strategies that heavily rely on IT should have their own IT staff, while companies that rely less on IT can outsource IT staff.
Enterprise Performance Management (EPM)
Complements ERP by providing management insights in addition to top of operational data to help managers make strategic decisions
Hot site
Completely operational alternative data center that is not only prewired but also contains all necessary (redundant) hardware and software that can be started up with minimal preparation and sometimes immediately
Structured Query Language (SQL)
Data query language that focuses on being able to access, read, and report on desired data (as opposed to updating or deleting)
Database designers view the ______________ schema and system programmers view the _________ schema.
Database designers --> Logical schema (create the chart of relationships) System programmers --> Physical schema (all the numbers and code)
Customer Relationship Management (CRM)
Designed to collect and capture information about customer groups to manage interactions between past, current, and future customers. CRM allows us to better understand our clients. Results in - Higher customer satisfaction - Lower customer service costs - Attracting new customers - Targeted marketing for new and existing customers - Better forecasting of sales Goal: Increase customer retention and thus increase customer spending ($$$)
Internet of things
Describes a system in which everyday objects are connected to the internet and in turn allows seamless communication between people, processes, and things. For example, an auditor has been tasked to audit a hospital's medical devices and security applied to these devices.
Descriptive analytics
Describes what occurred (Lowest value/complexity) - Summary statistics - Sorting the data
All other attributes that are not primary keys or foreign keys are called ___________
Descriptive (non-key) attributes
An organization's data governance program should be led by _____________ but the design of the program should be created by ___________
Designated individual such as chief privacy officer; leaders across the organization
Diagnostic data
Diagnosing why it occurred - Correlation analysis - Cluster analysis - Drill down analysis (looking at underlying data) - Sequence of prenumbered documents check
Discrete vs. Continuous Data
Discrete: whole numbers, can only be certain values (number of students in a class, you can't have half a student) Continuous: can take on literally any integer value (dog's weight)
A Security Policy consists of three-level models. Explain what a security policy is and what the 3 levels are.
Document that defines how the company plans to secure tangible and intangible information resources 1. Security objectives 2. Operational security 3. Policy implementation
Network
Group of computers to allow users access to common data, hardware, and/or software
IT Security Strategy definition and components
IT Security Strategy: Framework of controls (policies and procedures) that define how company plans to protect its IT infrastructure and resources
Single sign-on means that a user only has to enter credentials once, and they are given access to multiple systems and applications. This creates a need for additional security, which is called
Two-factor authentication
Disk storage vs. magnetic tape
Magnetic tape: Blocks of data files are arranged linearly along the entire length of the tape. In order to move from a read location at or near the beginning of the tape to a read location near the end of the tape, it is necessary to travel over all tape between the two read locations. Low cost but retreival is slow. Disk storage: It is possible to jump directly from one read location to another. This is possible because disk storage offers random access to data files. Access to data takes less time with disk storage than with magnetic tape storage.
SOC 2 Type 1 and 2
Management's description of service company's system and suitability of design Type 1: At a single point in time Type 2: Over specified period
Waterfall method
Method in which the systems development life cycle tasks occur sequentially, with one activity starting only after the previous one has been completed.
Blue/Green parallel shadow
New system is fully deployed in parallel with old system. Progressively more traffic is directed to the new system until it is handling all traffic. (Highest cost, lowest risk)
Nominal vs ordinal data
Nominal - cannot be ordered (e.g., what's your favorite color?) Ordinal - can be ordered (low, medium, high)
The main difference between ODS and data warehouses is that
ODS only contains short-term, real-time data used for current, transactional purposes. Data warehouses store historical, past data that is used for reporting and analysis.
Primary key
One or more attributes that uniquely identify each record within a table
Phase 7: Maintain
Ongoing adjustments and improvements are made to maintain optimal operations of the system.
Consumer-to-consumer (C2C)
Online marketplace where individual consumers buy and sell goods with each other (e.g., EBay)
Circuit-level gateway
Operates at the session layer and only inspects the source and destination of the session, does not filter based on actual content
Ramped rolling phased conversion
Portions of the new system replace corresponding parts of the old system, one piece at a time (above-average cost, below-average risk)
Data analytics (mining)
Process used by companies to take raw data, identify trends, and then transform that information into insights that can help solve complex business problems
Clause to select all columns in a table
SELECT * (asterisk)
SQL Statement Template
SELECT [Column] FROM [Table] WHERE [column criteria] GROUP BY ORDER BY; *Dont forget the semi-column!
Line charts are best for
Showing quantitative data over time
Switch
Similar to routers, as they connect multiple devices together to create a network. However, they do not perform as many advanced functions as a router, such as assigning IP addresses. If you have too many wired devices and only a few ports on your router, the solution is using a switch. (Like a power strip)
Software as a Service (SaaS)
Software that is owned, delivered, and managed remotely and delivered over the Internet (usually on a website) to contracted customers on a pay-for-use basis or as a subscription based on use metrics. (e.g., Microsoft 365, Google Workspace, Dropbox, Salesforce, Workday, Slack)
Wide Area Network (WAN)
Spans a large geographic area such as a state, province, or country. WAN devices allow organizations to work seamlessly across the enterprise regardless of location. The internet is the main example of a WAN.
Compiler
Special program that translates a programming language's source code into machine code, bytecode or another programming language
Data librarian
The person who has custody of and maintains the entity's data tapes, disks, programs, and documentation when they are not in use by maintaining custody; ensures that production data is released only to authorized individuals when needed
Central processing unit (CPU)
The primary hardware component where actual processing occurs. Contains: 1. Primary storage - Stores data currently being used or processed by the computer 2. Control unit - Controls and directs operations of the computer 3. Arithmetic/logic unit
Organizations based in e-commerce should have which of the following a. Mirrored hot site b. Cold site c. Warm site
a. Mirrored hot site to quickly restore operations.
Computer memory which is used to store programs that must be accessed immediately by the central processing unit is a. Primary storage. b. Secondary storage. c. Tertiary storage. d. Tape storage.
a. Primary storage.
Cloud computing
allows organizations to use the Internet to access and use services and applications that run on remote third-party technology infrastructure.
Directional charts
highlighting key events or milestones over time, like such as what is happening every year
Knowledge Management System (KMS)
software that serves as repository and stores and organizes expertise possessed by individual employees so that the knowledge can be shared and used by others (e.g., discussion forum, FAQ)
Piggybacking
use of a wireless connection to access an internet connection without authorization.
Which of the following describes a business unit or resource that would have a high (H) impact on the organization if it is lost? A. Cannot operate without this resource, high recovery cost, organization will fail to maintain its reputation or achieve objectives B. Can operate for an extended period or time, may notice some effect on reputation or ability to achieve objectives C. Can partially operate for a short period of time, some recovery cost, organization may fail to maintain its reputation or achieve objectives
(A) is correct. B. Describes a Low (L) impact scenario. C. Describes a Medium (M) impact scenario.
Which of the following describes the extraction phase of the ETL process? A. Moving transformed data into data repository for storage or program for analysis. B. Retrieving data from various external and internal sources through an automated or manual process. C. Processing and organizing extracted data to ensure it is accurate and ready for analysis.
(B) is correct. Retrieving data from various sources A. This is the loading phase. C. This is the transformation phase.
Business Continuity Planning and Disaster Recovery are two important components of cybersecurity. Which statement about BCP/DR is true? A BCP is a part of DR. When a DR is deployed during a disaster, BCP is initiated. B BCP is corrective, while DR is detective. C DR is part of BCP. BCP occurs daily while DR is deployed when disaster occurs. D BCP is an on-going process of keeping backup records and plans in case of a cyberattack. BCP should be addressed every quarter.
(C) DR is part of BCP. BCP occurs daily while DR is deployed when disaster occurs. BCP is a continuous process that focuses on keeping business operational during a disaster rather than restoring IT functions. It is preventive. DR is deployed when the disaster occurs to recover IT operations. It is corrective.
Middle management role in IT governance
- Carries out policies - Ensure subordinates are adhering to the policies - Ensuring IT projects have appropriate resources and support
IT strategy must be designed so that it supports
- Company's vision, which is what a company hopes to achieve. - Corporate strategy, which is how an organization achieves its goals.
Disadvantages of ERP
- Cost - Amount of time required to implement - Changes to business processes - Complexity - Resistance
Typical advantages of cloud computing are
- Cost savings - Vertical scalability: refers to being able to add more memory, computing power, and resources to the cloud. - Predictability= Rent only as much as is needed on a minute-by-minute basis, which means we can predict if we will have lower (higher) costs when volume is low (high) - Superior service quality - Low capital investment - Greater expertise - Lower risk of lost data since it is stored in the cloud - Company can focus more on the core business instead of complexities of IT
Types of Cloud Computing
- IaaS (Infrastructure-as-a-Service) - PaaS (Platform-as-a-Service) - SaaS (Software-as-a-Service) These are not mutually exclusive, firms can purchase all 3 if they want to.
Typical disadvantages of cloud computing are
- Lack of control. We lose control over IT functions. - Lack of quality control. - Giving our data to third party - Reduced flexibility for program modification - Risk of data being leaked - Data being overwritten, lost, overwritten - Vulnerability for attacks - Provider's third-party suppliers. Who are they? - Multi-tenant architecture. More tenants = more risk - Consider the terms of Service Level Agreement (SLA)
Steering Committee
- Oversight of the information systems function as a whole - Include members of high-level management - Developing and communicating strategic goals and policies - Setting policies for various information systems. - Reviews and approves long-range plans - Reviewing the budget - Providing guidance and addressing big-picture issues - Ensuring support, guidance, and participation of the top management. - Monitoring PD team's progress - Coordinating and integrating information systems across the organization to increase goal congruence and avoid goal conflicts.
Major components of disaster recovery procedures
1. Alternative processing site (hot, cold, warm) 2. Backup and off-site storage of data procedures 3. Names of team members and their responsibilities
Steps in a Disaster Recovery Plan
1. Assess risks. 2. Identify mission-critical applications. 3. Develop plan for handling mission-critical applications. 4. Determine responsibilities of personnel involved in disaster recovery. 5. Test the plan
Input controls
1. Authorization and approval controls 2. Control totals (batch, financial, hash) 3. Input edit checks 4. Error log
Five types of e-commerce
1. B2B 2. B2C 3. C2B 4. C2C 5. Government e-commerce
Main benefits of SCM
1. Better visibility of data from the start of the supply chain to the end 2. Enhanced quality control 3. Reduced cash tied up in inventory 4. Improves forecasting for procurement, delivery, and production
Steps within the transformation phase of the ETL process
1. Cleaning the data 2. Data validation 3. Loading the data into software for analysis/storage
Three types of loading into repositories:
1. Full initial loading: Entire data set is loaded into repository for the first time 2. Full refresh loading: Entire data set is loaded into repository to replace the previous load 3. Incremental loading: Only difference between new data and old data is loaded into repository
Steps of data extraction in the ETL process
1. Identification: Understand what the business need is to ensure the data request has proper scope to resolve it. 2. Obtaining the data through manual or automatic extraction from internal or external sources.
System design usually includes design of
1. Logical data design and data storage 2. Process design 3. User interface
BIA Timeline to determine how long it will take to restore operations (7 stages)
1. Normal operation. 2. Mean time to failure (MTF) is the time between normal operations and failure occurring. 3. Failure is when the business disruption occurs. 4. Recovery Time objective (RTO) is the time necessary to achieve Recovery point objective (RPO). 5. RPO is the minimum operational capability with some data loss. 6. Work recovery time (WRT) is the amount of time needed to restore data that was lost due to the backup's age. 7. Full function recovery is when all functions are fully restored.
Four types of deployment
1. Plunge big bang 2. A/B pilot canary 3. Rolling ramped phased 4. Blue/green Shadow
BIA process
1. Quantitative and qualitative impact to the organization when business unit is lost due to a disaster 2. Resources and recovery time needed to resume business operations 3. Identification of business units critical to survival of the entity 4. Prioritization of continuity challenges 5. Risk mitigation strategies to implement to address continuity challenges
TPS covers 3 cycles, which are
1. Sales 2. Expenditures 3. Conversion (production)
Structure of data
1. Structured: Organized into columns and rows (Relational database) 2. Semi-structured: Hybrid (CSV, XML, XBLR) 3. Unstructured: Little to no predefined organizational structure (audio, video, images, text)
Types of general controls
1. Systems development life cycle controls 2. Software acquisition, development, operation, and maintenance 3. Change management 4. Business resiliency 5. Access controls
3 subsystems that make up AIS
1. Transaction processing system (TPS) - converts economic events into financial transactions (journal entries) to support daily operations 2. Financial reporting system (FRS) or General Ledger System (GLS) - aggregates daily financial information to create financial reports 3. Management reporting system (MRS) - cost accounting; internal financial information to day-to-day business problems such as CVP, budgeting, variance analysis
Four types of testing
1. Unit testing 2. Integration testing 3. System testing 4. User acceptance testing
Types of application controls
1. input controls 2. processing controls 3. output controls
A distributed processing environment would be most beneficial in which of the following situations? A Large volumes of data are generated at many locations and fast access is required. B Large volumes of data are generated centrally and fast access is not required. C Small volumes of data are generated at many locations, fast access is required, and summaries of the data are needed promptly at a central site. D Small volumes of data are generated centrally, fast access is required, and summaries are needed monthly at many locations.
A Large volumes of data are generated at many locations and fast access is required. A distributed system is a network of remote computers connected to a main computer system. A reduced workload on the main computer system results as information is entered and edited locally. Transmissions are minimized.
Which of the following individuals or groups within an organization reviews and approves long-range plans and oversees its information systems? A Systems steering committee. B Project development team. C Systems analyst. D Database administrator.
A Systems steering committee. A steering committee is a group of individuals formed with the intent of overseeing and regulating the Information Technology and system function within an organization. Its primary functions are listed as: Setting policies for various information systems. Ensuring support, guidance, and participation of the top management. Coordinating and integrating information systems to increase goal congruence and avoid goal conflicts. Approving organizational plans and goals.
Platform as a Service (PaaS)
A cloud service in which consumers can install and run their own specialized applications on the cloud computing network. They run the applications and data, but all the hardware is rented. (AWS Elastic Beanstalk, Windows Azure)
Time-Sharing Center
A computer remotely accessed by a number of different users, who are unaware of each other
Difference between database and DBMS
A database is the collection of proprietary data and related files. A DBMS is a software program that enables users to create, delete, alter, and query database records, like Microsoft Access. This allows for businesses to separate their database system operations from their accounting system application.
Security policy
A document that defines how the company plans to protect its IT infrastructure and resources.
Packet-filtering firewall
A firewall that examines each packet and determines whether the the firewall is configured to accept that data. To make this decision, it examines the source address, the destination addresses, and other data.
Local Area Network (LAN)
A network in which the nodes are located within a small geographic area, such as a home of office
Gateway
A node that handles communication between 2 networks by transforming one protocol into another so information can flow
Audit trail
A path that allows a transaction to be traced through a data processing system from source documents to ledger and from ledger back to the source documents
Accounting Information System (AIS)
A system that collects, records, processes, and stores accounting information, then complies that information using accounting rules to report both financial and nonfinancial information to decision makers
Foreign key
A primary key of one table that appears as an attribute in another table and acts to provide a logical relationship between the two tables
Cleaning Data
A process that makes the data uniform without changing its meaning (e.g., Deduplicate data points, remove inaccurate data, address any outliers, address missing fields, remove unnecessary attributes or sensitive information, add columns to CSV files)
Software
A program or instructions that give directions to the computer.
Trojan Horse
A program that appears desirable but actually contains something harmful
Warm site
A separate facility with computer equipment, but lacks processing capabilities and requires software installation and configuration.
Cold site
A separate facility with desks and power that does not have any computer equipment, but is a place where employees can move after a disaster. Not ready for use without considerable effort.
proxy server
A server that acts as an intermediary between a user and the Internet or other networks; Allows only certain information to be provided to external users and more important information is not available from this access point, thereby preventing unauthorized access.
Electronic Data Interchange (EDI)
A standard format for the electronic exchange of information between businesses from a computer in one entity to a computer in another entity. -Permits suppliers and buyers to have direct access to portions of each others' databases. Typically involves monitoring of inventory levels and automatic restocking, order placement, invoicing, payment.
Flat file
A table storing all database information in one large two-dimensional table with no structural interrelationships, such as a simple Excel spreadsheet.
Relational databases
Allows data to be stored in different tables, and tables are linked through relationships using key fields
Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment? A. A compressed business cycle with lower year-end receivables balances. B. A reduced need to test computer controls related to sales and collections transactions. C. An increased opportunity to apply statistical sampling techniques to account balances.
A. A compressed business cycle with lower year-end receivables balances. EDI transactions are typically transmitted and processed in real time. Thus, EDI compresses the business cycle by eliminating delays. The time required to receive and process an order, ship goods, and receive payment is greatly reduced compared with that of a typical manual system. Accordingly, more rapid receipt of payment minimizes receivables and improves cash flow.
Which of the following best describes a non-standard computer-generated report that is generated as need arises? A. Ad hoc B ANSI X12 C Automated script D EDIFACT
A. Ad hoc
Automated vs. Manual extraction A. Using API or scraping data from a webpage to automatically pull data into a repository. B. Having to use specialized data mining software or writing customized queries to obtain the data
A. Automated extraction B. Manual extraction
Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of electronic commerce? A. EDI transactions are formatted using standards that are uniform worldwide. B. EDI transactions need not comply with generally accepted accounting principles. C. EDI transactions ordinarily are processed without the Internet.
A. EDI transactions are formatted using standards that are uniform worldwide. In an attempt to provide standardization and structure for EDI, organizations such as the American National Standards Institute (ANSI) have defined virtually every type of business transaction in terms of their fields and information content. These are termed transmission sets. By using such standards, communication between trading partners can be facilitated.
Which of the following statements is true regarding Transmission Control Protocol and Internet Protocol (TCP/IP)? A. Every site connected to a TCP/IP network has a unique address. B. Every TCP/IP-supported transmission is an exchange of funds. C. TCP/IP networks are limited to large mainframe computers. D. The actual physical connections among the various networks are limited to TCP/IP ports.
A. Every site connected to a TCP/IP network has a unique address.
Which of the following is not a characteristic of e-commerce? A. Increased overhead costs B. Creates markets that might not exist if we only have a physical location C. Promotes competitive pricing D. Provides parity in information among market participants
A. Increased overhead costs. E-commerce decreases overhead costs because there is no need for a physical, brick-and-mortar location. B. This is true. C and D. Because information about pricing and products are widely and equally available online, all consumers will have equal knowledge about pricing and will cause competition.
Which of the following are essential elements of the audit trail in an electronic data interchange (EDI) system? A. Network and sender-recipient acknowledgments. B. Message directories and header segments. C. Contingency and disaster recovery plans. D. Trading partner security and mailbox codes.
A. Network and sender-recipient acknowledgments. An audit trail allows for the tracing of a transaction from initiation to conclusion. Network and sender-recipient acknowledgments relate to the transaction flow and provide for the tracking of transaction
Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system? A. Preventive controls generally are more important than detective controls in EDI systems. B. Control objectives for EDI systems generally are different from the objectives for other information systems. C. Internal controls in EDI systems rarely permit control risk to be assessed below the maximum. D. Internal controls related to the segregation of duties generally are the most important controls in EDI systems.
A. Preventive controls generally are more important than detective controls in EDI systems. In electronic processing, once a transaction is accepted, there is often little opportunity to apply detective controls. Thus, preventing errors or fraud before they happen is important.
According to the business impact analysis, when failure occurs, the incident response team should be capable of returning the system to which of the following during the Recovery Time Objective? A. The Recovery Point Objective. B. Normal operation with no missing data. .C. Full Function Recovery. D. Mean time between failures.
A. The Recovery Point Objective. RTO is the time it takes to achieve RPO. B. would only be achieved with a mirrored hot site.
What is the primary objective of data security controls? A. To ensure that storage media are subject to authorization prior to access, change, or destruction. B. To monitor the use of system software to prevent unauthorized access to system software and computer programs. C. To establish a framework for controlling the design, security, and use of computer programs throughout an organization. D. To formalize standards, rules, and procedures to ensure the organization's controls are properly executed.
A. To ensure that storage media are subject to authorization prior to access, change, or destruction. B. Change management controls ensure that system software and computer programs are not changed by unauthorized users. C.
In an effort to recognize improvement opportunities, a company is reviewing its in-house systems. The best reason for the company to consider switching to cloud computing as a solution is that it: A. Usually has lower upfront costs for equipment and maintenance. B. Is accessible only from within the company on its Intranet. . C. Is the best way to secure sensitive corporate information. D. Provides better program modification options.
A. Usually has lower upfront costs for equipment and maintenance.
An online data entry technique that can be employed when inexperienced personnel input data is the use of: A. prompting. B. written job descriptions. C. compatibility tests. D. checkpoints.
A. prompting. A completeness check, or prompting in an online setting, uses questions or predetermined input formats to ensure all items are entered.
Advantages and disadvantages of flat file
Advantages: Simple to use, easy to add new data Disadvantages: Not ideal for large quantities of data, increased data redundancy, difficult to search for desired data
Difference between waterfall and agile methods
Agile developers will develop and test in different stages (iterations) instead of waiting until the whole product has been completed.
Deployment (implementation)
All the processes that is involved in getting the new software up and running properly in its environment, including training employees
Application controls
Application-specific controls that provide reasonable assurance that the recording, processing, and reporting of data is valid, authorized, and free from errors or fraud (FACT)
Inventory management system (IMS)
Assist with tracking, procurement, and distribution of inventory from POS to delivery
Executive information system (EIS)
Assists a company's senior management with making strategic, non-routine decisions. Combines, integrates, and summarizes external and internal data from many different sources and presents it in high level "big picture" reports and visualizations, such as in a dashboard, that can be quickly and easily accessed for strategic decision making. Senior executives can quickly evaluate key statistics but also drill down when necessary.
SOC 2 Report
Attestation for service firms regarding security, availability, processing integrity, confidentiality or privacy for vendor management, oversight, risk management, etc.
SOC 3 Report
Attestation for service firms regarding security, availability, processing integrity, confidentiality or privacy; but prepared for general reports and companies who don't have the knowledge necessary to make effective use of SOC 2 report
Attributes vs. rows
Attributes: Columns, characteristics of data Records: Rows, one entity within a table
A well-designed AIS creates a good
Audit trail
Access control lists (ACL)
Authorization control that lists 1. Users passwords and codes 2. Information and applications on the system 3. Types of access and rights granted to each user (read, write, update, delete)
Strong IT governance will have the following components:
Availability Architecture Metadata Policies Quality Comply Security
referential integrity rule
Every value a foreign key takes on must have a matching primary key value to maintain correspondence between the two tables
The Internet consists of a series of networks that include A. Routers to strengthen data signals between distant computers. B. Gateways to allow networks to connect to each other. C. Bridges to direct messages through the optimum data path. D. Repeaters to physically connect separate local area networks (LANs).
B. Gateways to allow networks to connect to each other. A. Routers connect devices within a network together to form that network. C. Routers direct packets or messages through the most efficient, optimum data path.
Which of the following is indicative of having a high (H) likelihood of occurring? A. Improbable, controls are in place to prevent or significantly impede successful exercise of the vulnerability B. Highly probable, has occurred recently, controls to prevent it are ineffective C. Could occur, but controls are in place that may help prevent it
B. Highly probable, has occurred recently, controls to prevent it are ineffective A. Describes Low (L) likelihood. B. Describes Medium (M) likelihood.
Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files? A. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. B. It is usually easier for unauthorized persons to access and alter the files. C. Random error associated with processing similar transactions in different ways is usually greater. D. It is usually more difficult to compare recorded accountability with physical count of assets.
B. It is usually easier for unauthorized persons to access and alter the files. In a manual system, one individual is assigned responsibility for maintaining and safeguarding the records. However, in a computerized environment, the data files may be subject to change by others without documentation or indication of who made the change. A. Is an advantage because we only have to make sure the program is working well, and then it will uniformly process all transactions the same. C. All transactions are processed the same ways.
Authorized users should be granted A. Maximum level of access necessary to perform their job functions B. Minimum access to data necessary to perform their job functions C. Rights to create, write, read, edit, and delete based on seniority
B. Minimum access to data necessary to perform their job functions Authorized user should be granted the minimum level of access to data that is needed to perform their job functions. They should also be granted rights to write, read, edit, and delete based on their job function, not seniority.
Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change A. A generalized computer audit program must be used. B. Part of the audit trail is altered. C. The potential for payroll-related fraud is diminished. D. Transactions must be processed in batches.
B. Part of the audit trail is altered. In a manual payroll system, a paper trail of documents would be created to provide audit evidence that controls over each step in processing were in place and functioning. One element of this computer system that differentiates it from a manual system is that a transaction trail useful for auditing purposes might exist only for a brief time or only in computer-readable form, since the system automatically updates all payroll records.
When evaluating internal control of an entity that processes sales transactions on the Internet, an auditor would be most concerned about the A. Lack of sales invoice documents as an audit trail. B. Potential for computer disruptions in recording sales. C. Inability to establish an integrated test facility. D. Frequency of archiving and data retention.
B. Potential for computer disruptions in recording sales. The organization should use effective controls to ensure proper acceptance, processing, and storage of sales transactions. Threats include not only attacks from hackers but also system overload and equipment failure.
The process of learning how the current system functions, determining the needs of users, and developing the requirements of a new system is referred to as A. Systems maintenance. B. Systems analysis. C. Systems feasibility study. D. Systems design.
B. Systems analysis.
It is important to maintain proper segregation of duties in a computer environment. Which of the following access setups is appropriate for updating production data and modifying production programs? A. Users can update production data and application programmers can modify production programs. B. Users can update production data. C. Users can update production data and both users and application programmers can modify production programs. D. Users can modify production programs and application programmers can update production data.
B. Users can update production data. User have update access for production data, applications programmers don't. Neither users nor application programmers have update access for production programs. They should submit changes to the change control unit who will then start the change process.
Establishment of IT governance is the responsibility of
BOD and executive management.
Waterfall charts
Best option for showing cumulative effect series of data points that make a whole, over time
he primary difference between Alpha and Beta acceptance tests of software is: A Alpha Test is performed by the developer whereas Beta Test is performed by the user B Alpha Test is unit-level testing and Beta Test is module-level testing C Alpha Test is under the supervision of a developer whereas Beta Test is without that supervision D Alpha Test is done concurrently with the software's development whereas Beta Test is carried out after the development
C Alpha Test is under the supervision of a developer whereas Beta Test is without that supervision Alpha Test is characterized by testing software by a user on the premises of the developer under due supervision of the developer. Beta Test, however, is a test which is carried out by a user independently of the developer and is usually done at the user's premises.
What is the most effective way that information technology, people, processes, and systems can facilitate an organization's overall strategic decision-making process? A By providing improved security of critical information assets. B By providing online real-time processing for all transactions. C By providing relevant and reliable data that reduces uncertainty. D By providing large amounts of unfiltered data to decision makers.
C By providing relevant and reliable data that reduces uncertainty.
Which of the following is an essential element of the audit trail in an electronic data interchange (EDI) system? A. Disaster recovery plans that ensure proper backup of files. B. Encrypted hash totals that authenticate messages. C. Activity logs that indicate failed transactions. D. Hardware security modules that store sensitive data.
C. Activity logs that indicate failed transactions. Because an audit trail allows for the tracing of a transaction from initiation to its disposition, an activity log provides a key link in the tracking process. Such a log provides information about users who have accessed the system, the files accessed, the processing accomplished, the time of access, and the amount of time the processing required.
When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. This error report should be reviewed and followed up by the A. Computer operator. B. Systems analyst. C. Computer control group. D. Computer programmer.
C. Computer control group. In centralized systems, the computer control group acts as liaison between the users and the processing center. This group establishes control totals, records data receipt in a control log, follows the progress of processing, and distributes output. It is also responsible for following up error reports and assuring that erroneous records are reprocessed.
Which of the following are not a disadvantage of the waterfall method? A. Requires a lot of time to complete B. Benefits are not realized until complete C. Customer has a lot of input and they're annoying D. Employees are idle before and after their tasks
C. Customer has a lot of input and they're annoying The customer does not have any input throughout the process.
Which is not a benefit of ERP? A. Provides vital cross-functional information quickly to managers across the organization in order to assist them in the decision making process B. Integrating and improving an organization's ability to monitor and track sales, expenses, customer service, etc. C. Data is stored in several, local repositories D. Allows greater access controls so that user privileges can be centrally managed
C. Data is stored in several, local repositories In ERP, data is stored in one, central repository so it only has to be entered once and then can be accessed by all departments.
Managers of local offices of an international consulting firm need better access to human resource data for their offices' employees than they have now from the consolidated database at the firm's headquarters. A distributed database, in which data about individuals would reside on computers at local offices but would be accessible to managers worldwide, has been proposed. A risk of the proposed arrangement is that: A. segregation of incompatible duties might not be maintained at the firm's headquarters. B. the data might not be updated as quickly as with the centralized system. C. database integrity might not be preserved during a network or computer failure. D. the data are more vulnerable to outsiders than with the centralized system.
C. Database integrity might not be preserved during a network or computer failure. Database integrity might not be preserved during a network or computer failure because of the complexity of updates, the time delays when multiple sites are involved, and the number of nodes to be coordinated.
Which of the following would an auditor ordinarily consider the greatest risk regarding an entity's use of electronic data interchange (EDI)? A. Authorization of EDI transactions. B. Duplication of EDI transmissions. C. Improper distribution of EDI transactions. D. Elimination of paper documents.
C. Improper distribution of EDI transmissions. Transactions in an EDI system are communicated from computer to computer, often without human intervention. In some cases an EDI system uses a value-added network (VAN) that forwards transactions directly from the sender to the receiver. Both of these situations increase the risk of miscommunications and improper distribution of messages. A. No greater risk is present for the authorization of EDI transactions than for other types. B. Computer handles transaction, so low risk fo it being weird and duplicating. D. EDI does eliminate paper documents, but there is still an audit trail so this isn't a risk.
An enterprise resource planning system is designed to A. Present executives with the information needed to make strategic plans. B. Help with the decision-making process C. Integrate data from all aspects of an organization's activities. D. Allow nonexperts to make decisions about a particular problem.
C. Integrate data from all aspects of an organization's activities.
Which of the following describes veracity of big data? A. The speed at which data can be collected and processed. B. The amount of data C. Organizations must have data that is cleansed of biases, irregularities such as duplicate/missing fields, irrelevant components D. Spreadsheets, relational databases
C. Organizations must have data that is cleansed of biases, irregularities such as duplicate/missing fields, irrelevant components A = Velocity B = Volume C = Variety
Which of the following is usually a benefit of using electronic funds transfer for international cash transactions (as opposed to sending checks)? A. Improvement of the audit trail for cash receipts and disbursements. B. Creation of self-monitoring access controls. C. Reduction of the frequency of data entry errors. D. Off-site storage of source documents for cash transactions.
C. Reduction of the frequency of data entry errors. The processing and transmission of electronic transactions, such as EFTs, virtually eliminates human interaction. This process not only helps eliminate errors but also allows for the rapid detection and recovery from errors when they do occur. A. and D. are wrong because EFT reduces need for source documents/invoices, which reduces the audit trail.
A value-added network (VAN) is a privately owned network that performs which of the following functions? A. Provide additional accuracy for data transmissions. B. Route data within a company's multiple networks. C. Route data transactions between trading partners. D. Provides services to send marketing data to customers
C. Route data transactions between trading partners. To compete with the Internet, these third-party networks add value by providing their customers with error detection and correction services, electronic mailbox facilities for EDI purposes, EDI translation, and security for email and data transmissions. A VAN adds value to the basic data communications process by handling the difficult task of interfacing with multiple types of hardware and software used by different parties.
Which of the following statements represents an additional cost of transmitting business transactions by means of electronic data interchange (EDI) rather than in a traditional paper environment? A. Redundant data checks are needed to verify that individual EDI transactions are not recorded twice. B. Internal audit work is needed because the potential for random data entry errors is increased. C. Translation software is needed to convert transactions from the entity's internal format to a standard EDI format.
C. Translation software is needed to convert transactions from the entity's internal format to a standard EDI format.
Which of the following is considered a component of a local area network? A Program flowchart B Loop verification C Transmission media D Input routine
C. Transmission media. A local area network is a network of computers within a small area to transmit information among network members. By its nature, it requires a means of transmission. A. Program flowcharts relate to software. D. An input routine generally is a program that relates to the acceptance of information (data entry).
An organization's computer help-desk function is usually a responsibility of the: A. applications development unit. B. systems programming unit. C. computer operations unit. D. user departments.
C. computer operations unit. Help desks are usually a responsibility of computer operations because of the operational nature of their functions, e.g., assisting users with systems problems involving prioritization and obtaining technical support/vendor assistance
A disk storage unit is preferred over a magnetic tape drive because the disk storage unit: A. has nine tracks. B. offers sequential access to data files. C. offers random access to data files. D. is a cheaper medium for data storage.
C. offers random access to data files.
Which of the following is not true? Relational databases: A. are flexible and useful for unplanned, ad hoc queries. B. store data in table form. C. use trees to store data in a hierarchical structure. D. are maintained on direct access devices.
C. use trees to store data in a hierarchical structure Hierarchical databases use tree structures to organize data; relational databases use tables.
An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems? A. The time to implement an ERP system is significantly less. B. Integration is less costly. C.Data input is less intensive because a central repository is used. D. ERP systems are more cost effective.
C.Data input is less intensive because a central repository is used. The rest are disadvantages.
Most client/server applications operate on a three-tiered architecture consisting of which of the following layers?
Client, application, database
Data lake
Centralized repository similar to data warehouse, but contains both unstructured and structured data. It usually contains the data in its raw format.
ERP stores data in (centralized/decentralized) locations.
Centralized. Data is only entered once into a central database by one department and can be accessed by various departments. Because of the integrated centralized system management function, security for multiple departments systems can be centrally administered. An ERP administrator can grant, deny, and maintain user access using one platform.
Modem
Connects your network to the internet
Consumer to business (C2B)
Consumers sell their goods or services to a business (A food blogger who shares an affiliate link to a kitchen company's cooking products on their blog and receives a cut of whatever website visitor's purchase)
General controls
Controls designed to ensure an organization's information system infrastructure and control environment is stable and well managed
Network address translation (NAT)
Converts/masks a group of private IP addresses to a single public IP address so it is more difficult for devices in other networks to reach any machine in our network directly
Design Phase (SDLC)
Creates a technical blueprint of how the proposed system will work to meet desired user needs. Subdivided into three steps: 1. Conceptual - The content, processing flows, resource requirements, and procedures of a preliminary system design 2. Logical design - Type of hardware and software to use 3. Physical design - Platform and product specifications
Enterprise Resource Planning (ERP)
Cross-functional systems that integrates information across departments into a single repository that anyone can access; Facilitates real time communication between systems that allows data to be shared across different departments or divisions of an organization
Agile method
Cross-functional teams develop a system incrementally by building a series of prototypes that focus on a particular feature based and constantly adjusting them to user requirements.
To align IT with business, it is critical that IT Strategy encompasses various levels of the business. At which of the below levels is IT strategy incorporated? A Corporate Level B Business Level C Functional Level D All of the above
D All of the above. Each rung of the corporate ladder is required to be guided by an IT strategy
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system? A Segregation of duties B Ensure proper authorization of transactions C Adequately safeguard assets D Independently verify the transactions
D Independently verify the transactions. The most effective control activity that should be taken to reduce the risk of incorrect processing due to human error in a newly installed computerized accounting system is to independently verify the transactions.
A company is considering a move to a Software-as-a-Service (SaaS) offering instead of a traditional in-house application. Which of the following concerns is unique to SaaS? A Disaster recovery capabilities and documented recovery procedures. B User credential setup and control over the actions that employees can perform. C Allocation of software expenses and overhead charged to departments. D Ownership of processed data and costs of data migrations.
D Ownership of processed data and costs of data migrations.
What attribute is least descriptive of an executive information system? A Combines, integrates, and summarizes data from many sources B Designed to monitor business conditions and assist in strategic planning C Provides immediate and interactive access to information D Provides only highly aggregated information
D Provides only highly aggregated information While an executive information system (EIS) provides highly aggregated information, details supporting that information ideally are readily available so senior executives can drill down when necessary. .
To be compliant, organizations must implement all of the following strong governance practices surrounding privacy of data collection, except for: A. What disclosures are made when it is collected B. What types of data can be collected in the first place C. Controls are in place to protect against unauthorized access D. Choosing whether they want to conform with the Fourth Amendment, Privacy act of 1979, HIPAA, General Data Protection Regulation (GDPR)
D. Choosing whether they want to conform with the Fourth Amendment, Privacy act of 1979, HIPAA, General Data Protection Regulation (GDPR) Organizations must comply with these regulations when dealing with user data.
Which of the following describes recovery testing? A. Running exception-based, less common business scenarios B. Validates the logical reasoning of the system C. Running realistic business scenarios to test the functional effectiveness D. Determining ability to recovery from failures E. Testing the speed of a process
D. Determining ability to recovery from failures A = Exploratory tests B = Sanity tests C = Functional testing E = Performance testing
An information system (IS) project manager is currently in the process of adding a systems analyst to the IS staff. The new systems analyst will be involved with testing the new computerized system. At which stage of the systems development life cycle will the analyst be primarily used? A. Cost-benefit analysis. B. Requirements definition. C. Flowcharting. D. Development
D. Development, more specifically the test stage
Which of the following is not an objective of supply chain management? A. Focuses on what, when, where, how much a sale is B. Better visibility of data from the start of the supply chain to the end C. The optimization of a product's creation and flow from raw material sourcing to production, logistics and delivery D. Discourages JIT systems
D. Discourages JIT systems SCM actually encourages JIT systems. With JIT systems, coordination with suppliers is necessary which calls for effective SCM. a. SCM does focus on the four characteristics of a sale: What, when, where, how much? b. Better visibility of data is created by managing information flows across the entire supply chain, which creates flexibility and responsiveness c. SCM helps to unify supply chain processes all across the supply chain, from the supplier to the customer.
Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of electronic commerce? A. The cost of sending EDI transactions using a value-added network (VAN) is less than the cost of using the Internet. B. Software maintenance contracts are unnecessary because translation software for EDI transactions need not be updated. C. EDI commerce is ordinarily conducted without establishing legally binding contracts between trading partners. D. EDI transactions are formatted using strict standards that have been agreed to worldwide.
D. EDI transactions are formatted using strict standards that have been agreed to worldwide. Organizations such as the American National Standards Institute (ANSI) have defined virtually every type of EDI business transaction in terms of their fields and information content. These are termed transmission sets. When a trading partner sends a transmission set, the receiving computer can expect to receive the specified information in a specified format.
Errors are most costly to correct during the later phases of the SDLC. In which phase would it be most costly to correct errors? A. Programming. B. Conceptual design. C. Analysis. D. Implementation.
D. Implementation. Errors can be corrected most easily and clearly when they are found at an early stage of systems development. Their correction becomes more costly as the life cycle progresses. Because implementation is the last stage of the process listed, errors are most costly to correct when discovered at the implementation stage. A. Programming happens in the development phase, which happens before implementation. B. Conceptual design happens in the design phase, which is also before.
Data validation step involves all of the following except A. Visual review for simple data sets B. Basic statistical tests for larger data sets C. Processes occurring after data cleaning to ensure data is not lost or inappropriately modified and data has maintained integrity D. Loading data into data repository
D. Loading data into data repository. This is part of the Loading phase of ETL. Data validation involves the processes required after cleaning to ensure data has maintained integrity. This may include visual review or statistical tests.
The process of developing specifications for hardware, software, manpower, data resources, and information products required to develop a system is referred to as A. Systems analysis. B. Systems feasibility study. C. Systems maintenance. D. Systems design.
D. Systems design.
Compatibility tests are sometimes employed to determine whether an acceptable user is allowed to proceed. In order to perform compatibility tests, the system must maintain an access control matrix. The one item that is not part of an access control matrix is a: A. list of all authorized user code numbers and passwords. B. list of all files maintained on the system. C. record of the type of access to which each user is entitled. D. limit on the number of transaction inquiries that can be made by each user in a specified time period.
D. limit on the number of transaction inquiries that can be made by each user in a specified time period.
Response to risks identified in BIA
DIN Immediate action Delayed action No action
Blockchain philosophy is opposite of Enterprise Resource Planning in this one regard.
Decentralization ERP is all about Centralization, while Blockchain focuses on decentralization.
The network design of a company that has multiple offices across wide range of offices should be
Decentralized network that - Permits other sites to function in the event one site fails. - IT functions is organized into small units that are distributed to end users and placed under their control - Shifts control from central location to enhanced user control and satisfaction. - Greater efficiencies and lower costs are associated with allowing data to be entered and edited locally (e.g., more people doing less work rather than one central IT manager taking a long time to input data from the whole organization) - May lead to reduced data integrity because more users are the ones putting in the data, which increases the risk of data being put in wrong.
Phase 2: Analysis
Defining user needs and evaluating any current systems (gap analysis). This helps them determine the goals of the new project and system requirements.
Which of the following is not addressed by business impact analysis? A. Qualitative and quantitative impact on the organization in the event of a disaster that takes out a business function B. Recovery time of a business function following a disaster C. Business functions essential to the survival of the organization D. Prioritization of continuity challenges E. All of the above are addressed
E. All of the above are addressed.
Difference between ERP and EPM
ERP is about operating the business—the day-to-day transactional activity—and EPM is about managing the business—analyzing, understanding, and reporting on the business for high level analysis of business strategies.
Entity integrity principle
Each table must have one unique primary key that does not contain any null values.
Those with one or a few closely located offices where centralized control is more of a concern may prefer to use a _______________ network.
Enables an organization to exert greater control over its IT environment by managing it centrally, all in one location.
Data security controls
Ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage
Executive management role in IT governance
Ensuring IT governance structure is in place and executed effectively. Enforces policies. Sets tone at the top.
What is the main goal of data storage and consequently the ETL process?
Ensuring the usefulness of data. Data integrity and validity must be maintained all throughout the ETL process. Data must be in a structured and organized format to allow for data mining and analysis, which means it must be: Accurate Available Complete Consistent Current Objective Relevant Reliable/fair Timely Understandable Verifiable
Plunge (Big Bang)
Entire new system is deployed to all users (lowest cost, highest risk)
What type of environment does system testing take place in?
Environment very close to production environment in which the application will be deployed
SOC 1 Type 1 and 2
Fairness of management's description of service firm's controls and the suitability of Type 1: Design as of a specified date Type 2: Design and operating effectiveness though a specified period
The network design of companies with a corporate strategy that needs consistent, powerful computing needs vs. a company with intermittent spikes in demand
For consistent computing needs, physical, on-site network as this will probably be more cost effective for them in the long-run. For spikes in demand, virtual networks would be cheaper and still have power during a spike.
Data dictionary (metadata)
For each table, lists each attribute (column) and denotes the features and limitations of that attribute such as - Data type (integer, text, date, time, or Boolean Yes/No) - Data format - Field size (how many characters) - Description about what attribute describes - Example
IT Governance
Framework for aligning the business objectives with the goals of the Information Technology resources to effectively attain the organizational objectives
Firewall
Hardware and software devices that act as gateway to block unauthorized access by filtering network traffic through security protocols with predefined rules
Router
Hardware that manages traffic from one network to another via the most efficient route possible by reading source and destination fields within information packets to determine the proper path for a data packet to flow; intermediary between modem and your network
Logical database view
How the data appears to a user
Physical database view
How the data is actually physically stored, processed, and accessed within the database, which takes into account the facilities and constraints of a given DBMS
Which of the following statements about blockchain technologies is correct? I. Blockchain records transactions in a centralized database for added security and real-time use. II. Once records are entered into the blockchain, they cannot be altered. This provides added level of security.
II. Only records transactions in a DEcentralized database for added security and real-time use.
Regression testing
If anything is changed on an already-tested module, regression testing is done to be sure that this change has not introduced a new error into code that was previously correct.
Within a BIA, how are risks catergorized?
Impact = H,M,L Likelihood of occurring = H,M,L
Software-defined WAN
Like a traditional WAN, but they are managed on the cloud (internet) using software; Maintaining network equipment, lines that connect it, and other expensive infrastructure needed for traditional WAN is reduced.
Stateful Multilayer Inspection Firewall
Like the application-level (proxy) gateway, but also inspects the packets at multiple layers.
Application-level (proxy) gateway
Like the circuit gateway, but also inspects the contents of the packet
Next-generation firewall
Like the stateful multilayer firewall, but it applies more scrutiny to the packets using intrusion detection, user identification, VPN, and deep packet inspection. It also can assign different rules to different applications or users.
What does the loading phase entail in ETL process?
Loading data into software program for analysis or into storage location/repository
Operational risk
Organization is unable to operate effectively or efficiently due to issues concerning IT
Database Administrator (DBA)
Oversees database design, database operation, and database security.
BOD role in IT governance
Oversight of IT governance policies to ensure they meet strategic and operational needs of an organization. Ultimate responsibility for setting governance policies. Appoints executive management positions.
7 steps in the system development life cycle (SDLC)
PADD TDM 1. Plan 2. Analyze 3. Design (conceptual, logical, physical) 4. Develop 5.
Steps in the SDLC
PADD TDM 1. Plan and opportunity identification 2. Analysis 3. Design 4. Development 5. Testing 6. Deploy/conversion/implementation 7. Monitor
Server
Physical or virtual machine that manages access to a centralized resource of programs, files, and data in a network.
Edge computing
Placing/processing workloads as close to the edge, where data is actually sourced from, as possible. Instead of data being collected and transported to be processed in centralized data centers, it is instead processed by decentralized local edge devices. This allows for faster networks.
Disaster Recovery Plan (DRP)
Plan deployed to restore and continue operations in the event of a disaster where program, data files, and computer processing capabilities are lost
Business continuity plan
Plan that specifies how to resume not only IT operations but all business processes in the event of a disaster
Data life cycle
Plan, capture, manage, analyze, publication/share, archive, destroy/purge
E-commerce
Platform that facilitates sale of G&S using the internet
Predictive analysis
Predicting what will occur in the future based on historical data - Regression analysis - Forecasting - Classification analysis - Decision trees
Business Impact Analysis (BIA)
Predicts the consequences of disruption of a business function due to a disaster, how quickly essential business units or processes can return to full operations, and gathers information needed to develop recovery strategies to prevent. Also, identifies the business units or processes that are essential to the survival of an entity given that their loss will have a large organizational impact in the event of failure of disruption.
Prescriptive analysis
Prescribe the best course of action to reach a desired outcome - What-if/scenario analysis - AI and machine learning - Simulations - Hueristics - Neural networks
Main pro and con of EFT
Pro: Reduces the need for manual data entry, such as manually making journal entries to show receipt of check. Thus, reducing the occurrence of data entry errors. Con: EFT is likely to result in a reduction of the paper audit trail surrounding cash receipts and disbursements. Requires need for more stringent access control.
Big data governance
Process and management of data availability, usability, integrity, and security of data used in an enterprise.
SOC 1 Report
Provide assurance the service firm's controls are designed and operating effectively so F/S are not negatively impacted. (Used for companies that use third parties for cloud computing to mitigate the inherent risks associated with outsourcing IT)
Decision Support System (DSS)
Provide interactive, computer-based tools to support day-to-day decision making - Sensitivity analysis (What-if analysis) - Scenario modeling - Forecasting - Database query - Financial modeling - Artificial intelligence and expert systems
Processing controls
Provide reasonable assurance that data processing has been performed accurately preventing errors 1. Matching 2. Run to run totals 3. Control totals
Random access memory (RAM) vs. Read-only memory (ROM)
RAM and ROM are the two components of primary storage. RAM: Temporary storage, volatile because it is erased when computer is shut off, directly accessed by CPU, read and write allowed ROM: Permanent storage, nonvolatile because it is never erased, cannot be directly accessed by CPU, read only
Audit trails tend to be (reduced/expanded) in EFT/EDI systems.
Reduced, since data is only entered once and the rest of processing is automated
Operational data store (ODS)
Repository of only the most current, real-time operational and transactional data from multiple sources, providing a useful snapshot of business operations as they are at the moment. Real-time, current, transactional, operational
Data warehouse
Repository of structured, historical data about various domains of the business, utilized for reporting and analysis rather than transaction purposes
Control group
Responsible for internal control (ex. Reviewing error logs/reports) and ensuring all transactions were processed and accurate. This group establishes control totals, records data receipt in a control log, follows the progress of processing, and distributes output.
Project development team
Responsible for the planning of each project and for the successful design and implementation of information systems. - Planning and monitoring the project to ensure completion - Managing the human element - Meetings held with end-users - Managing risk - Change management
WHERE command
Restricts results to only those records that meet the designated attribute criteria. Ex: SELECT First_name FROM Customer WHERE First_name = "John";
Multiprogramming
Results in a user being able to use multiple programs simultaneously. The technique of keeping multiple programs in main memory at the same time, competing for the CPU.
Compliance risk
Risk of IT not sufficiently meeting requirements of regulatory bodies
Strategic risk
Risk of choosing inappropriate technology, risk of misalignment of business and IT strategies
Technology (IT) risk
Risk of disruption to a business any a result of any IT activity
Financial risk
Risk of losing financial resources due to them being misused, lost, wasted, or stolen
Availability risk
Risk that organization will not be able to access and utilize its information technology as needed
Data security risk
Risks associated with unauthorized access or use of organization's information technology and data
Designed to reduce the burden of repetitive, simple tasks on employees. CPAs can benefit from this technology in daily, cumbersome processes such as transactions posting, reconciliations, month-end close, and overall streamlining of daily tasks.
Robotics Processing Automation (RPA)
Protocols
Rules that govern the way information is transmitted; like a language
The most popular type of cloud service provided is one where a client's applications run on a hosted Web-server, is URL-based, and most services including security are managed by a third party. This cloud service is known as:
SaaS
Difference between scatter plots and dot plots
Scatter plots show two variables and the relation (correlation) between the two. Dot plots show one variable and the frequency of that one variable. It is another way to show histogram-like data.
Client-server model
Servers often use this model, in which the client sends a request to the server and it provides a response or executes some action.
IT governance focuses on 5 key areas
Strategic alignment Risk management Resource management Performance measures Value delivery
Data mart
Subset of data warehouse that has a more specific purpose such as marketing or finance. Different departments have more specific data needs to help them operate more effectively.
A/B Pilot Canary Conversion
Subset of users get the new system while the rest of users keep using the old system. (e.g., one segment or division of the company at a time) Average cost, average risk
Transmission Control Protocol and Internet Protocol (TCP/IP)
TCP/IP is a suite of communications protocols used to connect computers to the Internet. It is also built into network operating systems.
Data manipulation definition
Supplemented, enhanced, or otherwise manipulated in order to ADD VALUE TO EXISTING DATA POINTS
Role of System programmer, system analyst, computer operator, and security administrator
System analyst: Designs system based on user needs; Liaison between users and programmers because they speak both computer language and business language System programmer: Codes, writes, tests, debugs program (software) based on analysts' design Computer operator: Physically runs the system; mans IT Help desk Security administrator: Provides access to IT
What IT roles must be segregated?
System programmer, system analyst, security administrator, computer operator
Firmware
System software attached to the that tells hardware devices how to operate.
Operating system
System software that provides an interface between the user and the computer hardware.
Phase 4: Development/production
Technical design blueprint is implemented to build or improve the system. Develop platforms, buy hardware, programmers create/write/run new software.
Stress testing
Test how well system deals with abnormal/extreme resource demands
Integration testing
Test if units, once they are combined, function as intended.
Unit testing
Test individual units or pieces of code for a system to ensure they are functioning as intended
Functional testing
Testing in normal, realistic conditions and this tests to ensure that the software is in line with all of the specifications outlined by the client.
System testing
Testing the entire system as a whole to see if it meets technical specifications and quality assurance standards
Sanity testing
Tests logical reasoning of the system
Group By Function
The GROUP BY statement is used in conjunction with the aggregate functions to group the result-set by one or more columns. SELECT Location, SUM(Sales) AS TotalSales FROM AnnualSales GROUP BY Location
Data integrity
The correctness of data after processing, storage or transmission.
Data integrity
The correctness of data after processing, storage or transmission. Overall accuracy, completeness, and consistency of data.
Veracity of data
The degree to which data is accurate, precise, reliable, neutral, timely; data must be cleaned up to take out the bad stuff; quality of data
Infrastructure as a Service (IaaS)
The delivery of computer hardware capability, including the use of hardware, servers, networking, and storage, as a service billed on a per-use basis (e.g., like outsourcing an entire IT dept) (Amazon Web Services (AWS) Elastic Compute Cloud (EC2), Microsoft Azure)
Maximum Tolerable Downtime (MTD)
The maximum period of time that a business process can be down before the survival of the organization is at risk. Full function recovery must be achieved within this time period. The RTO and WRT must be within this limit.
How are firmware, and OS related?
The operating system, like Windows or Android, is the software layer that sits just above firmware. It works closely with the firmware to ensure the hardware functions and is the primary interface between the user and applications.
Information risk
The probability that the information circulated by a company will be false or misleading due to data integrity loss, hackers, or incomplete transactions
Extract, Transform, and Load (ETL)
The process by which raw, unorganized data is extracted from various sources, transformed into a format of information to support the analysis to be performed, and loaded into the data warehouse.
Acceptance testing
The process whereby actual users test a completed information system in a normal work environment, the end result of which is the users' acceptance of it. Thus, it is the most important type of testing.
Change management
The process, tools and techniques that help organizations implement changes without losing the ability to operate or achieve strategic objectives
Role of the user
The responsibility of user departments is to interact with application systems as planned; record and delete transactions
Main focus for the design of a MIS
The types of decisions that need to be made will dictate the overall design of the system.
Supply Chain Management (SCM)
Unifies supply chain processes to allow for better information flows and visibility of data across the entire supply chain
Management information system (MIS)
Uses data to provide reports in predefined formats to facilitate effective decision-making as part of strategic planning and tactical execution of that plan. It sees data as part of the strategic planning process. Data --> Used for decision making --> Decisions made help achieve strategy
Machina learning
Uses statistical techniques to give information systems the ability to "adapt" with data, without being explicitly programmed with code.
Multiprocessing
Using multiple CPUs to run multiple programs simultaneously.
Utility programs/software
Utility software is software designed to help analyze, configure, optimize or maintain a computer. It is used to support the computer infrastructure - in contrast to application software, which is aimed at directly performing tasks that benefit ordinary users
Exploratory tests
Utilized for the less-common or exception-based situations with no specified test cases
What is the most important V of five V's of Big Data?
Value. The higher value, the more useful the data is for extracting intelligence. This leads to more effective operations, stronger customer relationships and other clear and quantifiable business benefits
Phase 5: Testing
Verifies that the system works and meets all of the business requirements defined in the analysis phase • Unit testing—tests individual units or pieces of code for a system. • System testing—verifies that the units or pieces of code written for a system function correctly when integrated into the total system. • Integration testing—verifies that separate systems can work together. • User acceptance testing (UAT)—determines if the system satisfies the business requirements and enables users to perform their jobs correctly
Five V's of Big Data
Volume: Size and amount of data Value: Insights Big Data can yield Velocity: How fast data is collected and processes Veracity: Trustworthiness and quality of data Variety: Different structures of data
Using WHERE to find NULL values
WHERE BirthDate IS Null;
Expert Systems (ES) vs. TDSS
Whereas a traditional DSS merely facilitates the decision-making process, an Expert system is designed to mimic the decision-making ability of a human expert. An expert system's output includes answers to problems through use of a knowledge base, which is based on rules developed by an expert to address specified situations. This helps non-expert managers make better decisions in an area where they lack expertise.
Data warehouse contains only data that is structured and has schema on ______, while data lake contains data that is unstructured and has schema on ________.
Write; read. Data warehouse contains only data that is structured and has schema on WRITE, which means schema and structure is implemented prior to being stored in the repository. Data lake has data that is both structured and unstructured and has schema on READ, which means schema and structure is implemented when trying to access the data.
Denial of service attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources
Which is system flowchart and Data flow diagram a) Illustrates system's data flow and information processing, including hardware. b) Includes information on data flows, data destination, data source, data storage, and transformation processes, but not hardware.
a) System flowchart b) Data flow diagram
In the data hierarchy, the smallest element is the _____. a) Record. b) Bit. c) Byte. d) Character. e) File.
b) Bit. The data hierarchy is the following from largest to smallest: Database Files (table) Records (row) Field Character Bytes Bit
The hardware that assigns IP addresses is a. Modem b. Router c. Server d. gateway
b. Router a. Modem is what connects a network to the internet. c. Server is a machine that coordinates the computers, programs, and data that is a part of the network. d. A gateways acts as an intermediary between networks and translate differing protocols.
Feasibility study
determines whether a proposed system is practicable from technical, operational, and economical standpoints
Big data
corporate accumulation of massive amounts of data that can be mined for potential information and used for analysis, referred to as data analytics
Performance test
test the run time of the system's processing
