Term | Definition Two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system. | |
|
Term | Definition When a subsystem’s goals are inconsistent with the goals of another subsystem or the system as a whole. | |
|
Term | Definition When a subsystem achieves its goals while contributing to the organization’s overall goal. | |
|
Term | Definition Facts that are collected, recorded, stored, and processed by a system. | |
|
Term | Definition Data that have been organized and processed to provide meaning and improve decision-making. | |
|
Term Information technology (IT) | | Definition The computers and other electronic devices used to store, retrieve, transmit and manipulate data. | |
|
Term | Definition Exceeding the amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information. | |
|
Term Data differ from information in which way? | | Definition Information is output, and data are input | |
|
Term Characteristic that makes information useful | | Definition - It is reliable.- It is timely. - It is relevant | |
|
Term What is a primary activity in the value chain? | | Definition |
|
Term Which transaction cycle includes interactions between an organization and its suppliers? | | Definition |
|
Term A means by which information improves decision making? | | Definition -reduces uncertainty -provides feedback about the effectiveness of prior decisions -identifies situations requiring management action | |
|
Term In the value chain concept, upgrading IT is considered what kind of activity? | | Definition support activity - Technology activities, including investing in IT, are considered a support activity. | |
|
Term In which cycle does a company ship goods to customers? | | Definition revenue cycle [The revenue cycle involves interactions between an organization and its customers, such as shipping them goods.] | |
|
Term Which of the following is a function of an AIS? | | Definition transforming data into useful information [This is one of the primary functions of an AIS.] | |
|
Term A firm, its suppliers, and its customers collectively form which of the following? | | Definition supply chain [The supply chain is made up of the firm, its suppliers, and customers.] | |
|
Term A report telling how well all approved vendors have performed in the prior 12 months is information that is MOST needed in which business process? | | Definition acquiring inventory [Companies want to acquire inventory from companies that have performed well in the past. A vendor performance report would disclose whether the vendor shipped inventory on time, whether the inventory was of the requested quality, whether the prices were as agreed upon, etc.] | |
|
Term | Definition The benefit provided by information less the cost of producing it. | |
|
Term | Definition A set of related, coordinated, and structured activities and tasks, performed by a person, a computer, or a machine that help accomplish a specific organizational goal | |
|
Term | Definition Process of capturing transaction data, processing it, storing it for later use, and producing information output, such as a managerial report or a financial statement | |
|
Term | Definition An agreement between two entities to exchange goods or services, such as selling inventory in exchange for cash; any other event that can be measured in economic terms by an organization. | |
|
Term | Definition Transactions that happen a great many times, such as giving up cash to get inventory from a supplier and giving employees a paycheck in exchange for their labor. | |
|
Term five major business processes or transaction cycles: | | Definition Revenue Cycle, Expenditure Cycle, Production or conversion cycle, HR/payroll cycle and Financing cycle | |
|
Term general ledger and reporting system | | Definition Information-processing operations involved in updating the general ledger and preparing reports for both management and external parties. | |
|
Term accounting information system | | Definition A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures. | |
|
Term There are six components of an AIS: | | Definition 1. The people who use the system2. The procedures and instructions used to collect, process, and store data3. The data about the organization and its business activities4. The software used to process the data5. The information technology infrastructure, including the computers, peripheral devices, and network communications devices used in the AIS 6. The internal controls and security measures that safeguard AIS data | |
|
Term These six components enable an AIS to fulfill three important business functions: | | Definition 1. Collect and store data about organizational activities, resources, and personnel. Organizations have a number of business processes, such as making a sale or purchasing raw materials, which are repeated frequently.2. Transform data into information so management can plan, execute, control, and evaluate activities, resources, and personnel. 3. Provide adequate controls to safeguard the organization’s assets and data | |
|
Term A well-designed AIS can add value to an organization by: | | Definition 1. Improving the quality and reducing the costs of products or services2. Improving efficiency3. Sharing knowledge4. Improving the efficiency and effectiveness of its supply chain5. Improving the internal control structure 6. Improving decision making | |
|
Term | Definition The use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities. | |
|
Term | Definition Linking together of all the primary and support activities in a business. Value is added as a product passes through the chain. | |
|
Term | Definition Value chain activities that produce, market, and deliver products and services to customers and provide post-delivery service and support.1. Inbound logistics consists of receiving, storing, and distributing the materials an organization uses to create the services and products it sells. For example, an automobile manufacturer receives, handles, and stores steel, glass, and rubber.2. Operations activities transform inputs into final products or services. For example, assembly line activities convert raw materials into a finished car.3. Outbound logistics activities distribute finished products or services to customers. An example is shipping automobiles to car dealers.4. Marketing and sales activities help customers buy the organization’s products or services. Advertising is an example of a marketing and sales activity. 5. Service activities provide post-sale support to customers. Examples include repair and maintenance services. | |
|
Term Support activities allow the five primary activities to be performed efficiently and effectively. They are grouped into four categories: | | Definition Value chain activities such as firm infrastructure, technology, purchasing, and human resources that enable primary activities to be performed efficiently and effectively.1. Firm infrastructure is the accounting, finance, legal, and general administration activities that allow an organization to function. The AIS is part of the firm infrastructure.2. Human resources activities include recruiting, hiring, training, and compensating employees.3. Technology activities improve a product or service. Examples include research and development, investments in IT, and product design. 4. Purchasing activities procure raw materials, supplies, machineries, and the buildings used to carry out the primary activities. | |
|
Term | Definition An extended system that includes an organization’s value chain as well as its suppliers, distributors, and customers | |
|
Term | Definition The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information. | |
|
Term | Definition Documents used to capture transaction data at its source – when the transaction takes place. Examples include sales orders, purchase orders, and employee time cards. | |
|
Term | Definition Records of company data sent to an external party and then returned to the system as input. Turnaround documents are in machine-readable form to facilitate their subsequent processing as input records. An example is a utility bill. | |
|
Term | Definition The collection of transaction data in machine-readable form at the time and place of origin. Examples are point-of-sale terminals and ATMs. | |
|
Term | Definition A ledger that contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization. | |
|
Term | Definition A ledger used to record detailed data for a general ledger account with many individual subaccounts, such as accounts receivable, inventory, and accounts payable. | |
|
Term | Definition A title given to a general ledger account that summarizes the total amounts recorded in a subsidiary ledger. For example, the accounts receivable control account in the general ledger represents the total amount owed by all customers. The balances in the accounts receivable subsidiary ledger indicate the amount owed by each specific customer. | |
|
Term The following guidelines result in a better coding system. The code should: | | Definition ● Be consistent with its intended use, which requires that the code designer determine desired system outputs prior to selecting the code.● Allow for growth. For example, don’t use a three-digit employee code for a fast-growing company with 950 employees.● Be as simple as possible to minimize costs, facilitate memorization and interpretation, and ensure employee acceptance. ● Be consistent with the company’s organizational structure and across the company’s divisions | |
|
Term | Definition A journal used to record infrequent or nonroutine transactions, such as loan payments and end-of-period adjusting and closing entries. | |
|
Term | Definition A journal used to record a large number of repetitive transactions such as credit sales, cash receipts, purchases, and cash disbursements. | |
|
Term | Definition A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from output to point of origin. It is used to check the accuracy and validity of ledger postings and to trace changes in general ledger accounts from their beginning balance to their ending balance. | |
|
Term The four different types of data processing activities, referred to as CRUD, are as follows: | | Definition 1. Creating new data records, such as adding a newly hired employee to the payroll database.2. Reading, retrieving, or viewing existing data.3. Updating previously stored data. Figure 2-4 depicts the steps required to update an accounts receivable record with a sales transaction. The two records are matched using the account number. The sale amount ($360) is added to the account balance ($1,500) to get a new current balance ($1,860). 4. Deleting data, such as purging the vendor master file of all vendors the company no longer does business with. | |
|
Term | Definition Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted into some sequence (such as numerically or alphabetically) before processing. | |
|
Term What are the steps in the data processing cycle? | | Definition data input, data storage and data processing | |
|
Term All of the information (name, GPA, major, etc.) about a particular student is stored in the same ______. | | Definition |
|
Term What would contain the total value of all inventory owned by an organization? | | Definition |
|
Term What is most likely to be a general ledger control account? | | Definition |
|
Term What document is most likely to be used in the expenditure cycle? | | Definition |
|
Term What are most likely to be a specialized journal? | | Definition sales journal, cash receipts journal and cash disbursement journal | |
|
Term How does the chart of accounts list general ledger accounts? | | Definition the order in which they appear in financial statements | |
|
Term Records of company data sent to an external party and then returned to the system as input are called ______. | | Definition |
|
Term Recording and processing information about a transaction at the time it takes place is referred to as .... | | Definition online, real-time processing | |
|
Term Flowcharting symbols are divided into four categories, | | Definition 1. Input/output symbols show input to or output from a system.2. Processing symbols show data processing, either electronically or by hand.3. Storage symbols show where data is stored. 4. Flow and miscellaneous symbols indicate the flow of data, where flowcharts begin or end, where decisions are made, and how to add explanatory notes to flowcharts. | |
|
Term internal control flowchart | | Definition Used to describe, analyze, and evaluate internal controls, including identifying system strengths, weaknesses, and inefficiencies. | |
|
Term A DFD is a representation of | | Definition flow of data in an organization | |
|
Term Documentation methods such as DFDs, BPDs, and flowcharts save both time and money, adding value to an organization. | | Definition True -A picture is worth a thousand words: Many people learn more and learn it more quickly by studying the DFD, BPD, or flowchart of a system than by reading a narrative description of the same system | |
|
Term A document flowchart emphasizes the flow of documents or records containing data | | Definition True: The reason it is called a document flowchart is that it shows the flow of documents or records containing data | |
|
Term DFDs help convey the timing of events | | Definition True: DFDs show data movement, but not necessarily the timing of the movement | |
|
Term A DFD consists of the following four basic elements: data sources and destinations, data flows, transformation processes, and data stores. Each is represented on a DFD by a different symbol. | | Definition The four elements of DFDs are Square: Data sources and destinations Arrow: Data flows Circle: Transformation processes
Equal sign: Data stores Triangle/hazard sign: Internal control | |
|
Term All of the following are guidelines that should be followed in naming DFD data elements | | Definition -Process names should include action verbs such as update, edit, prepare, and record. -Data element names should reflect what is known about the element -Active and descriptive names should be used in naming data elements | |
|
Term The documentation skills that accountants require vary with their job function. However, all accountants should at least be able to do which of the following? | | Definition Read documentation to determine how the system works. [All accountants should at least be able to read and understand system documentation. | |
|
Term A flowchart is an analytical technique used to | | Definition describe some aspect of an information system in a clear, concise, and logical manner | |
|
Term Flowcharts use a standard set of symbols to | | Definition describe pictorially the flow of documents and data through a system | |
|
Term Flowcharts are easy to prepare and revise when the designer... | | Definition utilizes a flow-charting software package. [There are a number of good flow-charting software packages that make it easy to draw and modify flowcharts.] | |
|
Term What flowchart illustrates the flow of data among areas of responsibility in an organization? | | Definition document flowchart [A document flowchart traces the life of a document from its cradle to its grave as it works its way through the areas of responsibility within an organization.] | |
|
Term All of the following are recommended guidelines for making flowcharts more readable, clear, concise, consistent, and understandable | | Definition -Divide a document flowchart into columns with labels.-Design the flowchart so that flow proceeds from top to bottom and from left to right. -Show the final disposition of all documents to prevent loose ends that leave the reader dangling. | |
|
Term How are data sources and destinations represented in a data flow diagram? | | Definition |
|
Term The relational data model portrays data as being stored in __________. | | Definition tables (The relational data model portrays data as being stored in a table or relation format.) | |
|
Term How a user conceptually organizes and understands data is referred to as the __________ | | Definition logical view (The logical view shows how a user conceptually organizes and understands data.) | |
|
Term What is each row in a relational database table called? | | Definition tuple (A tuple is also called a row in a relational database.) | |
|
Term What is an individual user’s view of the database? | | Definition external-level schema (The external-level schema represents an individual user’s view of the database | |
|
Term What would managers most likely use to retrieve information about sales during the month of October? | | Definition DQL (DQL—data query language—is used to retrieve information from a database.) | |
|
Term What attributes would most likely be a primary key? | | Definition supplier number (A unique number can be assigned as a primary key for each entity.) | |
|
Term What is a software program that runs a database system? | | Definition DBMS (A DBMS—database management system—is a software program that acts as an interface between a database and various application programs.) | |
|
Term The constraint that all foreign keys must have either null values or the value of a primary key in another table is referred to as which of the following? | | Definition referential integrity rule (The referential integrity rule stipulates that foreign keys must have values that correspond to the value of a primary key in another table or be empty.) | |
|
Term What attributes in the Cash Receipts table (representing payments received from customers) would most likely be a foreign key? | | Definition customer number (Customer number would be a foreign key in the Cash Receipts table and would link the Cash Receipts table to the Customer Table.) | |
|
Term Internal controls perform three important functions: | | Definition Preventative controlsDetective controls Corrective controls | |
|
Term Internal controls are often segregated into two categories: | | Definition General controls and Application controls | |
|
Term COBIT 5 is based on the following five key principles of IT governance and management | | Definition 1. Meeting stakeholders needs2. Covering the enterprise end-to-end3. Applying a single, integrated framework4. Enabling a holistic approach 5. Separating governance from management | |
|
Term COBIT 5: The 32 management processes are broken down into the following four domains: | | Definition 1. Align, plan, and organize (APO)2. Build, acquire, and implement (BAI)3. Deliver, service, and support (DSS) 4. Monitor, evaluate, and assess (MEA) | |
|
Term Enterprise Risk Management—Integrated Framework (ERM) | | Definition A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control—Integrated. | |
|
Term The basic principles behind ERM are | | Definition ● Companies are formed to create value for their owners.● Management must decide how much uncertainty it will accept as it creates value.● Uncertainty results in risk, which is the possibility that something negatively affects the company’s ability to create or preserve value.● Uncertainty results in opportunity, which is the possibility that something positively affects the company’s ability to create or preserve value. ● The ERM framework can manage uncertainty as well as create and preserve value. | |
|
Term An internal environment consists of the following: | | Definition 1. Management’s philosophy, operating style, and risk appetite2. Commitment to integrity, ethical values, and competence3. Internal control oversight by the board of directors4. Organizational structure5. Methods of assigning authority and responsibility6. Human resource standards that attract, develop, and retain competent individuals 7. External influences | |
|
Term | Definition Impact × Likelihood The value of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it. | |
|
Term Control procedures fall into the following categories: | | Definition 1. Proper authorization of transactions and activities2. Segregation of duties3. Project development and acquisition controls4. Change management controls5. Design and use of documents and records6. Safeguarding assets, records, and data 7. Independent checks on performance | |
|
Term The updated IC framework specifies that the following three principles apply to the information and communication process: | | Definition 1. Obtain or generate relevant, high-quality information to support internal control2. Internally communicate the information, including objectives and responsibilities, necessary to support the other components of internal control 3. Communicate relevant internal control matters to external parties | |
|
Term COSO’s internal control integrated framework has been widely accepted as the authority on internal controls. | | Definition The internal control integrated framework is the accepted authority on internal controls and is incorporated into policies, rules, and regulations that are used to control business activities | |
|
Term All other things being equal, this is true regarding preventive and detective controls | | Definition Preventive controls are superior to detective controls | |
|
Term To achieve effective segregation of duties, certain functions must be separated. what is the correct listing of the accounting-related functions that must be segregated? | | Definition authorization, recording, and custody | |
|
Term Examples of independent checks | | Definition -Bank reconciliation-Periodic comparison of subsidiary ledger totals to control accounts -Trial balance-top level analytical review
| |
|
Term What is a control procedure relating to both the design and the use of documents and records? | | Definition sequentially prenumbering sales invoices (Designing documents so that they are sequentially prenumbered and then using them in order is a control procedure relating to both the design and the use of documents.) | |
|
Term What is the correct order of the risk assessment steps? | | Definition Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits. | |
|
Term The Trust Services Framework organizes IT-related controls into five principles that jointly contribute to systems reliability: | | Definition 1. Security—access (both physical and logical) to the system and its data is controlled and restricted to legitimate users.2. Confidentiality—sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.3. Privacy—personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.4. Processing Integrity—data are processed accurately, completely, in a timely manner, and only with proper authorization. 5. Availability—the system and its information are available to meet operational and contractual obligations. | |
|
Term time-based model of security | | Definition Implementing a combination of preventive, detective and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised. | |
|
Term | Definition P = the time it takes an attacker to break through the organization’s preventive controls D = the time it takes to detect that an attack is in progress C = the time it takes to respond to the attack and take corrective action | |
|
Term | Definition then the organization’s security procedures are effective. Otherwise, security is ineffective. | |
|
Term What is a preventive control? | | Definition training (Training is designed to prevent employees from falling victim to social engineering attacks and unsafe practices such as clicking on links embedded in e-mail from unknown sources.) | |
|
Term The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called ________. | | Definition authorization (Authorization is the process of controlling what actions—read, write, delete, etc.—a user is permitted to perform.) | |
|
Term A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) ________. | | Definition vulnerability (A vulnerability is any weakness that can be used to disable or take control of a system.) | |
|
Term What is a corrective control designed to fix vulnerabilities? | | Definition patch management (Patch management involves replacing flawed code that represents a vulnerability with corrected code, called a patch.) | |
|
Term What is a detective control? | | Definition penetration testing (Penetration testing is a detective control designed to identify how long it takes to exploit a vulnerability.) | |
|
Term Change controls are necessary to | | Definition maintain adequate segregation of duties. | |
|
Term Changes should be tested in a system... | | Definition separate from the one used to process transactions | |
|
Term “Emergency” changes need to be documented... | | Definition once the problem is resolved | |
|
Term What techniques is the most effective way for a firewall to protect the perimeter? | | Definition deep packet inspection (Deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code.) | |
|
Term What combinations of credentials is an example of multifactor authentication? | | Definition a PIN and an ATM card (The PIN is something a person knows, the ATM card is something the person has.) | |
|
Term Difficulties accountants have experienced using the traditional systems development life cycle? | | Definition -AIS development projects are backlogged for years. -Changes are usually not possible after requirements have been frozen -The AIS that is developed may not meet their needs | |
|
Term Companies that buy rather than develop an AIS must still go through the systems development life cycle. | | Definition True [Purchasing a system still requires a company to follow the systems development life cycle of analyzing, designing (conceptual and physical), and implementing a new system. Otherwise, the company risks not purchasing the right system for its needs.] | |
|
Term As a general rule, companies should buy rather than develop software if they can | | Definition find a package that meets their needs | |
|
Term Companies can hope to find a package ____ that meets their needs | | Definition there is a greater likelihood that canned software can be found that meets user needs. | |
|
Term A company should not attempt to develop its own custom software unless | | Definition experienced, in-house programming personnel are available and the job can be completed less expensively on the inside | |
|
Term As a general rule, a company should develop custom software | | Definition only when it will provide a significant competitive advantage. | |
|
Term When a company is buying large and complex systems, vendors are invited to submit systems for consideration. What is such a solicitation called? | | Definition |
|
Term To compare system performance, a company can create a data processing task with input, processing, and output jobs. This task is performed on the systems under consideration and the processing times are compared. The AIS with the lowest time is the most efficient. What is this process called? | | Definition |
|
Term what is NOT a benefit of outsourcing | | Definition It offers a great deal of flexibility because it is relatively easy to change outsourcers | |
|
Term What is a true statement with respect to prototyping | | Definition In the early stages of prototyping, system controls and exception handling may be sacrificed in the interests of simplicity, flexibility, and ease of use. A prototype is a scaled-down, first-draft model that is quickly and inexpensively built and given to users to evaluate. The first step in prototyping is to identify system requirements. | |
|
Term What is NOT an advantage of prototyping? | | Definition adequately tested and documented systems | |
|
Term What are two traits of useful information? | | Definition Accessibility & Reliability | |
|
Term Businesses must pay a variety of taxes. | | Definition Sales tax-Point-of-purchase rate tablesPayroll tax-Total wage expense Sales tax-Total sales | |
|
Term Which events are part of the revenue cycle? | | Definition Taking orders from customers, shipping finished goods, and depositing payments in the bank | |
|
Term Which three actions are part of the revenue cycle? | | Definition Receiving and answering customer inquiresApproving credit sales of finished goods Initiating back orders for finished goods that are out of stock | |
|
Term In which two ways does an accounting information system (AIS) safeguard assets? | | Definition By requiring a correct password to be entered to access the company network By providing tools to alert managers when an unauthorized user attempts to use assets | |
|
Term Improves the effectiveness of the supply chain | | Definition A function that informs a supervisor when manufacturing production performance falls below standards | |
|
Term Improves the internal control structure | | Definition A function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees | |
|
Term Improves the quality and reduces the costs of products or services | | Definition A function that provides up-to-the-minute information about inventory items that are low in stock | |
|
Term A patio furniture store uses its accounting information system to allow salespeople to check the inventory level of an item at the main warehouse. | | Definition By improving knowledge sharing | |
|
Term How can an accounting information system be used for the value chain activity of operations? | | Definition By transforming inputs into final products or services | |
|
Term Which step in the data processing cycle relies on coding techniques, such as sequence codes and block codes, to organize data in ledgers? | | Definition |
|
Term Which action improves data accuracy during the data input process? | | Definition Using pre-numbered source data | |
|
Term Which two methods improve the accuracy and completeness of data that is entered into an accounting information system (AIS)? | | Definition Using pull-down menus on the data input screen Using point-of-sale scanners to capture machine-readable data | |
|
Term How does an audit trail work in an accounting information system? | | Definition By capturing a transaction’s path through the data processing system | |
|
Term Which two guidelines result in a better coding system for storing data in an accounting information system (AIS)? | | Definition The coding system should be consistent with the company’s organizational structure. The coding system should take into consideration expected company growth. | |
|
Term Which two activities occur during the accounts receivable file updating process? | | Definition Adding a transaction amount to a customer’s account balance Comparing the customer’s new balance to the customer’s credit limit | |
|
Term Which type of accounting information system (AIS) output is a gross margin analysis by product line? | | Definition |
|
Term Which action is a function of an enterprise resource planning (ERP) system? | | Definition Integrating a company’s business processes with a traditional accounting information system | |
|
Term Which two tasks are part of the process of auditing computer-based information systems? | | Definition Evaluating evidence in a systematic manner Providing recommendations for improvement | |
|
Term Which task do information systems auditors perform when they audit transaction processing? | | Definition Testing the accuracy of data edit routines | |
|
Term Which two issues do information systems auditors look for when they audit security provisions? | | Definition Proper procedures for assigning user IDs Effective use of data encryption | |
|
Term What are two advantages of purchasing or renting an accounting information system (AIS)? | | Definition The company can test-drive the system. Software upgrades are automated. | |
|
Term What is a benefit of a well-designed computer input screen? | | Definition It reduces data entry errors and omissions | |
|
Term Which task is part of the selecting and training personnel step of implementing an accounting information system (AIS)? | | Definition Experimenting with the new system in a controlled environment | |
|
Term Which two recommendations are included in a post-implementation review report? | | Definition Improvements to the new system Improvements to the development process | |
|
Term Why is system documentation created? | | Definition To help during transitions of information technology employees | |
|
Term Which tool shows the flow of bills of lading and packing slips between the shipping department and the accounts receivable department? | | Definition |
|
Term Which tool is useful when analyzing internal control procedures? | | Definition |
|
Term How is cross-functional analysis a database benefit? | | Definition It allows data relationships to be defined so that management reports can be easily prepared | |
|
Term A database contains data that can be used by many authorized users. Which benefit of a database does this example describe? | | Definition |
|
Term What is the difference between a conceptual-level schema and an internal-level schema? | | Definition A conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database. | |
|
Term What is the difference between a primary key and a foreign key in a database? | | Definition A primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables. | |
|
Term How can information sharing between customers and suppliers contribute to information system failures? | | Definition Customers and suppliers having access to each other’s systems and data can lead to breaches in confidentiality. | |
|
Term Why is data in an Internet-based system sometimes not protected as well as data in a centralized computer system? | | Definition Companies fail to completely understand the control and protection implications of moving to an Internet-based system. | |
|
Term Which two types of functions do internal controls provide? | | Definition DetectiveCorrective Prevenative | |
|
Term What is the function of a corrective control? | | Definition To remedy problems after they occur in an information system | |
|
Term COSO’s enterprise risk management framework | | Definition It uses a three-dimensional model. | |
|
Term COSO’s internal control framework | | Definition It contains only five components. | |
|
Term | Definition It consolidates control standards from 36 sources into a single framework | |
|
Term When employees start working at a company, they are given a formal job description and a policy and procedures manual. The manual includes the company’s vision statement and code of conduct and explains the expected business practices and procedures used at the company. The job description and manual communicate components of this company’s internal environment. Which two components do they communicate? | | Definition Methods of assigning authority and responsibility Commitment to integrity, ethical values, and competence | |
|
Term What is an inherent risk? | | Definition A risk that exists before internal controls are instated | |
|
Term What are cost-effective controls? | | Definition Controls that offer a higher risk reduction benefit than the controls cost | |
|
Term What is the formula to calculate expected loss? | | Definition |
|
Term A company has a policy that all purchase orders $100,000 or greater be approved by the controller prior to being entered into the accounting system. Which category does this control procedure relate to? | | Definition Proper authorization of transactions and activities | |
|
Term Which 6 tools are project development and acquisition controls? | | Definition 1. Steering committee2. A strategic master plan3. Project development plan4. data processing schedule5. System performance measurements 6. Post implementation review | |
|
Term What is one purpose of the COBIT framework? | | Definition To provide assurance that data produced by an information system is reliable | |
|
Term Which action is an example of a social engineering technique? | | Definition Calling a newly hired assistant and pretending to be an employee who needs help obtaining files | |
|
Term Which step does an attacker perform when conducting research for the purpose of penetrating an information system? | | Definition Finds out the vulnerabilities of the software that the company is using | |
|
Term What does an attacker do when scanning and mapping a target information system? | | Definition Identifies computers that can be remotely accessed | |
|
Term Which tool is an example of a preventive information security control? | | Definition |
|
Term Which preventive control is designed to stop an attacker from installing a hardware-based keystroke logging device on a computer? | | Definition A physical access control | |
|
Term Which tool is used to identify system vulnerabilities? | | Definition |
|
Term Which two security controls detect intrusions? | | Definition Log analysis Security testing | |
|
Term A company has a procedure that installs updates to all of its security programs and operating systems on a monthly basis. Which type of corrective control does this scenario describe? | | Definition |
|
Term Who designs and implements procedures that prevent attackers from penetrating a company’s accounting information system (AIS)? | | Definition The chief information security officer | |
|
Term What is the purpose of information rights management (IRM) software? | | Definition It controls access to sensitive data. | |
|
Term | Definition Unauthorized use of someone’s personal information for the perpetrator’s benefit | |
|
Term What is the process of data encryption? | | Definition Transforming plain text into gibberish | |
|
Term Which type of processing integrity control includes using turnaround documents? | | Definition |
|
Term A company’s cash clearing account is debited for the gross value of the weekly accounts payable check run. The cash clearing account is then credited as each amount is allocated to the correct expense account. The cash clearing account should have a zero balance after both sets of entries have been made. Which type of IT control is employed in this scenario?
| | Definition |
|
Term Which activity in the revenue cycle involves picking and packing a customer order? | | Definition |
|
Term Which action does a company take during the customer order process in the revenue cycle? | | Definition It checks and approves customer credit. | |
|
Term Which activity in the expenditure cycle has the threat of discrepancies between the quoted price and the actual price charged? | | Definition Approving supplier invoices | |
|
Term During which step in the expenditure cycle could an incorrect posting to accounts payable occur? | | Definition Approving supplier invoices | |
|
Term A company changes to a lean manufacturing process to minimize inventories in the manufacturing plant. Which activity of the production cycle will this impact the most? | | Definition |
|
Term What three objectives of cost accounting? | | Definition 1. Providing product data to be used for making pricing decisions2. Collecting information to calculate the cost of goods sold 3. Provide info for planning control and evaluating performance of production objectives | |
|
Term Which activities are part of the human resources management (HRM)/payroll cycle? | | Definition 1.Tracking the job assignments of each employee at a company2. Recruiting/hiring3. Training4. Compensation/payroll5. Performance Evaluations 6. Discharge | |
|
Term Which threat applies to the human resources management (HRM)/payroll cycle? | | Definition Disclosing confidential salary information | |
|
Term Which two steps are part of the human resources management (HRM)/payroll cycle? | | Definition Adding new employees to the master database Recording rate changes for employees who have received raises | |
|
Term Which threat to the payroll process applies to the disbursement of payroll? | | Definition Wages being issued to a fictitious employee | |
|
Term Which control is applied to the payroll preparation step of the payroll cycle? | | Definition Comparing hash totals of employee numbers | |
|
Term Preventative IT solutions: | | Definition Antimalware controlsNetwork access controlsDevice and software hardening controls Encryption | |
|
Term How to mitigate risk of attack | | Definition Preventative controls:People, process, IT solutions, physical security, and change controls and change managementDetective controls:Log analysisIntrusion detection systemsPenetration testing Continuous monitoring | |
|
Term Business process diagram basic symbols | | Definition Circle-start/beginingBold Circle-EndRounded rectangle-Activity in processDiamond-DecisionArrow-flow Broken arrow-annotation information | |
|