Add to collection(s) Add to saved
  1. No category
Uploaded by Yuno Nanase

Information Technology Auditing Ch 01 - 05 Flashcards Quizlet

advertisement 
Math
Information Technology Auditing Ch 01 - 05
10 studiers recently
Leave the first rating
Terms in this set (93)
Access controls
Accounting records
Audit objectives
Audit opinion
Controls that ensure that only authorized personnel
have access to the firm's assets.
"The documents, journals, and ledgers used in
transaction cycles. "
Audit goals derived from management assertions
that lead to the development of audit procedures.
Opinion of auditor regarding the presentation of
financial statements.
Stage at which the auditor identifies the financially
Audit planning
significant applications and attempts to understand the controls over the primary transactions that
are processed by these applications.
Audit procedure
Tasks performed by auditors to gather evidence
that supports or refutes management assertions.
"Probability that the auditor will render unqualified
Audit risk
opinions on financial statements that are, in fact,
materially misstated. "
Information Technology Auditing Ch 01 - 05
Form of independent attestation performed by an
Auditing
expert who expresses an opinion about the fairness
of a company's financial statements.
Policies and procedures used to ensure that
Control activities
appropriate actions are taken to deal with the
organization's risks.
Control environment
The foundation of internal control.
Likelihood that the control structure is flawed
Control risk
because controls are either absent or inadequate to
prevent or detect errors in the account.
Corrective controls
Actions taken to reverse the effects of errors
detected in the previous step.
Risk that auditors are willing to take that errors not
Detection risk
detected or prevented by the control structure will
also not be detected by the auditor.
"Devices, techniques, and procedures designed to
Detective controls
identify and expose undesirable events that elude
preventive controls. "
Risk that is associated with the unique
Inherent risk
characteristics of the business or industry of the
client.
"Policies a firm employs to safeguard the firm's
Internal control system
assets, ensure accurate and reliable accounting
records and information, promote efficiency, and
measure compliance with established policies. "
Information Technology Auditing Ch 01 - 05
Explicit or implicit statements made by management
Management assertions
within the financial statements pertaining to the
financial health of the organization.
Monitoring
Preventive controls
Risk assessment
Segregation of duties
Substantive tests
Supervision
Tests of controls
Transaction authorization
The process by which the quality of internal control
design and operation can be assessed.
Passive techniques designed to reduce the
frequency of occurrence of undesirable events.
"The identification, analysis, and management of
risks relevant to financial reporting. "
Separation of employee duties to minimize
incompatible functions.
Tests that determine whether database contents
fairly reflect the organization's transactions.
A control activity involving the critical over- sight of
employees.
Tests that establish whether internal controls are
functioning properly.
Procedure to ensure that employees process only
valid transactions within the scope of their authority.
"Comprehensive statement of all actions to be taken
Disaster recovery plan (DRP)
before, during, and after a disaster, along with
documented, tested procedures that will ensure the
continuity of operations. "
Information Technology Auditing Ch 01 - 05
"Arrangement that involves two or more user
Empty shell
organizations that buy or lease a building and
remodel it into a computer site, but without the
computer and peripheral equipment. "
Agreement between two or more organizations
Mutual aid pact
(with comparable computer facilities) to aid each
other with their data processing needs in the event
of a disaster.
Arrangement involving two or more user
Recovery operations center
organizations that buy or lease a building and
(ROC)
remodel it into a completely equipped computer
site.
Hardware component that asks the caller to enter a
Call-back device
password and then breaks the connection to
perform a security check.
Compilers
Echo check
Language translation modules of the operation
system.
Technique that involves the receiver of the message
returning the message to the sender.
Electronic data interchange
The inter company exchange of computer-
(EDI)
processible business information in standard format.
Technique that uses a computer program to
Encryption
transform a standard message being transmitted
into a coded (cipher text) form.
Information Technology Auditing Ch 01 - 05
Software and hardware that provide a focal point
Firewall
for security by channelling all network connections
through a control gateway.
Topology where a host computer is connected to
Hierarchical topology
several levels of subordinate smaller computers in a
master-slave relationship.
Interpreters
Network topology
Language translation modules of the operating
system that convert one line of logic at a time.
Physical arrangement of the components.
Technique that incorporates an extra bit into the
Parity check
structure of a bit string when it is created or
transmitted.
Password
Polling
Public key encryption
Secret code entered by the user to gain access to
the data files.
Popular technique for establishing communication
sessions in WANs.
Technique that uses two keys one for encoding the
message and the other for decoding it.
Technique in which a control message from the
Request-response technique
sender and a response from the sender are sent at
periodic synchronized intervals.
Reusable password
A network password that can be used more than
one time.
Information Technology Auditing Ch 01 - 05
Ring topology
Topology that eliminates the central site. All nodes
in this configuration are of equal status.
"Special-purpose computers that manage common
Servers
resources, such as programs, data, and printers of
the LAN. "
Token passing
Trojan horse
Virus
Transmission of a special signal (token) around the
network from node to node in a specific sequence.
Program that attaches to another legitimate
program but does not replicate itself like a virus.
Program that attaches itself to a legitimate program
to penetrate the operating system.
Software program that burrows into the computer's
Worm
memory and replicates itself into areas of idle
memory.
Access method
Attributes
The technique used to locate records and to
navigate through the database.
Equivalents to adjectives in the English language
that serve to describe the objects.
"Devices that measure various personal
Biometric devices
characteristics, such as fingerprints, voice prints,
retina prints, or signature characteristics. "
Data definition language (DDL)
Programming language used to define the database
to the database management system.
Information Technology Auditing Ch 01 - 05
Data dictionary
Data manipulation language
(DML)
Description of every data element in the database.
Language used to insert special database
commands into application programs written in
conventional languages.
Data structures
Database administrator (DBA)
Database authorization table
Database lockout
Techniques for physically arranging records in the
database.
The individual responsible for managing the
database resource.
Table containing rules that limit the actions a user
can take.
Software control that prevents multiple
simultaneous access to data.
Database management system
Software system that controls access to the data
(DBMS)
resource.
Entity
Grandparent-parent-child
"A resource, event, or agent. "
Backup technique used in sequential batch systems.
(GPC)
A database model that represents data in a
Hierarchical data model
hierarchical structure and permits only a single
parent record for each child.
Inference controls
Controls that prevent users from inferring specific
data values through normal query features.
Information Technology Auditing Ch 01 - 05
Internal view
Navigational model
Network model
The physical arrangement of records in the
database.
Model that possesses explicit links or paths among
data elements.
Variation of the hierarchical model.
Database approach that splits the central database
Partitioned database approach
into segments or partitions that are distributed to
their primary users.
Replicated databases
Schema (conceptual view)
Sub-schema (user view)
User views
Backbone systems
Conceptual design
Database approach in which the central database is
replicated at each IPU site.
Description of the entire data- base.
User view of the database.
The set of data that a particular user needs to
achieve his or her assigned tasks.
Basic system structure on which to build.
The production of several alternative designs for the
new system.
Information Technology Auditing Ch 01 - 05
"Design of screen outputs, reports, and operational
documents; entity relationship diagrams; normal
form designs for database tables; updated data
Detailed design
dictionary; designs for all screen inputs and source
documents; context diagrams for overall system;
low-level data flow diagrams; and structure
diagrams for program modules. "
Documentation
End users
Written description of how the system works.
Users for whom the system is built.
"Process that involves five steps identifying the
New systems development
problem, understanding what needs to be done,
considering alternative solutions, selecting the best
solution, and implementing the solution. "
Object-oriented design
Objects
Project planning
Project schedule
Stakeholders
Steering committee
Building information systems from reusable
standard components or modules.
Equivalent to nouns in the English language.
Allocation of resources to individual applications
within the framework of the strategic plan.
Document that formally presents management's
commitment to the project.
Entities either inside or outside an organization that
have direct or indirect interest in the firm.
An organizational committee consisting of seniorlevel management responsible for systems planning.
Information Technology Auditing Ch 01 - 05
Structured design
Disciplined way of designing systems from the top
down.
"Determination of what elements, if any, of the
System survey
current system should be preserved as part of the
new system. "
Two-step process that involves a survey of the
Systems analysis
current system and then an analysis of the user's
needs.
Systems development life
Formal process consisting of two major phases new
cycle (SDLC)
systems development and maintenance.
Systems planning
Turnkey systems
Vendor-supported systems
Linking of individual system projects or applications
to the strategic objectives of the firm.
Completely finished and tested systems that are
ready for implementation.
Custom systems that organizations purchase from
commercial vendors.
Analysis of system design to ensure the design is
Walk-through
free from conceptual errors that could become
programmed into the final system.
Related documents
Document13499846 13499846
Document13499846 13499846
Adequate documentation provided data necessary for responding to inquiries regarding the operation of computer program
Adequate documentation provided data necessary for responding to inquiries regarding the operation of computer program
Dongxue Xu
Dongxue Xu
Download
advertisement