Review for Final Exam Accounting Information Systems Romney and Steinbart Linda Batch July 2012 Learning Objectives • AIS Development Strategies (Chapter 21) • Ways to acquire an AIS • BPM and BPMS • Systems Development (Chapter 22) • Conceptual systems design process (5 steps) • Physical systems design process • Systems implementation and conversion – important • Microsoft Access – Creating Macros and Switchboard – Work on Assignment 4 • Quiz (Chapter 9, 10) Review for Final Exam Text Book Theory • • • • • • • • Chapter 7 – Control and AIS Chapter 8 – IS Controls for System Reliability Chapter 9 – IS Controls for Systems Reliability Con’t Chapter 10 – IS Controls for Systems Reliability Chapter 11 – Auditing Computer Based AIS Chapter 20 – Intro to Systems Development Chapter 21 – AIS development Strategies Chapter 22 – Systems Design, Implementation, and Operation Chapter 7 – Control and AIS • • • • COSO ERM Preventive, Detective and Corrective Controls (week 8, slide 4) COSO ERM (week 8, slide 9, 8) COSO ERM – Control Activities (week 8, slide 12) – control activities are categorized into 7 types Chapter 7 – Control and AIS • Know that segregation of accounting duties is different than segregation of systems duties (you do not have to learn the list of segregations for systems duties) (week 8 slide 16) • Know that people with unrestricted access to your computer system and perpetrate and conceal fraud (week 8, slide 16) • Know that systems staff should not have access to change records, tables, programming in your production system (week 8, slide 16) • Know some independent checks on performance (week 8, slide 17) – good short answer question • AIS has five primary objectives according to the AICPA (week 8, slide 18) Chapter 8 – IS Controls for System Reliability • COBIT’s four domains, plus be able to give three examples of each domain (week 9, slides 9 to 13) • Know that systems security is a management responsibility not an IT responsibility and why (week 9, slide 3) – good short answer question • Information provided to management must satisfy 7 key criteria, know three (week 9, slide 4) • Know authentication vs. authorization (week 9, slide 16) – good short answer possibly • Be able to talk to system reliability (week 9, slide 17) • Go over the scenarios in problem 8.4 from the text – discussion regarding control types (preventive, dectective, corrective) • Deep packet inspection vs. stateful packet filtering (week 9, slide 26) • TCP and IP (week 9, slide 25) • Steps in an IT attack are NOT on the final Chapter 9 – IS Controls for System Reliability • • • • Encryption – what is it (week 10, slides 4 to 6) Know types of Encryption (week 10, slides 7 and 8) Know how digital signatures are created (week 10, slides 7 and 8) Know what a VPN is and how it works (week 10, slide 9) Chapter 10 – IS Controls for System Reliability • System Availability (week 10, slides 13 and 14) • RTO, RPO (week 10, slides 13 and 14) • Data recovery plan and business continuity plan – how does that fit with RTO and RPO Chapter 11 – Auditing Computer Based AIS • • • • Different types of audits (week 11, slide 4) Overview of the audit process – four steps (week 11, slide 4) Risk based approach to audit (week 11, slide 5) Six objectives to an information systems audit (week 11, slide 6 and 7) • Examples of audit techniques for Objective 3 and Objective 4 (week 11, slide 9) • Computer Assisted Audit Techniques (week 11, slide 10) • Chapter 11 check point questions in the week 11 deck Chapter 20 – Systems Development and Analysis • Reasons to change the computer system – know 3 (week 11, slide 16) • Know the systems development life cycle (SDLC) (week 11, slide 18,19) • Two plans are required to Systems Development (week 11, slide 21) • GANTT Chart and PERT Chart – know the difference (week 11, slide 22) • Three forms or resistance to change (week 11, slide 24) • How do you prevent behavioral problems (week 11, slide 25) Chapter 20 – Systems Development and Analysis Systems analysis Conceptual System Design Physical Design Implementation And Conversion Operation and Maintenance Chapter 21 – AIS Development Strategies • Definitions – (week 12, slide 3) • Ways to get an AIS – – – – Purchase AIS (week 12, slide 3) In House development of AIS (week 12, slide 4) Outsource AIS (week 12, slide 4) Prototype AIS (week 12, slide 4) • Systems Development Life Cycle (week 12, slides 7 to 11) – Physical systems Design – Systems Implementation and conversion (week 12, slides 7 to 11) Chapter 22 – Systems Design, Implementation, Operation • Systems Development Life Cycle (week 12, slides 7 to 11) – Physical systems Design (figures from text) – Systems Implementation and conversion (figures from text) • System conversion – know 4 (week 12, slides 10, 11) Chapter 22 – Systems Design, Implementation, Operation Chapter 22 – Systems Design, Implementation, Operation