CIS.txt

Card Set Information

Author:
iamjayjoshu
ID:
168664
Filename:
CIS.txt
Updated:
2012-09-03 08:55:22
Tags:
Audit Theory
Folders:

Description:
CIS
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user iamjayjoshu on FreezingBlue Flashcards. What would you like to do?


  1. A source document generated by the computer system as output then later used as input for subsequent processing
    Turnaround documents- These are least likely to be found in a real time processing system because it normally does not use source documents
  2. Automatic error correction is a principal advantage of what time of processing system?
    real time
  3. General Purpose terminals include (3)
    • 1-Basic Keyboard and monitor
    • 2-Intelligent terminal
    • 3- PC
  4. A GP terminal used for entering data without any validation checks
    Basic keyboard and monitor
  5. A GP terminal which performs functions of the basic keyboard and monitor with additional functions of validating data within the terminal , maintaining transaction logs and performing other local processing
    Intelligent Terminal
  6. A GP terminal which performs all the functions of an intelligent terminal with additional local processing and storage capabilities
    PC
  7. A SP terminal used to record sales transactions as they occur and to transmit them to the main computer such as electronic cash registers and optical scanners
    Point of sale devices
  8. A SP terminal used to initiate record transmit and complete various banking transactions
    ATM Automated Teller Machines
  9. CS used to create maintain and operate a database
    DBMS - Database Management System.
  10. CS which facilitates the physical storage of the data maintains the interrelationships among the data and makes the data available to application programs
    Database Management System
  11. Two important characteristics of a database system
    data sharing and data independence
  12. A characteristic of a database system which can be achieved if the database contains data which can be set up with defined relationships and are organized in a manner that permits several user to access and use the data in different application programs.
    Data Sharing
  13. The need for data sharing creates the need for data independence from application programs. Thru DBS data are recorded only once for use by different application programs. There will be true data independence when?
    The structure of data can be changed without affecting the application programs and vice versa
  14. The individual responsible for managing the database resource is
    Database Administrator. He is responsible generally for the definition, structure security operational control and efficiency of database including the definition of the rules by which data are accessed and stored.
  15. A software within the DBMS that keeps track of the location of the data in the database is called
    Data Dictionary
  16. An auditor who wishes to trace data through several application programs should know what programs use the data , which files contain the data and which printed reports display the data. These information can be found in
    Data Dictionary
  17. *Data Definition is dependent of any one program
    False independent
  18. *The physical structure of the data is dependent of the user needs
    False, NO
  19. Can physical or logical structure of the database be made without the need to modify any of the application programs that use the database?
    YES. One of the greatest advantage of DBMS is that applications are independent of the database structure. This allows programs to be developed for the user's specific needs without concern for data retrieval problems.
  20. *If a processing system is complex, the need to test computer controls generally
    Increases
  21. An EDI system typically uses what as a 3rd party service provider?
    VAN Valued added network. Thus reliance on VAN controls is critical
  22. *Even with the aid of computer technology, only a sample can be tested
    FALSE. All transactions can be tested
  23. General CIS Controls includes (5)
    • 1- Organization and management controls
    • 2- Application systems development and maintenance controls 3- Computer operation controls
    • 4- Systems software controls
    • 5-Data Entry and program control
  24. CIS Application Controls include (3)
    Controls over input, output and processing and computer data files
  25. This CIS AC is designed to provide reasonable assurance that only authorized transactions are submitted for processing
    Controls over input
  26. This CIS AC is designed to provide reasonable assurance that all authorized transactions are accurately converted into machine readable form
    Controls over input
  27. This CIS AC is designed to provide reasonable assurance that incorrect transactions are rejected, corrected and if necessary resubmitted on a timely basis
    Controls over input
  28. This CIS AC is designed to provide reasonable assurance that
    All transactions are processed as authorized
  29. This CIS AC is designed to provide reasonable assurance that No authorized transactions are omitted
    Controls over processing and computer data files
  30. This CIS AC is designed to provide reasonable assurance that No unauthorized transactions are processed
    Controls over processing and computer data files
  31. This CIS AC is designed to provide reasonable assurance that processing errors are identified and corrected on a timely basis
    Controls over processing and computer data files
  32. This CIS AC is designed to provide reasonable assurance that Results of processing are accurate
    Control over Output
  33. This CIS AC is designed to provide reasonable assurance that Output is distributed only to authorized users
    Controls over Output
  34. These are used to determine the completeness of update in an online system
    Run-to-Run totals. Separate totals are accumulated for all transactions processed throughout a period and compared with the total of items submitted for computer processing
  35. These reduce the incidence of user input errors in online systems. Example of these are self checking digits, Limit checks and input screens
    Input Controls
  36. Who is responsible for correcting program errors?
    Systems Analyst or/and Computer Programmers
  37. *In an EDI environment, it may be difficult to apply detective controls once a transaction has entered the computer system
    TRUE
  38. *Adequate segregation of duties may not be feasible in a CIS Environment
    TRUE. The basic segregation of functions is not usually feasible because of decreased human involvement in processing financial information. However there are some functions that should not be combined like the functions of a systems analyst/ computer programmers to that of the functions of computer operators
  39. Unauthorized changes to the application programs and data files can be made by the systems analyst if he has access to this
    Password Identification Tables. However, SA needs to have access to Edit criteria, Source code and user procedures
  40. He is responsible for maintaining custody and recordkeeping of the computer application programs and data files
    Computer Librarian
  41. The function of this is the distribution of computer generated outputs and other report
    Data Control group
  42. They are responsible for writing and revising programs designed by the systems analyst
    Computer Programmers
  43. They keep unauthorized and improper transactions from entering the computer facility an specifies the distribution of computer results
    Data Control Group
  44. What is the proper compensating control for the lack of segregation of duties in a CIS environment?
    Proper monitoring of the computer log
  45. This records computer and software usage including operator intervention during computer processing
    Computer Log
  46. Are control totals calculated using nonfinancial data (like the sum of sales order numbers) to keep track of the records in a batch
    Hash Totals
  47. An input control to detect data coding errors
    Self-checking digit system - This involves adding a control digit to a code (e.g. bank account number) when it is originally designed to allow the code's integrity to be established during subsequent processing
  48. A hardware control that involves the receiver of the message returning the message to the sender to determine if the correct message was received
    Echo Check
  49. The primary consideration in selecting a computer site's physical location is
    Security - Must be protected from fire, theft, sabotage and flood.
  50. Who has the operational responsibilities for the accuracy and completeness of computer-based information?
    Users - they are in the best position to review the accuracy and completeness of computer output in relation to the input provided. Top management  has the overall control responsibility of the CIS
  51. A human-readable label written on a gummed paper to be attached to the file
    External Label
  52. A machine- readable label at the beginning of a file that identifies it
    Header Label
  53. A machine -readable label at the end of a file containing control totals and record counts
    Trailer label
  54. An effective control to reduce the risk of mounting an incorrect version of a master file is the use of
    file headers and label checks (External, Header and Trailer Labels)
  55. This verifies the accuracy of the communication
    Data Transmission Check
  56. This ensures that while multiple jobs are running simultaneously, the memory partition allocated to each job is not changed
    Memory isolation check or boundary protection
  57. This ensures that unauthorized access to programs and files is prevented
    Access Controls (use of personal ID codes and PINs)
  58. A program that attaches itself to a legitimate program to penetrate the operating system and cause destruction to the operating system, application programs and data files
    virus
  59. This means keeping a new system that has been designed and implemented current with user needs
    System Maintenance
  60. The responsibility for system maintenance is assumed by whom?
    Systems Analysts and Programmers
  61. This involves data conversion, coding and testing applications, purchase and installation of equipment, raining of employees, system documentation and installation of the news system
    System Implementation
  62. Involves a survey of the current system , an analysis of the user�s needs and gathering and evaluation of facts
    Systems Analysis
  63. Provides detailed information about each application program including the source program, file formats and record layouts, program flowcharts, written authorizations for all program changes and operating instructions
    Program Documentation 
  64. A control designed primarily to provide reasonable assurance that programs are kept up to date and perform as intended
    Program Documentation
  65. A backup technique that begins when the current master file (parent) is processed against a transaction file to create a new updated master file (child)
    Grandparent-parent-child or Grandfather-father-son approach ---- When the new batch of transactions is processed, the child becomes the parent (current master file) and the parent ( original master file) becomes the grandparent or backup file.
  66. Involves the creation and retention of 3 generations of master files to enable reconstruction of destroyed or corrupted master file
    grandfather-father-son approach
  67. He determines the number of backup files needed for each application
    Systems Designer
  68. A backup facility that has all the needed computer resources in place except the computer equipment
    Cold Site  .This is too vendor-dependent because it relies on the vendor's timely delivery of the needed computer equipment.
  69. A backup facility that has all the needed resources in place, including the computer equipment, and is therefore not vendor-dependent
    Hot Site
  70. The primary objective of this is to keep unauthorized intruders from accessing information system resources and data files
    Security Software
  71. The process of verifying the identity of the user
    Authentication
  72. This gives the most valuable information for detecting unauthorized input from a terminal
    Transaction Log
  73. This lists input that fails the validation test
    Error Report
  74. Use to store and correct error records detected during validation
    Error File
  75. A record of computer and software usage, it does not record individual transactions transmitted from a terminal
    Console Log
  76. The transcription of transaction data from source documents to magnetic tape or disk suitable for computer processing
    Data Conversion
  77. Preformatted screen approach may be used in what systems?
    Online systems to avoid data entry errors
  78. This online data processing control displays a document with blanks for data items to be entered by the terminal operator
    Preformatting
  79. A program initiated prior to regular input to discover errors in data before entry so that errors can be corrected
    Edit/Validation Routine
  80. A screen prompting method that is most appropriate for data received orally or by phone
    Dialogue Approach - this involves a series of requests for required input data that requires an acceptable response to each request before a subsequent request is made
  81. A check to determine if all data items for a transaction have been entered by the terminal operator
    Completeness Check
  82. When erroneous data are detected by computer program control, such data may be excluded from processing and printed on an error report. Who should review and follow up this report?
    Data Control Group - they act as the liaison between the end user and data processing
  83. They are responsible for receiving from users, transaction documents for processing, and controlling the distribution of computer output such as documents and reports
    Data Control Group
  84. This control determines if the records are in proper order by comparing the sequence of each record in the batch with previous record
    Sequence Check - This is appropriate in systems that use sequential master files, not in an online real time system
  85. Control which tests data to determine if they have appropriate arithmetic sign
    Sign Check
  86. Control which determines if an amount falls within predefined limits
    Reasonableness Check
  87. Control which assures that an application processes each record only once
    Redundancy Check
  88. Control which determines whether a field contains proper characters
    Compatibility Check
  89. This control involves a count of individual line items on a document. Missing lines can be detected by simply comparing these counts with predetermined line control counts for each document
    Line Control Count
  90. The total value of a financial field
    Financial or control total
  91. Controls which compare actual value in a field against acceptable values in the master file
    Validity Check
  92. These are used to determine if a field contains blank spaces
    Missing Data Check
  93. Use to reconcile computer input with processing results
    Control Total
  94. An effective way to detect data coding errors
    Check Digits - This is a result of the mathematical calculation done based on the original data code. During the process the system recalculates the check digit for each input and compares the result with the check digit attached to the data code entered
  95. Are computer programs and data that the auditor may use in performing various audit procedures including 1- test of details 2- analytical review procedures 3-tests of general and application controls 4-sampling programs to extract data for audit testing 5-reperformance of calculations performed by the entity's accounting system
    CAAT
  96. An audit software that has widespread popularity because it is easy to use and requires little computer background on the part of the auditor, it can be used on both the mainframe and PC systems, it allows the auditor to perform his/her tests independent of the entity's computer processing personnel, and it can be used to audit the data in most file formats and structures
    Package or generalized audit software
  97. Audit software designed to perform audit tasks in specific circumstances. These are used when an entity's CIS is so unique or complex that nay GAS is deemed unsuitable
    customized or Purpose written programs
  98. These computer programs are enhance productivity tools that are typically part of a sophisticated operating systems environment , for example, data retrieval software code or code comparison software
    System Management Programs
  99. Embedded audit routines are sometimes built into an entity's computer information system to provide data for later use by the auditor. One technique involves embedding audit software modules within an application system to provide continuous monitoring of the entity's transactions. These audit modules are used to create logs that collect transaction information for subsequent review by the auditor. These logs are called
    SCARFs System Control Audit Review Files
  100. This is an audit approach which means that the auditor should have an in-depth understanding of how the programmed controls function and should consider using CAATs in testing their effectiveness
    White Box Approach. Black Box approach means auditing around the computer
  101. Under this audit approach, the auditor processes a specially prepared set of input data containing possible valid and invalid conditions using the client's application program. The result are compared with predetermined results based on the auditor's understanding of the programmed controls
    Test Data Approach
  102. Audit approach which enables the auditor to test a computer program's logic and controls during its normal operation, this allows fictitious and real transactions to be processed together without the knowledge of client operating personnel
    Integrated Test Facility. In parallel simulation, real transactions are reprocessed and not fictitious ones
  103. Involves selection of specific transactions to be tagged (by attaching an indicator at input) and traced though critical control points in the CIS. The computer trail can be printed or stored n a computer file for the auditor's evaluation
    Tagging and tracing

What would you like to do?

Home > Flashcards > Print Preview