Accounting Information Systems Flashcards

Terms Definitions
AIS Threats
-Natural and political disasters-Software errors and equipment malfunctions-Unintentional Acts-Intentional acts
Cookie
data that Web sites store on your computer to identify their Web sites to your computer and to identify you to the Web site so you don't have to log on every time you visit
Fraud Requirements
-False statement or respresentation-A material fact-Intent to deceive-A justifiable reliance-an injury or loss
Fraud Triangle
-Opportunity-Rationalization-Pressure
Opportunity
Perpetrator must be able to-Commit-Conceal-Convert to cash
Lapping Scheme
perpetrator steals the csah or check that Customer A mails in and then pays back with a check from Customer B which is in turn paid back by a check from customer C
Kiting scheme
perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank
Computer fraud
Any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution
Processor Fraud
fraud committed through an unauthorized system use, including the theft of computer time and services
Computer Instructions Fraud
Tampering with the software that processes company data
Data Fraud
Illegal use of company data, typically to copying it, using it, or searching it without permission
Torpedo Software
Destroys competing malware, resulting in "malware warfare" between competing developers
Exposure
The potential dollar loss should a particular threat become a reality, also called impact
Internal Control
process implemented by the board of directors, management and those under their direction to provide reasonable assurance
Foreign Corrupt Practices Act
Prevent bribery of foreign officials in order to obtain business
PCAOB (Public Company Accounting Oversight Board)
A five-member team to control the auditing profession
Boundary System
helps employees act thically by setting limits beyond which an employee must not pass
diagnostic control system
measures company progress by comparing actual performance to planned performance
Interactive Control system
helps top-level managers with high-level activities that demand frequent and regular attention, such as developing company strategy, setting company objectives, understanding threats and risks, monitoring changes, and developing responses and action plans to proactively deal with high-level issues
COBIT (Control objectives for Information and Related Technology)
a framework of generally applicable information systems security and control practices for IT control
COSO (Committee of Sponsoring Organizations)
a private-sector group consisting of the American Accounting Association, the AICPA, the institute of Intern Auditors, the Institute of Management Accountants, and the Financial Executives Institute
Strategic Objectives
high-level goals that are aligned with and support the company's mission
Operations objectives
deal with the effectiveness and efficiency of company operations, such as performance and profitability goals and safeguarding assets
Reporting objectives
help ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature
Compliance objectives
help the company comply with all applicable laws and regulations
risk appetite
the amount of risk a company is willing to accept in order to achieve its goals and objectives
audit committee
composed entirely of outside(nonemployee), independent directors
policy and procedures manual
explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions
event
an incident or occurence emanating from internal or external sources that affects implementation of strategy or achievement of objectives
inherent risk
the risk that exists before management takes any steps to control the likelihood or impact of a risk
residual risk
the risk that remains after management implements internal controls, or some other response to risk
four ways to reduce risk
reduce, accept, share, avoid
control activities
policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out
authorization
policies for employees to follow which empower them to perform certain tasks and make decisions
digital signature
signing a document with a piece of data that cannot be forged
segregation of duties
achieved when the following functions are separated: authorization, recording, and custody
systems administrators
responsible for ensuring that the different parts of an information system operate smoothly and efficiently
systems administrators
responsible for ensuring that the different parts of an information system operate smoothly and efficiently
network managers
ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly
network managers
ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly
analytical review
an examination of the relationships between different sets of data
time-based model of security
focuses on the relationship between preventive, detective, and corrective controls
defense-in-depth
to employ multiple layers of controls in order to avoid having a single point of failure
authentication
focuses on verifying the identity of the person or device attempting to access the system
multifactor authentication
using two or all three methods of authentication (something they know, something they have, some physical characteristic) in conjunction
access control matrix
a table specifying which portions of the sytem users are permitted to access and what actions they can perform
social engineering
a person uses deception to obtain unauthorized access to information resources
border router
connects an organization's information system to the internet
demilitarized zone (DMZ)
a separate network that permits controlled access from the internet to selected resources, such a the organization's e-commerce Web server
Transmission Control Protocol (TCP)
specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassembly of the original document or file at the destination
Internet Protocol (IP)
specifies the structure of packets and how to route them to the proper destination
routers
read the destination address fields in IP packet headers to decide where to send the packet next
access control list (ACL)
determines which packets are allowed entry and which are dropped
static packet filtering
screens individual IP packets based solely on the contents of the source and/destination fields in the IP packet header
stateful packet filtering
maintains a table that lists all established conections between the organization's computers and the Internet
deep packet inspection
examine the data in the body of an IP packet to provide more effective access control than those that look only at information in the IP header
intrusion prevention systems (IPS)
identify and drop packets that are part of an attack
hardening
process of turning off unecessary features
encryption
process of transforming normal text, call plaintext, into unreadable gibberish, called ciphertext
decryption
reverses the process of encryption
Symmetric encryption systems
use the same key both to encrypt and to decrypt
Assymmetric encryption systems
uses two keys, one to encrypt and one to decrypt
hashing
an irreversible process that takes plaintext of any length and transforms it into short code
digital certificate
an electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key
public key infrastructure (PKI)
refers to the system and processes used to issue and manage asymmetric keys and digital certificates
certificate authority
organization that issues public and private keys and records the public key in a digital certificate
e-signature
a cursive-style imprint of a person's name that is applied to an electronic document
Log analysis
the process of examining logs to monitor security
Intrusion Detection systems (IDS)
create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions
patch
code released by software developers that fixes a particular vulnerability
Virtual Private Network (VPN)
encrypting information before sending it over the Internet to provide the functionality of a privately owned network, while using the internet
sequence check
tests if a batch of input data is in the proper numerical or alphabetical sequence
financial total
sums a field that contains dollar values, such as the total dollar amount of all sales for a batch of sales transactions
hash total
sums a nonfinancial numeric field, such as the total of the quantity ordered field in a batch of sales transactions
record count
sums the number of records in a batch
prompting
system requests each input data item and waits for an acceptable response
closed-loop verification
checks the accuracy of input data by using it to retrieve and display other related information
Concurrent update controls
protect records from errors that occur when two or more users attempt to update the same record simultaneously
parity bit
an extra digit used to detect errors due to some bits that are lost or received incorrectly due to media disruptions or failures
echo check
calculates a summary statistic such as the number of bits in the message and sends the result back to the sending unit
fault tolerance
enabling a system to continue functioning in the even that a particular component fails
uninterruptible power supply (UPS)
provides protection in the event of a prolonged power outage
incremental backup
copying only the data items that have changed since the last backup
differential backup
coppies all changes made since the last full backup
recovery point objective
represents the maximum length of time for which it is willing to risk the possible loss of transaction
archive
a copy of a database, mater file, or software that will be retained indefinitely as an historical record
recovery time objective (RTO)
represents the time following a disaster by which the organization's information system must be available again
financial audit
examines reliability and integrity of accounting records
information systems audit
reviews the controls of an AIS to assess its compliance with internal control policies and procedures an dits effectiveness in safeguarding assets
operational (management) audit
concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives
auditing
a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users
compensating controls
procedures that compensate for deficiency of a control
test data generator program
automatically prepares test data based on program specifications
integrated test facility (ITF)
technique that places a small set of fictitious records in the master files
audit hooks
audit routines that flag suspicious transactions
/ 95
Term:
Definition:
Definition:

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})

{[comment.username]}

{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online