Chapter 4-1 Prepared by Coby Harmon University of California, Santa Barbara Westmont College.
-
Upload
kerry-higgins -
Category
Documents
-
view
221 -
download
1
Transcript of Chapter 4-1 Prepared by Coby Harmon University of California, Santa Barbara Westmont College.
Chapter 4-1
Prepared by
Coby Harmon
University of California, Santa Barbara
Westmont College
Chapter 4-2
Internal Controls and Risks in IT Systems
Accounting Information Systems, 2nd Edition
Chapter 4-3
1. An overview of internal controls for IT systems
2. General controls for IT systems
3. General controls from a Trust Services Principles perspective
4. Hardware and software exposures in IT systems
5. Application software and application controls
6. Ethical issues in IT systems
Study ObjectivesStudy ObjectivesStudy ObjectivesStudy Objectives
Chapter 4-4 SO 1 An overview of internal controls for IT systems
Internal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT Systems
Accounting Information System - collects, processes, stores, and reports accounting information.
Internal controls for computer-based systems have been described as being of two types:
► General controls
► Application controls
Chapter 4-5 SO 1 An overview of internal controls for IT systems
Internal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT Systems
Application controls used to control inputs, processing, and outputs.
Exhibit 4-1 General and Application Controls in IT Systems
General controls apply overall to the IT accounting system.
Chapter 4-6
b. Technology controls.
Internal controls that apply overall to the IT system are called
c. Application controls.
d. General controls.
a. Overall controls.
SO 1 An overview of internal controls for IT systems
Internal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT SystemsInternal Controls for IT Systems
Question
Chapter 4-7 SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Five categories of general controls:
1. Authentication of users and limiting unauthorized access
2. Hacking and other network break-ins
3. Organizational structure
4. Physical environment and physical security of the
system
5. Business Continuity
Chapter 4-8
Authentication of Users and Limiting Unauthorized Users
Log-in
User IDs
Password
Smart card
Security token
Two factor authentication
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Biometric devices
Computer log
Nonrepudiation
User profile
Authority table
Configuration tables
Chapter 4-9
Hacking and other Network Break-Ins
Firewall
Symmetric encryption
Public key encryption
Wired equivalency privacy
Wireless protected access
Service set identifier
Virtual private network
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Secure sockets layer
Virus
Antivirus software
Vulnerability assessment
Intrusion detection
Penetration testing
Chapter 4-10
Organizational Structure
IT governance committee, responsibilities include:
1. Align IT investments to business strategy.
2. Budget funds and personnel for the most effective use of the IT systems.
3. Oversee and prioritize changes to IT systems.
4. Develop, monitor, and review all IT operational policies.
5. Develop, monitor, and review security policies.
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Chapter 4-11
Organizational Structure
Duties to be segregated are:
► Systems analysts
► Programmers
► Operations personnel
► Database administrator
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Chapter 4-12
Controls for an IT system should include controls over the physical environment of the system which includes:
► Location
► Operating environment
► Back-up systems
Physical Environment and Security
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Chapter 4-13
Locate in area that are least at risk of natural disasters such as
flood, earthquake, hurricane, and fire.
Controls for an IT system should include controls over the physical environment of the system which includes:
► Location
► Operating environment
► Back-up systems
Physical Environment and Security
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Properly control dust, temperature, and humidity.
Location should also have a fire protection system.
System should also have both an uninterruptible power supply and an
emergency power supply.
Chapter 4-14
Physical Environment and Security
Physical access controls:
► Limited access to computer rooms through employee ID badges or card keys
► Video surveillance equipment
► Logs of persons entering and exiting the computer rooms
► Locked storage of backup data and offsite backup data
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Chapter 4-15
Business Continuity
Business Continuity Planning (BCP)
Two parts of business continuity are related to IT systems:
► A strategy for backup and restoration of IT systems, to include redundant servers, redundant data storage, daily incremental backups, a backup of weekly changes, and offsite storage of daily and weekly backups.
► A disaster recovery plan.
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Chapter 4-16
The Real WorldThe Real WorldThe Real WorldThe Real World
In some organizations, loss of a key CEO could spell disaster. For
example, Martha Stewart founded and became the CEO of Martha
Stewart Living Omnimedia Inc. In June 2003, she was indicted for
possible legal violations related to insider trading, and she stepped
down as CEO. Some in the financial community wondered if the
firm could continue or thrive without Martha Stewart. Part of the
business continuity plan for her company should have been a
strategy to operate if some event would prevent Martha Stewart
from serving as CEO. Martha was convicted, served time in prison,
and successfully returned to work.
SO 2 General controls for IT systems
Chapter 4-17
b. Security token.
Which of the following is not a control intended to authenticate users?
c. Encryption.
d. Biometric devices.
a. User log-in.
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Question
Chapter 4-18
b. Develop, monitor, and review security policies.
An IT governance committee has several responsibilities. Which of the following is least likely to be a responsibility of the IT governance committee?
c. Oversee and prioritize changes to IT systems.
d. Align IT investments to business strategy.
a. Develop and maintain the database and ensure adequate controls over the database.
SO 2 General controls for IT systems
General Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT SystemsGeneral Controls for IT Systems
Question
Chapter 4-19
AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing integrity
d. Online privacy
e. Confidentiality
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
System is protected against unauthorized (physical and
logical) access.
Chapter 4-20
AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing integrity
d. Online privacy
e. Confidentiality
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
System is available for operation and use as committed or agreed.
Chapter 4-21
AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing integrity
d. Online privacy
e. Confidentiality
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
System processing is complete, accurate, timely and authorized.
Chapter 4-22
AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing integrity
d. Online privacy
e. Confidentiality
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Personal information obtained as a result of e-commerce is
collected, used, disclosed, and retained as committed or
agreed.
Chapter 4-23
AICPA Trust Services Principles categorizes IT controls and risks into five categories:
a. Security
b. Availability
c. Processing integrity
d. Online privacy
e. Confidentiality
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Information designated as confidential is protected as
committed or agreed.
Chapter 4-24
Previously covered IT controls that can lessen risk of unauthorized users gaining access to the IT system:
a. user ID,
b. password,
c. security token,
d. biometric devices,
e. log-in procedures,
Risks In Not Limiting Unauthorized Users
f. access levels,
g. computer logs, and
h. authority tables.
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Chapter 4-25
Controls that may be applied are,
► firewalls,
► encryption of data,
► security policies,
► security breach resolution,
► secure socket layers (SSL),
► virtual private network (VPN),
► wired equivalency privacy (WEP)
Risks From Hacking or Other Network Break-Ins
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Chapter 4-26
Controls that may be applied are,
► wireless protected access (WPA),
► service set identifier (SSID),
► antivirus software,
► vulnerability assessment,
► penetration testing, and
► intrusion detection.
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Risks From Hacking or Other Network Break-Ins
Chapter 4-27
Environmental changes that affect the IT system can cause availability risks and processing integrity risks.
Risks From Environmental Factors
Physical Access Risks
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Physical access to computer systems and computer rooms should be limited to those who must have access in order to carry out their job assignments.
Chapter 4-28
► Security risk is that an intruder who gains physical access may change user access levels.
► Availability risk is the unauthorized physical access to physically shut down, sabotage, or destroy hardware or software.
► Processing integrity risk is that systems or programs may be shut down or sabotaged.
► Confidentiality risk is that intruder may gain access to confidential data.
Physical Access Risk
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Chapter 4-29
► Security risk is that an unauthorized person may gain access to the backup data.
► Availability risk is that as events interrupt operations, the system becomes unavailable for regular processing.
► Processing integrity risk is that business interruptions can lead to incomplete or inaccurate data.
► Confidentiality risk is that unauthorized persons may gain access to confidential data if they access backup data..
Business Continuity Risks
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles PerspectiveGeneral Controls from an AICPA Trust General Controls from an AICPA Trust Services Principles PerspectiveServices Principles Perspective
Chapter 4-30
b. Confidentiality.
AICPA Trust Principles describe five categories of IT risks and controls. Which of these five categories would best be described by the statement, “The system is protected against unauthorized access”?
Question
c. Processing integrity.
d. Availability.
a. Security.
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA TrustGeneral Controls from an AICPA TrustGeneral Controls from an AICPA TrustGeneral Controls from an AICPA Trust
Chapter 4-31
b. Availability risk.
The risk that an unauthorized user would shut down systems within the IT system is a(n)
c. Processing integrity risk.
d. Confidentiality risk.
a. Security risk.
SO 3 General controls from a Trust Services Principles perspective
General Controls from an AICPA TrustGeneral Controls from an AICPA TrustGeneral Controls from an AICPA TrustGeneral Controls from an AICPA Trust
Question
Chapter 4-32
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Typical IT system components that represent “entry points” where the risks must be controlled.
1. The operating system
2. The database
3. The database management system (DBMS)
4. Local area networks (LANs)
5. Wireless networks
6. E-business conducted via the Internet
7. Telecommuting workers
8. Electronic data interchange (EDI)
9. Application software
SO 4 Hardware and software exposures in IT systems
Chapter 4-33
Exposure Areas
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Exhibit 4-6
SO 4
Chapter 4-34
The software that controls the basic input and output activities of the computer.
Provides the instructions that enable the CPU to:
► read and write to disk,
► read keyboard input,
► control output to the monitor,
► manage computer memory, and
► communicate between the CPU, memory, and disk storage.
The Operating System
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-35
Unauthorized access would allow an unauthorized user to:
1. Browse disk files or memory for sensitive data or
passwords.
2. Alter data through the operating system.
3. Alter access tables to change access levels of users.
4. Alter application programs.
5. Destroy data or programs.
The Operating System
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-36
A large disk storage for accounting and operating data.
Controls such as:
► user IDs, passwords,
► authority tables,
► firewalls, and
► encryption
are examples of controls that can limit exposure.
The Database
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-37
A software system that manages the interface between many users and the database.
The Database Management System
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Exhibit 4-7
Chapter 4-38
A software system that manages the interface between many users and the database.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
The Database Management System
Exhibit 4-6
Chapter 4-39
A software system that manages the interface between many users and the database.
Physical access, environmental, and business continuity controls can help guard against the loss of the data or alteration to the DBMS.
The Database Management System
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-40
A local area network, or LAN, is a computer network covering a small geographic area.
A group of LANs connected to each other is called a wide area network, or WAN.
LANS and WANS
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-41
LANS and WANS
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Controls:
limit unauthorized users
firewalls
encryption
virtual private networks
Exhibit 4-6
Chapter 4-42
Same kind of exposures as a local area network.
Wireless Networks
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Exhibit 4-6
Chapter 4-43
Same kind of exposures as a local area network.
Controls include:
wired equivalency privacy (WEP) or wireless protected access (WPA),
station set identifiers (SSID), and
encrypted data.
Wireless Networks
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Chapter 4-44
The Real WorldThe Real WorldThe Real WorldThe Real World
Boeing Co. uses wireless networks on the floor of the large shop
where it manufactures airplanes. This wireless network with
notebook computers allows Boeing workers to move around the
plane while they are working and view engineering drawings or
parts availability during the manufacturing processes. The
employees do not have to walk to a desk or workstation, away from
the manufacturing flow, to access these things. Wireless networks
can make employees more efficient by allowing them to roam.
SO 4 Hardware and software exposures in IT systems
Chapter 4-45
The use of dual firewalls can help prevent hackers or unauthorized users from accessing the organization’s internal network of computers.
The Internet and World Wide Web
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Exhibit 4-6
Chapter 4-46
The organization’s security policy should address the security expectations of workers who telecommute, and such workers should connect to the company network via a virtual private network.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Exhibit 4-6
Telecommuting Workers and Mobile Workers
SO 4
Chapter 4-47
Company-to-company transfer of standard business documents in electronic form.
EDI controls include:
authentication,
computer logs, and
network break-in controls.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Electronic Data Interchange
Exhibit 4-6
SO 4
Chapter 4-48
b. Internet.
The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas?
c. Wireless networks.
d. All of the above.
a. Telecommuting workers.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
SO 4 Hardware and software exposures in IT systems
Question
Chapter 4-49
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Cloud Computing
As introduced in chapter 2, cloud computing includes:
► Software and data reside with third party companies (the cloud)
and not on company computers.
► Outsourcing of IT to a third party.
Advantages:
1. Scalability
2. Expanded access
3. Infrastructure is reduced
4. Cost savings
SO 4 Hardware and software exposures in IT systems
Chapter 4-50 SO 4
Cloud Cloud ComputingComputingCloud Cloud ComputingComputing
Exhibit 2–2
Cloud Hosting of Accounting
Software
Chapter 4-51
Risks associated with cloud computing
► Security. All processing, storing data, and reading
data occur over the Internet; therefore, the third-party
provider must have good user authentication,
firewalls, encryption, and virtual private network
connections.
► Availability. Any interruptions in service cause the
software and data to be unavailable.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Cloud Computing
SO 4 Hardware and software exposures in IT systems
Chapter 4-52
Risks associated with cloud computing
► Processing integrity. All control of software
installation, testing, and upgrading is transferred to the
third-party provider of cloud computing services.
► Confidentiality. Risk that employees of the third-party
provider can possibly browse and misuse company
data.
Hardware and Software ExposuresHardware and Software ExposuresHardware and Software ExposuresHardware and Software Exposures
Cloud Computing
SO 4 Hardware and software exposures in IT systems
Chapter 4-53
The Real WorldThe Real WorldThe Real WorldThe Real World
Starbucks uses a combination of public clouds, private clouds, and
traditional corporate IT systems. In its stores, Starbucks uses Office
365 for e-mail and productivity applications such as Microsoft Word.
Office 365 is the public cloud version of the Microsoft Office Suite.
For e-mail and productivity applications at the corporate offices,
Starbucks uses its own traditional IT systems on premises. For its
customer relationship management software, Starbucks uses
Salesforce.com, a public cloud application. For other accounting
and Oracle ERP applications, Starbucks uses a private cloud based
on virtualized servers that they maintain. This example of using
various IT approaches is quite common.
SO 4 Hardware and software exposures in IT systems
Chapter 4-54
Applications software accomplishes end user tasks such as:
► word processing,
► spreadsheets,
► database maintenance, and
► accounting functions.
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Applications controls - intended to improve the accuracy, completeness, and security of input, process, and output.
Chapter 4-55
Date input - data converted from human readable form to computer readable form.
Input controls are of four types:
1. Source document controls
2. Standard procedures for data preparation and error handling
3. Programmed edit checks
4. Control totals and reconciliation
Input Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-56
Source document -paper form used to capture and record the original data of an accounting transaction.
Note:
► Many IT systems do not use source documents.
General controls such as computer logging of transactions and keeping backup files, become important.
► Where source documents are used, several source document controls should be used.
Source Document Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-57
Form Design - Both the source document and the input screen should be well designed so that they are easy to understand and use, logically organized into groups of related data.
Form Authorization and Control:
► Area for authorization by appropriate manager
► Prenumbered and used in sequence
► Blank source documents should be controlled
Source Document Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-58
Retention of Source Documents:
► Retained and filed for easy retrieval
► Part of the audit trail.
Source Document Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-59
Data Preparation – standard data collection procedures reduce the chance of lost, misdirected, or incorrect data collection from source documents.
Error Handling:
► Errors should be logged, investigated, corrected, and resubmitted for processing
► Error log should be regularly reviewed by an appropriate manager
Standard Procedures for Data Input
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-60
Data should be validated and edited to be as close to the original source of data as possible.
Input validation checks include:
Programmed Input Validation Checks
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
1. Field check
2. Validity check
3. Limit check
4. Range check
5. Reasonableness check
6. Completeness check
7. Sign check
8. Sequence check
9. Self-checking digit
Chapter 4-61
Control totals are subtotals of selected fields for an entire batch of transactions.
Three types:
► record counts,
► batch totals, and
► hash totals.
Control Totals and Reconciliation
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-62
Intended to prevent, detect, or correct errors that occur during processing.
► Ensure that application software has no errors.
► Control totals, limit and range tests, and reasonableness and sign tests.
► Computer logs of transactions processed, production run logs, and error listings.
Processing Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-63
Reports from the various applications.
Two primary objectives of output controls:
► to assure the accuracy and completeness of the output, and
► to properly manage the safekeeping of output reports to ascertain that security and confidentiality of the information is maintained.
Output Controls
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Chapter 4-64
b. Validity check.
Which programmed input validation check compares the value in a field with related fields with determine whether the value is appropriate?
c. Reasonableness check.
d. Completeness check.
a. Completeness check.
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Question
Chapter 4-65
b. Validity check.
Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered?
c. Reasonableness check.
d. Field check.
a. Completeness check.
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Question
Chapter 4-66
b. Validity check.
Which programmed input validation makes sure that a value was entered in all of the critical fields?
c. Reasonableness check.
d. Field check.
a. Completeness check.
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Question
Chapter 4-67
b. Hash total.
Which control total is the total of field values that are added for control purposes, but not added for any other purpose?
c. Batch total.
d. Field total.
a. Record count.
Application Software and Application ControlsApplication Software and Application ControlsApplication Software and Application ControlsApplication Software and Application Controls
SO 5 Application software and application controls
Question
Chapter 4-68
Besides fraud, there are many kinds of unethical behaviors related to computers, such as:
► Misuse of confidential customer information.
► Theft of data, such as credit card information, by hackers.
► Employee use of IT system hardware and software for personal use or personal gain.
► Using company e-mail to send offensive, threatening, or sexually explicit material.
Ethical Issues in IT SystemsEthical Issues in IT SystemsEthical Issues in IT SystemsEthical Issues in IT Systems
SO 6 Ethical issues in IT systems
Chapter 4-69
The Real WorldThe Real WorldThe Real WorldThe Real World
An unusual case of computer abuse occurred at a federal agency that
regulates financial aspects of companies. The Securities and
Exchange Commission (SEC) detected senior managers spending
excessive hours viewing pornography during regular working hours.
One SEC attorney spent as much as eight hours a day viewing
pornography on his office computer. A congressional investigation
revealed that 33 high-level SEC staffers in Washington, D.C., were
involved in such abuse of computers. Ironically, this misconduct was
occurring during the same time that this agency should have been
monitoring and reviewing banking institutions and other companies
involved in the country’s financial meltdown.
SO 6 Ethical issues in IT systems
Chapter 4-70
Copyright © 2013 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the
express written permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser
may make back-up copies for his/her own use only and not for
distribution or resale. The Publisher assumes no responsibility for
errors, omissions, or damages, caused by the use of these
programs or from the use of the information contained herein.
CopyrightCopyrightCopyrightCopyright