Documentation and System Concepts

Questions and Answers

PDF Questions PDF Answers

What is the primary function of hashing in ensuring the integrity of a file?

To ensure that the delivered file is identical to the original, by comparing the hash values of the two files.

What is the purpose of a completeness check in data entry controls?

To ensure that all required data has been entered.

What is the main difference between incremental and differential backup?

Incremental backup copies only the data that changed from the last partial backup, while differential backup copies only the data that changed from the last full backup.

What is the primary goal of a Disaster Recovery Plan (DRP)?

To restore the system in the event that the data centre is destroyed.

How can RFID technology be used in the sales order entry process?

To ensure accurate and complete orders, and prevent invalid or incomplete orders.

What is the purpose of separating shipping and billing functions in the billing process?

To prevent fraud and ensure accurate billing.

What is the primary goal of the receive materials process in the expenditure cycle?

To verify that the goods received are correct in terms of quantity, quality, and specific product.

What is the main reason for resistance to updating systems?

Fear, lack of top management support, lack of communication, biases/emotions, and personal characteristics or backgrounds.

What is operational feasibility in the context of updating systems?

Whether the company has access to people to design, implement and operate the new system.

What is the primary purpose of data entry edit controls in the shipment process?

To ensure that the correct item or quantity is shipped.

Study Notes

Documentation of Flowchart

• A set of documents and models that includes narratives, data flow, models, and flowcharts.
• Consists of inputs, processes, storage, output, and controls.
• Allows auditors to monitor business operations and information.

Types of Systems

• Document: Illustrates the flow of documents through an organization.
• Program: Logical representation of system inputs, processes, and outputs.
• System: The actual steps of the activity, detailed to represent the logical sequence.
• Context: Highest level (most general) showing inputs and outputs into the system.
• Level 0: Shows all major activity steps of a system.
• Level 1: Shows one major activity divided into sub-activities.

Fraud

• Gaining an unfair advantage over another person.
• Includes false statements, representations, or disclosures, and material facts that induce a person to act.
• Requires an intent to deceive.
• Auditors need to understand fraud risks, evidence, and how to respond to fraud.
• Obtain information, understand fraud, and evaluate results of audit tests.

Forms of Fraud

• Theft of company assets.
• Financial reports are falsified.

Key Factors for Theft of Assets

• Absence of strong internal controls.
• Failure to enforce internal control systems.

Fraudulent Financial Statements

• Meet cash flow needs.
• Cover up losses.
• Increase a company's stock price.
• Heavy competition.
• Intense pressure to meet earnings expectations.

Pressure to Influence Fraudulent Acts

• Employee: Financial, emotional, or lifestyle pressures.
• Financial reporting: Industry conditions, management characteristics, financial pressure.

Fraud Detection Controls

• Segregation of duties.
• Insurance.
• Strong internal controls.
• Reconciliation checks on data.
• External and internal audits.
• Monitoring system activity.
• Use encryption.
• System authentication.
• Restrict access (authorization).

Computer Fraud and Abuse Techniques

• Hacking: Unauthorized access, modification, or use of a computer system or electronic device.
• Social engineering: Techniques used to trick or manipulate an individual to gain access to sensitive data or information.
• Malware: Any software used to harm.

Social Engineering Techniques

• Phishing: Receiving emails to trick individuals into providing sensitive information.
• Shoulder surfing: Observing individuals entering sensitive information.
• Spoofing: Creating fake emails, websites, or caller IDs to trick individuals.

Hacking and Embezzlement

• Stealing small amounts of money from multiple individuals.
• Can grow over time.

Identity Theft

• Assuming someone else's identity.

Ransomware

• Locks users out of programs and data using encryption.

Minimizing Social Engineering Threats

• Never let individuals follow you into restricted areas.
• Never log in for someone else on a computer.
• Never give sensitive information over the phone or email.
• Never share passwords or user IDs.

Control and Accounting Information Systems

• Functions of AIS:
  • Protect internal control data.
  • Identify problems.
  • Fix data, restore/backup data.

Sarbanes Oxley

• New roles for audit committees:
  • One member must be a financial expert.
  • Oversees external auditors.
• New rules for management:
  • Financial statements and disclosures are fairly presented and reviewed.
  • Auditors are informed about material internal control weaknesses and fraud.
• New internal control requirements:
  • Management is responsible for establishing and maintaining internal controls.
  • Fraud must be disclosed if management knows it exists.

Control Frameworks

• COBIT:
  • Meeting stakeholder needs.
  • Covering the enterprise end-to-end.
  • Applying a single, integrated framework.
  • Enabling a holistic approach.
  • Separating governance from management.
• COSO:
  • Control (internal) environment.
  • Risk assessment.
  • Control activities.
  • Information and communication.
  • Monitoring.
• COSO-ERM:
  • Internal environment.
  • Objective setting.
  • Event identification.
  • Risk assessment.
  • Risk response.
  • Control activities.
  • Information and communication.
  • Monitoring.

Time-Based Model

• P > D + C = likely to be safe.
• P = time it takes an attacker to break through preventive controls.
• D = time it takes to detect the attack.
• C = time it takes to respond to the attack.

Firewalls and Intrusion Systems

• Firewalls: Block unauthorized access.
• Intrusion prevention systems: Monitor and prevent suspect activity.
• Intrusion detection systems: Detect and alert administration to potential security breaches.

Authentication and Authorization

• Authentication: Verifies the person using passwords, PINs, ID cards, or biometric characteristics.
• Authorization: Determines access to specific parts of a system.

Hash and Encryption

• Hash: Converts text to a unique code, ensuring data integrity.
• Encryption: Converts text to unreadable text, protecting confidentiality.

Data Entry Controls

• Completeness: Ensuring all data is entered.
• Reasonable: Logical comparisons.
• Validity: Input compared with master data.
• Size check: Input length is correct.
• Range check: Input is within a certain range.
• Incremental backup: Copies only changed data.
• Differential backup: Copies only changed data from the last full backup.

Disaster Recovery Plan

• Procedures to restore the system in the event of a disaster.

Revenue Cycle

• Sales order entry: Ensuring no invalid or incomplete orders.
• Shipment: Ensuring correct items and quantities are shipped.
• Billing: Ensuring correct billing.
• Cash collection: Ensuring no theft or cash flow problems.

Expenditure Cycle

• Order materials: Ensuring no poor quality or excess inventory.
• Receive materials: Verifying correct goods and quantities.
• Approve supplier: Verifying invoices and purchase orders.
• Cash disbursement: Ensuring no duplicate payments or theft.

Updating Systems

• Improving efficiency and business procedures.
• Technology changes.
• Developing quality, error-free software.
• Increasing productivity gains.
• Creating competitive advantage.

Behavioral Problems in Updating Systems

• Fear.
• Lack of top management support.
• Lack of communication.
• Biases and emotions.
• Personal characteristics or backgrounds.

Resistance to Change

• Individuals may blame new systems for errors.
• Human error is often the underlying issue.

Feasibility

• Operational: Does the company have access to people to design, implement, and operate the new system?
• Technical: Can the system be developed and implemented using existing technology?
• Economic: Will the system justify the time, money, and resources required to implement?

Description

This quiz covers the basics of documentation in systems, including flowcharts, models, and narratives. It also explores different types of systems, including document, program, and actual systems.