IT Applications & Environment

Questions and Answers

Which of the following best describes the role of IT applications within an IT environment?

• Managing access to the IT environment.
• Comprising the network, operating systems, and databases.
• Managing changes to the IT environment.
• Initiating, processing, recording, and reporting transactions or information. (correct)

The primary reason organizations adopt IT is to decrease the volume of transactions they can process.

False (B)

What are the three components of the IT environment?

IT applications, IT infrastructure, and IT processes

An entity's processes to manage access to the IT environment, manage program changes, and manage IT operations are known as _____.

IT processes

Match each IT component with its definition:

IT Applications = Programs used for processing and reporting information IT Infrastructure = Network, operating systems, and databases IT Processes = Processes to manage access, changes, and operations within the IT environment

Which of the following is most directly supported by an advanced inventory management system?

Monitoring and tracking inventory levels. (A)

The use of IT in business operations completely eliminates the risk of material misstatement in financial statements.

False (B)

Besides "Computer Information Systems (CIS) Environment", what is another term used to refer to the IT environment?

Electronic Data Processing (EDP) environment (A)

Which type of input control ensures that a user enters only numeric data into a field designated for numbers?

Field check (D)

A 'hash total' involves summing a field of information that has intrinsic meaning to verify the accuracy of a batch of transactions.

False (B)

What type of input control would prevent a transaction from being processed if a required field, such as a customer's email address, is left blank?

completeness check

A ______ compares input data against a master file to confirm accuracy.

validity test

Match the following types of controls with their purpose:

Controls over Processing = Ensures transactions are accurately and completely processed. Controls over Output = Guarantees that the results of the processed data are accurate and distributed only to authorized personnel. Controls over Input = Verifies the accuracy and validity of data as it enters the system.

Which role is primarily responsible for designing the information systems and setting goals for achieving them, considering the organization's objectives and computer processing needs?

System Analysis (D)

The computer operation function should be combined with application programming to foster collaboration and efficiency.

False (B)

Which role is responsible for coding system specifications into programming languages?

Application programming

The primary function of ______ is to protect computer programs and data from loss, damage, or alteration.

program and file library

Which of the following describes the responsibilities of Data Control?

Reviewing input procedures, monitoring processing, and handling reprocessing of exceptions. (B)

Match the IT function with its primary responsibility:

Telecommunications = Maintaining and enhancing computer networks Systems Programming = Troubleshooting and upgrading operating systems Quality Assurance = Ensuring new systems meet user specifications

What is the main responsibility of a Database Administrator?

Planning administering and designing the database (A)

To maintain a log of computer operator intervention, which type of system is essential requirement?

Operating system

Which of the following practices aligns with maintaining proper segregation of duties within IT operations?

Restricting computer operators to only the application programs currently being used. (C)

Intrusion detection controls are designed to ensure that backups of financial reporting data occur as planned.

False (B)

What is the primary purpose of 'job monitoring' controls within IT operations?

to monitor financial reporting jobs or programs for successful execution

Controls over the process to design, program, test, and migrate changes to a production environment are known as the ______ process.

change management

Match each IT control with its primary objective:

Job scheduling = Controls over access to initiate jobs or programs affecting financial reporting. Backup and recovery = Ensuring financial reporting data is available for timely recovery after an outage. Change management process = Controls over designing, programming, testing, and migrating changes to production. Segregation of duties over change migration = Controls that segregate access to make and migrate changes to a production environment.

Which control is most directly focused on maintaining data integrity during a system upgrade?

Data conversion controls (D)

Controls over input are designed to ensure that all transactions are processed, even if they are not properly authorized.

False (B)

According to the provided information, what is the intention of IT operation controls?

to provide reasonable assurance that database operations and data processing are functioning effectively as intended

Which input device is capable of both reading information from magnetic tape and serving as a storage medium?

Magnetic tape reader (D)

Turnaround documents are sent to customers and used as outputs from the system.

False (B)

What type of automated source data input device is commonly used by banks to read checks?

Magnetic ink character reader

A terminal connected to a computer that records transactions and maintains perpetual inventory is known as a ______ recorder.

point-of-sale

Match the following software types with their primary function:

Operating System = Manages computer hardware and software resources Utility Programs = Handle common file and data manipulation tasks Voice Recognition = Translates spoken words into a computer-interpretable format Optical Character Recognition = Reads characters directly from documents

What is the primary function of an operating system?

Directing, controlling, and coordinating computer hardware operations (B)

Data storage only refers to fixed storage options within a computer system.

False (B)

Which device uses light to allow a user to interact with displayed menu items?

Light Pen (D)

Which of the following best describes Risks Arising from the Use of IT (RAIT)?

The susceptibility of information processing controls to ineffective design or operation, and risks to the integrity of information. (D)

General IT controls directly address the accuracy and validity of individual transactions within an application.

False (B)

What is the primary purpose of entity-level IT controls?

To define the strategic direction and establish an organizational framework for IT activities.

According to S²PARTA, one of the key entity-level IT controls is ______ of incompatible duties.

segregation

Match the following IT control categories with their descriptions:

Entity-Level IT Controls = Define strategic direction and establish an organizational framework for IT activities. General IT Controls = Support the continuous and proper operation of the IT environment.

Which of the following is NOT explicitly listed as an entity-level IT control under the S²PARTA framework?

Data encryption (B)

The primary focus of general IT controls is to prevent unauthorized access to sensitive data.

False (B)

Explain how 'Quality Assurance' as an entity-level IT control, contributes to mitigating Risks Arising from the Use of IT (RAIT).

Quality assurance helps ensure that IT systems and processes are developed and maintained to a high standard, reducing the likelihood of errors or vulnerabilities that could lead to RAIT.

Internal ______ and monitoring are entity-level IT controls that help in identifying and addressing weaknesses in IT processes.

audit

If a company implements robust strategies and plans (an 'S' in S²PARTA) for IT but neglects 'Risk assessment activities' (the 'R' in S²PARTA), what potential consequence might arise?

Ineffective IT spending and resource allocation. (C)

Flashcards

IT Environment

IT applications, infrastructure, processes, and personnel used to support business operations and achieve strategies.

IT Application

A program or set of programs for initiating, processing, recording, and reporting transactions or information.

IT Infrastructure

Network, operating systems, databases, hardware, and software that support IT applications.

IT Processes

Processes to manage access, program changes, and IT operations within the IT environment.

EDP/CIS environments

Alternative names for the IT environment.

RoMM in IT

The possibility of inaccurate or incomplete information in financial statements due to risks within the IT environment.

IT streamlines processes

Using technology to make a company's operations faster and more efficient

IT Business Examples

Businesses can use IT to sell products online and monitor stock levels

Command Line Interface (CLI)

Using text-based commands to interact with a computer.

Turnaround Documents

Documents sent to customers, then returned as input (e.g., utility bills).

Magnetic Tape Reader

Reads data recorded as magnetic spots on magnetic tape.

Magnetic Ink Character Reader (MICR)

Reads characters written with magnetic ink (e.g., on bank checks).

Optical Character Recognition (Scanner)

Reads characters directly from a document using their shapes.

Automated Teller Machines (ATM)

Machines for financial transactions (deposits, withdrawals).

Point-of-Sale (POS) Recorders

Terminals that record transactions and maintain inventory.

Operating System

Software that manages computer hardware and software resources.

RAIT Definition

The susceptibility of info processing controls to ineffective design/operation, or risks to info integrity due to IT process control issues.

IT Controls

Management designs and implements these to address RAITs.

Entity-Level IT Controls

IT controls embedded in the control environment, defining strategic direction & organizational framework for IT activities.

General IT Controls

These are controls over IT processes to support continuous and proper operation of the IT environment (General).

S in S²PARTA

Strategies and Plans.

Second S in S²PARTA

Segregation of Incompatible duties

P in S²PARTA

Policies and procedures

A in S²PARTA

Quality Assurance

R in S²PARTA

Risk assessment activities

T in S²PARTA

Training.

Limit Test

Tests data against predetermined upper and lower limits for reasonableness.

Validity Test

Compares input data to a master file or table to verify accuracy.

Self-Checking Digit

Contains redundant information that allows for the detection of errors.

Completeness Check

Ensures all required data fields are filled before processing continues.

Field Check

Ensures that the correct type of character (numeric, alphabetic, etc.) is entered into a specific field.

Chief Information Officer (CIO)

Oversees the entire IT department; ensures alignment with organizational goals.

System Analyst's role

Designs information systems to meet organizational goals and user needs.

Application Programmer

Writes code based on system specifications.

Database Administrator

Plans, designs, and maintains the organization's database.

Data Entry Clerk

Prepares and validates data before it enters the system.

Computer Operator

Runs and monitors computer systems, addressing errors as they arise.

Program and File Library

Protects programs, files, and other records from loss, damage, or unauthorized access.

Data Control's function

Reviews input, monitors processing, handles exceptions, and distributes output; also checks computer and library logs.

IT Access Restriction

Restricting access to input data, application programs, and operations manuals to only those who need it.

IT Operations Controls

Controls to ensure database operations and data processing function effectively.

Job Scheduling Controls

Controls over scheduling and initiating jobs or programs.

Job Monitoring Controls

Controls to monitor financial reporting jobs for successful execution.

Backup and Recovery Controls

Controls ensuring data backups occur and are accessible for timely recovery.

Intrusion Detection Controls

Monitoring for vulnerabilities and intrusions in the IT environment.

Change Management Process Controls

Controls over designing, programming, testing, and migrating changes to a production environment.

Controls Over Input

Ensuring only authorized transactions are processed, accurately converted, and not lost or duplicated.

Study Notes

• Business organizations are operating in a fast-evolving digital era due to the internet and digitization.
• Businesses are adapting to this period's challenges, which often requires reinventing business models and structures.
• Accounting processes are streamlined through computers' ability to handle large transaction volumes instantly.
• Investors' and stakeholders' financial reporting needs change during this constant transformation period.
• Transformations in audit execution are necessary as improvements emerge.

The Information Technology (IT) Environment

• The IT environment includes IT applications, supporting infrastructure, IT processes, and personnel that support business operations and strategies.
• IT application: A program or set of programs used to initiate, process, record, and report transactions or information, including data warehouses and report writers.
• IT infrastructure: comprises the network, operating systems, databases, and related hardware and software.
• IT processes: processes to manage access, program changes, IT environment changes, and IT operations.
• The information technology environment is also referred to as the "Electronic Data Processing (EDP) environment" or "Computer Information Systems (CIS) Environment".
• IT enables online product sales and inventory tracking.
• IT use exposes the entity to business risks that could lead to material misstatement (RoMM) of financial statements, which auditors must consider.

IT Infrastructure

• IT infrastructure is the foundation, which includes all the hardware, software, networks, and facilities necessary to perform the IT services.
• Major components include Database Systems, Operating Systems, and Networks.
• Database System: An organized data collection stored and accessed electronically, enabling data synchronization by maintaining a single copy of important records.
• Current systems assign database maintenance and control responsibilities to a database administrator.
• Operating system: The software that controls computer hardware and supports its basic functions, loading from data storage upon computer startup.
• Networks: Two or more linked computers facilitate sharing of devices, software, files, and transmissions via cables, satellites, and telephone lines.
• Types of networks (classified by geographical scope) include Local Area Network (LAN), Wide Area Network (WAN), National Area Network (NAN), and the Internet.
• Distributed Data Processing: Information and program sharing increases the risk of unwanted access and calls for computer security.
• Electronic Data Interchange: Exchanging business data via telecommunication links reduces the audit trail.

Computer and its components

• IT infrastructure uses a computer; a programmable electronic device for storing, retrieving, and processing data
• Computers are comprised of Hardware and Software components.

Computer hardware

• Hardware consists of the physical devices or equipment used for data processing functions including the Central Processing Unit (CPU), Input devices, Output devices and Data Storage.
• CPU: Serves as the brain of the computer and processes programs of instructions for manipulating data.
  • Control unit: Interpreter of program codes that will manipulate the data
  • Storage unit: Data retention unit
  • Arithmetic and Logic Unit (ALU): Performs arithmetic and logic functions
• Secondary storage devices are storage support to the CPU.
  • Method of Access include Random or Sequential
    • Random: Data can be easily accessed directly regardless of how it is physically stored (e.g. magnetic disk)
    • Sequential: Data must be processed in the order in which it is physically stored (e.g. magnetic tape, cartridges)
  • Type of Storage Device includes:
    • Magnetic tape: Primary medium for backing up random-access disk files and considered to be the cheapest type of storage available
    • Magnetic disks: Include CDs (mainframe) and hard disks or (microcomputers) drives
    • Redundant array of independent disks (RAID): A way of storing the same data redundantly on multiple magnetic disks to minimize the likelihood of loss of data
    • Compact disks, floppy disks, and zip disks
    • Optical disks: Use laser technology to store and read data
• Input devices: Serve as an entry channel to transmit data to the CPU for processing, functioning as converters of information into a machine-readable form.
  • Examples of input devices:
    • Keying data: Key to tape and key to disk in which data can be entered directly on tapes and disks respectively through a cathode ray tube (CRT), and then read into a computer.
    • Online entry
      • Visual display terminal (uses the keyboard to directly enter data into the computer)
      • Input interface: a program that controls the display for the user (usually on a computer monitor) and that allows the user to interact with the system
    • Graphical user interface - uses icons, pictures, and menus instead of text inputs (e.g. Windows)
    • Command line interface - uses text-type commands
    • Mouse, joystick, light pens
    • Touch-sensitive screens - allow users to enter data from a menu of items by touching the surface of the monitor
• Turnaround documents (e.g. Utility Bills) are documents that are sent to customers and returned as inputs.
• Automated source data input devices:
  • Magnetic tape reader: A device capable of sensing information recorded as magnetic spots on magnetic tape.
  • Magnetic ink character reader (MICR): A device that temporarily reads magnetized characters using magnetic ink (e.g. bank check readers)
  • Optical character recognition (scanner): A device to read characters directly from documents based on their shapes and positions.
  • Automated teller machines (ATM): A machine used to execute and record transactions with financial institutions
  • Point-of-sale (POS) recorders: A terminal connected to a computer connected.
  • Voice recognition: - A system that understands spoken words and transmits them into a computer
• Output devices translate processed data into forms understandable by users (e.g. monitors, printers, etc.).
• Data Storage serves as a warehouse of data processed by the computer, such as a hard disk, and can either be fixed or removable.

Computer Software

• Software consists of sets of instructions (programs) that direct, control, and coordinate the operation of hardware components.
  • Systems software
    • Operating system: Monitors and controls all the input, output, processing, and storage devices and operations of a computer (e.g. DOS, Windows, Linux, Mac, etc.).
    • Utility (user) programs: Handle common file, data manipulation, and "housekeeping" tasks, such as sorting and merging.
    • Communication Software: Controls and supports transmission between computers, computers, and monitors, and accesses various databases
  • Application software (also known as 'apps') is written by programming languages such as Turbo C, Assembly, Java, Visual Basic, and COBOL, that are designed for specific uses such as payroll preparation, word processing, graphics, database systems, and accounting software
  • Database management system (DBMS): software package for the purpose of creating, accessing, and maintaining a database
  • Source program: written code that are translated into machine language.
  • Object program: a converted source program that was changed using a compiler to create a set of machine-readable instructions
  • Compiler: A converts human-readable code into machine language object program from a source program language
  • Interpreter: Converts each source code instruction to object code each time it is executed
  • Virtual memory (storage): Online secondary memory is used as an extension of primary memory

Types of Computers

• Supercomputers are extremely powerful, high-speed computers for extremely high volume and/or complex processing needs
• Mainframe computers: Large, powerful, high-speed computers
• Minicomputers: Large and powerful, but not as large or as powerful as mainframe computers
• Microcomputers: Small computers, such as personal computers and laptops
• Personal digital assistants: Mobile, handheld computers
• "Computer systems" refers to the configuration of hardware and software that is intended for a specific purpose.
• Two commonly considered relevant systems are:
  • Management reporting system is designed to help with the decision-making process by providing access to computer data
    • Decision support system: Computer-based information systems that combine models and data to resolve non-structured problems
    • Executive information system: Computerized systems specifically designed to support executive work
    • Expert systemcomputer systems that apply reasoning methods to data in a specific relatively structured area
    • Management information systemystems designed to provide past, present, and future information for planning, organizing, and controlling the operations of the organization
  • Transaction processing system involves the daily processing of transactions

IT Applications

• IT Applications or software applications are programs designed for specific end-user purposes. Emphasis is placed on financial accounting applications for use in the initiation, processing, recording, and reporting of transactions or information which are relevant for decision-making Depending on the need and size of an entity they may include:
  • Small and medium-sized business accounting applications: Basic bookkeeping functions and financial reporting
  • Enterprise accounting applicationesigned for larger organizations that allow for more extensive accounting processes, often part of a larger ERP system.
  • Cloud/online accounting application: An accounting application system that is hosted online.
• Entities may also use emerging technologies (e.g., blockchain, robotics or artificial intelligence)

IT Processes

• IT processes are the entity's processes to manage access to the IT environment, program changes, and IT operations.
• Processes include general IT controls.

Information Technology (IT) Controls

• The entity's use of IT applications or other aspects in the IT environment may give rise to risks arising from the use of IT (RAIT).
• RAIT refers to the susceptibility of information processing controls to ineffective design or operation, or risks to the integrity of information
• To address RAITs, management designs and incorporates IT controls including (S2PARTA):
  • Strategies and plans
  • Segregation of incompatible duties
  • Policies and procedures
  • Quality Assurance
  • Risk assessment activities
  • Training
  • Internal Audit and Monitoring
• General IT Controls (GITCs) are controls over the entity's IT processes that include (COA):
  • Controls over IT Changes
  • IT Operations controls
  • Access controls
• Application Controlsare controls that help the entity achieve its financial reporting objectives as to the completeness, accuracy, existence/authorization, and presentation of data including (IPO):
  • Input Controls
  • Processing Controls
  • Output Controls
• Entity-level IT Controlsalso known as the IT organizational controls which set the overall tone.
• Listed below are the various responsibilities and functions within an IT department include:
  • Information System Management
  • System Analysis
  • Application programming
  • Database Administration
  • Data Entry
  • Computer Operation
  • Program and File Library
  • Data Control
  • Telecommunications
  • Systems Programming
  • Quality Assurance
• Another important aspect of this type of control is monitoring:
  • Continuous monitoring
  • Defect identification and management
  • Security monitoring
• Separate evaluations

General Information Technology Controls (GITCS)

• Embedded within IT services and support the effective functioning of application controls and that of the whole IT environment.
• GITCs include:
  • Access controls provide reasonable assurance that access to equipment, files, and programs is limited only to authorized personnel.
    • Authentication
    • Authorization
    • Provisioning
    • Deprovisioning
    • Privileged access
    • User access reviews
    • Security configuration
    • Physical access
  • IT Operations Controls provide reasonable assurance that database operations and data processing are functioning effectively as intended.
    • Job scheduling
    • Job monitoring
    • Backup and recovery
    • Intrusion detection
  • Controls over IT Changes These controls serve as an oversight function
    • Change management process
    • Segregation of duties over change migration
    • Systems development or acquisition or implementation
    • Data conversion

IT Application Controls

• Prevent or detect unauthorized/erroneous transactions within software programs which support proper authorization, completeness, accuracy, and validity of input, processing, and output.
  • Controls over input are designed to provide reasonable assurance
  • Controls over processing is designed to provide reasonable assurance
  • Controls over output is designed to provide reasonable assurance

Description

Explore the role and components of IT applications within an IT environment. Understand how organizations adopt IT and manage access. Learn about input controls and hash totals.