2020 - BEC

Area - IV

INFORMATION TECHNOLOGY

FLASH CARD

1

BUSINESS ENVIRONMENT AND CONCEPTS

• COVERS EVERY TOPIC OF BEC
•  AUTHORED BY SUCCESSFUL CPAS
•  BASED ON TRUSTED RESOURCES
•  ALL OF THE NEED-TO-KNOW CONCEPTS AND EQUATIONS

​

2

BUSINESS ENVIRONMENT AND CONCEPTS

• AREA – I : CORPORATE GOVERNANCE
• AREA – II : ECONOMIC CONCEPTS AND ANALYSIS
• AREA – III : FINANCIAL MANAGEMENT
• AREA – IV : INFORMATION TECHNOLOGY
• AREA – V : OPERATIONS MANAGEMENT

• 400 SLIDES
• WITH MNEMONICS AND TIPS
• SHORT CUTS
• WITH UP TO DATE TOPICS

​

3

AREA - IV

Information Technology

• Understanding the role of IT and systems, including the use of data in supporting business decisions
• Identifying IT-related risks associated with an entity’s information systems and processes, such as processing integrity, protection of information and system availability, including those risks introduced by relationships with third-parties
• Identifying application and IT general control activities, whether manual, IT-dependent or automated, that are responsive to IT-related risks, such as access and authorization controls, system implementation testing, and incident response plans.

4

Classification of control based on control

• General control - Control over the environment such as control over input, process and output. This is a umbrella type of cover.
• Application control - Controls that are specific to a process, application.

​

5

Enterprise Resource Planning System (ERPs)

• Software system that processes transactions, supports management, and aids decision making throughout the entire organization in a single package.
• ERP integrates all of the data maintained by the organization into one database.

​

6

What is Application Controls?

• Controls over the data input and processing meant to ensure the accuracy, completeness, and validity of transactions processing.

7

Disadvantage of ERP:

• They are very expensive to purchase and integrate into an organization

8

Components of ERP: (OLAP and OLTP)

• An online analytical processing system (OLAP). Provides data warehouse and data mining capabilities into an ERP system.
• Online transaction processing system (OLTP). Records the day-to-day transactions of an organization such as sales, production, and purchasing

9

Cloud Based System Advantages:

• - Enhanced access as long as someone has internet
• - Lower maintenance costs
• - Scalability

10

Cloud Based System Disadvantages:

• - Risk of data loss
• - Increased risk of data being breached by hackers.
• - Overall risk of relying on a service provider instead of housing data internally

11

Examples of Cloud Based Systems:

• Software as a service (Saas): Externally hosted and usually comes with an ongoing fee instead of buying software on a CD and installing it.
• Platform as a service (Paas): Use of cloud based service to create cloud-based software.
• Infrastructure as a service (Iaas): Using the cloud to access virtual storage or hardware

12

An IT system continuity Plan allows:

• The system to keep running and maintaining data in the event of a disaster such as the main office burning down or being flooded.

13

Business Continuity Management (BCM):

Overall process of planning for disasters

14

DRP (Disaster Recovery Plan):

• Allows organizations to make a plan for disasters and recover from them. The top priority is "mission critical" activities. The lowest priority is given to "task critical" activities

15

Cold Site:

• Offsite location that has all the physical requirements for data processing, but doesn't have the actual equipment or data.

16

Warm Site:

• Place the business can relocate to after a disaster. It contains the hardware but no copies of backed up data.

17

Hot Site:

• Offsite location that is completely ready to take over the company's data processing.

18

Mirrored Site

• Fully redundant facility - this has the highest cost

19

IT Functions: IT Internal Controls

• Application Development
• Systems Admin & Programming
• Computer Operations

20

Roles within IT:

• System Analysis - Designs and Analyzes computer systems, and they usually lead a team of programmers
• Application Programmers - Work under the systems analyst to actually write the programs.
• System Administrators - Grants access to system resources and manages activities within the system.
• System Programmers- Maintains and updates operating systems and hardware
•  Data Librarian  - Person who maintains custody of the entity's data.
• Data Control - Controls the flow of documents in and out of computer operations.
• Data Entry Clerk - Keys in data to the system
• File Librarian - File and data that isn't online is stored in a file library, and the file librarian controls it

21

What are IT Controls (3)?

• Input Controls: Ensure the transactions entered into the system are valid, complete, and accurate
• Processing Controls: Ensure that updates and processes work accurately and completely, to detect unauthorized transactions entered into the system
• Output Controls: Ensure that reports generated from the system are accurate and only distributed to authorized individuals

22

Why are input controls important:

• If the data is entered correctly, there are less problems in the future because of decisions being made based on bad data

23

What are the 3 main goals of input controls:

• Validity.
• Completeness.
• Accuracy

24

Examples of Input Controls:

• Default Values -  Pre-supplied values to help reduce mistakes such as the date on an order page being auto-filled with the current day's date.
• Automated Data Capture - Bar code reader that allows fast data entry and reduces mistakes
• Reasonableness Check - Process that compares two fields such as hours worked with paycheck total to make sure both values are reasonable.
• Closed Loop Verification - Reduces data entry errors by retrieving other related information when an input such as a phone number is entered. If the wrong customer comes up, the user knows they type the number wrong
• Sequence Check - Verifies all the numbers in a sequence have been accounted for, such as check numbers
• Hash Total - Provides a total for a field with no actual meaning, but can be used to prevent errors. Such as adding up the numbers of a customer account number which can b e used later to check for errors

25

Objective of Processing Controls -

• Ensure that updates and changes to the master file are accurate and authorized

26

Types of Processing Controls:

• Electronic Audit Trail - List of transactions written to a log as they are processed which provides a trail for transactions
• Run to Run - Controls are counts that monitor the number of units in a batch as they move from one procedure to another
• Internal Labels - Tells the program its using the correct files for the update process

27

Objectives of Output Controls -

• Help ensure that reports are accurate and distributed to authorized users.

28

Types of Output Controls:

• Spooling Controls - When jobs sent to the printer are held in a printing queue, access to this queue is restricted.
• Aborted Print Jobs - Since printed reports contain sensitive data, there should be a control to dispose of partial printouts or aborted print jobs. -
• Distribution Logs - Who receives what reports should be recorded and controls should be in place to make sure people only receive reports they are authorized to receive.
• End user controls - Performing checks on user-created totals and reconciling to separate records

29

IT System Development -

• The overall approach and process for developing systems is called the 'systems development life cycle' (SDLC).

30

Main Roles of the SDLC are: 

• IT Steering Committee -  Members are selected from different areas across the organization and this committee oversees the development of the system being built.
• Lead System Analyst - This person is in charge of the programming team and is responsible for the overall logic and functionality of the system.
• Application Programmers - The programmers who write the programs and work under the lead analyst.
• End users - The employee who will use the system for their day-to-day tasks

31

What are stages of the SDLC:

• Planning and Feasibility
• Analysis
• Design: Systems Model
• Development
• Testing.
• Implementation
• Maintenance

32

Types of Planning and Feasibility

• Planning and Feasibility
• Technical Feasibility: Is it possible with our current IT system
• Economic Feasibility: Do the benefits outweigh the costs?
• Operational Feasibility: Will the system work?

33

Objectives of Analysis phase of SDLC

• Analysis - Requirements definition: This formally identifies what the system must accomplish.

34

Types of Implementation of application / system

• Parallel Implementation: The old system and new system are run side by side until its clear the new system works
• Cold Turkey: The old system is dropped and the new system is implemented all at once
• Phased Implementation: The new system is implemented in phases
• Pilot Implementation: Users are divided into small groups and one group at a time implements the new system

35

Importance of Documentation in an IT Environment

• Building the systems and software of an entire IT system requires documentation in order to evaluate the system, train employees on using the system, re-create or redeploy the system after a crisis, and for auditors to use during audits.
• Four (4) Levels of Documentation -
• System Documentation - Gives an overview of the programs and data, and how the system programs work together.
• Program Documentation - Record of the programming logic. This is mainly for use by programmers.
• Operator Documentation or the "run manual“ - Necessary information to run the programs, used by computer operators.
• User Documentation - Documentation that helps an untrained user be able to understand and use the system

36

Types of data size?

• Bit -  - 'Bit' is a zero or a 1, the smallest piece of computer information
• Byte -  - 'Byte' is a group of 8 bits of information, next step up from a 'bit‘
• Field -  - 'Field' is a group of bytes that identify one characteristic, such as one customer's phone number
• Record -  - 'Record' is a group of related fields such as one customer's information
• File - - 'File' is a collection of records

37

What is RAM ?

• Random Access Memory: Contains temporary data used to run programs in process

38

Optical Disk (CD)

• Uses laser technology to "burn" data onto a disk

39

Central Processing Unit (CPU) 

• The control center of the computer system.

40

Online Real Time Processing (OLRT) -

• Immediate transactions take place as they occur, such as an internet order

41

Master File -

• The equivalent to a general ledger in a paper system in that it contains a summary of all transactions.

​

42

Batch Processing

• Transactions are processed in a group

43

Point of Sale System (POS) -

• Combines online and real-time processing at a central location.

44

Centralized System -

• Maintains all data and performs all processing at a central location.

45

Peer-to-peer Network -

• Which different nodes all share in communications management - there is no central controlling server.

46

Local Area Network (LAN) -

• Confined to a small geographic area such as one office or even just one floor.

47

What is a Node ?

• Device connected to a computer network

48

Wide Area Network (WAN) -

• Networks that cover large geographic areas, such as a national network

49

Extensible Markup Language (XML) 

• Protocol for encoding documents in a machine readable form

50

Hypertext Markup Language (HTML) -

• Language for web pages

51

Transmission Control Protocol/Internet Protocol (TCP/IP) -

• Transmission protocol of the internet

52

Extensible Business Reporting Language (EXBRL) -

• Protocol for encoding and tagging business and accounting specific information in electronic form.

53

File Transfer Protocol (FTP) -

• Protocol used for transfer applications

54

Remote Backup Service -

• Allows to backup their information in the cloud.

55

Rollback and Recovery Method of Backup -

• When transactions are backed up as they occur, but there are also "snapshots" backed up so that backup can be rolled back to a certain period of time.

56

Mirroring -

• Method of backup that backs up an exact copy to multiple sites.

57

Biometric Controls -

• Things like fingerprint scanners that are used instead of a password

58

File Attributes -

• Restricts read/write/edit capabilities of a record

59

Social Engineering -

• Set of techniques used by a fraudster to get sensitive information from people instead of actually hacking computer systems.

​

60

Four (4) electrical systems risks are:

• Failure or outage
• Reduced Voltage (brownout)
• Spike and surges
• Electromagnetic interference

61

'Cleartext' or 'Plaintext' -

• Text that can be written or understood versus something like computer language.

62

Symmetric Encryption 

• Using a single algorithm to encrypt or decrypt

63

Digital Certification -

• Works by providing electronic identification and verification of a message

64

Asymmetric Encryption -

• Works by using two paired algorithms to encrypt and decrypt text.

65

Secure internet transactions are made possible by 2 main security protocols -

• 1. SSL (Secure Sockets Layer)�2. S-HTTP (Secure Hypertext Transport Protocol)

66

Ciphertext -

• Ciphertext - Scrambled text that cannot be understood without using an algorithm and key

67

Denial of Service Attack -

• Prevents legitimate users from accessing the system by flooding the system with requests. The attack is meant only to disable the system, not gain access to it.

68

Trojan Horse -

• An application that appears legitimate but performs some other illicit activity

69

Types of data storage?

• RAID disk storage, while relatively inexpensive, does not necessarily mean lower performance and reliability.
• Virtual memory is not real memory; it is software controlled.
• Tape Storage

70

What is Backdoor?

• Program that lets a hacker bypass the regular security process such as a password.

71

Change control system

A system put in place for the purpose of authorizing and monitoring changes related to information technology, including software implementation, development, application programs, database administration, etc. Although system implementations often take longer and cost more than originally budgeted, these issues (along with scope creep) can be minimized with better oversight through an established system

72

Data Mining

• Data mining is the analysis of data in a data warehouse in order to attempt to discover hidden patterns and trends in historical business activities.
• Data mining would help managers understand the changes that are occurring in a business and would also assist in making strategic business decisions in order to attempt to get a competitive advantage in the marketplace.
• Data mining is used to sift through large amounts of data, sometimes several terabytes of information. Without the use of a computer, a person would never be able to analyze this much data and uncover trends using algorithms and other mathematical and statistical procedures.

73