Escolar Documentos
Profissional Documentos
Cultura Documentos
10-1
Chapter 10:
Computer Controls for Organizations and
Accounting Information Systems
Introduction
Enterprise Level Controls
General Controls for Information Technology
Application Controls for Transaction
Processing
Chapter
10-2
Chapter
10-3
Chapter
10-5
Logical Security
Limit
Chapter
10-7
Access to Data,
Hardware, and
Software
Utilization of strong passwords
8
Biometric identification
Distinctive
Chapter
10-10
Data Encryption
Data
eavesdropping
Hardware or software malfunctions
Errors in data transmission
Control Procedures
Checkpoint
control procedure
Routing verification procedures
Message acknowledgment procedures
Chapter
10-12
Chapter
10-14
Personnel Policies
Separation of Duties
Separate Accounting
Separation of Duties
Chapter
10-16
Division of Responsibility
in IT Environment
Chapter
10-17
Division of Responsibility
in IT Environment
Chapter
10-18
Personnel Policies
Identifying Suspicious Behavior
Protect
Safeguarding Computer
Files
Chapter
10-20
Chapter
10-21
Business Continuity
Planning
Definition
Comprehensive
Components
Disaster Recovery
Fault
Tolerant Systems
Backup
Chapter
10-22
Disaster Recovery
Definition
Process
and procedures
Following disruptive event
Site
Flying-Start Site
Cold Site
Chapter
10-23
Major Approaches
Consensus-based
protocols
Watchdog processor
Utilize disk mirroring or rollback processing
Chapter
10-24
Backup
Batch processing
Risk
Types of Backups
Hot
backup
Cold Backup
Electronic Vaulting
Chapter
10-25
Computer Facility
Controls
Locate Data Processing Centers in Safe Places
Protect
Buy Insurance
Chapter
10-26
Study Break #1
A _______ is a comprehensive plan that helps protect the
enterprise from internal and external threats.
A. Firewall
B. Security policy
C. Risk assessment
D. VPN
Chapter
10-27
Study Break #3
Fault-tolerant systems are designed to tolerate computer errors
and are built on the concept of _________.
A. Redundancy
B. COBIT
C. COSO
D. Integrated security
Chapter
10-28
Application Controls
for Transaction
Processing
Purpose
Embedded
Application Controls
Input
Controls
Processing Controls
Output Controls
Chapter
10-29
Application Controls
for Transaction
Processing
Chapter
10-30
Input Controls
Purpose
Ensure validity
Ensure accuracy
Ensure completeness
Categories
Observation,
Edit
tests
Additional input controls
Chapter
10-31
Observation, Recording,
and Transcription of Data
Confirmation mechanism
Dual observation
Point-of-sale devices (POS)
Preprinted recording forms
Chapter
10-32
Preprinted Recording
Form
Chapter
10-33
Edit Tests
Input Validation Routines (Edit Programs)
Programs
or subroutines
Check validity and accuracy of input data
Edit Tests
Examine
Edit Tests
Chapter
10-35
Edit Tests
Chapter
10-36
Chapter
10-37
Processing Controls
Purpose
Focus
Contribute
Two Types
Control
Data
totals
manipulation controls
Chapter
10-38
Audit Trail
Chapter
10-39
Control Totals
Common Processing Control Procedures
Batch
control total
Financial control total
Nonfinancial control total
Record count
Hash total
Chapter
10-40
Data Manipulation
Controls
Data Processing
Following
Compiler
Utilization of Test Data
Chapter
10-41
Output Controls
Purpose
Ensure validity
Ensure accuracy
Ensure completeness
Major Types
Validating
Processing Results
Regulating Distribution and Use of Printed Output
Chapter
10-42
Output Controls
Validating Processing Results
Preparation
of activity listings
Provide detailed listings of changes to master files
control
Pre-numbered forms
Authorized distribution list
Chapter
10-43
Study Break #5
Organizations use ______ controls to prevent, detect, and
correct errors and irregularities in transactions that are
processed.
A. Specific
B. General
C. Application
D. Input
Chapter
10-44
Triangles of Information
Security
Why We Do It (Fraud)
How We Prevent It
Chapter
10-45
Fraud Triangle
Chapter
10-46
CIA Triangle
Chapter
10-47