AIS Exam 3 study guide

    avatar
    Created by
    Sydney Suggs

    Subdecks (1)

    Cards (66)

    • Data
      Raw facts or statistics that, absent a context, may have little meaning
      View source
    • Information
      Data organized in a meaningful way to the user
      View source
    • Accounting Information Systems
      System that records, processes and reports on transactions to provide financial and non-financial information to make decisions and have appropriate levels of internal controls for those transactions
      View source
    • Information Overload
      The difficulty a person faces in understanding a problem and making a decision as a consequence of too much information
      View source
    • Attributes of Useful Information
      • Relevance
      • Faithful Representation
      View source
    • Relevance
      Confirmatory value, Predictive value, Materiality
      View source
    • Faithful Representation
      Complete, Neutral, Free from Error
      View source
    • Internal Control
      The processes, policies, and procedures implemented by an organization to safeguard its assets, ensure the accuracy of its financial records, and promote operational efficiency and adherence to laws and regulations
      View source
    • Why are internal controls used?
      • To minimize the risk of fraud, errors, and inefficiencies in an organization's operations, as well as to ensure compliance with laws and regulations
      View source
    • The three main functions of internal controls
      • Prevent errors and fraud
      • Detect them if they occur
      • Correct them to mitigate their impact and prevent recurrence
      View source
    • Preventive Controls

      Deter problems from occurring (Authorization)
      View source
    • Detective Controls
      Discover problems that are not prevented (Bank Reconciliations and monthly trial balances)
      View source
    • Corrective Controls

      Correct and recover from the problems that have recover corrupted data (backup files to recover corrupted data)
      View source
    • Internal controls in a computerized environment can be characterized by automated processes and systems that ensure the integrity, security, and reliability of data and information, as well as compliance with relevant laws and regulations
      View source
    • General controls
      The overall control environment, including the IT infrastructure and security measures
      View source
    • Application controls
      Specific to individual applications and are designed to ensure the completeness, accuracy, and validity of transactions processed by those applications
      View source
    • COSO
      The Committee of Sponsoring Organizations of the Treadway Commission, a joint initiative of five private sector organizations focused on improving organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence
      View source
    • The five nonprofit organizations that comprise COSO
      • American Accounting Association (AAA)
      • American Institute of Certified Public Accountants (AICPA)
      • Financial Executives International (FEI)
      • Institute of Management Accountants (IMA)
      • Institute of Internal Auditors (IIA)
      View source
    • COSO used two frameworks, the Internal Control-Integrated Framework and the Enterprise Risk Management-Integrated Framework, to improve the quality of financial reporting through enhanced accountability, effective internal controls, risk management practices, and corporate governance
      View source
    • Control activities
      • Physical controls
      • IT general controls
      • IT application controls
      • Input controls
      • Processing controls
      • Output controls
      View source
    • Cost/benefit analysis
      A process used to evaluate whether the benefits of a proposed project or action outweigh the costs involved
      View source
    • COBIT Framework
      A widely used framework for the governance and management of enterprise IT, providing a comprehensive set of controls and best practices
      View source
    • Business requirements for information
      Confidentiality, integrity, availability, compliance, reliability, and usability
      View source
    • Information security
      The goal is to protect the confidentiality, integrity, and availability of information assets from unauthorized access, use, disclosure, disruption, modification, or destruction
      View source
    • Common information security risks
      • Virus
      • Worm
      • Trojan Horse
      • Spam
      • Botnet
      • Denial-of-service attacks
      • Spyware
      • Spoofing
      • Social engineering
      View source
    • Encryption
      A preventive control providing confidentiality and privacy for data transmission and storage. Main factors are key length, key management, and encryption algorithm
      View source
    • Authentication
      A process that establishes the origin of information or determines the identity of a user, process, or device
      View source
    • Digital signature
      A cryptographic technique used to verify the authenticity and integrity of a digital message, document, or software
      View source
    • Fraud
      The intentional deception or misrepresentation for personal or financial gain, encompassing activities like financial fraud, identity theft, and insurance fraud
      View source
    • Fraud triangle

      Consists of three elements: Incentive, Opportunity, Rationalization
      View source
    • According to the fraud triangle, all three elements must be present for fraud to occur. Removing any one of these elements can help prevent or deter fraudulent behavior
      View source
    • Elements of a fraud detection program
      • Risk assessment
      • Clear policies and procedures
      • Internal controls
      • Training
      • Monitoring
      • Reporting mechanisms
      • Investigation procedures
      • Compliance oversight
      • Continuous improvement
      View source
    • Disaster Recovery Planning (DRP)
      Involves preparing for IT system recovery after a disaster
      View source
    • Business Continuity Management (BCM)
      Focuses on maintaining critical business functions during and after a disaster
      View source
    • Fault Tolerance
      The ability of a system to continue operating properly in the event of the failure of some of its components
      View source
    • Virtualization
      The process of creating a virtual (rather than actual) version of something, such as a server, operating system, storage device, or network resource
      View source
    • Cloud Computing
      The delivery of computing services, including servers, storage, databases, networking, software, and more, over the internet (the cloud)
      View source
    • Operating System (OS)

      Software that manages a computer's resources and provides a user interface for interacting with the computer
      View source
    • Database
      An organized collection of data, typically stored and accessed electronically from a computer system
      View source
    • Data warehouse
      A large, centralized repository of integrated data from one or more disparate sources, used for reporting, analysis, and business intelligence purposes
      View source
    See similar decks