AIS Exam 3 study guide

Created by

Sydney Suggs

Subdecks (1)

DA 292 #3
AIS Exam 3 study guide
6 cards

Cards (66)

Data 
Raw facts or statistics that, absent a context, may have little meaning
Information 
Data organized in a meaningful way to the user
Accounting Information Systems 
System that records, processes and reports on transactions to provide financial and non-financial information to make decisions and have appropriate levels of internal controls for those transactions
Information Overload 
The difficulty a person faces in understanding a problem and making a decision as a consequence of too much information
Attributes of Useful Information
Relevance
Faithful Representation
Relevance 
Confirmatory value, Predictive value, Materiality
Faithful Representation 
Complete, Neutral, Free from Error
Internal Control 
The processes, policies, and procedures implemented by an organization to safeguard its assets, ensure the accuracy of its financial records, and promote operational efficiency and adherence to laws and regulations
Why are internal controls used?
To minimize the risk of fraud, errors, and inefficiencies in an organization's operations, as well as to ensure compliance with laws and regulations
The three main functions of internal controls
Prevent errors and fraud
Detect them if they occur
Correct them to mitigate their impact and prevent recurrence
Preventive Controls 
Deter problems from occurring (Authorization)
Detective Controls 
Discover problems that are not prevented (Bank Reconciliations and monthly trial balances)
Corrective Controls 
Correct and recover from the problems that have recover corrupted data (backup files to recover corrupted data)
Internal controls in a computerized environment can be characterized by automated processes and systems that ensure the integrity, security, and reliability of data and information, as well as compliance with relevant laws and regulations
General controls 
The overall control environment, including the IT infrastructure and security measures
Application controls 
Specific to individual applications and are designed to ensure the completeness, accuracy, and validity of transactions processed by those applications
COSO 
The Committee of Sponsoring Organizations of the Treadway Commission, a joint initiative of five private sector organizations focused on improving organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence
The five nonprofit organizations that comprise COSO
American Accounting Association (AAA)
American Institute of Certified Public Accountants (AICPA)
Financial Executives International (FEI)
Institute of Management Accountants (IMA)
Institute of Internal Auditors (IIA)
COSO used two frameworks, the Internal Control-Integrated Framework and the Enterprise Risk Management-Integrated Framework, to improve the quality of financial reporting through enhanced accountability, effective internal controls, risk management practices, and corporate governance
Control activities 
Physical controls
IT general controls
IT application controls
Input controls
Processing controls
Output controls
Cost/benefit analysis 
A process used to evaluate whether the benefits of a proposed project or action outweigh the costs involved
COBIT Framework 
A widely used framework for the governance and management of enterprise IT, providing a comprehensive set of controls and best practices
Business requirements for information
Confidentiality, integrity, availability, compliance, reliability, and usability
Information security 
The goal is to protect the confidentiality, integrity, and availability of information assets from unauthorized access, use, disclosure, disruption, modification, or destruction
Common information security risks
Virus
Worm
Trojan Horse
Spam
Botnet
Denial-of-service attacks
Spyware
Spoofing
Social engineering
Encryption 
A preventive control providing confidentiality and privacy for data transmission and storage. Main factors are key length, key management, and encryption algorithm
Authentication 
A process that establishes the origin of information or determines the identity of a user, process, or device
Digital signature 
A cryptographic technique used to verify the authenticity and integrity of a digital message, document, or software
Fraud 
The intentional deception or misrepresentation for personal or financial gain, encompassing activities like financial fraud, identity theft, and insurance fraud
Fraud triangle 
Consists of three elements: Incentive, Opportunity, Rationalization
According to the fraud triangle, all three elements must be present for fraud to occur. Removing any one of these elements can help prevent or deter fraudulent behavior
Elements of a fraud detection program
Risk assessment
Clear policies and procedures
Internal controls
Training
Monitoring
Reporting mechanisms
Investigation procedures
Compliance oversight
Continuous improvement
Disaster Recovery Planning (DRP)
Involves preparing for IT system recovery after a disaster
Business Continuity Management (BCM)
Focuses on maintaining critical business functions during and after a disaster
Fault Tolerance 
The ability of a system to continue operating properly in the event of the failure of some of its components
Virtualization 
The process of creating a virtual (rather than actual) version of something, such as a server, operating system, storage device, or network resource
Cloud Computing 
The delivery of computing services, including servers, storage, databases, networking, software, and more, over the internet (the cloud)
Operating System (OS) 
Software that manages a computer's resources and provides a user interface for interacting with the computer
Database 
An organized collection of data, typically stored and accessed electronically from a computer system
Data warehouse 
A large, centralized repository of integrated data from one or more disparate sources, used for reporting, analysis, and business intelligence purposes

AIS Exam 3 study guide

Subdecks (1)

DA 292 #3

Cards (66)