Textbook Notes (362,820)
Canada (158,064)
York University (12,350)
Accounting (236)
ACTG 4620 (1)
Chapter 1

Chapter 1.docx

7 Pages
Unlock Document

York University
ACTG 4620
Laura Simeoni

Chapter 1: Who, What, When, Where, Why? • Risks of using information technology: o Inadequately applied because of lack of training o Unrealistic expectations of what the system can achieve o Visible paper audit trail is removed to errors have a high change of being undetected • Users of IT need assurance to ensure what they are using is reliable • Can continuously upgrade the use of IT to improve efficiency and quality of life • Speed of change in IT and seemingly exponential adoption rate by users in organizations leads to questions about information reliability • I & IT STAKEHOLDERS: o Parties in information system reliability include:  Users • Customers, employees, trading partners, citizens (public sector)  Systems developers  Management  Regulators • Reliability in an information system must encompass the following FIVE attributes (CAATO): o Completeness o Authorization o Accuracy o Timeliness o Occurrence:  Existence of recorded transactions, recorded assets • Attributes are applied to the entire processing cycle  i.e. input, processing, output, storage • Transactions that produce information: o Request for information or a system generated report • Reliable system has the following attributes: o Complete transactions o Relevant and complete information to users o Adequate recourses and controls to prevent loss o Authorized transactions o Information released to authorized parties only o Transactions are accurate o Regular checks and reconciliations of store information o Accurate information to users o Transactions processed promptly (timeliness, system should be available when needed) o Current information to users o Processes only REAL transactions o Information reflects real assets, liabilities, transactions • System should also be COST-EFFECTIVE AND EFFICIENT o High level of performance compared to the cost required to support the performance o Management and internal auditors are more concerned about efficiency and cost • HOW IS RELIABILITYACHIEVED: o Organization should focus on internal controls, i.e. the controls they have implemented themselves o Internal controls may be manual or automated  provide assurance to stakeholders using CAATOE o Internal controls over a system should address the transaction cycle of input, processing, output and storage o Controls should be applied to the following FIVE system components:  Infrastructure, software, people, procedures, information o INFRASTRUCTURE:  Real estate, network, hardware, have enough capacity, be continuously available, protected from breach and abuse and malfunction, no unauthorized access.  Provide platform for reliable information processing o SOFTWARE:  System software, application software, database management supporting multiple transaction processing applications.  Application software  systems that process transactions directly or produce end user information  Software has to be monitored continuously for unusual behavior and protected from unauthorized changes  System software: • Needed to interface directly with hardware (i.e. operating system)  Application software: • Process transactions directly or product end user information • Run on system software o PEOPLE:  System administrators pose big risk to organizations because have complete access to IT systems  People should be screened before system access is granted o PROCEDURES:  Policies, standards, procedures for employees and customers  Have to be concise, current, and well communicated o INFORMATION:  Information requirement determines the extent and type of infrastructure, software, procedure, and people  Organizations should have guidelines for executives when choosing which system to buy and how much money to invest • INFORMATION: o Result of computer processing o Type and extent of hardware and software needed depends on what information the system is intended to process and in turn produce o Each system should be “owned” by an executive member and charge them with deciding the information needs and the internal controls o Traditional Information Structure:  Example  payroll master file contains semi-permanent information of each employee  The file describes an entity called the employee, and each file contains information on the occurrence of the entity  Data files in each system pertain to only that system and are accessible to only that system o Primary key:  Field that uniquely identifies a record o Database:  Collected of related data files, increasing sharing of files within organizations  Increases risk as well because sharing increases the access points for information and the complexity of the software  Modern databases use the RELATIONAL or OBJECT ORIENTED RELATIONAL MODEL • Relational is the most popular model for systems that process primarily numerical and text data • Allows any two tables with a common field name to interrelate and provides flexibility  Commercial relational database systems also have objects i.e. pictures, clipart, etc. • Computer programs have been compiled to machine language understandable to the operating system • Object code is compiled from course code using a compiler (software tool) specific to the source programming language and operating system  IN A RELATIONAL DATABASE, TWO FIELDS CAN BE RELATED IF THEY HAVE THE SAME ALPHANUMERIC FIELD I.E. A FIELD THAT CAN BE USED AS A PRIMARY KEY • Field will only me a primary key in one table • Ex. Supplier and inventory numbers in the inventory table  inventory number is primary key, supplier number is foreign key o NoSQL:  Non-relational database  Less structured and reliable than relational database model, but it is however more dynamic  NoSQL is not used for business transaction processing, but the interface makes it popular to use for mobile applications o COMMON REASONS FOR ADAPTING A DATABASE:  Broadening customer service • Sharing information between business applications • Sharing of tables (files) between systems if called DATA PROGRAM INDEPENDENCE  Data sharing to expedite transactions and mitigate risk: • Loan department can share files with holdings department to see history of customer credit and whether credit should be granted  Data mining: • Principal technique in customer relationship management systems that uses mathematical analysis of a mass of data from different systems that share a database • Used for increased analysis of data to see trends  Reducing Data Redundancy: • Sharing information reduces the time for information search and reduces risks of data inconsistency  Increasing Computer Program Flexibility: • Databases provide a file layout dictionary • Program has to refer to the file name and field names, instead of specifying the location and format of the fields when accessing the files • Increases programming efficiency and flexibility as programs in one system can access the files in another system o SOFTWARE IS NEEDED TO CONTROL THE SHARING AND CONTENTION OF COLLECTION OF DATA FILES WITHIN DATABASE:  DATABASE MANAGEMENT SYSTEM (DBMS) • DATA ORGANIZATION STRUCTURE AND ACCESS METHODS: o Database consists of tables, and tables describe entities, each table has multiple records that represent occurrences of the entities o Each entity has attributes that are recorded in fields or columns o Records in a table may be stored sequentially based on the primary key  Controlled way to keep track of records  Periodically, each table should be sorted to account for gaps and duplicates as information changes o When a record if updated or needed for reporting, the DBMS or transaction processing system will find the record  Traditional method of finding a record  start with the first record, and compare the primary key value of each record to the primary key value of the record that has to be updated  This method is inefficient and takes too long  INDEX SEQUENTIAL METHOD: uses index similar to that in a telephone directory, where one column of the index contains the primary key value, second contains physical location of the record (i.e. disk, cylinder, track) • Instead of searching record by record, DBMS searches only the index making it faster • Example: IBM’s VIRTUAL SEQUENTIALACCESS METHOD  DIRECT ACCESS METHOD: • DBMS uses algorithm to calculate physical location of record based on the primary key • Record movement is controlled by the DBMS • Algorithm has to be sophisticated enough to prevent COLLISION i.e. two records having the same physical location • If collision happens, can use primary key address to move it to a new address o Sequential method best for things like payroll where information has to be accessed in one pass anyway  Management and auditors need to perform checks for gaps and duplicates  Also need to do periodic checks to validate index and direct access algorithm periodically • HARDWARE: o Important for management to understand the capability of different hardware and its vulnerability o Auditors need to be knowledgeable about hardware in order to assess risks and controls o SERVERS:  Z-series (legacy systems) • Large size in memory and disk storage  mainframe computers • Extended binary coded decimal interchange code (EBCDIC)  Local Area Network (LAN) • Use American Standard Code for Information Exchange (ASCII)  user-friendly  Servers should be in locked rooms, restricted list of computing devices connected to the servers  Explicit management authorization of who can access operating commands, servers, etc.  Management should keep current server inventory information in terms of location, network connection and supported business systems  VIRTUALIZATION TECHNOLOGY: • Using software to dynamically allocate idle server hardware capacity to other busier servers to make the infrastructure more flexible to surging transaction volume • Reduces hardware cost and the cost of hiring people to operate servers • Increases risk of business interruption as there is more reliance on fewer servers o PERSONAL COMPUTERS:  Management need to monitor proper approval ac
More Less

Related notes for ACTG 4620

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.