________________ are systems (1) they develop customized systems Turnkey systems
analysts, systems engineers, and in-house through formal systems 14
programmers. These individuals development activities and Q actually build the system. They gather (2) they purchase commercial systems ___________________ are designed to facts about problems with the current from software vendors. This section of serve a wide variety of user needs. By system, analyze these facts, and the text discusses these two mass-producing a standard system, the formulate a solution to solve the alternatives. vendor is able to reduce the unit cost problems. The product of their efforts 8 of these systems to a fraction of in- is a new system. Q house development costs. A These firms design their own A Systems Professionals information systems through in-house General Accounting Systems. 2 systems development activities. 15 Q ____________________ requires Q ____________________ are those for maintaining a full-time systems staff of To provide as much flexibility as whom the system is built. There are analysts and programmers who identify possible, _______________ are many of these at all levels in an user information needs and satisfy designed in modules. This allows users organization. their needs with custom systems. to purchase the modules that meet A A their specific needs. Typical modules End Users In-House Development include accounts payable, accounts 3 9 receivable, payroll processing, Q Q inventory control, general ledger, During systems development, systems SDLC stands for financial reporting, and fixed asset. professionals work with the A A ______________ to obtain an Software Development Life Cycle General accounting systems understanding of the users’ problems 10 16 and a clear statement of their needs. Q Q A A growing number of systems are Some software vendors create primary users purchased from software vendors. ______________________ 4 Faced with many competing packages, that target selected segments of the Q each with unique features and economy. For example, the medical __________________ are individuals attributes, management must choose field, the banking industry, and either within or outside the the system and the vendor that best government agencies have unique organization who have an interest in serve the needs of the organization. accounting procedures, rules, and the system but are not end users. Making the optimal choice requires conventions that general-purpose These include accountants, internal that this be an informed decision. This accounting systems do not always and external auditors, and the internal is a _______________. accommodate. Software vendors have steering committee that oversees A thus developed standardized systems systems development. Commercial Systems to deal with industry-specific A 11 procedures. Stakeholders Q A 5 Four factors have stimulated the Special-Purpose Systems. Q growth of the commercial software 17 ______________________ are those market: Q professionals who address the controls, A _______________________ are accounting, and auditing issues for (1) the relatively low cost of general computer systems that improve the systems development. This commercial software as compared to productivity of office workers. involvement should include internal customized software; Examples include word processing auditors and IT auditors. (2) the emergence of industry-specific packages, database management A vendors; systems, spreadsheet programs, Accountants/Auditors (3) a growing demand from businesses and desktop publishing systems. 6 that are too small to A Q afford in-house systems’ development Office Automation Systems. Accountants are involved in systems staff; and 18 development in three ways. These are: (4) the trend toward downsizing of Q A organizational units _________________ provide a basic 1. First, accountants are users. 12 system structure on which to build. All systems that process Q These systems come with all the financial transactions impact Commercial software packages fall primary processing modules the accounting function in into three basic groups: programmed. The vendor designs and some way. A programs the user interface to suit the 2. Second, accountants 1. turnkey systems client’s needs. participate in systems 2. backbone systems A development as members of 3. vendor-supported Backbone Systems. the development team. Their systems. 19 involvement often extends 13 Q beyond the development of Q These systems are hybrids of custom strictly AIS applications. _____________ are completely systems and commercial software. 3. Accountants are involved in finished and tested systems that Under this approach, the vendor systems development as are ready for implementation. These develops (and maintains) custom auditors. Accounting are often general-purpose systems or systems for its clients. The systems information systems must be systems customized to a specific themselves are custom products, but auditable. industry. ______________ are usually the systems development service is 7 sold only as compiled program commercially provided. This option is Q modules, and users have limited ability popular in the health care and legal Organizations usually acquire to customize them to their specific services industries. information systems in two ways: needs. A A A Vendor-Supported Systems. 20 Typical responsibilities for a steering The _______________ provides Q committee include the following: management with a basis for deciding The three advantages of commercial A whether to proceed with the project. software: Resolving conflicts that arise A A from new systems Project Proposal 1. Implementation of Time - Reviewing projects and 32 commercial software can be assigning priorities Q implemented almost Budgeting funds for systems The ________________ represents immediately once a need is development management’s commitment to the recognized. Reviewing the status of project. It is a budget of the time and 2. Cost - The cost of commercial individual projects under costs for all the phases of the SDLC. software is spread across development A many users; the unit cost is Determining at various Project Schedule reduced checkpoints throughout the 33 to a fraction of the cost of a SDLC whether to continue Q system developed in-house. with the project or terminate This is the second phase of SDLC. 3. Reliability - Most reputable it ____________________ is a two-step commercial software packages 26 process involving first a survey of the are thoroughly tested before Q current system and then an analysis of their release to the consumer Systems planning occurs at two levels: the user’s needs. A business problem market. A must be fully understood by the 21 strategic systems planning and project systems analyst before he or she can Q planning. formulate a solution. The three disadvantages of commercial 27 A software: Q Systems analysis A _________________ involves the 34 1. Vendor Dependence - allocation of systems resources at the Q Purchasing a vendor- macro level. It usually deals with a time Most systems are not developed from supported system makes the frame of 3 to 5 years. This process is scratch. Usually, some form of firm dependent on the vendor similar to budgeting resources for information system and related for maintenance. other strategic activities, such as procedures are currently in place. The 2. The need for customized product development, plant analyst often begins the analysis by systems - Sometimes, the expansions, market research, and determining what elements, if any, of user’s needs are unique and manufacturing technology the current system should be complex, and commercially A preserved as part of the new system. available software is either too Strategic systems planning This involves a rather detailed general or too inflexible. 28 ______________. 3. Maintenance - Business Q A information systems undergo There are four justifications for system survey frequent changes. If the user’s strategic systems planning: 35 needs change, it may be A Q difficult or even impossible to 1. A plan that changes constantly Disadvantages of Surveying the Current modify commercial software. is better than no plan at all. System: 22 2. Strategic planning reduces the A Q crisis component in systems Current physical tar pit - This The phases of SDLC are: development term is used to describe the A 3. Strategic systems planning tendency on the part of the 1. Systems Planning provides authorization control analyst to be “sucked in” and 2. Systems Analysis for the SDLC then “bogged down” by the 3. Conceptual Design 4. Cost management. task of surveying the current 4. Systems Selection 29 dinosaur system. 5. Detailed Design Q Thinking inside the box. - By 6. Programming and Testing This is a level of systems planning studying and modeling the old 7. Implementation whose purpose is to allocate resources system, the analyst may 8. New Systems Development to individual applications within the develop a constrained notion 9. Systems Maintenance framework of the strategic plan. This about how the new system 23 involves identifying areas of user should function. The result is Q needs, preparing proposals, evaluating an improved old system rather The objective of systems planning is to: each proposal’s feasibility and than a radically new approach. A contribution to the business 36 to link individual system projects or plan, prioritizing individual projects, Q applications to the strategic objectives and scheduling the work to be done. Advantages of Surveying the Current of the firm A System 24 Project Planning A Q 30 Identifying what aspects of the Who should do Systems Planning? Q old system should be kept. A The product of the project planning Forcing systems analysts to Steering Committee - The composition phase consists of two formal fully understand the system. of the steering committee may include documents: Isolating the root of problem the chief executive officer, the chief A symptoms financial officer, the project proposal and the project 37 the chief information officer, senior schedule. Q management from user areas, the 31 A system fact that includes external internal auditor, and senior Q entities, such as customers or vendors, management from computer services. as well as internal sources from other 25 departments. Q A In fact gathering for surveys, systems processed, sources of data, users Data sources. analysts employ several techniques to of reports, and control issues. 38 gather the previously cited facts. A Q Commonly used techniques include: Questionnaires A system fact that include both A 53 managers and operations users observation Q A task participation ____________________ is an Users. personal interview intellectual process that is commingled 39 reviewing key documents. with fact gathering. The Q 48 analyst is simultaneously analyzing as A system fact that comprise of the files, Q he or she gathers facts. The mere databases, accounts, and source A fact-gathering technique that recognition of a problem presumes documents used in the system. involves passively watching the some understanding of the norm or A physical procedures of the system. This desired state. It is therefore difficult to Data stores. allows the analyst to determine what identify where the survey ends and the 40 gets done, who performs the tasks, analysis begins. Q when they do them, how they do them, A A system fact that involves processing why they do them, and how long they Systems analysis tasks that are manual or computer take. The event that marks the conclusion of operations that represent a decision or A the systems analysis phase is the an action triggered by information. Observation. __________________. A 49 A Processes. Q preparation of a 41 This is a fact-gathering technique that formal systems analysis report System facts that are represented by is an extension of observation, 55 the movement of documents and whereby the analyst takes an active Q reports between data sources, data role in performing the user’s work. This This report presents to management or stores, processing tasks, and users. allows the analyst to experience first- the steering committee the survey They can also be represented in UML hand the problems involved in the findings, the problems identified with diagrams. operation of the current system. the current system, the user’s needs, A A and the requirements of the new Data flows. Task Participation system 42 50 A Q Q systems analysis report These are system facts that include A fact-gathering technique that is a 56 both accounting and operational method of extracting facts about the Q controls and may be manual current system and user perceptions The third phase of the SDLC is procedures or computer controls. about the requirements for the new ______________________________ A system. The instruments used to gather A Controls these facts may be open-ended Conceptual Systems Design 43 questions or formal questionnaires. 57 Q A Q Understanding the characteristics of Personal Interviews. The purpose of the ___________________________ and 50 ______________________ is to its rate of growth are important Q produce several alternative conceptual elements in assessing capacity A fact-gathering technique that is a systems that satisfy the system requirements for the new system. method of extracting facts about the requirements identified during systems A current system and user perceptions analysis. Transaction volumes about the requirements for the new A 44 system. The instruments used to gather conceptual design Q these facts may be open-ended 58 As a system reaches capacity, questions or formal questionnaires. Q _______________ increase to an A Two approaches to conceptual system intolerable level. Although no system Personal Interviews. design: is perfect, the analyst must determine 51 A the acceptable error tolerances for the Q the structured approach and the new This instrument used in an interview object-oriented approach system. allows users to elaborate on the 59 A problem as they see it and Q Error rates. offer suggestions and ________________________ builds 45 recommendations. Answers to these systems from the bottom up through Q questions tend to be the assembly of reusable modules These are the resources used by the difficult to analyze, but they give the rather than creating each system from current system that nclude the costs of analyst a feel for the scope of the scratch. labor, computer time, materials (such problem A as invoices), and direct overhead A Object-oriented design A Open-ended questions 60 Resource costs. 52 Q 46 Q The _________________________ is a Q An instrument used in interviews that disciplined way of designing systems Delays may be caused by are used to ask more specific, detailed from the top down. It consists of ________________ such as questions and to restrict the starting with the “big picture” of the unnecessary approvals or sign-offs user’s responses. This is a good proposed system that is gradually A technique for gathering objective facts decomposed into more and more redundant operations about the nature of specific detail until it is fully understood. 47 procedures, volumes of transactions A Q structured design approach 61 conceptual system and the company’s 78 Q ability to discharge its legal Q The _________________________ responsibilities. Identify if one-time cost or recurring should highlight the differences A cost: Systems design between critical features of competing Legal Feasibility. A systems rather than their similarities. 69 one-time cost A Q 79 Conceptual Design Phase In assessing project feasibility, this Q 62 shows the degree of compatibility Identify if one-time cost or recurring Q between the firm’s existing procedures cost: Programming and testing The __________________ approach is and personnel skills and the A to build information systems from operational requirements of the new one-time cost reusable standard components or system. 80 objects. This approach may be equated A Q to the process of Operational Feasibility Identify if one-time cost or recurring building an automobile. 70 cost: Data conversion from old system A Q to new system object-oriented design (OOD) In assessing project feasibility, this A 63 relates to the firm’s ability to one-time cost Q implement the project within an 81 The _______________________ is acceptable time. This feasibility factor Q central to the object-oriented approach impacts both the scope of the Identify if one-time cost or recurring to systems design. project and whether it will be cost: Personnel training A developed in-house or purchased from A concept of reusability a software vendor. one-time cost 64 A 82 Q Schedule Feasibility Q The fourth phase of SDLC is 71 Identify if one-time cost or recurring __________________. Q cost: Hardware maintenance A This helps management determine A systems whether (and by how much) the Recurring Costs evaluation and selection phase benefits received from a proposed 83 65 system will outweigh its costs. This Q Q technique is frequently used for Identify if one-time cost or recurring _________________________ is the estimating the expected financial value cost: Software maintenance contracts procedure for selecting the one system of business investments. A from the set of alternative conceptual A Recurring Costs designs that will go to the detailed Cost–benefit analysis 84 design phase. It is an optimization 72 Q process that seeks to identify the best Q Identify if one-time cost or recurring system. This decision represents a There are three steps in the application cost: Insurance critical juncture in the SDLC. of cost–benefit analysis: A A A Recurring Costs System Evaluation and Selection identify costs, identify benefits, and 85 66 compare costs and benefits. Q Q 73 Identify if one-time cost or recurring The evaluation and selection process Q cost: Supplies involves two steps: These costs include the initial A A investment to develop and implement Recurring Costs 1. Perform a detailed feasibility the system. 86 study A Q 2. Perform a cost-benefit One-time costs Identify if one-time cost or recurring analysis 74 cost: Personnel 67 Q A Q These include operating and Recurring Costs In assessing project feasibility, this is maintenance costs that recur over the 87 concerned with whether the system life of the system. Q can be developed under existing A This cost includes the cost of technology or if new technology is Recurring costs mainframe, minicomputers, needed. 75 microcomputers, and peripheral A Q equipment, such as tape drives and Technical Feasibility Identify if one-time cost or recurring disk packs. These cost figures can be 68 cost: Hardware acquisition obtained from the vendor. Q A A In assessing project feasibility, this one-time cost Hardware acquisition. pertains to the availability of funds to 76 88 complete the project. At this point, we Q Q are concerned with management’s Identify if one-time cost or recurring This cost involves such frequently financial commitment to this project in cost: Site preparation overlooked costs as building view of other competing capital A modifications (e.g., adding air projects under consideration. one-time cost conditioning or making structural A 77 changes), equipment installation Economic Feasibility Q (which may include the use of heavy 69 Identify if one-time cost or recurring equipment), and freight charges. Q cost: Software acquisition A In assessing project feasibility, this A Site preparation. identifies any conflicts between the one-time cost 89 95 comparing competing projects. Q Q 5. Intangible benefits are assigned These costs apply to all software These costs include upgrading and reasonable financial values. purchased for the proposed debugging operating systems, 103 system, including operating system purchased applications, and in-house Q software (if not bundled with the developed applications. Maintenance The fifth phase of the SDLC is hardware), network control software, contracts with software vendors can be __________________. and commercial applications (such as used to specify these costs fairly A accounting packages). accurately. detailed design phase Estimates of these costs can be A 104 obtained from vendors. Software maintenance Q A 96 The purpose of the Software acquisition Q _______________________ is to 89 This cost covers such hazards and produce a detailed description of the Q disasters as fire, hardware failure, proposed system that both satisfies the These costs apply to all software vandalism, and destruction by system requirements identified during purchased for the proposed disgruntled employees. systems analysis system, including operating system A and is in accordance with the software (if not bundled with the Insurance. conceptual design. hardware), network control software, 97 A and commercial applications (such as Q detailed design phase accounting packages). These costs are incurred through 105 Estimates of these costs can be routine consumption of such items as Q obtained from vendors. paper, magnetic disks, CDs, and general In this phase, all system components A office supplies. (user views, database tables, Software acquisition A processes, and controls) are 90 Supplies. meticulously specified. At the end of Q 98 this phase, these components are These costs are those incurred by Q presented formally in a detailed design systems professionals performing These are the salaries of individuals report. This report constitutes a set of the planning, analysis, and design who are part of the information blueprints that specify input screen functions. Technically, such costs system. Some employee costs are formats, output report layouts, incurred up to this point are “sunk” and direct and easily identifiable, such as database structures, and process logic. irrelevant to the decision. The analyst the salaries of These completed plans then proceed to should estimate only the costs needed operations personnel exclusively the final phase in the to complete the detailed design. employed as part of the system under SDLC—systems implementation— A analysis. where the system is physically Systems design. A constructed. 91 Personnel costs. A Q 99 detailed design phase These costs are based on estimates of Q 106 the personnel hours required to write Tangible benefits fall into two Q new programs and modify existing categories: After completing the detailed design, programs for the proposed A the development team usually system. those that increase revenue and those performs a system design ___________ A that reduce costs. to ensure that the design is free from Programming and testing. 100 conceptual errors that could become 92 Q programmed into the final system. Q The deliverable product of the systems A These costs arise in the transfer of data selection process is the Walkthrough from one storage medium ___________________ 107 to another. For example, the A Q accounting records of a manual system systems selection report This group is an independent one made must be converted to magnetic form 101 up of programmers, analysts, users, when the system becomes computer- Q and internal auditors. The job of this based This formal document consists of a group is to simulate the A revised feasibility study, a cost-benefit operation of the system to uncover Data conversion analysis, and a list and explanation of errors, omissions, and ambiguities in 93 intangible benefits for each alternative the design Q design. A These costs involve educating users to A quality assurance group operate the new system. In-house systems selection report 108 personnel could do this in an extensive 102 Q training program provided by an Q The sixth phase of the SDLC is outside organization at a remote site or The Auditor’s Role in Evaluation and _________________________. through on-the-job training Selection: A A A Application Programming and Testing Training Specifically, the auditor should ensure 108 94 five things: Q Q 1. Only escapable costs are used in The sixth phase of the SDLC is This cost involves the upgrading of the calculations of cost savings benefits. _________________________. computer (increasing the memory), as 2. Reasonable interest rates are used in A well as preventive maintenance and measuring present values of cash Application Programming and Testing repairs to the computer and peripheral flows. 109 equipment 3. One-time and recurring costs are Q A completely and accurately reported. A _______________________ requires Hardware maintenance 4. Realistic useful lives are used in the programmer to specify the precise order in which the program programs undergo changes to The conversion cycle is composed of logic is executed. accommodate two major subsystems: A changes in user needs. Some A procedural language/third-generation application changes are trivial, such as the production system languages (3GLs) modifying the system and the cost accounting system. 110 to produce a new report or changing 9 Q the length of a data field. Q Under this model, the program’s code A This system of the conversion cycle is not executed in a predefined Systems maintenance involves the planning, scheduling, and sequence. Instead, external actions or control of the physical product through “events” that are initiated by the user End Chapter 5 the manufacturing process. dictate the control flow of the The most common financial A program. transactions are conversion cycle A A 10 Event-Driven Languages economic exchanges with external Q 111 parties. This system of the conversion cycle Q 2 monitors the flow of cost information The seventh phase of SDLC is Q related to production. Information this ________________. Three transaction cycles process most system produces is used for inventory A of the firm’s economic activity: valuation, budgeting, cost control, system implementation phase A performance reporting, 112 the expenditure cycle, the conversion and management decisions, such as Q cycle, and the revenue cycle make-or-buy decisions. The system’s __________________ 3 A provides the auditor with essential Q cost accounting system information about how the system In this cycle, business activities begin 11 works. with the acquisition of materials, Q A property, and labor in exchange Firms sell their finished goods to documentation for cash. customers through the 113 A _________________, which involves Q expenditure cycle processing cash sales, credit sales, and Computer operators use 4 the receipt of cash following a credit documentation called a _________, Q sale. which describes how to run the system This system recognizes the need to A A acquire physical inventory (such as raw revenue cycle run manual materials) and places an order with the 12 114 vendor. When the goods are received, Q Q this system records the event by This is a subsystem of the revenue _________ have little or no experience increasing inventory and establishing cycle where majority of business sales with computers and are embarrassed an account payable to be paid at a later are made on credit and to ask questions. They also know little date. involve tasks such as preparing sales about their assigned tasks. User A orders, granting credit, shipping training and documentation must be Purchases/accounts payable system. products (or rendering of a service) to extensive and detailed. 5 the customer, billing customers, and A Q recording the transaction in the Novices When the obligation created in the accounts (accounts receivable [AR], 115 purchases system inventory, expenses, and sales). Q is due, the _____________ authorizes A The Auditor’s Role in System the payment, disburses the funds to Sales order processing Implementation the vendor, and records the transaction 13 A by reducing the cash and accounts Q Provide Technical Expertise payable accounts. This is a subsystem of the revenue Specify Documentation Standards A cycle. For credit sales, some period of Verify Control Adequacy and cash disbursements system time (days or weeks) passes between Compliance with SOX 6 the point of sale and the receipt of 116 Q cash. Cash receipts processing includes Q The _______________ collects labor collecting cash, depositing cash in the One of the most important steps in the usage data for each employee, bank, and recording these events in the implementation stage actually takes computes the payroll, and disburses accounts (AR and cash). place some months later in a paychecks to the employees. A __________________. The review is A Cash receipts conducted by an independent team to payroll system 14 measure the success of the system and 7 Q of the process after the dust has Q A ____________ provides evidence of settled. . A firm’s ______________ processes an economic event and may be used to A transactions pertaining to initiate transaction processing. post-implementation review the acquisition, maintenance, and A 117 disposal of its fixed assets. These are document Q relatively permanent items that 15 The seventh phase of SDLC is collectively often represent the Q ______________________ organization’s largest financial Economic events result in some A investment. documents being created at the Systems Maintenance— A beginning (the source) of the 118 fixed asset system. transaction. These are called Q 8 _____________________. _____________________ Q A is a formal process by which application source documents 16 Q An ___________________ is a Q There are two basic types of ledgers: documentation technique used to ___________________ are documents A represent the relationship between used to capture and formalize (1) general ledgers, which contain the entities. transaction data that the transaction firm’s account information in the form A cycle needs for processing. of highly summarized control accounts, entity relationship (ER) diagram A and 35 Source documents (2) subsidiary ledgers, which contain Q 17 the details of the individual accounts __________ are physical resources Q that constitute a particular control (automobiles, cash, or inventory), _____________________ are the account. events (ordering inventory, receiving documents that are result of 27 cash, shipping goods), and agents transaction processing Q (salesperson, customer, or vendor) rather than the triggering mechanism The ______________ summarizes the about which the organization wishes to for the process. activity for each of the organization’s capture data A accounts. A Product documents A Entities 18 general ledger 36 Q 28 Q are product documents of one Q The degree of the relationship, called system that become source documents _______________ are kept in various ______________, is the numerical for another system. accounting departments mapping between entity instances. A of the firm, including inventory, A Turnaround Documents. accounts payable, payroll, and AR. cardinality 19 A 37 Q Subsidiary ledgers Q A ______________ is a record of a 29 This _____________ is the blueprint for chronological entry. At some point in Q what ultimately will become the the transaction process, when all A ___________ generally contains physical database. relevant facts about the transaction are account data. The general ledger and A known, the event is recorded in this in subsidiary ledgers are examples of this. data model chronological order. A 38 A master file Q Journal 30 Describe the relationship between ER 20 Q Diagrams and Data Flow Diagrams Q A _______________ is a temporary file A ___________ are the primary source of of transaction records used 1. DFDs and ER diagrams depict data for journals. to change or update data in a master different aspects of the same A file. Sales orders, inventory receipts, system, but they are related Documents and cash receipts are examples of this. and can be reconciled. 21 A 2. A DFD is a model of system Q transaction file processes, and the ER diagram ______________ are used to record 31 models the data used in or specific classes of transactions Q affected by the system. that occur in high volume. A ______________ stores data that are 3. The two diagrams are related A used as standards for processing through data; Special journals transactions. For example, the payroll each data store in the DFD 22 program may refer to a tax table to represents a corresponding Q calculate the proper amount of data entity in the ER diagram The term ___________ is often used to withholding taxes for payroll 39 denote certain types of special transactions. Q journals. A A ______________ is the graphical A reference file representation of the physical register 32 relationships among 23 Q key elements of a system. Q An ______________ contains records A Firms use the _____________ to record of past transactions that are retained system flowchart nonrecurring, infrequent, for future reference. These 40 and dissimilar transactions transactions form an important part of Q A the audit trail. These include journals, __________________ permits the general journal prior-period payroll information, lists of efficient management of a large 24 former employees, records volume of transactions Q of accounts written off, and prior- A A _________ is a book of accounts that period ledgers. Batch processing reflects the financial effects of the A 41 firm’s transactions after they are archive file Q posted from the various journals. 33 A _____ is a group of similar A Q transactions (such as sales orders) that ledger The _______________ uses symbols to are accumulated over 25 represent the entities, processes, data time and then processed together. Q flows, and data stores that pertain to a A A ___________ indicates the system. batch increases, decreases, and current A 42 balance of each account. data flow diagram (DFD) Q A 34 ___________________ are used to ledger Q reveal the internal structure of the 26 records that constitute a file or chart of accounts management’s stewardship database table. 52 responsibility to account for resource A Q utilization. Both the current and Record layout diagrams _________________ are used to historical journal voucher files are 43 represent complex items or events important links in the firm’s audit trail. Q involving two or more pieces of related A The information time frame for this data. The code consists of zones or journal voucher history file data processing method: Lag exists fields that possess specific 60 between time when the economic meaning Q event occurs and when it is recorded. A The ______________________ A Numeric group codes contains the revenues, expenditures, Batch processing method 53 and other resource utilization data for 44 Q each responsibility center in the Q _________________ are used for many organization. The MRS draws This data processing method requires of the same purposes as numeric upon these data for input in the fewer resources (e.g., hardware, codes. Alphabetic characters may be preparation of responsibility reports for programming, training) . assigned sequentially (in alphabetical management A order) or may be used in block and A Batch processing method group coding techniques. responsibility center file 45 A 61 Q Alphabetic codes Q The operational efficiency of this data 54 The __________________ contains processing method: Certain records are Q budgeted amounts for revenues, processed after the ____________ are alphabetic expenditures, and other resources for event to avoid operational delays. characters in the form of acronyms and responsibility centers. A other combinations that convey A Batch processing method meaning. budget master file 46 A 62 Q Mnemonic codes Q The information time frame for this 55 This is the Internet standard of data processing method: Processing Q reporting language specifically takes place when the economic event A ____________________, which can designed for business reporting and occurs be used to represent summaries of information exchange. The objective of A similar transactions or a single unique this is to facilitate the publication, Real time processing method transaction, identifies the financial exchange, and processing of financial 47 amounts and affected general ledger and business information. Q (GL) accounts. A The operational efficiency of this data A eXtensible business reporting language processing method: All records journal voucher (XBRL) pertaining to the event are processed 56 immediately. Q END CHAPTER 6 A The _________________ is the The data collection component oft he Real time processing method principle file in the GLS database. This information system is responsible for 48 file is based on the organization’s _____________________ Q published chart of accounts. Each A This data processing method requires record in the GL master is either a for bringing data into the system for more resources than batch processing. separate GL account (for example, processing. A sales) or the control account (such as 2 Real time processing method AR— control) for a corresponding Q 49 subsidiary ledger in the transaction The data collection component of the Q processing system information system is responsible for ________________ represent items in A bringing data some sequential order (ascending general ledger master file into the system for processing. or descending). A common application 57 _____________ at this stage are of this is the prenumbering of source Q designed to ensure that documents. At printing, each hard-copy The _______________ has the same these transactions are valid, accurate, document is given a unique sequential format as the GL master. Its primary and complete. code number purpose is to provide historical A A financial data for comparative financial Input Controls Sequential codes reports 3 50 A Q Q general ledger history file Classes of Input Controls A _____________ is a variation on 58 A sequential coding that partly remedies Q Source document controls the disadvantages just described. This The ____________________ is the Data coding controls approach can be used to represent total collection of the journal vouchers Batch controls whole classes of items by restricting processed in the current period. This Validation controls each class to a specific range within the file provides a record of all general Input error correction coding scheme. ledger transactions and replaces the Generalized data input A traditional general journal. systems numeric block code A 4 51 journal voucher file Q Q 59 two types of transposition errors: A common application of block coding Q A is the construction of a The ___________________ contains single transposition errors and multiple ______________________. journal vouchers for past periods. This transposition errors A historical information supports 5 Q record being processed. For example, Q ____________________ are used to in a sales order processing system, the A ______________ is a control digit (or verify that certain fields are filled with dollar amount field must digits) added to the code when it is zeros. Some be positive for sales orders but originally assigned that program languages require that fields negative for sales return transactions. allows the integrity of the code to be used in mathematical operations be A established during subsequent initiated with Sign checks processing zeros prior to processing 23 A A Q check digit Zero-value checks _____________ are used to determine 6 15 if a record is out of order. In batch Q Q systems that use sequential master _________ are an effective method of _________ determine if the value in files, the transaction files being managing high volumes of the field exceeds an authorized limit. processed must be sorted in transaction data through a system. For example, assume the firm’s policy the same order as the primary keys of A is that no employee works more than the corresponding master file. Batch controls 44 hours per week. The payroll system A 7 validation program can interrogate the Sequence checks Q hours-worked field in the weekly 24 The objective of batch control is payroll records for values greater than Q _______________________. 44. The purpose of _______________ is to A A ensure that the correct file to reconcile output produced by the Limit checks is being processed by the system. system with the input originally 16 These controls are particularly entered into the system. Q important for master 8 ____________ assign upper and lower files, which contain permanent records Q limits to acceptable data values of the firm and which, if destroyed or ______________ refers A corrupted, to a simple control technique that uses Range checks are difficult to replace. nonfinancial data to keep track of the 17 A records in Q file interrogation a batch. The purpose of this control is to detect 25 A keystroke errors that shift the decimal Q Hash total point one or more places. ____________ verify that the file 9 A processed is the one the program is Q Range checks actually calling for. Input _______________ are intended 18 A to detect errors in Q Internal label checks transaction data before the data are ____________ compare actual values 26 processed. in a field against known acceptable Q A values. This control is used to verify ________________ are used to verify validation controls such things as transaction codes, state that the version of the file being 10 abbreviations, or employee job skill processed is correct. In a grandparent– Q codes. If the value in the field does not parent–child approach, many versions There are three levels of input match one of the acceptable of master files and transactions may validation controls: values, the record is determined to be exist. This control compares the version A in error. number of the files being processed 1. Field interrogation A with the program’s requirements. 2. Record interrogation Validity checks A 3. File interrogation 19 Version checks 11 Q 27 Q ______________ controls identify Q __________________ involves keystroke errors in key fields by testing An __________________ prevents a programmed procedures that examine the internal file from being deleted before it the characteristics of the data in the validity of the code expires. In a GPC system, for example, field. A once an adequate number of backup A Check digit files is created, the oldest Field interrogation 20 backup file is scratched (erased from 12 Q the disk or tape) to provide space for Q ______________ procedures validate new files. ________________ are used to the entire record by examining the A examine the contents of a field for the interrelationship of its field values. expiration date check presence of A 28 blank spaces. Record interrogation Q A 21 The three common error Missing data checks Q handling techniques: 13 Reasonableness checks determine if a A Q value in one field, which has already (1) correct immediately, _______________________ checks passed a limit check and a range check, (2) create an error file, and determine whether the correct form of is reasonable when considered along (3) reject the entire batch. data is in a with other data fields in the record. 29 field. For example, a customer’s A Q account balance should not contain Reasonableness checks To achieve a high degree of control and alphabetic data. 22 standardization over input validation A Q procedures, some organizations Numeric-alphabetic data checks _________ are tests to see if the sign employ a 14 of a field is correct for the type of __________________________. A transaction log systems that require operator generalized data input system (GDIS) 37 intervention. 30 Q A Q Processing controls are divided into Print Programs The GDIS approach has three three categories: 45 advantages: A Q A run-to-run controls, Print program controls are designed to First, it improves control by having one operator intervention controls, deal with two types of exposures common system perform all data and Audit Trail Controls. presented by this environment: validation. 38 A Second, GDIS ensures that each AIS Q (1) the production of unauthorized application applies a consistent ______________________ use batch copies of output and standard for data validation. figures to monitor the batch as it (2) employee browsing of sensitive Third, GDIS improves systems moves from one programmed data. development efficiency. procedure (run) to another. These 46 31 controls ensure that each run in the Q Q system processes the batch correctly When output reports are removed A GDIS has five major components: and completely. from the printer, they go to the A A _____________ stage to have their 1. Generalized validation module Run-to-run controls pages separated and collated. 2. Validated data file 39 A 3. Error file Q bursting 4. Error reports The ______________ control compares 47 5. Transaction log the sequence of each record in the Q 32 batch with the previous record to In some organizations, the Q ensure that proper sorting took place. ____________________ is responsible The _________________________ A for verifying the accuracy of computer performs standard validation routines output before it is distributed to the that are common to many different 40 user. applications. These routines are Q A customized to an individual Systems sometimes require data control group application’s needs through _________________________ to 48 parameters that specify the program’s initiate certain actions, such as entering Q specific requirements. control totals for a batch of records, The primary risks associated with A providing parameter values for logical ______________ include reports being generalized validation module (GVM) operations, and activating a program lost, stolen, or misdirected in transit to 33 from a different point when reentering the user. Q semi-processed A The input data that are validated by the error records. report distribution GVM are stored on a A 49 _________________. This is a operator intervention Q temporary holding file through which 41 Auditors testing with the validated transactions flow to their Q _______________ do not rely on a respective applications. The file is Systems that limit operator detailed knowledge of the analogous to a tank of water intervention through application’s internal logic. whose level is constantly changing, as it ___________________ are thus less A is filled from the top by the GVM and prone to processing errors. black-box approach emptied from the bottom by A 50 applications. operator intervention controls Q A 42 The advantage of the validated data file Q __________________ is that the 34 ________________ ensure that system application need not be removed Q output is not lost, misdirected, or from service and tested directly. This The ___________ in the GDIS plays the corrupted and that privacy is not approach is feasible for testing same role as a traditional error file. violated. applications that are Error records detected during A relatively simple. validation are stored in the file, Output controls A corrected, and then resubmitted to the 43 black-box approach GVM. Q 51 A Applications waiting to print output Q error file occupy computer memory and block The _________________ relies on an 35 other applications from entering the in-depth understanding of the internal Q processing stream. To ease this logic of the application being tested. Standardized _____________ are burden, applications are often designed This approach includes several distributed to users to facilitate error to direct their output to a magnetic techniques for testing application logic correction disk file rather than to the printer directly. These techniques use small A directly. This is called numbers of specially created test error reports _______________ transactions to verify specific aspects of 36 A an application’s logic and controls. Q output spooling A The ___________________ is a 44 white-box approach permanent record of all validated Q 52 transactions. From an accounting When the printer becomes available, Q records point of view, it is equivalent to the print run program produces hard ________________ verify that an the journal and is an important copy output from the output file. individual, a programmed procedure, element in the audit trail. ________________ are often complex or a message (such as an EDI A transmission) attempting to access a Q Advantages of (integrated test facility) system The _____________________ is used ITF A to establish application integrity by A Authenticity tests processing specially First, ITF supports ongoing monitoring 53 prepared sets of input data through of controls as required by SAS 78. Q production applications that are under Second, applications with ITF can ________________, which ensure that review. be economically tested without the system processes only data values A disrupting the user’s operations and that conform to specified tolerances. test data method without the intervention of computer Examples include range tests, field 61 services personnel. tests, and limit tests. Q 67 A When the set of test data in use is Q Accuracy tests comprehensive, the technique is called _______________ requires the auditor 54 the _______________________. These to write a program that simulates key Q tests are conducted with a set of test features or processes of the application ________________ identify missing transactions containing all possible under review. data within a single record and entire transaction types. These are processed A records missing from a batch. The through repeated iterations during Parallel simulation types of tests performed are field tests, systems development testing until record sequence tests, hash totals, and consistent and valid results are END CHAPTER 7 control totals. obtained. A A Data structures have two fundamental Completeness tests base case system evaluation (BCSE). components: 55 62 A Q Q organization and access method _________________ determine that an A type of test data technique called 2 application processes each record only ___________ performs an electronic Q once. walkthrough of the application’s _______________ refers to the way A internal logic. records are physically arranged on the Redundancy tests A secondary storage device. This may be 56 tracing either sequential or random. Q 63 A _____________ ensure that the Q Organization application prevents authorized users Advantages of Test Data Techniques 3 from unauthorized access to data. A Q Access controls include passwords, First, they employ through the The _______________ is the technique authority tables, userdefined computer testing, thus providing the used to locate records and to navigate procedures, data encryption, and auditor with explicit evidence through the database or inference controls. concerning application functions. file. A Second, if properly planned, test data A Access tests runs can be employed with only access method 57 minimal disruption to the 4 Q organization’s operations. Q ______________ ensure that the Third, they require only minimal Under this arrangement, for example, application creates an adequate audit computer expertise on the part of the record with key value 1875 is trail. This includes evidence that the auditors. placed in the physical storage space application records all transactions in a 64 immediately following the record with transaction Q key value 1874. Thus, all records in the log, posts data values to the Disadvantages of Test Data Techniques file lie in contiguous storage spaces in a appropriate accounts, produces A specified sequence (ascending or complete transaction listings, and 1. Auditors must rely on descending) arranged by their primary generates error files and reports for all computer services personnel key. exceptions. to obtain a copy of the A A application for test purposes. sequential structure Audit trail tests 2. They provide a static picture 5 58 of Q Q application integrity at a single An ________________ is so named __________________ verify the point in time. They do not because, in addition to the actual data correctness of rounding procedures. provide a convenient means of file, there exists a separate index that is Rounding errors occur in accounting gathering evidence about itself a file of record addresses. This information when the level of precision ongoing application index contains the numeric used in the calculation is greater than functionality. value of the physical disk storage that used in the reporting. 3. test data techniques have location (cylinder, surface, and record A relatively high cost of block) for each record in the associated Rounding error tests, implementation, which results data file. 59 in audit inefficiency A Q 65 indexed structure ____________________ tend Q 6 to affect a large number of victims, but The __________________approach is Q the harm to each is immaterial. This an automated technique that enables Records in an _________________ are type of fraud takes its name from the the auditor to test an application’s logic dispersed throughout a disk without analogy of slicing a large salami (the and controls during its normal regard for their physical proximity to fraud objective) operation. other related records into many thin pieces A A A integrated test facility (ITF) indexed random file Salami frauds 66 7 60 Q Q The A A ___________________________struct logical key pointer primary key ure is used for very large files that 15 24 require routine batch processing and a Q Q moderate degree of individual record This structure uses an index in Logically related tables need to be processing. For instance, the customer conjunction with a sequential file physically connected to achieve the file of a public utility company will be organization. It facilitates both direct associations described in the data processed in batch mode for billing access to individual records and batch model using foreign keys. purposes and directly accessed in processing of the entire file. Multiple A response to individual customer indexes can be used to create a cross- foreign keys queries reference, 25 A called an inverted list, which allows Q Virtual Storage access method (VSAM) even more flexible access to data. A ____________ is the set of data that 8 A a particular user sees. Examples of this Q indexed sequential file structure are computer screens for entering or A VSAM file has three physical 16 viewing data, management reports, or components: Q source documents such as an invoice. A An _______ is anything about which A the indexes, the prime data storage the organization wishes to capture user view area, and the overflow area. data. These may be physical, such as 26 9 inventories, customers, or employees. Q Q They may also be conceptual, such as Improperly normalized tables can A ______________ employs an sales (to a customer), accounts cause DBMS processing problems that algorithm that converts the primary receivable (AR), or accounts payable restrict, or even deny, users access to key of a record directly into a storage (AP). the information they address. A need. Such tables exhibit negative A entity operational symptoms called hashing structure 17 _________________. 10 Q A Q The term _____________ is used to anomalies The principal advantage of hashing is describe the number of instances or 27 _____________________. records that pertain to a specific entity. Q A A To be free of anomalies, tables must be access speed occurrence normalized to the 11 18 _______________________. Q Q A ________________ is used to create a ______________ are the data third normal form (3NF) level. linked-list file. elements that define an entity. 28 A A Q pointer structure Attributes The _____________ results from data 12 19 redundancy in an unnormalized table. Q Q A A ___________________ contains the The labeled line connecting two update anomaly actual disk entities in a data model describes the 29 storage location (cylinder, surface, and nature of the Q record number) needed by the disk ___________ between them. The _______________ involves the controller. This physical address allows A unintentional deletion of data the system to access the record directly association from a table. without obtaining 20 A further information. This method has Q deletion anomaly the advantage of speed, since it does _____________ is the degree of 30 not need to be manipulated further to association between two entities Q determine a record’s location. A _________________ is a component of A Cardinality a much larger systems development physical address pointer 21 process that involves extensive analysis 13 Q of user needs. Q __________ describes the number of A A _____________ contains the relative possible occurrences in one table that Database design position of a record in the file. For are associated with a single occurrence 31 example, the pointer could specify the in a related table. Q 135th record in the file. This must be A Combining the data needs of all users further manipulated to convert it to the cardinality into a single schema or enterprise-wide actual physical address. The conversion 22 view is called software calculates this by using the Q _____________________. physical address of the beginning of the Four basic forms of cardinality are A file, the length of each record possible: view integration in the file, and the relative address of A 32 the record being sought. zero or one (0,1) Q A one and only one (1,1) The objective of the relative address pointer zero or many (0,M) ____________________, also known as 14 one or many (1,M). continuous auditing, is to identify Q 23 important transactions while they are A _________________ contains the Q being processed and extract copies of primary key of the related record. This The value of at least one attribute in them in real time. key value is then converted into the each occurrence (row) must be unique. A record’s physical address by a hashing This attribute is the embedded audit module (EAM), algorithm. ______________________. 33 Q _____________________________ An ____________ is a specially feature allows the auditor to view the programmed module embedded in a distribution of records that fall host application to capture into specified strata. predetermined transaction types for A subsequent analysis. ACL’s stratification A 42 embedded audit module (EAM) Q 34 Data can be stratified on any numeric Q field such as sales price, unitcost, Disadvantages of EAMs quantity sold, and so on. The data are A summarized and classified by strata, 1. Operational Efficiency which can be equal in size (called 2. Verifying EAM Integrity ___________) or vary in size (called 35 ___________). Q A ___________________ is the most 43 widely used CAATT for IS auditing. It Q allows auditors to access electronically ACL offers many sampling methods for coded data files and perform various statistical analysis. Two of the most operations frequently used are on their contents. ________________________. A A Generalized audit software (GAS) record sampling and monetary unit 36 sampling (MUS). Q The widespread popularity of GAS is due to four factors: A (1) GAS languages are easy to use and require little computer background on the part of the auditor; (2) many GAS products can be used on both mainframe and PC systems; (3) auditors can perform their tests independent of the client’s computer service staff; and (4) GAS can be used to audit the data stored in most file structures and formats. 37 Q _______________________ was designed as a meta-language for auditors to access data stored in various digital formats and to test them comprehensively. A ACL (audit command language) 38 Q One of ACL’s strengths is the ability to read data stored in most formats. ACL uses the __________________ for this purpose A data definition feature 39 Q ______________ are expressions that search for records that meet the filter criteria. A Filters 40 Q ________________________ allows the auditor to use logical operators such as AND, OR, , , NOT and others to define and test conditions of any complexity and to process only those records that match specific conditions A ACL’s expression builder 41 Q