Exam 4: Internal Controls and Risks in IT Systems

A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

It is possible to completely eliminate risks with the proper controls.

A computer network covering a small geographic area, which, in most cases, are within a single building or a local group of buildings is called a:

The type of network uses tunnels, authentication, and encryption within the Internet network to isolate Internet communications so that unauthorized users cannot access or use certain data.

The data preparation procedures are to be well-defined so that employees will be sure of:

If an employee's personal smart phone or tablet is lost or stolen, the company has the right to apply a remote wipe, to remove any company data.

The use of passwords to allow only authorized users to log into an IT system is an example of a general control.

Availability risks, related to the authentication of users would include:

Unchecked risks and threats to the IT system could result in:

This type of control is intended to ensure the accuracy and completeness of data input procedures and the resulting data:

An organization must maintain procedures to protect the output from unauthorized access in the form of written guidelines and procedures for output distribution.

If no source documents are used by the IT system, then the general controls, such as computer logging of transactions, become less important.

Which programmed input validation check compares the value in a field with related fields which determine whether the value is appropriate?

The work arrangement where employees work from home using some type of network connection to the office is referred to as:

Employees who hack into computer networks are often more dangerous because of their knowledge of company operations.

A small piece of program code that attaches to the computer's unused memory space and replicates itself until the system becomes overloaded and shuts down is called:

This method of monitoring exposure can involve either manual testing or automated software tools.The method can identify weaknesses before they become network break-ins and attempt to fix these weaknesses before they are exploited.

Which control total is the total of field values that are added for control purposes, but not added for any other purpose?

Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

Application controls apply to the IT accounting system and are not restricted to any particular accounting application.