Exam 4: Internal Controls and Risks in IT Systems

This type of input validation check assesses the critical fields in an input screen to make sure that a value is in those fields.

There are a number of methods described that are intended to limit log-ins exclusively to authorized users.The only method that is foolproof is the biometric devices.

The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas?

The responsibility of management to safeguard assets and funds entrusted to them by the owners of an organization is referred to as:

It is necessary for students and accountants to understand the types of threats that may affect an accounting system, so that the threats can be avoided.

AICPA Trust Principles describe five categories of IT risks and controls.Which of these five categories would be described by the statement, "The system is protected against unauthorized access"?

Biometric devises use unique physical characteristics to identify users.The most common method used is retina scans.

Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered?

Which programmed input validation makes sure that a value was entered in all of the critical fields?

A software system that manages the interface between many users and the database is called:

To the extent possible, IT systems should be installed in locations away from any location likely to be affected by natural disasters.

The most popular type of type of unauthorized access is probably by a person known to the organization.

The workstations and the network cabling and connections represent spots were an intruder could tap into the network for unauthorized access.

The use of passwords to allow only authorized users to log into an IT system is an example of an application control.

One of the sources of risk exposure related to telecommuting workers is that the company's network equipment and cabling becomes an entry point for hackers and unauthorized users.

To avoid the risks associated with a public cloud, many companies establish their own computing cloud structure.The cloud is developed, owned, maintained, and used by the user company.This cloud is referred to as:

This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

Telecommuting workers cause two sources of risk exposures for their organizations - the network equipment and cabling in addition to the teleworker's computer - with only "entry-point" being teleworker's computer.

Companies who provide mobile devices for employees, normally has a policy that allows the company's IT professional to remove company data and applications from the mobile device.This process is referred to as:

To increase the effectiveness of login restrictions, passwords must be unique for each user.