Review for Final Exam Accounting Information Systems

Romney and SteinbartLinda BatchJuly 2012

Learning Objectives• AIS Development Strategies (Chapter 21)

• Ways to acquire an AIS• BPM and BPMS

• Systems Development (Chapter 22)• Conceptual systems design process (5 steps)• Physical systems design process• Systems implementation and conversion – important

• Microsoft Access– Creating Macros and Switchboard– Work on Assignment 4

• Quiz (Chapter 9, 10)

Review for Final Exam Text Book Theory

• Chapter 7 – Control and AIS• Chapter 8 – IS Controls for System Reliability• Chapter 9 – IS Controls for Systems Reliability Con’t• Chapter 10 – IS Controls for Systems Reliability• Chapter 11 – Auditing Computer Based AIS• Chapter 20 – Intro to Systems Development• Chapter 21 – AIS development Strategies• Chapter 22 – Systems Design, Implementation, and Operation

Chapter 7 – Control and AIS• COSO ERM• Preventive, Detective and Corrective Controls (week 8, slide 4)• COSO ERM (week 8, slide 9, 8)• COSO ERM – Control Activities (week 8, slide 12) – control activities

are categorized into 7 types

Chapter 7 – Control and AIS• Know that segregation of accounting duties is different than

segregation of systems duties (you do not have to learn the list of segregations for systems duties) (week 8 slide 16)

• Know that people with unrestricted access to your computer system and perpetrate and conceal fraud (week 8, slide 16)

• Know that systems staff should not have access to change records, tables, programming in your production system (week 8, slide 16)

• Know some independent checks on performance (week 8, slide 17) – good short answer question

• AIS has five primary objectives according to the AICPA (week 8, slide 18)

Chapter 8 – IS Controls for System Reliability• COBIT’s four domains, plus be able to give three examples of each

domain (week 9, slides 9 to 13)• Know that systems security is a management responsibility not an IT

responsibility and why (week 9, slide 3) – good short answer question• Information provided to management must satisfy 7 key criteria,

know three (week 9, slide 4)• Know authentication vs. authorization (week 9, slide 16) – good short

answer possibly• Be able to talk to system reliability (week 9, slide 17)• Go over the scenarios in problem 8.4 from the text – discussion

regarding control types (preventive, dectective, corrective)• Deep packet inspection vs. stateful packet filtering (week 9, slide 26)• TCP and IP (week 9, slide 25)• Steps in an IT attack are NOT on the final

Chapter 9 – IS Controls for System Reliability• Encryption – what is it (week 10, slides 4 to 6)• Know types of Encryption (week 10, slides 7 and 8)• Know how digital signatures are created (week 10, slides 7 and 8)• Know what a VPN is and how it works (week 10, slide 9)

Chapter 10 – IS Controls for System Reliability• System Availability (week 10, slides 13 and 14)• RTO, RPO (week 10, slides 13 and 14)• Data recovery plan and business continuity plan – how does that fit

with RTO and RPO

Chapter 11 – Auditing Computer Based AIS• Different types of audits (week 11, slide 4)• Overview of the audit process – four steps (week 11, slide 4)• Risk based approach to audit (week 11, slide 5)• Six objectives to an information systems audit (week 11, slide 6 and

7)• Examples of audit techniques for Objective 3 and Objective 4 (week

11, slide 9)• Computer Assisted Audit Techniques (week 11, slide 10)• Chapter 11 check point questions in the week 11 deck

Chapter 20 – Systems Development and Analysis• Reasons to change the computer system – know 3 (week 11, slide 16)• Know the systems development life cycle (SDLC) (week 11, slide

18,19)• Two plans are required to Systems Development (week 11, slide 21)• GANTT Chart and PERT Chart – know the difference (week 11, slide

22)• Three forms or resistance to change (week 11, slide 24)• How do you prevent behavioral problems (week 11, slide 25)

Chapter 20 – Systems Development and AnalysisSystemsanalysis

ConceptualSystemDesign

PhysicalDesign

ImplementationAnd

Conversion

Operationand

Maintenance

Chapter 21 – AIS Development Strategies• Definitions – (week 12, slide 3)• Ways to get an AIS

– Purchase AIS (week 12, slide 3)– In House development of AIS (week 12, slide 4)– Outsource AIS (week 12, slide 4)– Prototype AIS (week 12, slide 4)

• Systems Development Life Cycle (week 12, slides 7 to 11)– Physical systems Design– Systems Implementation and conversion (week 12, slides 7 to 11)

Chapter 22 – Systems Design, Implementation, Operation

• Systems Development Life Cycle (week 12, slides 7 to 11)– Physical systems Design (figures from text)– Systems Implementation and conversion (figures from text)

• System conversion – know 4 (week 12, slides 10, 11)

Chapter 22 – Systems Design, Implementation, Operation

Chapter 22 – Systems Design, Implementation, Operation