Beruflich Dokumente
Kultur Dokumente
Chapter 1: Overview
Data vs. information
Data Information
What makes information useful?
1.
Relevant
2.
Reliable
3.
Complete
4.
Timely
5.
Understandable
6.
Verifiable
7.
Accessible
Query response
Soft copy
Hard copy: document, report,
query response
Chapter 2: ERP
Company uses ERP systems to
coordinate and manage data, business
process and resrouces
Modular, and each module uses best
business practices to automate a
standard business process
It integrates activities from the entire
organization
Production
Payroll
Sales
Purchasing
Financial Reporting
Advantages of ERP
Integrated enterprise-wide
allowing for better flow of the
information as its stored in a
centralized database and can be
accessed by various
departments which also
improves customer service.
Data captured once (i.e., no
longer need sales to enter data
about a customer and then
accounting to enter same
customer data for invoicing)
Improve access of control of the
data through security settings
Standardization of procedures
and reports
Disadvantages of ERP
Costly
Significant amount of time
to implement
Complex
User resistance (learning
new things is sometimes
hard for employees)
Entity
Name
Process
Description
Flowchart
Terminal showing source
or destination of documents
and reports
Source document or
report
Manual operation
Data Store
Name
Accounting records
(journals, registers,
logs, ledgers)
Direction of
data flow
Terminal input/
output device
Chapter 5: Fraud
Definition
Any means a person uses to gain an
unfair advantage over another person;
includes:
A false statement, representation,
or disclosure
A material fact, which induces a
victim to act
An intent to deceive
Victim relied on the
misrepresentation
Injury or loss was suffered by the
victim
Fraud is white collar crime
Fraud categories
Misappropriation of assets
Theft of company assets
which can include physical
assets and digital assets
Fraudulent financial reporting
cooking the books
Computer fraud
If a computer is used to commit
fraud it is called computer fraud.
Computer fraud is classified as:
Input
Processor
Computer instruction
Data
Output
Preventing & detecting fraud
Make fraud less likely to occur
Make it difficulty to commit
Improve detection
Reduce fraud losses
Hacking
Unauthorized access,
modification, or use of an
electronic device or some
element of a computer system
Social Engineering
Techniques or tricks on
people to gain physical or
logical access to confidential
information
Malware
Software used to do harm
Malware
Spyware
Keylogger
Trojan Horse
Trap door
Packet sniffer
Virus
Worm
Chapter 7: Control
COBIT
32 management processes are
broken down into 4 domains
1.
Align, plan and organize
(APO)
2.
Build, acquire and
implement (BAI)
3.
Deliver, service and support
(DSS)
4.
Monitor,evaluate and assess
(MEA)
COSO IC
COSO ERM
RA
SA
Control avtivities
Proper authorization of transactions and
activities
Segregation of duties (Auth, Recd, Custd)
Project development and acquisition
controls
Change management controls
Design and use of documents and records
Safeguarding assets, records, and data
Independent checks on performance
Preventive
People
Processes
IT Solutions
Physical security
Change control & change
management
Detective
Log analysis
Instrusion detection
systems
Penetration testing
Continuous monitoring
Corrective
Computer Incident
Response Teams (CIRT)
Chief Information
Security Officer (CISO)
Patch management