更多服务

特色服务

找学习资源

查报考信息

看备考资讯

备考工具箱

报考指南

考试动态

报名流程

考试科目

考试题型

考试日历

资料中心

福利政策

免费题库

全部

CMA-P1知识要点：信息系统内控

来源：高顿网校 2015-06-08

　　【P1】信息系统内控的知识要点

　　1、 What are some of the threats toinformation systems and data that systems controls can address?

　　Threats to information systems and data include:

　　1) Errors in system design.

　　2) Errors can occur in input or input manipulation.

　　3) Data can be stolen over the Internet.

　　4) Data and intellectual property, including trade secrets,can be stolen by employees.

　　5) Unauthorized alterations can be made to programs by programmers adding instructions that divert assets to their own use.

　　6) Data and programs can be damaged.

　　7) Data can be altered directly in the data file without recording any transaction that can be detected.

　　8) Viruses, Trojan Horses, and worms can infect a system, causing a system crash, stealing data, or damaging data.

　　9) Hardware can be stolen.

　　10) Physical facilities and the data maintained in them can be damaged by natural disasters, illegal activity or sabotage.

　　2、 What are the two types of systems controls?

　　The two types of systems controls are general controls,which relate to the environment, and application controls, which are specific to individual applications and aredesigned to prevent, detect and correct errors and irregularities in transactions during the input, processing and output stages.

　　3、 The most important organizational and operating general control is the segregation of duties. There are specific duties in the IT environment that should be separate from one another.

　　IS department personnel should be separated from the departments and personnel that they support (called“users”). This means:

　　1) Users initiate and authorize all systems changes, and a formal written authorization is required.

　　2) Asset custody remains with the user departments.

　　3) An error log is maintained and referred to the user for correction. The data control group follows up on errors.

　　4、 List examples of segregation of duties from other departments within the IS department as an example of a general computer control.

　　Effective segregation of duties should be instituted by separating the authority for and the responsibility within the IS function. Examples include:

　　1) Systems analysts should not do programming, nor should they have access to hardware, software or data files.

　　2) Programmers should not have the authority, opportunity or ability to make any changes in master records or files.

　　3) Computer operators should not have programming functions and should not be able to modify any programs.

　　4) The data control group should be organizationally independent of computer operations.

　　5) Data conversion operators should have no access to the library or to program documentation, nor should they have any input/output control responsibilities.

　　6) Librarians should have no access to equipment. The librarian should restrict access to the data files and programs to authorized personnel at scheduled times.

　　5、 List 3 reasons for implementing systems development controls at the beginning of the system development process, and describe the goals of these controls.

　　Controls are instituted at the beginning of the systems development process for several reasons including:

　　1) To ensure that all changes are properly authorized and are not made by individuals who lack sufficient understanding of control procedures, proper approvals

　　and the need for adequate testing.

　　2) To prevent errors in the resulting system that could cause major data processing errors.

　　3) To limit the potential for a myriad of other problems during the development process and after its completion.

　　Implementing systems development controls during the development stage of an information system enhance the ultimate accuracy, validity, safety, security and adaptability of the new system’s input, processing, output and storage functions.

　　6、 What are the 7 stages of system development where controls should be considered for implementation?

　　There are where controls should be considered f 7 stages in the system development process or implementation:

　　1) Statement of Objectives Stage

　　2) Investigation and Feasibility Study Stage

　　3) Systems Analysis Stage

　　4) Systems Design and Development Stage

　　5) Program Coding and Testing Stage

　　6) Systems Implementation Stage

　　7) Systems Evaluation and Maintenance Stage

　　7、 What are input controls in an information system and why are they necessary?

　　Input controls are the controls designed to provide reasonable assurance that data entered into the system has proper authorization, has been converted to machine sensible form and has been entered accurately. Input controls can also provide some assurance that data has not been lost, suppressed, added or changed.

　　Input is the stage where there is the most human involvement and, as a result, the risk of errors is higher than in the processing and output stages. Most errors in systems are the result of input errors. If information is not entered correctly, the output will be useless. Effective input controls are vital.

　　The three classifications of input controls are:

　　1) Data observation and recording.

　　2) Data transcription.

　　3) Edit tests.

　　8、 What are processing controls and why are they necessary?

　　Processing controls are controls designed to provide reasonable assurance that processing has occurred properly and that no transactions have been lost or incorrectly added.

　　Processing controls prevent or discourage the improper manipulation of data and ensure satisfactory operation of hardware and software.

　　9、 What are output controls and why are they necessary?

　　10、 What are the risks of using the Internet for data transmission instead of using secure transmission lines?

　　Risks of using the Internet for data transmission instead of secure transmission lines include:

　　1) Electronic eavesdropping.

　　2) Computer viruses, trojan horses and worms.

　　3) Intrusions into the telephone company lines and the company’s computer network.

　　4) Network integrity violations.

　　5) Privacy violations.

　　6) Industrial espionage.

　　7) Unauthorized use, access, modification, and destruction of hardware, software, data or network resources.

　　8) Unauthorized release of information (credit card numbers, social security numbers, identity theft).

　　9) Unauthorized copying of software and other copyright infringement.

　　10) Denying an end user access to his or her own hardware, software, data or network resources (Denial Of Service DOS - attacks).

　　11) Use of a computer or network resources to illegally obtain information or property.

　　11、What is data encryption and why is it needed when using the Internet?

　　Encryption is the best protection against traffic interception resulting in data leaks and possible corruption ofdata. Encryption converts data into a code, and then a key is required to convert the code back to data. Unauthorized proper key, cannot read it. Thus, an attacker may be able to see where the traffic came from and where it went, but not the content.

　　The encryption process can be either in the hardware or in the software.

　　There are two methods of software encryption: secret key and public key/private key.

　　12、What is a disaster recovery plan and why is it needed?

　　An organization should have a formal disaster recovery plan to fall back on in the event of a hurricane, fire, earthquake, flood, or criminal or terrorist act.

　　The objective of a disaster recovery plan is to minimizethe extent of disruptions, damages and losses, and to temporarily establish alternative means of processing information.

　　13、What should a disaster recovery plan include?

　　A disaster recovery plan should include:

　　1) Which employees will participate in disaster recovery and what their responsibilities will be.

　　2) What hardware, software, and facilities will be used.

　　3) The priority of applications that should be processed.

　　4) Arrangements for alternative facilities as a disaster recovery site and offsite storage of the company’s databases. An alternative facility might be a different facility owned by the company; or it might be a facility contracted by a different company. The different locations should be a good distance away from the original processing site.

　　Disaster recovery sites may be either hot sites or cold sites. A hot site is a backup facility that has a computer system similar to the one used regularly and is fully operational and immediately available. A cold site is a facility where power and space are available to install processing equipment, but it is not immediately available.

扫一扫免费获取CMA中英文考试题库

高顿网校特别提醒：已经报名2015年CMA考试的考生可按照复习计划有效进行！另外，高顿网校2015年CMA考试辅导高清课程已经开通，通过针对性地讲解、训练、答疑，对学习过程进行全程跟踪、分析、指导，可以帮助考生全面提升备考效果。

　　报考指南： 2015年CMA考试报考指南
　　考前冲刺：CMA考试试题经验分享　　网络课程：CMA高清课程考试辅导

版权声明：本条内容自发布之日起，有效期为一个月。凡本网站注明“来源高顿教育”或“来源高顿网校”或“来源高顿”的所有作品，均为本网站合法拥有版权的作品，未经本网站授权，任何媒体、网站、个人不得转载、链接、转帖或以其他方式使用。经本网站合法授权的，应在授权范围内使用，且使用时必须注明“来源高顿教育”或“来源高顿网校”或“来源高顿”，并不得对作品中出现的“高顿”字样进行删减、替换等。违反上述声明者，本网站将依法追究其法律责任。本网站的部分资料转载自互联网，均尽力标明作者和出处。本网站转载的目的在于传递更多信息，并不意味着赞同其观点或证实其描述，本网站不对其真实性负责。如您认为本网站刊载作品涉及版权等问题，请与本网站联系(邮箱fawu@gaodun.com，电话：021-31587497)，本网站核实确认后会尽快予以处理。

点一下领资料

【回忆版】注册管理会计师真题及答案

真题高频考点，刷题全靠这份资料

下载合集

CMA P1大纲思维导图

梳理核心考点，一图看懂全部章节

下载合集

注册管理会计师CMA必背概念

一表梳理核心概念,备考按照表走

CMA备考热门问题解答

CMA考试科目有哪些？: cma考试cma考试科目分为P1《财务规划、绩效与分析》和P2《战略财务管理》两个部分。题型分为单科考试题型为100道单选题和2道情境题(每道情境题包含5-7个小问题)，单选题占75%(375分)，情境题占25%(125分)。cma考试单科分数500分，及格线为360分(占比72%)，考试时长为4小时。

cma考完能否再次参加？: cma考试分为中文考试和英文考试，对于同一科目的考试，在一个考试时间段只能进行一次，12个月内不得超过三次。例如，P1科目考试在1月/2月考试时间段只能参加一次。所有重考需要重新注册并支付相应的费用。

cma一年考几次？: cma中文考试一年三次，英文考试一年三次。cma中文考试每年有3个考试日期，分别为4月、7月和11月。CMA英文考试时间每年较为固定，CMA英文考试每年有3个考试窗口，每个考试窗口的时间为两个月，分别是:1月/2月，5月/6月，9月/10月。考生可以在各个窗口期内自由选择具体CMA考试时间。

cma的含金量如何？: cma考试含金量还是比较高的。CMA与美国注册会计师(USCPA)、金融特许分析师(CFA)一起并称为美国财会领域的国际三大黄金认证。cma考试含金量还是比较高的。经济的快速发展，管理会计人才的缺口越来越大，很多国内企业包括国企也开始鼓励员工学习CMA，各大企业招聘财务人员、高层管理人员也明确要求持有CMA证书者优先录用，可见，CMA证书已经成为进入大型企业的“敲门砖”。

在线提问

严选名师全流程服务

凤夙

高顿CMA首席讲师