B4 Flashcards
5 Components of an Information System
- hardware
- software
- people
- network
- data
Data vs. Information
- data is raw facts
* information is processed data that is useful for decision making
Four Primary Roles in Business Operations
- process detailed data
- provide information used for making daily decisions
- provide information for developing business strategies
- take orders from customers
What is the first step in a business processing transaction?
capture the data
Data Capture Techniques
*manual entries vs. source data automation
Data Accuracy =
GIGO
What is the Accounting Information System?
- it is first and foremost a Management Information System
* it creates an audit trail for accounting transactions
How are entries recorded?
*they are first recorded onto the general journal and then are summarized on the various ledgers
Coding Types
- Sequence Code (101, 102, 103)
- Block Codes (1xx, 2xx, etc.)
- Group Codes (each number stands for something)
Entity
subject of the stored information
Attributes
specific item of interest for each entity
Field
contains a single piece of information (attribute) of the entity
Record
all attributes about a single instance of an entity
Data Value
contents of fields
File
records are grouped into files
Master File
cumulative information and information that is relatively permanent
Transaction File
similar to a journal, the transaction file stores individual transactions
Database
files that are INTERRELATED AND COORDINATED
Data Processing
Addition - new record
Updating - revisions to a master file
Deletion - removal of records from a database
Methods for Data Processing
- batch processing
2. online real-time processing (OLRT)
Information Output Types
- Documents (checks, purchase orders, etc.)
- Reports (internal or external periodicals)
- Query (request for specific data
Benefit of Batch Processing
*can compare manual and computer-generated batch control total
Centralized vs. Decentralized Processing
- centralized has enhanced data security and consistent processing
- bottlenecks, high costs, reduction in local accountability, increased vulnerability
Periodic Scheduled Report
*made available on a regular basis to end users of the system
Exception Reports
*produced when a specific condition or exception occurs
Demand Reports
*available on demand when requested
Ad Hoc Reports
*one that does not currently exist but that can be created on demand, without having to get a software developer or programmer involved
Query
*a set of criteria that the end user can send to the system to extract all transactions or other information that meet these criteria
Push Report
*pushed to a computer when a specific action takes place
Dashboard Reports
*presents summary information necessary for management action (visual quick references)
XBRL
*XBRL tags define the data
Should technology decisions be an input or an output in the strategy process
INPUT
What types of events should be identified during the enterprise risk management process?
risks AND OPPORTUNITIES
Categories of Business Information Systems
- Transaction Processing Systems
- Management Information Systems (MIS)
- Decision Support Systems (DSS)
- Executive Information Systems (EIS)
Transaction Processing Systems
*process and record the routine daily transactions necessary to conduct business
Management Information Systems
*provides users predefined reports that support effective business decisions
Decision Support Systems
*extension of an MIS that provides INTERACTIVE tools to support decision making (aka EXPERT SYSTEM)
Executive Information Systems
- provide senior executives with immediate and easy access to internal and external information to assist in strategic decision making
- high level
*INTERNAL AND EXTERNAL
Systems Development Life Cycle
- Systems Analysis
- Conceptual Design
- Physical Design (look at outputs first, then design the inputs; DEFINE DATA ELEMENTS)
- Implementation and Conversion
- Training
- Testing
- Operations and Maintenance
Prototyping vs. Waterfall
prototyping: entire process is repeated multiple times
waterfall: one step must be completed before moving on to the next
Information Systems Steering Committee
- traffic cops
- plan and oversee the information systems function and address the complexities created by functional and divisional boundaries
May want to also consider the input of _______ when designing an information system
external parties
5 Governance Objectives for IT
- Strategic Alignment
- Value Delivery
- Resource management
- Risk Management
- Performance Management
Business Objectives for IT
- effectiveness
- efficiency
- compliance
Requirements for Information as defined by COBIT
ICE RACE I ntegrity C onfidentiality E fficiency R eliability A vailability C ompliance E ffectiveness
Domains and Processes of COBIT
Plan and Organize = Direct
Acquire and Implement = Solution
Deliver and Support = Service
Monitor and Evaluate = Ensure direction followed
Internal vs External Labels
Internal = written in machine-readable form External = readable by humans
Segregation of Duties in IT
C ontrol team (internal auditors) O perators P rogrammer A nalyst L ibrarian
Systems Analyst
*determines systems requirements, integrates purchased applications, provides training, intermediary between system and users
Computer Programmer
Application Programmer: writing or maintaining application programs
System Programmer: focus is on the operating system
Computer Operator
- most likely will be automated
* responsible for scheduling and running processing
IT Supervisor
*manages the functions and responsibilities of the IT department
File Librarian
- role, not title
* store and protect programs and tapes from damage or unauthorized use
Data Librarian
*custody of and maintains the entity’s data and that it is released only to authorized individuals
System Administrator
- Database
- Network (performance monitoring and troubleshooting)
- Web (responsible for website)
Data vs. Database Administrator
data = responsible for data database = responsible for access to the entire database
Data Input Clerk
inputs data
Hardware Technician
*sets up and configures hardware and troubleshoots hardware problems
End Users
*most enter in their own data into the information system
Son-Father-Grandfather Concept
*think about the diagram
Backup of Systems that Can and Can’t be Shut Down
Can: files or databases that have changed since the last backup can be updated
Can’t: applying a transaction log
Mirroring
*backup computer duplicates all of the processes and transactions on the primary computer
Digital Certificates
*certifies the identity of the owners of a particular public key
Digital Signatures vs. E-Signatures
- digital = asymmetric encryption
* e-=legally binding signature
User Access Controls
*must involve HR and IT due to promotions and exits from the company
Types of Policies
- Program-Level: used to create the security program
- Program-Framework Policy: overall approach to computer security
- Issue-Specific Policy: address specific ISSUES of concern
- System-Specific Policy: address policy issues for specific system
EDI
Electronic Data Interchange
Mapping
*translating and determining the correspondence between data elements in an organization’s terminology
Costs of EDI
- legal costs
- hardware costs
- costs of translation software
- costs of data transmission
VAN
Value Added Network
Biggest EDI Risk
unauthorized access
What type of processing does EDI use?
Batch processing
E-Commerce vs. EDI
e-commerce uses the public internet, uses faster OLRT and is less secure but less expensive
*VAN is more secure than the internet
Challenges Faced in Business Process Reengineering
tradition resistance time and cost requirements lack of management support skepticism retraining controls
According to the AICPA, electronic transactions reduce the opportunity for what?
human errors; there supposedly won’t be any human errors
B2B vs. B2C
- B2C is less complex
- B2B is more complex
- B2B involve more than one participant
- B2B involve complex products
ERP
Enterprise Resource Planning
- cross-functional; one system
- promotes integration
- store information in a central repository
SCM
Supply Chain Management
*planning, sourcing, making, delivery
CRM
Customer Relationship Management
- increase customer satisfaction
- provides automation and new customer services
EFT
Electronic Funds Transfer
Application Service Providers
- renting the programs
- lower costs, greater flexibility
- risks to the security and privacy of the organization’s data; financial viability of the ASP, poor support by the ASP
Web 2.0
interaction
Mash-ups
Google Maps
Stand-alone Web Stores vs. Integrated Web Stores
- Stand-alone: not integrated with an accounting system
2. Integrated: single software system with the accounting system
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol
URL
uniform resource locator
Server
www
Top-level domain
.edu, .net
SSL
secure socket layer
Four Main Risks for Systems
- Strategic Risk
- Operating Risk
- Financial Risk
- Information Risk
Risk
possibility of harm or loss
Threat
*any eventuality that represents a danger to an asset ora capability
File-Level Access vs. File Attributes
File-Level: controls access (ready-only)
Attributes: writing, reading, etc.
Steps in Disaster Recovery
- assess the risks
- identify mission-critical applications and data
- develop a plan
- determine the responsibilities of the personnel
- TEST IT
Major Players in Disaster Recovery
- organization
- disaster recovery services provider
- package vendors
- hardware vendors
Types of Backups
Full: entire database
Incremental: only the data items that have changed
Differential: all changes made since the last backup `
Off-Site Disaster Locations
Hot Site
Warm Site
Cold Site