B4 Flashcards
Information technology
A general term that encompasses many different computer-related components.
Business information system
- one of the most basic and vital information technology components of any business
- can be divided into the categories of transaction processing systems, enterprise resource planning systems, decision support systems and executive information systems
5 components of information technology
- hardware
- software
- network
- people
- data/information
Hardware
- The actual physical computer or computer peripheral device
- PC, workstation, mainframe, disk drive, tape drive, monitor, mouse, printer, scanner, keyboard
Software
-Includes the systems and programs that process data and turn that data into information
Network
Made up of the communication media that allows multiple computers to share data and information
Data
Raw facts
Information
Created from data that have been processed and organized and is useful for decision making
4 Primary roles in business operations
- To process detailed data (TPS)
- To provide information used for making daily decisions
- To provide information used for developing business strategies
- To take orders from customers
Accounting information system
A type of management information system; it may also be partly a transaction processing system and partly a knowledge system. A well designed AIS creates an audit trail for accounting transactions.
Basic accounting trail
source document input–> file –> journal –> ledger –> trial balance –> financial statements reports
Functions performed on data (5)
- collect
- process
- store
- transform
- distribute
Objectives of an AIS (5)
- record valid transactions
- properly classify those transactions
- record the transactions at their proper value
- record transactions in the proper accounting period
- properly present the transactions and related information in the financial statements of the organzation
Revenue cycle
Transactions associated with the sale of goods or services that produce cash or other assets
- customer orders and credit verification
- accounts receivable
- cash receipts
Expenditure cycle
Transactions associated with purchase of goods or services that use cash or produce debt or other obligations
- purchasing
- inventory control (WIP)
- accounts payable
- cash disbursements
Production cycle
Transactions associated with the conversion of resources into products or services
- product design and production planning
- product manufacturing
- inventory control (finished goods)
Human resources/payroll cycle
Transactions associated with all phases of employee administration
- HR
- Time and attendance
- payroll disbursements
- payroll tax reporting
Sequence codes
Are generally used to ensure that all transactions or documents are accounted for. A list of transactions should include neither duplicates nor gaps in the number sequence
Block codes
Use blocks of numbers to group similar items
Group codes
Have additional information over block codes, within the account or item number, different groups of numbers have meaning. Example=FASB codification
Entity
the subject of the stored information (employee, customer)
Attributes
the specific items of interest for each entity (rate of pay for employees, credit rating)
Field
Contains a single piece of information of the entity
Record
Includes all attributes about a single instance of an entity
Data value
The contents of fields
Advantages of centralized processing
- enhanced data security
- consistent processing
Disadvantages of centralized processing
- possible high cost
- increased need for processing power and data storage
- reduction in local accountability
- bottlenecks
- delay in response time
- increased vulnerability
Periodic scheduled reports
The traditional reports that display information in a predefined format and are made available on a regular basis to end users of the system
Exception reports
Are produced when a specific condition or exception occurs
Demand reports (pull)
Available on demand, often referred to as a response report because an end user can log onto a workstation and obtain a response in the form of a report without waiting for scheduled report creation
Ad Hoc reports
One that does not currently exist but that can be created on demand, without having to get a software developer or programmer involved.
Push reports
information can be pushed and sent to a computer screen or computer desktop. An enduser creates a template or profile specifying the information desired. A program then searches for content that meets the requirements of the profile and sends the information to the end user’s desktop without further action on the user’s part.
Transaction processing systems
The systems that process and record the routine daily transactions necessary to conduct business. The functions of such a system are normally predefined and highly structured. In high-volume situations, a premium may be placed on system speed and efficiency.
Management information system
Provides users predefined reports that support effective business decisions (tactical).
Decision support systems
An extension of an MIS that provides interactive tools to support decision making. May provide information, facilitate the preparation of forecasts, or allow modeling of various aspects of a decision.
Executive information system
Provide senior executives with immediate and easy access to internal and external information to assist in strategic decision making.
Systems development life cycle (SDLC)
Provides a framework for planning and controlling the detailed activities associated with systems development.
The steps in the SDLC (A DITTO)
systems Analysis Design (conceptual and physical) Implementation and conversion Training Testing Operations and maintenance
COBIT 5 governance objectives
- strategic alignment
- value delivery
- resource management
- risk management
- performance measurement
COBIT 7 information criteria (ICE RACE)
Integrity
Confidentiality
Efficiency
Reliability
Availability
Compliance
Effectiveness
4 Domains of COBIT (PO AIDS ME)
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
Input controls (3)
- data validation and the field level
- prenumbering forms
- well-defined source data prep procedures
Processing controls (6)
- data matching
- file labels
- recalculation of batch totals
- cross-footing and zero balance tests
- written protection mechanisms
- database processing integrity procedures
Output controls (4)
- user review of output
- reconciliation of procedures
- external data reconciliation
- output encryption
Role of system analyst (internally developed system)
- works with end users to determine system requirements-
- designs the overall application system
- determines the type of network needed
Role of system analyst (purchased system)
- integrates the application with existing internal and purchased applications
- provides training to end users
Role of application programmers/software developer
- responsible for writing and/or maintaining application programs
- should not be given write/update access to data in production systems or unrestricted and uncontrolled access to application program change management systems
Role of system programmer
- responsible for installing, supporting, monitoring, and maintaining the operating system
- capacity planning functions
- should not be given write/update access to data in production systems or access to change management systems
Role of computer operator
-scheduling and running processing jobs
Role of IT supervisor
manage the functions and responsibilities of the IT department
Role of file librarian
-store and protect programs and tapes from damage and unauthorized use
Role of data librarian
-has custody of and maintains the entity’s data and ensures that production data is released only to authorized individuals when needed
Role of security administrator
- responsible for the assignment of initial passwords and often the maintenance of those passwords
- overall operation of the various security systems and the security software in general
Role of database administrator
-responsible for maintaining and supporting the database software and performing certain security functions
Role of network administrator
-support computer networks through performance monitoring and troubleshooting
Role of web administrator
-responsible for information on a website
Role of data input clerk
- prepare, verify, and input data to be processed
- function is now increasingly distributed to the end users
Role of hardware technician
-sets up and configures hardware and troubleshoots any resulting hardware problems
Role of end user
-workers in an organization who enter data into a system or who use the information processed by the system
Segregation of duties
Systems analysts vs. computer programmers
System analysts design an information system to meet users needs whereas computer programmers use that design to create an information system by writing computer programs. Analysts often are in charge of hardware and programmers are in charge of application software. Theoretically, if the same person was in charge of hardware and software, that person could easily bypass security systems without anyone knowing and steal organizational information or assets.
Segregation of duties
Computer operators vs. computer programmers
It is important that computer operators and computer programmers be segregated because a person performing both functions could make unauthorized and undetected program changes
Segregation of duties
Security administrators vs. computer operators and computer programmers
Security administrators are responsible for restricting access to systems, applications, or databases to the appropriate personnel. If the security administrator were also a programmer or an operator for that system, that person could give himself/herself or another person access to areas they are not authorized to enter.
Uninterrupted power supply
A device that maintains a continuous supply of electrical power to connected equipment, also called a battery backup.
Electronic Commerce
The electronic completion of exchange (buying and selling) transactions is called e-commerce. It can use a private network or the Internet
Electronic Business
Any use of information technology, particularly networking and communications technology, to perform business processes in an electronic form, may or may not relate to the purchase and sale of goods or services
Electronic data interchange
Computer-to-computer exchange of business transaction documents in structured formats that allow the direct processing of the data by the receiving system
Enterprise resource planning system (ERP)
A cross functional enterprise system that integrates and automates the many business processes and systems that must work together in the manufacturing, logistics, distribution, accounting, finance, and human resources functions of a business. Comprises a number of modules that can function independently or as as integrated system to allow data and information to be shared among all of the different departments and divisions of large businesses.
Supply chain management
Concerned with the 4 important characteristics of every sale: what, when, where, and how much. It is the integration of business processes from the original supplier to the customer and includes purchasing, materials handling, production planning and control, logistics and warehousing, inventory control, and production distribution and delivery.
Customer relationship management system
Provide sales force automation and customer services in an attempt to manage customer relationships. Record and manage customer contacts, manage salespeople, forecast sales, manage sales leads, provide and manage online quotas and product specifications and pricing, and analyze sales data.
Electronic funds transfer system
A form of electronic payment for banking and retailing. uses a variety of technologies to transact, process, and verify money transfers and credits between banks, businesses, and consumers.
Application service providers
Provide access to application programs on a rental basis. They allow smaller companies to avoid the extremely high cost of owning and maintaining today’s application systems by allowing them to pay only for what is used. The ASPs own and hose the software and users access it via a web browser.
Hypertext markup language (HTML)
Tag-based formatting language used for Web pages. It provides a means to describe the structure of text-based information in a document and to replicate information in a Web page by using the tags in the text
Hypertext Transfer Protocol (HTTP)
The communications protocol used in transfer Web pages on the World Wide Web
Uniform Resource Locator (URL)
The technical name for a Web address which consistently directs the user to a specific location on the Web
Strategic risk
the risk of choosing an inappropriate technology
Operating risk
the risk of doing the right things in the wrong way
Financial risk
the risk of having financial resources lost, wasted, or stolen
Information risk
the risk of loss of data integrity, incomplete transactions, or hackers.
Risk
the possibility of harm or loss
Threat
any eventuality that represents a danger to an asset or a capability linked to hostile intent
Vulnerabilty
a characteristic of a design, implementation, or operation that renders the system susceptible to a threat
Incremental backup
involves copying only the data items that have changes since the last backup
differential backup
copies all changes made since the last full backup. each new differential backup file contains the cumulative effects of all activity since the last full backup.
