B4: Information Systems and Communications Flashcards

Question

Role of Information Technology in Business Strategy

Answer 1

technology should be an input to the strategy process, helping define innovations and seeking to increase revenue, rather than merely an after-the-fact tool Common Principles of Technology-Driven Strategy Development 1. technology is a core input to the development of strategy 2. strategy development must be a continual process 3. innovation emerging business opportunities must be managed separately and differently than core business 4. power to change long-held assumptions 5. managed from 2 perspectives: 1. ability to create innovation in existing businesses and 2. ability of emerging tech to create new markets/products 6. focus on customer priorities as well as internal efficiencies Role of Technology in Information and Communications 1. selection of specific tech to support ERM for an org typically is a reflection of - entity's approach to ERM and degree of sophistication - types of events affecting the entity - entity's overall information technology architecture - degree of centralization of supporting technology 2. ERM includes key components that enable an org to identify, assess, and respond to risks - B4-19 lazyyy

Answer 2

1. Transaction Processing Systems (TPS) - process and record the routine daily transactions necessary to conduct business - functions are normally predefined and highly structured 2. Management Information Systems (MIS) - predefined reports that support effective business decisions - more tactical 3. Decision Support Systems (DSS) - an extension of MIS that provides interactive tools to support decision making - aka expert system 4. Executive Information Systems (EIS) - provide senior executives w immediate and EASY access to internal and external info to assist in strategic decision making

Answer 3

provides a framework for planning and controlling the detailed activities associated w system development - waterfall approach is most popular: sequential steps of analysis, planning, design, and implementation which flow in a single downward direction like a waterfall - prototying model is an alternative: approximates a final system that is built, tested, and reworked until acceptable then a complete system is developed from the prototype "A DITTO" 1. System Analysis - define the nature and scope of the project - in-depth study to determine its technological and economic feasibility - identify the needs of system users and managers - document previous step - prepare a report summarizing work done during system analysis and submit to mgmt 2. Conceptual Design - decides how to meet user needs - identify and evaluate appropriate design alternatives - buy software, develop software in house, or outsource systems development (can mix!) 3. Physical Design - begin design process w identifying outputs - B4-21 4. Implementation and Conversion - building and implementing 5. Training - train the people 6. Testing 7. Operations and Maintenance - system should be periodically reviewed - if major modification or system replacement is necessary, the SDLC begins again

Answer 4

1. Management - send clear signal from top mgmt that user involvement is important - providing support and encouragement - ensure team members are given adequate time and support to work on the project 2. Accountants - information needs and system requirements - help manage system development - active role in designing system controls and periodically monitoring and testing the system 3. Info Systems Steering Committee - plan and oversee the info systems function and address the complexities created by functional and divisional boundaries - gr high level mgmt 4. Project Development Team - responsible for successful design and implementation of the business system 5. External Parties ~B4-23

Answer 5

Control Objectives for Information and Related Technology (COBIT) framework provides a set of measures, indicators, and processes and best practices to maximize the benefit of IT - created by Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) in 1992 - has been updated several times, w most recent COBIT 5 in 2012

Answer 6

might include (but not limited to) - effective decision support - efficient transaction processing - compliance

Answer 7

5 focus areas 1. Strategic Alignment: linkage b/w business and IT plans 2. Value Delivery: provision of IT of promised benefits while satisfying its customers and optimizing costs (cost-benefit) 3. Resource Management: optimization of knowledge and infrastructure 4. Risk Management: risk awareness by senior mgmt, characterized by understanding risk appetite and risk mgmt responsibilities - begins w identification of risk followed by determining how a comp will respond to the risk - comp can: avoid, mitigate, share, or ignore the risk 5. Performance Measurement - tracking and monitoring strategy implementation, project completion, resource usage, etc.

Answer 8

"ICE RACE" - Integrity: info is accurate, complete, and valid - Confidentiality: protection of sensitive information - Efficiency: low cost w/o compromising effectiveness - Reliability: information represents what it purports to represent - Availability: provides current and future info as required - Compliance: comply w policies, laws, regulations, and contractual arrangements - Effectiveness: relevant or pertinent to a business process, and delivered in a timely, correct, consistent, and useful manner

Answer 9

B4-25 to 26

Answer 10

"PO AIDS ME" 1. Plan and Organize - direct the IT process 2. Acquire and Implement - deliver the IT solution 3. Deliver and Support - deliver the IT service 4. Monitor and Evaluate - ensure directions in PO are followed

Answer 11

General Controls - designed to ensure that an org's control environment is stable and well-managed, includes: - systems development standards - security mgmt controls - change mgmt procedures - software acquisition, development, operations, and maintenance controls - IT infrastructure Application Controls - prevent, detect, and correct transaction error and fraud and are application-specific, providing reasonable assurance as to system: accuracy, completeness, validity, authorization

Answer 12

regulate integrity of input - data validation at the field level - prenumbering forms - well-defined source data preparation procedures - edit check

Answer 13

Data Matching - matching two or more items of data prior to taking an action File Labels - ensure correct and most current files are updated - external labels are readable by humans - internal labels are written in machine-readable form - both labels should be used - 2 important types of internal labels: header and trailer records Recalculation of Batch Totals/Hash Totals - if someone submitted a diff. invoice w the same amount, the batch total would agree but the hash total would not Cross-Footing and Zero-Balance Tests - test sum of a column of rows to sum of a row of columns to verify - a zero-balance test requires use of control accounts Write-Protection Mechanisms - guard against accidental writing over or erasing of data files stored on magnetic media Database Processing Integrity Procedures - B4-28

Answer 14

User Review of Output - examination by users for reasonableness, completeness, and verification that the output is provided to the intended recipient Reconciliation Procedures External Data Reconciliation - can check something generated w/i the system w something that never touched the system Output Encryption - authenticity and integrity of data outputs must be protected during transmission - reduce chance for data interception - controls should be designed to minimize the risk of data transmission errors - parity checking and message acknowledgement techniques are two basic types of data transmission controls

Answer 15

B4-29 to 30

Answer 16

evaluating the ongoing effectiveness of control policies and procedures provides added assurances Diagnostic Controls - designed to achieve efficiency in operations of the firm to get the most from resources used - compares actual performance to planned performance Control Effectiveness 1. Strategic Master Plan - multiyear strategic master plan should be developed and updated annually - should show projects that must be completed to achieve LT goals and address the comp's hardware, software, personnel, and infrastructure requirements 2. Data Processing Schedule - all data processing tasks should be organized 3. Steering Committee - guide and oversee system development and acquisition 4. System Performance Measurements - evaluate using system performance measurements

Answer 17

titles may vary but jobs are somewhat standard System Analyst a) internally developed system - determine system requirements - designs overall application system - determines type of network needed b) purchased system - integrates the application w existing applications - provides training to end users Computer Programmer a) application programmer/software developer - write or maintain application programs - segregation of duties, no access to data b) system programmer - installing, supporting, monitoring, and maintaining operating system - also performs capacity planning functions - segregation of duties, no access to data Computer Operator: schedule and run processing jobs - can be automated and, in large computing environments, must be IT Supervisor - manage the IT department File Librarian: store and protect program and tapes from damage and unauthorized use - control the file libraries - much of this work is automated Data Librarian: custody of and maintains the entity's data and ensures production data is released only to authorized individuals Security Administrator: responsible for assignment of initial passwords and maintenance of those passwords - operation of various security systems and security software System Administrator a) Database Administrator: responsible for database software and performing certain security functions - different from data administrators, who are responsible for data within a database b) Network Administrator: support computer networks through performance monitoring and troubleshooting c) Web Administrator: responsible for website Data Input Clerk: prepare, verify, and input data to be processed - this function is being distributed to end users Hardware Technician - sets up and configures hardware and troubleshoots problems End User - workers in an org who enter data in system or who use information processed by the system

Answer 18

bc many transactions are performed by the application software, segregation of duties revolves around granting and/or restricting access to production programs and data 1. System Analysts (hardware) vs Computer Programmers (software) - if same person in charge of both, could easily bypass security w/o anyone knowing to steal org info or assets 2. Computer Operator vs Computer Programmers - if both, could make unauthorized and undetected program changes 3. Security Administrators vs Computer Operators and Programmers - could give themself or others access to areas they are not authorized to enter

Answer 19

IT policies represent mgmt's formal notification to employees regarding the entity's objectives - authority and responsibility are assigned through formal job descriptions, employee training, code of conduct, written policy and procedures manual, operating plans, schedules, and budgets

Answer 20

B1-34 to 39

Answer 21

completion of exchange (buying and selling) transactions | - more specific

Answer 22

use of IT, particularly networking and communications technology, to perform business processes in an electronic form - more general

Answer 23

computer to computer exchange of business transaction documents Reduce Handling Cost and Increased Processing Speed - however to actually reduce costs, the EDI system must be integrated w the org's accounting info systems Standard Data Format - Mapping: determining correspondence b/w data elements in an org's terminology and data elements in standard EDI terminology - Standards: XML is flexible format instead of standard formats of EDI. XMI tells systems the format of data and what kind of info the data is with tags - EDI requires all transactions be submitted in standard data format, translation software is required to convert transaction data Communications - EDI can be implemented using direct links b/w orgs (trading partners) through communication intermediaries (service bureaus), value added networks (VANs) or over the internet - VAN is like mailbox, like a mailbox where transactions can be left until they're retrieved by the other party - internet-based EDI is replacing VAN-based EDI bc it it cheaper Costs of EDI - Legal Costs: modifying and negotiating trading contracts w trading partners and w communications providers - Hardware Costs: cost of equipment - Cost of Translation Software - Cost of Data Transmission : decreasing, especially w internet-based EDI - Process Reengineering and Employee Training Costs - Security, Monitoring, and Control Procedure Costs EDI Controls - audit trails in EDI systems should include 1. activity logs of failed transactions 2. network and sender/receipt acknowledgements - also, encryption of data EDI Risks - unauthorized access to the org's system Comparison of EDI and E Commerce - B4-42 - more expensive, slower (Batch), VAN (Private) vs e commerce that uses internet - only better thing is more secure - EDI requires organizations enter a contract before transacting business, E Commerce does not

Answer 24

analysis and redesign of business processes and information systems to achieve significant performance improvements - reduces a comp to its essential business processes and reshapes its to take advantage of technological advancements Challenges - Tradition: changes in employee culture and beliefs - Resistance - Time and Cost Requirements: takes awhile and is costly - Lack of Mgmt Support: w/o support from top mgmt, reengineering has little chance of succeeding - Skepticism: some people view BPR as traditional systems development in a new wrapper w a fancy name - Retraining: takes time and money - Controls: controls that ensure system reliability and integrity can not be deleted

Answer 25

- business sells to public (B2C) - business sells to business (B2B) - consumer sells to consumer (C2C) - B2B E Commerce: sales occur in wholesale markets and on the supply side of commercial processes - Electronic Market: common for B2B transactions to occur electronically via Internet - Direct Market: electronic transaction b/w businesses where there is a preexisting relationship Advatages of B2B E Commerce - Speed: Internet time - Timing: do not have to occur during normal business hours (globalization) - Personalization: online profiles and can be guided to areas of the website in which it is most interested every time it returns to the website - Security: private info is encrypted - Reliability: gr there is no opportunity for human error Components of B2B - customer connecting to the site through internet - seller's site behind an enterprise firewall - seller's internet commerce center, w a catalog and order entry system - seller's back office systems for inventory mgmt, order processing, and order fulfillment - seller's back office accounting system and - seller's payment gateway communicating through the Internet to validate and authorize payment methods B2B vs B2C - B2C is less complex - B2B involves more participants, more complex products, require order fulfillment be more certain and predictable, payment mechanisms much more complex - B2C has consumer protection while B2B does not

Answer 26

cross functional enterprise system that integrates and automates the many business processes and systems that must work together for various functions of the business - ERP software comprises a number of modules that can function independently or as an integrated system to allow data and info to be shared amount all the diff departments - ERP is often considered a back-office system - does not offer planning ERP Functions - store info in a central repository so data can be entered once then used by all - acts as a framework for integration - * can provide vital cross-functional information quickly to managers across the org in order to assist in the decision-making process

Answer 27

concerned w 4 important characteristics of every sale: what, when where, and how much - goods received should match goods ordered - goods should be delivered on or before date promised - goods should b delivered to the location requested and - cost of goods should be as low as possible Reengineering of Supply Chains - comps reengineer supply chains to increase efficiency, reduce costs, and meet customers' needs SCM Objectives 1. Achieve Flexibility and Responsiveness - are the overall objectives, SCM might incorporate 1 or more of the following:* a) Planning b) Sourcing c) Making d) Delivery 2. Supply Chain Planning Software - utilized to improve the flow and efficiency of the supply chain and reduce inventory - supply chain execution software automates the various steps of the supply chain 3. Often Termed as Extension of ERP - but more complex

Answer 28

provides sales force automation and customer services in an attempt to manage customer relationships CRM Objectives - increase customer satisfaction - thus increasing revenue and profitability - attempts to do this by appearing to market to each customer individually - 5 to 10 times more expensive to acquire a new customer than to obtain repeat business from an existing customer Categories of CRM 1. Analytical CRM: creates and exploits knowledge of comp's current and future customers to drive business decisions 2. Operational CRM: automation of customer contacts or contact points

Answer 29

- form of electronic payment for banking and retailing industries - the Federal Reserve Fedwire System is used freq. in EFT to reduce the time and expense required to process checks and credit transactions - Third Party Vendor: EFT service is often provided by a third party vendor who acts as the intermediary b/w a company and the banking system - Data Encryption is critical - Reduction in Errors bc it is more electronic

Answer 30

provide access to application programs on a rental basis - like renting an apt vs buying - allow smaller comps to avoid high cost of owning and maintaining a application system - stayed owned by ASP and they're responsible for updating and backups Advantages - lower costs - greater flexibility - small business dont have to hire system experts Disadvantages - risks to security and privacy of data - financial liability of ASP (like a bad landlord) - possible poor support by ASP (like a bad landlord) Concepts Similar to ASP - IBM similar in its utility computing and e-commerce on demand strategies - similar to timesharing providers or service bureaus of the past that rented raw computing power to customers - related ASPs are present day service bureaus, which perform processing outside the org

Answer 31

used just to look at information, but now you can interact with websites Collaborative Websites and Social Networking - wiki: a type of collaborative website in which users can browse contact and modify it - facebook, blackboard collaborate (businesses), etc Dynamic Content - content that changes frequently and can include video, audio and animation - dynamically embedded in web pages through XML w data stored in a database separate from the web page

Answer 32

web pages that are collages of other web pages and info - e.g. google maps - allows user to view various sources of information

Answer 33

1. Stand Alone Web Stores - not integrated w larger accounting system - hosted by shopping cart software - financial reports are generated by the software and import them into general accounting software 2. Integrated Web Store - ERP systems that integrate all the major accounting functions, as well as the web store, into a single software system

Answer 34

virtual servers available over the internet - includes any subscription-based or pay-per-use service that extends an entity's existing IT capabilities on a real-time basis over the internet - a public cloud sells services to anyone on the internet - a private cloud is a private network that provides services to a limited number of customers - cloud providers gr have sophisticated backup procedures as well as high level security for customer data 1. Infrastructure-as-a-Service - aka Hardware-as-a-Service (HaaS) - outsources storage, hardware, services, and networking components to customers, gr on a per use basis 2. Platform-as-a-Service - allows customers to rent virtual servers and related services that can be used to develop and test new software applications 3. Software-as-a-Service - method of software distribution in which applications are hosted by a vendor and made available to customers over the Internet - aka ASP (application service provider)

Answer 35

tag-based formatting language used for web pages

Answer 36

the communications protocol used to transfer web pages on the world wide web - HTTPS is the secure version of HTTP that uses SSL (secure socket layer) for its security

Answer 37

technical name for a web address - transfer protocol: http:// or ftp:// - server: www indicates a web server - domain name: becker.com, becker is the subdomain name - top-level domain: .com, .net, etc - country: .US, .DE, etc

Answer 38

transmission protocol of the internet protocol suite - TCP is a transport layer protocol - is a reliable and a connection-oriented protocol - a protocol is a set of rules required for electronic communications to take place

Answer 39

name that includes 1 or more Internet Protocol (IP) addresses: a numerical label assigned to each device in a network - becker.com is the domain name - .com is the top level domain name - Becker is a second level domain name - organizations w second-level domain names have to have a DNS server - a third level domain name is an individual host and would be something like olinto.becker.com - the entire address is called a fully qualified domain name - file name: if there was becker.com/students and anything after students - a DNS root server is the server that administers the top-level domain names

Answer 40

system of domain names that is employed by the internet - the internet is based on IP addresses, not domain names - each web server requires a domain name server to translate domain names into IP addresses - domain name servers are like large electronic telephone books

Answer 41

obtaining control of domain names w the intent of warehousing (owning them w/o using them)

Answer 42

computer that delivers a web page upon requires - every web server has an IP address - any computer can be turned into a web server by installing web server software and connecting to the internet

Answer 43

organization that maintains a number of web servers and provides fee-paying customers w space to maintain their websites

Answer 44

set of standards for wireless local area networks (LANs) - Wi-Fi Alliance is a global nonprofit org created in 1999 w goal of driving the adoption of a single worldwide accepted standard for high-speed wireless LANs

Answer 45

internet protocol for transporting data b/w different applications w/i a company's boundaries or across companies - XML may be used w web services to produce automated info exchange b/w computers and software and to automate business reporting processes

Answer 46

risks in a business information system: Strategic Risk: risk of choosing inappropriate technology Operating Risk: risk of doing the right things the wrong way Financial Risk: risk of having financial resources lost, wasted, or stolen Information Risk: risk of loss of data integrity, incomplete transactions, or hackers

Answer 47

risks can be divided into 3 categories 1. Errors - unintentional 2. Intentional Acts - sabotage, embezzlements, viruses, etc 3. Disasters - floods, earthquakes, war, terrorism, etc

Answer 48

1. Virus: piece of computer program that inserts itself into some other program, including operating systems, to propagate and harm files and programs - requires a host program, cannot run independently 2. Worm: program that can run independently and normally propagates itself over a network - cannot attach itself to other programs - special type of virus 3. Trojan Horse: program that appears to have a useful function but contains hidden and unintended function that presents a security risk - normally does not replicate itself 4. Denial-of-Service Attack: one computer or group of computers bombards another computer w a flood of network traffic - computers attacking called zombies 5. Phishing: sending of phony e-mails to try to lure people to phony websites where they're asked for information that will allow the phisher to impersonate the user

Answer 49

Risk: possibility of harm or loss Threat: any eventuality that represents a danger to an asset or a capability linked to hostile intent - how that risk could manifest Vulnerability: characteristic of a design that makes it susceptible to a threat - are we defended against it? Safeguards and Controls: policies and procedures that, when effectively applied, reduce or minimize vulnerabilities Risk Assessment - before risks can be managed, they must be assessed - steps in risk assessment: identify threats, evaluate probability, evaluate exposure in terms of potential loss, identify controls that could guard against the threat, evaluate the costs and benefits of implementing controls, and implement controls that are cost effective Evaluation and Types of Controls - controls are always evaluated on a cost/benefit basis - access controls and data and procedural controls are important tools of risk management, as is disaster recovery

Answer 50

physical access to computer rooms should be limited to computer operators and other personnel of the IT department - restricted access via ID cards or keys, manual locks, etc

Answer 51

User Identification Code - couple w regularly changed passwords - backdoors, a means of access to program/system that bypass normal security so program/system can be easily accessed for troubleshooting, should be eliminated - dual authentication File-Level Access Attributes - control privileges a user has to a file - e.g. read-only Callbacks on Dial-up Systems - system automatically looks up phone # of user and calls to authorize them before access is allowed - less common as fewer users accessing networks via phone lines File Attributes - set to restrict writing, reading, and/or directory privileges for a file - extremely basic Firewalls - both hardware and software system of user ID and authentication that prevents unauthorized users from gaining access to the network - acts as a gatekeeper, for those who try to come in - firewalls deter, but can not completely prevent - network firewalls protect network as a whole - application firewalls protect specific application services - Firewall Methodologies a) packet filtering: examines packets of data, simplest type but can be circumvented by an intruder who forges an acceptable address (IP spoofing) b) circuit level gateways: allow data into a network only when computer inside the network request the data c) application level gateways (aka proxies): examine data coming in in a more sophisticated fashion, more secure but can be slow

Answer 52

entity's plan for restoring and continuing operations in the event of the destruction of program and data files, as well as processing capabilities - if processing cannot be quickly reestablished at the original processing site, then disaster recover is necessary Major Players in Disaster Recovery - organization itself, senior mgmt - disaster recovery service provider - possibly package vendors if software packages are utilized or hardware vendors for distributed processing Steps in Disaster Recovery 1. assess the risk 2. identify mission-critical applications and data 3. develop a plan 4. determine the responsibilities of personnel involved 5. test the plan

Answer 53

1. Use of a Disaster Recovery Service - from outsider providers - ranging from an empty room to complete facilities - major emphasis on hardware and telecommunications services 2. Internal Disaster Recovery - some orgs w req. for instantaneous resumption of processing after a disaster provide their own duplicate facilities in separate locations - data might be mirrored and processing can switch almost instantaneously from one location to another - expensive 3. Multiple Data Center Backups - full backup: exact copy of the entire database; take the longest - incremental backup: copying only data changed since last backup; shortest, but have to restore last full back up then manually add every incremental backup since - differential backup: copies all changes made since last full backup; each new differential backup consists of cumulative effects since last backup; middle amount of time

Answer 54

Cold Site - 1-3 days slowest, cheapest - has electrical connections and other physical requirements, but does not have equipment Hot Site - few hours, quickest, most expensive - equipped to take over comp's data processing - backup copies of essential data files and programs may be maintained at location or nearby data storage facility Warm Site - 1/2 day to 1 day, middle - stocked w all the hardware it takes to create a reasonable facsimile of the primary data center - backups must be retrieved and delivered to warm site - bare-metal restoration of operating system and network must be completed before recover work can be done

Answer 55

combination of IT resources and defined processes

Answer 56

combination of IT resources and defined processes

Answer 57

memory where portions of a program not being executed are stored, but it is not real memory - it's actually part of disk storage - it's stored in real memory when it is to be executed

Answer 58

disk storage where multiple disk drives are combined to obtain the performance, capacity, and reliability that exceeds that of a large disk