B4- Information Systems & Communication Flashcards
Information Technology (IT)
a general term that encompasses many different computer-related components
- Hardware- physical computer, peripheral device
- Software- systems & programs, general or specific
- Network- comm media, allows multiple computers to share data & info in real time
- People (in IT)- all have standard functions, can have different job titles
- Data & Information
Data
vs.
Information
Data = raw facts
Information = organized & processed data
Production Data
vs.
Test Data
Production Data- live/real data
Test Data- staging data, fake data for testing purposes
Roles of Business Information Systems (BIS)
- Process Detailed Data (TPS)
- Assist in Making Daily Decisions (DSS)
- Assist in Developing Decision Strategies (EIS)
- Take Orders from Customers
Data Capture
First step in processing business transactions
Techniques
- Manual Entries
- Source Data Automation (barcode scanners)
Data Accuracy
- Well Designed Input Screens (fool proof)
- Prenumbered Forms
Data Processing
After data is collected, it must be processed
Functions Performed on Data
- Collect
- Process
- Store
- Transform
- Distribute
Normal Series of Events in a BIS
1- set up by hardware technician, network admin, and software developers
2- functional system ready for end user to input data
Accounting Information Systems (AIS)
definition
an AIS is a type of MIS, and may also be partly a TPS. a well-designed AIS creates an audit trail for accounting transactions
Objectives of an AIS
to record valid transactions at the proper value, in the proper accounting period & properly present in FS
Sequence of Events in AIS
- Source Document
- Filed
- Journal
- Ledger
- Trial Balance
- FS Report
Transaction Cycles of AIS
5 Cycles:
- Revenue
- Expenditure
- Production
- HR/Payroll
- Financing
Data Processing Cycle
- Input
- Storage
- Process
- Output
Data Processing Cycle:
1- Input
- make sure all transactions of interest are accounted for
- input verification (tracing to source documents/turnaround docs)
- data input is verified prior to acceptance
Data Processing Cycle:
2- Storage
Methods
- Journals & Legers
- Coding (sequence, block & group codes)
- Chart of Accounts
Sequence Codes
use seqential numbers, like checks
Block Codes
blocks of numbers group into categories
Assets = 1000s
Group Code
More specific form of block codes
123456
123= appliance
45= kitchen
6= product
Data Processing Cycle:
2- Storage
Computer storage terms
- Entity
- Attributes
- Field
- Record
- Data Value
- File
- Master File
- Transaction File
- Database
Entity
subject of stored info
Attributes
data is related to:
Field
Data Value stored in a specific space (cell)
Record
Many fields
Data Value
contents of fields
File
many records
Master file
like a ledger
Transaction File
like a journal
Database
interrelated files
Data Processing Cycle:
3- Process
transactions are processed to keep info current
methods: either Batch or OLRT
Data Processing Cycle:
4- Output
- Documents- check, PO, receipt
- Reports- internal or external
- Query- request for specific data
Data Processing Methodology
Batch Processing
Transactions are collected and groupedby type. These groups (batches) are processed periodically. May use sequential storage or random access storage devices
- always a time delay (slower)
- Steps: 1) Create a transaction file (batch file), 2) Update the master file
- Compare manual and computer-generated batch totals
Data Processing Methodology
Online Real Time (OLRT) Processing
master files are updated as the transactions are entered. requires random access storage devices only
- immediate processing (faster)
- OLRT often used in network systems
- Point-of-sale systems (POS)- scanners
sequential storage
magnetic tape
data stored in sequential order, eventually will need to write over earlier data when full
Random Access Storage Devices
Hard drive
computer immediately updates device and files are stored everywhere
Centralized Processing
vs.
Decentralized Processing
CENTRALIZED- all data @ central location (motherboard)
Pros:
- enhanced data security
- consistent processing
Cons:
- possible high cost
- inc need for processing & data storage @ center
- reduction in local accountability
- bottlenecks
DECENTRALIZED- spread out over many locations via LAN/WAN
Reporting
Types of Reports
- Periodic Scheduled Reports (monthly F/S)
- Exception Reports (credit bal > credit limit)
- Demand Reports/Response Reports/Pull Reports
- Ad Hoc Reports (end user creates w/ query)
- Push Reports (updates when data changes)
- Dashboard Reports (summary info for management)
Categories of Business Information Systems (BIS)
- Transaction Processing Systems (TPS)- process & record routine daily transactions
- Management Information Systems (MIS)- reports
- Decision Support Systems (DSS)- assist managers in making DAILY business decisions/Interactive System
- Executive Information Systems (EIS)- only used by top managers, immediate & easy assess for strategic decision making
Systems Development Life Cycle (SDLC)
Provides a framework for planning & controlling the detailed activities associated with systems development
“Big-design-up-front” / waterfall approach
A DITTO
- A- Systems Analysis & Planning
- D- Design (conceptual & Physical)
- I- Implementation & Conversion
- T- Training
- T- Testing
- O- Operations & Maintenance
Systems Development Life Cycle (SDLC)
Systems Analysis & Planning
- Define nature & scope of project, and identify strengths and weaknesses
- conduct in-depth study of proposed system & determine feasibility
Systems Development Life Cycle (SDLC)
Conceptual Design
- Identify & evaluate the appropriate design alternatives to meet user needs.
- New systems might involve: buying software, developing software in-house, or outsourcing systems development
Systems Development Life Cycle (SDLC)
Implementation & Conversion
Steps
- Install new hardware/software
- Hire/relocate employees to operate the system
- Test/modify new processing procedures
- Establish/document standards and controls for the new system
- Convert to new system & dismantle old
- Fine-tuning
IT Control Objectives
Control Objectives for Information & Related Technology (COBIT) framework provides a set of measures, indicators, processes & best practices to maximize the benefit of IT
COBIT Framework Outline
- Business Objectives
- Governance Objectives
- Information Criteria
- IT Resources
- Domains & Processes
COBIT Framework:
Business Objectives
- Effective Decision Support
- Efficient Transaction Processing
- Reporting Requirements
COBIT Framework:
Governance Objectives
- Strategic Alignment- btwn IT & customer satisfaction
- Value Delivery- IT delivers benefits to adv overall bus strat –> cust satisfaction
- Resource Management- applications, info, infrastructure, people
- Risk Management (B1)- risk awareness by understanding risk appetite & risk man responsibilities
- Performance Measurement- essential!
Role of Technology Systems in Control Monitoring:
General Controls
vs.
Application Controls
General Controls- Control environment is stable & well managed
Application Controls- prevent, detect & correct error & fraud
General Controls
- Info Systems Management Controls
- Security Management Controls
- IT Infrastructure Controls
- Software acquisition, development & maintenance controls
Application Controls
- Accuracy
- Completeness
- Validity
- Authorization
Processing Controls
- Data Matching
- Recalculation of Batch Totals
- Cross-Footing and Zero-Balance Tests
Input Controls
vs.
Output Controls
Input Controls- “garbage in, garbage out”
Output Controls- user review of output, reconciliation, & encryption
Control Effectiveness
- Strategic Master Plan- planning LT growth
- Data Processing Schedule
- Steering Committee- guide & oversee systems development & acquisition
- System Performance Measurements
IT Professionals:
System Analysts
- Internally Developed System: deign hardware & decide network
- Outside Purchased System: (System Integrators)- integrate new system w/ old
IT Professionals:
Computer Programmer
- Application Programmer/Software Developer- can be system integrators
- System Programmer- install, support, monitor & maintain operating system
IT Professionals:
Computer Operator
obsolete
IT Professionals:
IT Supervisor
manages IT department
IT Professionals:
File Librarian
controls files from damage & unauthorized use
IT Professionals:
Data Librarian
has custody & maintains entity’s data
IT Professionals:
Security administrator
assigns & maintains passwords
IT Professionals:
System Adminstrator
- Database Adminstrator (DBA)- maintains & supports database software
- Network Adminstrator- supports computer networks
- Web Administrator- responsible for info on website
IT Professionals:
Data Input Clerk
Obsolete
IT Professionals:
Hardware Technician
sets up & configures hardware & troubleshoots problems
IT Professionals:
End User
anyone who enters data or uses information
IT Professionals:
Data Adminstrator (DA)
end user (scientist who knows the data, but DBA designs system)
The purpose of IT systems policies is to…
represent management’s formal notification to employees regarding the entity’s objectives
Who safeguards records & files?
file librarian
Son-Father-Grandfather Concept
File Backup
Son = most recent back up… w/ 2+ previous backups
periodic (daily) transaction files are stored separately
Backups of systems that
can be shut down
vs.
do not shut down
can be shut down = easy, backup when no one is on system
do not shut down = more difficult and technically complex
Mirroring
file backup
the backup computer is an exact real time duplicate of the actual system. very expensive but efficient
Uninterrupted Power Supply (UPS)
used so equipment does not lose power or crash during power outage
aka battery backup
Program Modification Controls
prevent unauthorized changes & track changes
Data Encryption
encryption involves using a digital key to encrypt plaintext into cybertext. The intended recipient uses their digital key to decrypt the cybertext back to plaintext
Digital Certificates
electronic doc, created & digitally signed by trusted party
Public Key Infrastructure (PKI)
system used to issue & makage keys & digital certificates
Managing Passwords
- length > 7 characters
- complexity, contain 3/4 character types
- age- NSA: 90 days
- reuse- NSA: not last 24
User Access
- HR (& IT) provides new employee initial access & authorization for system access
- HR & IT must make changes for employee in position
IT Security Policies
the most crucial element in a corporate information security infrastructure & must be considered long before security technology is acquired & deployed
Security Policy Goal
require people to protect information
Electronic Commerce
vs.
Electronic Business
E-Commerce
electronic exchange transactions
E-Business
any use of IT in business (may or may not involve a transaction
Electronic Data Interchange (EDI)
is the computer to computer exchange of business transaction documents that allow direct processing (no human input)
Benefits of EDI
- Reduced Handling Costs & Increased Processing Speed
- Standard Data Format (XML)
- Communications- use VAN
Costs of EDI
- Legal Costs (trade contracts)
- Hardware Costs
- Costs of Translation Software
- Costs of Data Transmission (VAN)
- Process Reengineering & Employee Training Costs
- Security, Monitoring & Control Procedures
EDI (VAN)
vs.
E-Commerce (Internet)
VAN
- costs more
- more secure
- slower (batch)
Internet
- costs less
- less secure
- faster (OLRT)
Business Process Reengineering (BPR)
= improving systems over time
Challenges faced in BPR
- Tradition
- Resistance
- Time & Cost Requirements
- Lack of Management Support
- Retraining
Importance of B2B
- Speed- faster processing (Internet)
- Timing- 24/7
- Personalization- online profile
- Security- encryption
- Reliability- no opportunity for human error
Enterprise Resource Planning Systems (ERP)
Functions
- store info in central repository so dat may be intered, accessed, & used by various deprtments
- Provide vital cross-functional info quickly to managers for strategic planning (EIS)
Supply Chain Managemenr Systems (SCM)
Characteristics
- What- goods received should match goods ordered
- When- goods should be delivered by data promised
- Where- goods should be delivered to location requested
- How much- goods should cost as low as possible
Supply Chain Management Systems (SCM)
Objectives
To Achieve Flexibility & Reposnsiveness Through:
- Planing
- Sourcing
- Making
- Delivery
Objective of
Customer Relationship Management Systems (CRM)
to increase customer satisfaction
80% of sales come from 20% of customers
Electronic Funds Transfer (EFT)
- third party vendor
- data encryption
- reduction in errors
Application Service Providers (ASP)
renting systems
- Adv- lower cost, greater flexibility
- Disadv- possible security & privacy risks, possible poor support by ASP
Web 2.0
Colllaborative Websites & Social Networking
Dynamic Content
Mashups
collages of other webpages & info
Stand Alone Web Stores
not integrated with the accounting system
ex: shopping cart software
Integrated Web Store
Larger companies, integrated into a single software system
cloud computing
virtual servers over the Internet (less expensive)
HTML
Hypertext Markup Language
formatting for webpage
HTTP
Hypertext Transfer Protocol
transfers pages to web
URL
Uniform Resource Locator
http://www.Becker.com.us
- http:// (transfer protocol)
- www (server)
- Becker (domain name)
- .com (top-level domain)
- .us (country)
Risk Event Identification:
4 main Risks
- Strategic Risk
- Operating Risk
- Financial Risk
- Informational Risk
Strategic Risk
risk of choosing innappropriate technology
Operating Risk
Risk of doing the right think the wrong way
Financial Risk
Risk of having financial resources lost, wasted or stolen
Informational RIsk
Risk of loss of data integrity, incomplete transactions, or hackers
3 Specific Risks
- Errors
- Intentional Acts
- Disasters
Threats in a Computerized Environment
- Virus
- Worm
- Trojan Horse
- Denial-of-Service (DOS) Attack
- Phishing
Virus
program that inserts itself into another program to propogate
Worm
virus that runs independently w/o a host program
Trojan Horse
Appears to have a useful function but contains hidden security risk
Denial-of-Service Attack (DOS)
floods network and intended users are unable to reach the webpage
Phishing
sending phony emails to lure people to a fake website for financial information
Risk
possibility of harm or loss
Threat
hostile intent
Vulnerability
characteristic of design, suceptible to threat
Safeguard & Controls
spend money on controls to minimize vulnerability
Physical Access Controls
vs
Electronic Access Controls
Physical Access
- locks, ID cards
Electronic Access
- User ID codes w/ regularly changed pws
- File Attributes/permissions
- Firewalls= gatekeepers
Firewalls
Firewalls deter but cannot completely prevent
Network Firewalls- Physical Device “box”
Application Firewalls- protect specific software
Disaster Recovery
plan for continuing operations in the event of the destruction of program & data files and processing capabilities
What are the steps in Disaster Recovery
- Assess the risks
- Identify mission-critical applications & data
- Develop a plan
- Determine the responsibilities for personnel involved
- Test the plan
Types of Disater Recovery
- Use of Disaster Recovery Service (External)
- Internal Disaster Recovery (mirroring)
- Multiple Data Center Backup
Types of Mutiple Data Center Backups
Longest to Shortest
- Full Backup= exact copy of entire database
- Differential Backup= copy only items changed since last FULL backup
- Incremental Backup= copy only items changed since last partial backup
Types of Off-Site Locations
- Cold Site (cheapest, 1-3 days)- no actual equipment
- Warm Site (compromise, 1/2-1 day)- all hardware needed to create simple data center
- Hot Site (most expensive, few hours)- just need to recover backup
XBRL
extensible business reporting language
= designed to exchange financial info over web
What is a computer network that connect computers of all sized, workstations, terminals, and other devices within a limited proximity?
LAN