B4- Information Systems & Communication

Question 1

Information Technology (IT)

Answer 1

a general term that encompasses many different computer-related components

• Hardware- physical computer, peripheral device
• Software- systems & programs, general or specific
• Network- comm media, allows multiple computers to share data & info in real time
• People (in IT)- all have standard functions, can have different job titles
• Data & Information

Question 2

Data

vs.

Information

Answer 2

Data = raw facts

Information = organized & processed data

Question 3

Production Data

vs.

Test Data

Answer 3

Production Data- live/real data

Test Data- staging data, fake data for testing purposes

Question 4

Roles of Business Information Systems (BIS)

Answer 4

• Process Detailed Data (TPS)
• Assist in Making Daily Decisions (DSS)
• Assist in Developing Decision Strategies (EIS)
• Take Orders from Customers

Question 5

Data Capture

Answer 5

First step in processing business transactions

Techniques

• Manual Entries
• Source Data Automation (barcode scanners)

Data Accuracy

• Well Designed Input Screens (fool proof)
• Prenumbered Forms

Question 6

Data Processing

Answer 6

After data is collected, it must be processed

Functions Performed on Data

• Collect
• Process
• Store
• Transform
• Distribute

Question 7

Normal Series of Events in a BIS

Answer 7

1- set up by hardware technician, network admin, and software developers

2- functional system ready for end user to input data

Question 8

Accounting Information Systems (AIS)

definition

Answer 8

an AIS is a type of MIS, and may also be partly a TPS. a well-designed AIS creates an audit trail for accounting transactions

Question 9

Objectives of an AIS

Answer 9

to record valid transactions at the proper value, in the proper accounting period & properly present in FS

Question 10

Sequence of Events in AIS

Answer 10

1. Source Document
2. Filed
3. Journal
4. Ledger
5. Trial Balance
6. FS Report

Question 11

Transaction Cycles of AIS

Answer 11

5 Cycles:

• Revenue
• Expenditure
• Production
• HR/Payroll
• Financing

Question 12

Data Processing Cycle

Answer 12

1. Input
2. Storage
3. Process
4. Output

Question 13

Data Processing Cycle:

1- Input

Answer 13

• make sure all transactions of interest are accounted for
• input verification (tracing to source documents/turnaround docs)
• data input is verified prior to acceptance

Question 14

Data Processing Cycle:

2- Storage

Methods

Answer 14

• Journals & Legers
• Coding (sequence, block & group codes)
• Chart of Accounts

Question 15

Sequence Codes

Answer 15

use seqential numbers, like checks

Question 16

Block Codes

Answer 16

blocks of numbers group into categories

Assets = 1000s

Question 17

Group Code

Answer 17

More specific form of block codes

123456

123= appliance

45= kitchen

6= product

Question 18

Data Processing Cycle:

2- Storage

Computer storage terms

Answer 18

1. Entity
2. Attributes
3. Field
4. Record
5. Data Value
6. File
7. Master File
8. Transaction File
9. Database

Question 19

Entity

Answer 19

subject of stored info

Question 20

Attributes

Answer 20

data is related to:

Question 21

Field

Answer 21

Data Value stored in a specific space (cell)

Question 22

Record

Answer 22

Many fields

Question 23

Data Value

Answer 23

contents of fields

Question 24

File

Answer 24

many records

Question 25

Master file

Answer 25

like a ledger

Question 26

Transaction File

Answer 26

like a journal

Question 27

Database

Answer 27

interrelated files

Question 28

Data Processing Cycle:

3- Process

Answer 28

transactions are processed to keep info current

methods: either Batch or OLRT

Question 29

Data Processing Cycle:

4- Output

Answer 29

• Documents- check, PO, receipt
• Reports- internal or external
• Query- request for specific data

Question 30

Data Processing Methodology

Batch Processing

Answer 30

Transactions are collected and groupedby type. These groups (batches) are processed periodically. May use sequential storage or random access storage devices

• always a time delay (slower)
• Steps: 1) Create a transaction file (batch file), 2) Update the master file
• Compare manual and computer-generated batch totals

Question 31

Data Processing Methodology

Online Real Time (OLRT) Processing

Answer 31

master files are updated as the transactions are entered. requires random access storage devices only

• immediate processing (faster)
• OLRT often used in network systems
• Point-of-sale systems (POS)- scanners

Question 32

sequential storage

Answer 32

magnetic tape

data stored in sequential order, eventually will need to write over earlier data when full

Question 33

Random Access Storage Devices

Answer 33

Hard drive

computer immediately updates device and files are stored everywhere

Question 34

Centralized Processing

vs.

Decentralized Processing

Answer 34

CENTRALIZED- all data @ central location (motherboard)

Pros:

• enhanced data security
• consistent processing

Cons:

• possible high cost
• inc need for processing & data storage @ center
• reduction in local accountability
• bottlenecks

DECENTRALIZED- spread out over many locations via LAN/WAN

Question 35

Reporting

Types of Reports

Answer 35

• Periodic Scheduled Reports (monthly F/S)
• Exception Reports (credit bal > credit limit)
• Demand Reports/Response Reports/Pull Reports
• Ad Hoc Reports (end user creates w/ query)
• Push Reports (updates when data changes)
• Dashboard Reports (summary info for management)

Question 36

Categories of Business Information Systems (BIS)

Answer 36

• Transaction Processing Systems (TPS)- process & record routine daily transactions
• Management Information Systems (MIS)- reports
• Decision Support Systems (DSS)- assist managers in making DAILY business decisions/Interactive System
• Executive Information Systems (EIS)- only used by top managers, immediate & easy assess for strategic decision making

Question 37

Systems Development Life Cycle (SDLC)

Answer 37

Provides a framework for planning & controlling the detailed activities associated with systems development

“Big-design-up-front” / waterfall approach

A DITTO

• A- Systems Analysis & Planning
• D- Design (conceptual & Physical)
• I- Implementation & Conversion
• T- Training
• T- Testing
• O- Operations & Maintenance

Question 38

Systems Development Life Cycle (SDLC)

Systems Analysis & Planning

Answer 38

• Define nature & scope of project, and identify strengths and weaknesses
• conduct in-depth study of proposed system & determine feasibility

Question 39

Systems Development Life Cycle (SDLC)

Conceptual Design

Answer 39

• Identify & evaluate the appropriate design alternatives to meet user needs.
• New systems might involve: buying software, developing software in-house, or outsourcing systems development

Question 40

Systems Development Life Cycle (SDLC)

Implementation & Conversion

Steps

Answer 40

1. Install new hardware/software
2. Hire/relocate employees to operate the system
3. Test/modify new processing procedures
4. Establish/document standards and controls for the new system
5. Convert to new system & dismantle old
6. Fine-tuning

Question 41

IT Control Objectives

Answer 41

Control Objectives for Information & Related Technology (COBIT) framework provides a set of measures, indicators, processes & best practices to maximize the benefit of IT

Question 42

COBIT Framework Outline

Answer 42

• Business Objectives
• Governance Objectives
• Information Criteria
• IT Resources
• Domains & Processes

Question 43

COBIT Framework:

Business Objectives

Answer 43

• Effective Decision Support
• Efficient Transaction Processing
• Reporting Requirements

Question 44

COBIT Framework:

Governance Objectives

Answer 44

1. Strategic Alignment- btwn IT & customer satisfaction
2. Value Delivery- IT delivers benefits to adv overall bus strat –> cust satisfaction
3. Resource Management- applications, info, infrastructure, people
4. Risk Management (B1)- risk awareness by understanding risk appetite & risk man responsibilities
5. Performance Measurement- essential!

Question 45

Role of Technology Systems in Control Monitoring:

General Controls

vs.

Application Controls

Answer 45

General Controls- Control environment is stable & well managed

Application Controls- prevent, detect & correct error & fraud

Question 46

General Controls

Answer 46

• Info Systems Management Controls
• Security Management Controls
• IT Infrastructure Controls
• Software acquisition, development & maintenance controls

Question 47

Application Controls

Answer 47

• Accuracy
• Completeness
• Validity
• Authorization

Question 48

Processing Controls

Answer 48

• Data Matching
• Recalculation of Batch Totals
• Cross-Footing and Zero-Balance Tests

Question 49

Input Controls

vs.

Output Controls

Answer 49

Input Controls- “garbage in, garbage out”

Output Controls- user review of output, reconciliation, & encryption

Question 50

Control Effectiveness

Answer 50

• Strategic Master Plan- planning LT growth
• Data Processing Schedule
• Steering Committee- guide & oversee systems development & acquisition
• System Performance Measurements

Question 51

IT Professionals:

System Analysts

Answer 51

• Internally Developed System: deign hardware & decide network
• Outside Purchased System: (System Integrators)- integrate new system w/ old

Question 52

IT Professionals:

Computer Programmer

Answer 52

• Application Programmer/Software Developer- can be system integrators
• System Programmer- install, support, monitor & maintain operating system

Question 53

IT Professionals:

Computer Operator

Answer 53

obsolete

Question 54

IT Professionals:

IT Supervisor

Answer 54

manages IT department

Question 55

IT Professionals:

File Librarian

Answer 55

controls files from damage & unauthorized use

Question 56

IT Professionals:

Data Librarian

Answer 56

has custody & maintains entity’s data

Question 57

IT Professionals:

Security administrator

Answer 57

assigns & maintains passwords

Question 58

IT Professionals:

System Adminstrator

Answer 58

• Database Adminstrator (DBA)- maintains & supports database software
• Network Adminstrator- supports computer networks
• Web Administrator- responsible for info on website

Question 59

IT Professionals:

Data Input Clerk

Answer 59

Obsolete

Question 60

IT Professionals:

Hardware Technician

Answer 60

sets up & configures hardware & troubleshoots problems

Question 61

IT Professionals:

End User

Answer 61

anyone who enters data or uses information

Question 62

IT Professionals:

Data Adminstrator (DA)

Answer 62

end user (scientist who knows the data, but DBA designs system)

Question 63

The purpose of IT systems policies is to…

Answer 63

represent management’s formal notification to employees regarding the entity’s objectives

Question 64

Who safeguards records & files?

Answer 64

file librarian

Question 65

Son-Father-Grandfather Concept

Answer 65

File Backup

Son = most recent back up… w/ 2+ previous backups

periodic (daily) transaction files are stored separately

Question 66

Backups of systems that

can be shut down

vs.

do not shut down

Answer 66

can be shut down = easy, backup when no one is on system

do not shut down = more difficult and technically complex

Question 67

Mirroring

Answer 67

file backup

the backup computer is an exact real time duplicate of the actual system. very expensive but efficient

Question 68

Uninterrupted Power Supply (UPS)

Answer 68

used so equipment does not lose power or crash during power outage

aka battery backup

Question 69

Program Modification Controls

Answer 69

prevent unauthorized changes & track changes

Question 70

Data Encryption

Answer 70

encryption involves using a digital key to encrypt plaintext into cybertext. The intended recipient uses their digital key to decrypt the cybertext back to plaintext

Question 71

Digital Certificates

Answer 71

electronic doc, created & digitally signed by trusted party

Question 72

Public Key Infrastructure (PKI)

Answer 72

system used to issue & makage keys & digital certificates

Question 73

Managing Passwords

Answer 73

• length > 7 characters
• complexity, contain 3/4 character types
• age- NSA: 90 days
• reuse- NSA: not last 24

Question 74

User Access

Answer 74

• HR (& IT) provides new employee initial access & authorization for system access
• HR & IT must make changes for employee in position

Question 75

IT Security Policies

Answer 75

the most crucial element in a corporate information security infrastructure & must be considered long before security technology is acquired & deployed

Question 76

Security Policy Goal

Answer 76

require people to protect information

Question 77

Electronic Commerce

vs.

Electronic Business

Answer 77

E-Commerce

electronic exchange transactions

E-Business

any use of IT in business (may or may not involve a transaction

Question 78

Electronic Data Interchange (EDI)

Answer 78

is the computer to computer exchange of business transaction documents that allow direct processing (no human input)

Question 79

Benefits of EDI

Answer 79

• Reduced Handling Costs & Increased Processing Speed
• Standard Data Format (XML)
• Communications- use VAN

Question 80

Costs of EDI

Answer 80

• Legal Costs (trade contracts)
• Hardware Costs
• Costs of Translation Software
• Costs of Data Transmission (VAN)
• Process Reengineering & Employee Training Costs
• Security, Monitoring & Control Procedures

Question 81

EDI (VAN)

vs.

E-Commerce (Internet)

Answer 81

VAN

• costs more
• more secure
• slower (batch)

Internet

• costs less
• less secure
• faster (OLRT)

Question 82

Business Process Reengineering (BPR)

Answer 82

= improving systems over time

Question 83

Challenges faced in BPR

Answer 83

• Tradition
• Resistance
• Time & Cost Requirements
• Lack of Management Support
• Retraining

Question 84

Importance of B2B

Answer 84

• Speed- faster processing (Internet)
• Timing- 24/7
• Personalization- online profile
• Security- encryption
• Reliability- no opportunity for human error

Question 85

Enterprise Resource Planning Systems (ERP)

Functions

Answer 85

• store info in central repository so dat may be intered, accessed, & used by various deprtments
• Provide vital cross-functional info quickly to managers for strategic planning (EIS)

Question 86

Supply Chain Managemenr Systems (SCM)

Characteristics

Answer 86

• What- goods received should match goods ordered
• When- goods should be delivered by data promised
• Where- goods should be delivered to location requested
• How much- goods should cost as low as possible

Question 87

Supply Chain Management Systems (SCM)

Objectives

Answer 87

To Achieve Flexibility & Reposnsiveness Through:

• Planing
• Sourcing
• Making
• Delivery

Question 88

Objective of

Customer Relationship Management Systems (CRM)

Answer 88

to increase customer satisfaction

80% of sales come from 20% of customers

Question 89

Electronic Funds Transfer (EFT)

Answer 89

• third party vendor
• data encryption
• reduction in errors

Question 90

Application Service Providers (ASP)

Answer 90

renting systems

• Adv- lower cost, greater flexibility
• Disadv- possible security & privacy risks, possible poor support by ASP

Question 91

Web 2.0

Answer 91

Colllaborative Websites & Social Networking

Dynamic Content

Question 92

Mashups

Answer 92

collages of other webpages & info

Question 93

Stand Alone Web Stores

Answer 93

not integrated with the accounting system

ex: shopping cart software

Question 94

Integrated Web Store

Answer 94

Larger companies, integrated into a single software system

Question 95

cloud computing

Answer 95

virtual servers over the Internet (less expensive)

Question 96

HTML

Answer 96

Hypertext Markup Language

formatting for webpage

Question 97

HTTP

Answer 97

Hypertext Transfer Protocol

transfers pages to web

Question 98

URL

Answer 98

Uniform Resource Locator

http://www.Becker.com.us

• http:// (transfer protocol)
• www (server)
• Becker (domain name)
• .com (top-level domain)
• .us (country)

Question 99

Risk Event Identification:

4 main Risks

Answer 99

• Strategic Risk
• Operating Risk
• Financial Risk
• Informational Risk

Question 100

Strategic Risk

Answer 100

risk of choosing innappropriate technology

Question 101

Operating Risk

Answer 101

Risk of doing the right think the wrong way

Question 102

Financial Risk

Answer 102

Risk of having financial resources lost, wasted or stolen

Question 103

Informational RIsk

Answer 103

Risk of loss of data integrity, incomplete transactions, or hackers

Question 104

3 Specific Risks

Answer 104

• Errors
• Intentional Acts
• Disasters

Question 105

Threats in a Computerized Environment

Answer 105

• Virus
• Worm
• Trojan Horse
• Denial-of-Service (DOS) Attack
• Phishing

Question 106

Virus

Answer 106

program that inserts itself into another program to propogate

Question 107

Worm

Answer 107

virus that runs independently w/o a host program

Question 108

Trojan Horse

Answer 108

Appears to have a useful function but contains hidden security risk

Question 109

Denial-of-Service Attack (DOS)

Answer 109

floods network and intended users are unable to reach the webpage

Question 110

Phishing

Answer 110

sending phony emails to lure people to a fake website for financial information

Question 111

Risk

Answer 111

possibility of harm or loss

Question 112

Threat

Answer 112

hostile intent

Question 113

Vulnerability

Answer 113

characteristic of design, suceptible to threat

Question 114

Safeguard & Controls

Answer 114

spend money on controls to minimize vulnerability

Question 115

Physical Access Controls

vs

Electronic Access Controls

Answer 115

Physical Access

• locks, ID cards

Electronic Access

• User ID codes w/ regularly changed pws
• File Attributes/permissions
• Firewalls= gatekeepers

Question 116

Firewalls

Answer 116

Firewalls deter but cannot completely prevent

Network Firewalls- Physical Device “box”

Application Firewalls- protect specific software

Question 117

Disaster Recovery

Answer 117

plan for continuing operations in the event of the destruction of program & data files and processing capabilities

Question 118

What are the steps in Disaster Recovery

Answer 118

1. Assess the risks
2. Identify mission-critical applications & data
3. Develop a plan
4. Determine the responsibilities for personnel involved
5. Test the plan

Question 119

Types of Disater Recovery

Answer 119

• Use of Disaster Recovery Service (External)
• Internal Disaster Recovery (mirroring)
• Multiple Data Center Backup

Question 120

Types of Mutiple Data Center Backups

Answer 120

Longest to Shortest

• Full Backup= exact copy of entire database
• Differential Backup= copy only items changed since last FULL backup
• Incremental Backup= copy only items changed since last partial backup

Question 121

Types of Off-Site Locations

Answer 121

• Cold Site (cheapest, 1-3 days)- no actual equipment
• Warm Site (compromise, 1/2-1 day)- all hardware needed to create simple data center
• Hot Site (most expensive, few hours)- just need to recover backup

Question 122

XBRL

Answer 122

extensible business reporting language

= designed to exchange financial info over web

Question 123

What is a computer network that connect computers of all sized, workstations, terminals, and other devices within a limited proximity?

Answer 123

LAN