B4-Systems Design and Other Elements Flashcards
Categories of Business Information Systems
- Transaction Processing Systems (TPS)-Process and record daily transactions necessary to conduct business ie-sales order entry, hotel reservation systems, payroll and hr systems,
- Management Information Systems (MIS)-Provides users predefined reports that support effective business decisions
- Decision Support Systems(DSS)-an extension of an MIS that provides interactive tools to support decision making.
ie-production planning, inventory control, traffic planning
- Executive Information System (EIS)-provide senior executives with immediate and easy access to internal and external information to assist in strategic decision making.
ie-sales forecasting, profit planning, key performance indicators
Systems Development Life Cycle
framework for planning and controlling the detailed activities associated with systems development.
two approaches
Waterfall approach-no overlapping
Prototyping model-approximation of a final system is built and complete system developed from prototype. Waterfall more popular
Steps in systems development (A DITTO)
- Systems Analysis-nature and scope of project and identify strengths and weaknesses; identify needs of users, and write it down
- Conceptual Design-how we are going to meet these needs. look at alternatives-buying software, developing software in house, or outsourcings systems development
- Physical Design-begin by identifying end outputs
- Implementation and Converion
- Training
- Testing
- Operations and Maintenance
Information Technology Control Objectives (COBIT)
provides managers, auditors, and IT users with a set of measures, indicators, processes and best prractices to maximize the benefit of information technology
Information Technology Control Objectives
- Business Objectives-effective decsion support, efficient transaction processing and compliance
- Governance Objectives-Stragteic Allignment, value delivery of IT to org, resrouce management-optimization of knowlegde and infrastructure, risk management-understanding risks, communicating risks to management and how much risk they are willing to take.
- Information Critiera-(ICE RACE)
Integrity-acuracy, completeness, and validity
Confidentiality-proteciton of senstive info
Efficiency-delivery of information through optimal use of resources
Reliability-info represents what its purports to represent
Availability-providing current andf future info as required
Compliance-comly with policies, laws, and regulations
Effectiveness-info is relevant or pertinent to a business process, and delivered in a timely, correct, consistent,a nd useful manner.
- IT Resources-1. applications, information, infrastucture, and people
- Domains and Processes of COBIT
A. Plan and Organize-provide direction to solution and service delivery
B. Acquire and Implement-provides solutions for IT needs
C. Deliver and Support-provides IT services to Users
D. Monitor and Evaluate-ensure that the direction provided in the planning and organizing steps are followed.
Role of Technology Systems in Control Monitoring
- General Controls-ensure that org’s control environment is stable and well managed
- Application Controls-prevent, detect and correct transaction error and fraud and are applications specific, providing reasonable assurace as to system : accuracy, completeness, validity, and authorization.
Input Controls
- Data validation at field level ie proper year
- Prenumbering forms
- Well-defined source data prep procedures
Processing Controls
- Data Matching-matching two or more items of data prior to taking action-ie matching vendor invoice to both the PO and the receiving report before paying vendor
- File labels-ensure that correct and most current files are updated. External are readable by humans and internal are in machine readable form. two types of internal labels: header and trailer records.
- Recalculation of Batch Totals/hash totals
- Cross Footing and Zero-Balance Tests
- Write-Protection Mechanisms-make sure there is no accidental writing over
- Database Processing Integrity Procedures.
Operation Effectivness
evaluating ongoing effectiveness of control policies and procedures provides added assurance that controls are operating as prescribed and acheiving their intended purpose.
Components of Operational Effectiveness
- Diagnostic Controls-designed to achieve efficiency in operations of the firm to get the most from resources used
- Control Effectiveness- following should be applied to systems development
A. Strategic Master Plan-should be developed and updated annually. It should show projects that must be completed to acheive long range cmpany goals and address the company’s hardware, software, personnel, and infrastructure requirements
B. Data Processing Schedule
C. Steering Committee-guide and oversee systems development and acquisition
D. System Performance Measurements
IT Responsibilities and Segregation of Duties
Roles and Respons of IT Professionals
- System Analyst
A. Internall Developed System- works with end users to determine sys requirements, designs over all application system, determines type of network
B. Purchased system-integrates the application with existing internal and purchased applications; provides training to users
- Computer Programmer
A. Application Programmer/Software Developer (software engineers)-writing and/or maintaining application programs
B. System Programmer-to install, support, and monitor and maintain operating system, including capacity planning.
- Computer Operator-schedule and run processing jobs. Can be automated and in large computing environments, must be automated. This position is somewhat archaic.
- IT Supervisor-manage IT department
- File Librarian-store and protect programs and tapes from damage and unauthorized used. In large computing environments, much of this is automated.
- Data Librarian-custody of and maintains the entity’s data and ensures that productiondata is released only to authorized individuals when needed.
- Security Administrator-responsible for the assignment of initial passwords and often the maintenance of those passwords.
- System Administrator-
A. Database Admin-responsible for maintaining and supporting the database software and performing certain security functions. *Database admins differ from data admins; a database administrator responsbiel for actual database software and data admin is resonsible for definition, planning, and control of the data within a database.
B. Network Admin-support computer networks through performance monitoring and troubleshooting
C. Web Admin-responsbiel for information on a website
- Data Input Clerk-perpare, verify, and input data to be processed
- Hardware Technician-sets up and configures hardware and troubleshoots hardware
- End user-workers in an org who enter data into system or who use the information processed by system.
Segregation of Duties within Information Technology
System Analysts vs Computer Programmers
System Analysts-system and hardware designer
Computer Programmers-software designer
Theoretically, if the same person is in charge of hardware and software, that person could easily bypass security systems without anyone knowing and steal organizational information and assets.
Segregation of Duties within Information Technology
Computer Operators vs Computer Programmers
threat is that the person performing both functions could make unauthorized and undetected program changes.
Segregation of Duties within Information Technology
Security Administrators vs Computer Operators and Computer Programmers.
Threat is that if security admin were also a programmer or an operator for that system, that person could give himself/herself or another person access to areas they shouldn’t have authority to access.
