BEC-4 Flashcards
IT(information technology)
- Hardware - actual physical computer, mouse keypad
- Software - systems and programs that process data and turn that data into information
- Network - The communication media, allows more than one computer to share data with other computers
- People - job titles can vary, but functions tend to stay the same, and some functions can also be outsourced if the company wishes
- Data/Information - Data: Raw facts i.e a quantity a name a dollar amount
Information: Data that has been processed and organized
Accounting Information System(AIS)
- a type of MANAGEMENT accounting system(helps management have information to make decisions), may also be partly a transaction processing system and partly a knowledge system.
- a well designed system should leave an “audit trail” and allows the user to trace a transaction from a source document and vouch from the ledger back to the source documents.
- a proper Accounting information system should classify information and be set up to assist the auditor with the assertions(i.e cutoff)
Coding
Sequence - a list of transactions where we do not want duplicates and gaps in sequential numbers
Block- anytime a block of numbers are used to group similar items( 100-199 refers to assets, 200-299 refers to liabilities)
Group - different groups of numbers have different meanings, like a phone number(first numbers refer to area code, second group refers to specific number)
Chart of accounts
-allows the business to customize classification of data in the ways that best meet the information requirements of the business
Batch Procesing
- When master files are only updated periodically, such as daily
- taking similar individual transactions and putting them into a group or batch, and updating them periodically
Online Real-Time processing(OLRT)
- when the master files are immediately updated in real time
Query
- a request for specific data(i.e today’s sales), get it from asking the database to get an answer(what are today’s sales?)
Centralization processing enviroments
- to a level of Degree, Headquarters may process certain data, while stores are decentralized and process other data
Reports
Periodic reports - produced routinely on a periodic basis Exception Reports - produced when a specific condition or exception occurs(i.e customer who's credit balance is greater than the credit limit) Demand Reports(aka pull report) - user has to pull report from the system or software, tell the system you want/demand a report on something Ad-hoc report - one that does not currently exist but can be created on demand without the need of a software developer. Creating a custom report that the software does not already have.
More Reports
Push Reports - if a report window displays up-to-date reports every time an end user logs into a computer network, system automatically pushes current report to person, system generated but not scheduled
Dashboard Report - present summary information report that aids management action. More visual for quick reference
XBRL report - XBRL tags DEFINE the data. For example, tags could indicate the taxonomy used(GAAP or IFRS) the currency, the time period, as well as the definition of the element.
- A macro could be written that would pull tagged information from financial statements(like current assets or current liabilities) and then calculate the current ratio for you.
Categories of business information systems
Transaction Processing Systems(TPS) - process and record the routine daily transactions necessary to conduct a business
Management Information Systems(MIS) - provides users predefined reports that support effective business decisions, helping with daily or monthly decisions
Decision Support Systems(DSS) - an extension of MIS that provides interactive tools to support decision making. More specific than MIS. i.e tells you how much inventory you should order for example by using more advanced tools
Executive Information Systems(EIS) - senior executives with immediate and easy access to internal and external information to assist in STRATEGIC decision making i.e long term
Systems Development Life Cycle(SDLC)
- a framework for controlling and planning the activities associated with systems development
- like a waterfall, one step followed by another to plan the system
Prototyping Model
Alternative to SDLC, an approximation of a final system is built and tested and reworked as necessary until final system is complete
Steps in System Development
A DITTO
- Systems analysis - define the nature and scope of teh project and needs of the users
- Design - Conceptual: deciding how we’ll meet the needs. See what software needs to be bought, developed or outsourced
Physical design:determine hardware to acquire, write computer programs, design database etc. - Implementation and Conversion - put into place and construct physical design items
- Training
- Testing
- Operations and Maintenance
Participants in Business Process Desgin
Management - providing support and encouragement for development projects, clear signal that user needs are met
Accountants - plays 3 different roles :
- Accounting Information System - since we will be using information generated from it let you know information needs and system requirements
- help manage system development
- take an active role in designing system controls, and monitoring and testing
Information Systems Steering Committee - plan and oversee the information systems function and make sure the system moves in the right direction and “gets done”
Project Development Team - responsible for the successful design and implementation of the business system
External parties - may need to seek their input
IT Control Objectives (memorize)
COBIT - framework that provides a set of measures, indicators, processes and best practices to maximize the benefit of information technology
1) Business Objectives - might include effective decision support, efficient transaction processing, compliance with reporting requirements
2) Governance Objectives - IT governance: strategic alliance, value delivery(promises made by the organization to meet certain needs of users), Resource Management, Risk Management, Performance Measurement
*3)Information Criteria: ICE RACE I - Integrity C -Confidentiality E - Efficiency R - Reliability A- Availability C- Compliance E- Effectiveness
4) IT Resources
*5) Domains and processes of COBIT PO AIDS ME PO - plan and organize AI - acquire and implement DS - deliver and support ME - monitor and evaluate
Role of technology systems in monitoring controls
1.General Controls - ensure and organizations control environment is stable and well maintained overall
Application Controls - prevent, detect, and correct Transaction error and fraud and are more specific
- Input controls - data and source data is entered correctly and numbered appropriately
- Process controls - data matching: take 2 or more items of data and match them to show they check or agree
file labels: external labels are readable by humans, internal labels are readable by computers
4,5,6. Zero footing, system double checks before erasing something, user does reconciliation to make sure information correct
Segregation of Duties IT
System analyst - a) internally developed system - determines system requirements, designs overall system, and determines what type of network will be needed
b) purchased system - integrate with existing internal and purchased applications, and provide training to end users
Computer programmer - a) Application programmer/ Software developer(engineer) - responsible for writing and/or maintaining application programs
b) System programmer - responsible for installing, supporting, monitoring and maintaining the operating system. May also support capacity planning functions
Computer Operator - schedule and run the processing jobs, can be automated(no need for person)
File Librarian - store and protect programs and tapes from damage and unauthorized use(mostly automated nowadays)
Data Librarian - custody of and maintains the entity’s data and ensures it is only released to those who are authorized
Security Administrator - responsible for the assignment of initial passwords and the rules for maintaining them
System Administrator a) Database administrator - responsible for maintaining and supporting the database software, and performing certain security functions. DIfferent from data librarian works on OVERALL DATABASE and librarian works on specific data in database.
b) Network administrator - support computer networks
c) web administrator - responsible for company website
Data Input Clerk - prepare, verify and input data to be processed
Hardware Technician - sets up hardware and troubleshoots hardware problems
End user - workers in an organization who enter data into a system or use the information processed by it
Son-father-grandfather concept
- most recent file = son, and so on
- take old file + todays transactions equals new file which is then stored separately on the master file
Mirroring - backup every transaction on a separate computer
UPS
Uninterrupted Power Supply - backup generator battery
Data Encryption
- electronic commerce
- using a password or a digital key to scramble a readable or plain text message into an unreadable or cypher message
Digital Certificates - an electronic document created by a trusted party that which certifies the identity the owners of a particular public key
PKI’s( public key infrastructure) mange these keys
Passwords
- require a minimum of 7-8 characters
- feature 3 of 4 characteristics (symbols, uppercase, lowercase, numbers)
- best to change at least every 90 days
Policies
- most crucial element in a corporate information security infrastructure and must be considered long before information technology is acquired and deployed
Program Level Policy - mission statement of IT security
Program Framework Policy - the IT security strategy
E-commerce vs. E-business
E-commerce - the specific electronic completion of an exchange of buying and selling
E-business - more general and broad refers to any business done through an electronic form
Electronic Data interchange(EDI)
- the computer to computer exchange of business transaction documents
- requires both computer systems to have a standard data system in order to communicate with each other
known as MAPPING
Benefits: reduced shipping/handling costs and time to be processed
Compared to E-commerce : more expensive, also more secure and private, but slower
Business Process Re-engineering(BPR)
- the analysis and redesign of business processes and information systems to achieve significant performance improvements
Challenges:
- Tradition - difficult to change employee culture and belief
- Resistance -change is often met with a great deal of resistance
- Time and cost requirements - BPR is costly and usually takes at least 2 years to complete
- Lack of management support - without support of top management emphasizing BPR the right environment is not set for change
- Skepticism - some people view BPR as the same as traditional systems development but it is actually more comprehensive
- Retraining - takes time and money to retrain employees
- Controls - important controls that ensure system reliability and integrity cannot be deleted.
Business-to-Business(B2B)
- when a business sells its products or services to another business. Has no consumer protection from the government that B2C(Business-to-consumer) has.
Benefits :
- Speed - transactions between business’s can be done faster online without having to be in person
- Timing - transactions can be done all throughout the day regardless of time-zone or business hours
- Personalization -one a business creates an online profile they can be guided to parts of the website that they would be most interested in
- Security - transactions can be encrypted by computers providing greater security
- Human error-generally there is no opportunity for human errors
Enterprise Resource Planning Systems(ERPS)
An ERP software system is automated and integrates many different functions and systems through finance, accounting, HR, manufacturing, logistics and allows them to flow through one integrated software system
Objectives:
- Enter information once and can be used by all different departments
- Improves the entity’s ability to function as an integrate whole and track ass business functions like sales, expenses etc.
- Can provide quickly to managers vital cross-functioning information and allow for quicker better decision making
Supply Chain Management Systems(SCM)
- is concerned with 4 important characteristics of every sale: what, when, where and how much
- SCM is the integration of business processes to ensure the most efficient and effective supply chain
Customer Relationship Management(CRM)
- provides sales force automation and customer service in an attempt to manage customer relationships
Electronic Funds Transfers(EFT)
- a form of electronic payment used in the retail and banking industry
- usually a 3rd party acts as an intermediary for the transaction
Application service provider(ASP)
- provides access to application programs on a rental basis
- the ASP owns and maintains the software and the user accesses it through the browser
Mash-ups
- web pages that are a collage of other web pages and a variety of information( i.e google maps)
HTML
Hypertext markup language
- tag-based formatting language used for webpages
HTTP
Hypertext transfer protocol
- communications protocol used to transfer web pages on the world wide web
URL
Uniform resource locator
- sets formats for webpages and is the technical name for web address
Risk event identification
Strategic Risk - risk of choosing inappropriate technology
Operating Risk - risk of doing the right things but in the wrong way( i.e if have new hires, must enter new hires before doing payroll than opposite order)
Financial Risk - the risk of having financial resources lost, wasted or stolen( can be inventory, laptops)
Information Risk - risk of loss of data integrity, incomplete transactions, or hackers.
Threats in a computerized enviroment
Virus: piece of computer system that that causes harm to files and programs. Requires a host to propagate
Worm: a program like a virus that does not need a horse and can propagate itself over a network independently.
Denial-of-Service Attack : one computer or a group of computers bombards another computer with a flood of network traffic
Phishing: sending of a phony email to lure people to a phony website to lure a person to giving their information to a scammer
Firewall
- hardware and software, the prevents unauthorized users from gaining access to a network, i.e a gatekeeper
Steps in Disaster Recovery
- Assess the risks
- Identify mission-critical applications and data
- Develop the plan
- Who’s responsible?(determine leadership responsibilities during disaster)
- Test the disaster recovery plan
- storing important files on backups is a strong characteristic of disaster recovery
Types of off-site locations
Hot site - fastest, quickest way for company to resume database activities in the event of a disaster
Cold Site - slower, takes 1 -3 days to resume database activities
Warm Site - compromise of a half day to a full day between a hot and cold site