BEC-4

Question 1

IT(information technology)

Answer 1

1. Hardware - actual physical computer, mouse keypad
2. Software - systems and programs that process data and turn that data into information
3. Network - The communication media, allows more than one computer to share data with other computers
4. People - job titles can vary, but functions tend to stay the same, and some functions can also be outsourced if the company wishes
5. Data/Information - Data: Raw facts i.e a quantity a name a dollar amount
   Information: Data that has been processed and organized

Question 2

Accounting Information System(AIS)

Answer 2

• a type of MANAGEMENT accounting system(helps management have information to make decisions), may also be partly a transaction processing system and partly a knowledge system.
• a well designed system should leave an “audit trail” and allows the user to trace a transaction from a source document and vouch from the ledger back to the source documents.
• a proper Accounting information system should classify information and be set up to assist the auditor with the assertions(i.e cutoff)

Question 3

Coding

Answer 3

Sequence - a list of transactions where we do not want duplicates and gaps in sequential numbers

Block- anytime a block of numbers are used to group similar items( 100-199 refers to assets, 200-299 refers to liabilities)

Group - different groups of numbers have different meanings, like a phone number(first numbers refer to area code, second group refers to specific number)

Question 4

Chart of accounts

Answer 4

-allows the business to customize classification of data in the ways that best meet the information requirements of the business

Question 5

Batch Procesing

Answer 5

• When master files are only updated periodically, such as daily
• taking similar individual transactions and putting them into a group or batch, and updating them periodically

Question 6

Online Real-Time processing(OLRT)

Answer 6

• when the master files are immediately updated in real time

Question 7

Query

Answer 7

• a request for specific data(i.e today’s sales), get it from asking the database to get an answer(what are today’s sales?)

Question 8

Centralization processing enviroments

Answer 8

• to a level of Degree, Headquarters may process certain data, while stores are decentralized and process other data

Question 9

Reports

Answer 9

Periodic reports - produced routinely on a periodic basis
Exception Reports - produced when a specific condition or exception occurs(i.e customer who's credit balance is greater than the credit limit)
Demand Reports(aka pull report) - user has to pull report from the system or software, tell the system you want/demand a report on something
Ad-hoc report - one that does not currently exist but can be created on demand without the need of a software developer. Creating a custom report that the software does not already have.

Question 10

More Reports

Answer 10

Push Reports - if a report window displays up-to-date reports every time an end user logs into a computer network, system automatically pushes current report to person, system generated but not scheduled

Dashboard Report - present summary information report that aids management action. More visual for quick reference

XBRL report - XBRL tags DEFINE the data. For example, tags could indicate the taxonomy used(GAAP or IFRS) the currency, the time period, as well as the definition of the element.
- A macro could be written that would pull tagged information from financial statements(like current assets or current liabilities) and then calculate the current ratio for you.

Question 11

Categories of business information systems

Answer 11

Transaction Processing Systems(TPS) - process and record the routine daily transactions necessary to conduct a business

Management Information Systems(MIS) - provides users predefined reports that support effective business decisions, helping with daily or monthly decisions

Decision Support Systems(DSS) - an extension of MIS that provides interactive tools to support decision making. More specific than MIS. i.e tells you how much inventory you should order for example by using more advanced tools

Executive Information Systems(EIS) - senior executives with immediate and easy access to internal and external information to assist in STRATEGIC decision making i.e long term

Question 12

Systems Development Life Cycle(SDLC)

Answer 12

• a framework for controlling and planning the activities associated with systems development
• like a waterfall, one step followed by another to plan the system

Question 13

Prototyping Model

Answer 13

Alternative to SDLC, an approximation of a final system is built and tested and reworked as necessary until final system is complete

Question 14

Steps in System Development

Answer 14

A DITTO

1. Systems analysis - define the nature and scope of teh project and needs of the users
2. Design - Conceptual: deciding how we’ll meet the needs. See what software needs to be bought, developed or outsourced
   Physical design:determine hardware to acquire, write computer programs, design database etc.
3. Implementation and Conversion - put into place and construct physical design items
4. Training
5. Testing
6. Operations and Maintenance

Question 15

Participants in Business Process Desgin

Answer 15

Management - providing support and encouragement for development projects, clear signal that user needs are met

Accountants - plays 3 different roles :

1. Accounting Information System - since we will be using information generated from it let you know information needs and system requirements
2. help manage system development
3. take an active role in designing system controls, and monitoring and testing

Information Systems Steering Committee - plan and oversee the information systems function and make sure the system moves in the right direction and “gets done”

Project Development Team - responsible for the successful design and implementation of the business system

External parties - may need to seek their input

Question 16

IT Control Objectives (memorize)

Answer 16

COBIT - framework that provides a set of measures, indicators, processes and best practices to maximize the benefit of information technology

1) Business Objectives - might include effective decision support, efficient transaction processing, compliance with reporting requirements
2) Governance Objectives - IT governance: strategic alliance, value delivery(promises made by the organization to meet certain needs of users), Resource Management, Risk Management, Performance Measurement

*3)Information Criteria: ICE RACE
I - Integrity 
C -Confidentiality
E - Efficiency 
R - Reliability
A- Availability
C- Compliance
E- Effectiveness

4) IT Resources

*5) Domains and processes of COBIT
PO AIDS ME
PO - plan and organize
AI - acquire and implement
DS - deliver and support
ME - monitor and evaluate

Question 17

Role of technology systems in monitoring controls

Answer 17

1.General Controls - ensure and organizations control environment is stable and well maintained overall

Application Controls - prevent, detect, and correct Transaction error and fraud and are more specific

2. Input controls - data and source data is entered correctly and numbered appropriately
3. Process controls - data matching: take 2 or more items of data and match them to show they check or agree

file labels: external labels are readable by humans, internal labels are readable by computers

4,5,6. Zero footing, system double checks before erasing something, user does reconciliation to make sure information correct

Question 18

Segregation of Duties IT

Answer 18

System analyst - a) internally developed system - determines system requirements, designs overall system, and determines what type of network will be needed
b) purchased system - integrate with existing internal and purchased applications, and provide training to end users

Computer programmer - a) Application programmer/ Software developer(engineer) - responsible for writing and/or maintaining application programs
b) System programmer - responsible for installing, supporting, monitoring and maintaining the operating system. May also support capacity planning functions

Computer Operator - schedule and run the processing jobs, can be automated(no need for person)

File Librarian - store and protect programs and tapes from damage and unauthorized use(mostly automated nowadays)

Data Librarian - custody of and maintains the entity’s data and ensures it is only released to those who are authorized

Security Administrator - responsible for the assignment of initial passwords and the rules for maintaining them

System Administrator a) Database administrator - responsible for maintaining and supporting the database software, and performing certain security functions. DIfferent from data librarian works on OVERALL DATABASE and librarian works on specific data in database.

b) Network administrator - support computer networks
c) web administrator - responsible for company website

Data Input Clerk - prepare, verify and input data to be processed

Hardware Technician - sets up hardware and troubleshoots hardware problems

End user - workers in an organization who enter data into a system or use the information processed by it

Question 19

Son-father-grandfather concept

Answer 19

• most recent file = son, and so on
• take old file + todays transactions equals new file which is then stored separately on the master file

Mirroring - backup every transaction on a separate computer

Question 20

UPS

Answer 20

Uninterrupted Power Supply - backup generator battery

Question 21

Data Encryption

Answer 21

• electronic commerce
• using a password or a digital key to scramble a readable or plain text message into an unreadable or cypher message

Digital Certificates - an electronic document created by a trusted party that which certifies the identity the owners of a particular public key
PKI’s( public key infrastructure) mange these keys

Question 22

Passwords

Answer 22

• require a minimum of 7-8 characters
• feature 3 of 4 characteristics (symbols, uppercase, lowercase, numbers)
• best to change at least every 90 days

Question 23

Policies

Answer 23

• most crucial element in a corporate information security infrastructure and must be considered long before information technology is acquired and deployed

Program Level Policy - mission statement of IT security

Program Framework Policy - the IT security strategy

Question 24

E-commerce vs. E-business

Answer 24

E-commerce - the specific electronic completion of an exchange of buying and selling

E-business - more general and broad refers to any business done through an electronic form

Question 25

Electronic Data interchange(EDI)

Answer 25

• the computer to computer exchange of business transaction documents
• requires both computer systems to have a standard data system in order to communicate with each other
  known as MAPPING

Benefits: reduced shipping/handling costs and time to be processed

Compared to E-commerce : more expensive, also more secure and private, but slower

Question 26

Business Process Re-engineering(BPR)

Answer 26

• the analysis and redesign of business processes and information systems to achieve significant performance improvements

Challenges:

1. Tradition - difficult to change employee culture and belief
2. Resistance -change is often met with a great deal of resistance
3. Time and cost requirements - BPR is costly and usually takes at least 2 years to complete
4. Lack of management support - without support of top management emphasizing BPR the right environment is not set for change
5. Skepticism - some people view BPR as the same as traditional systems development but it is actually more comprehensive
6. Retraining - takes time and money to retrain employees
7. Controls - important controls that ensure system reliability and integrity cannot be deleted.

Question 27

Business-to-Business(B2B)

Answer 27

• when a business sells its products or services to another business. Has no consumer protection from the government that B2C(Business-to-consumer) has.

Benefits :

1. Speed - transactions between business’s can be done faster online without having to be in person
2. Timing - transactions can be done all throughout the day regardless of time-zone or business hours
3. Personalization -one a business creates an online profile they can be guided to parts of the website that they would be most interested in
4. Security - transactions can be encrypted by computers providing greater security
5. Human error-generally there is no opportunity for human errors

Question 28

Enterprise Resource Planning Systems(ERPS)

Answer 28

An ERP software system is automated and integrates many different functions and systems through finance, accounting, HR, manufacturing, logistics and allows them to flow through one integrated software system

Objectives:

1. Enter information once and can be used by all different departments
2. Improves the entity’s ability to function as an integrate whole and track ass business functions like sales, expenses etc.
3. Can provide quickly to managers vital cross-functioning information and allow for quicker better decision making

Question 29

Supply Chain Management Systems(SCM)

Answer 29

• is concerned with 4 important characteristics of every sale: what, when, where and how much
• SCM is the integration of business processes to ensure the most efficient and effective supply chain

Question 30

Customer Relationship Management(CRM)

Answer 30

• provides sales force automation and customer service in an attempt to manage customer relationships

Question 31

Electronic Funds Transfers(EFT)

Answer 31

• a form of electronic payment used in the retail and banking industry
• usually a 3rd party acts as an intermediary for the transaction

Question 32

Application service provider(ASP)

Answer 32

• provides access to application programs on a rental basis

- the ASP owns and maintains the software and the user accesses it through the browser

Question 33

Mash-ups

Answer 33

• web pages that are a collage of other web pages and a variety of information( i.e google maps)

Question 34

HTML

Answer 34

Hypertext markup language

- tag-based formatting language used for webpages

Question 35

HTTP

Answer 35

Hypertext transfer protocol

- communications protocol used to transfer web pages on the world wide web

Question 36

URL

Answer 36

Uniform resource locator

- sets formats for webpages and is the technical name for web address

Question 37

Risk event identification

Answer 37

Strategic Risk - risk of choosing inappropriate technology
Operating Risk - risk of doing the right things but in the wrong way( i.e if have new hires, must enter new hires before doing payroll than opposite order)
Financial Risk - the risk of having financial resources lost, wasted or stolen( can be inventory, laptops)
Information Risk - risk of loss of data integrity, incomplete transactions, or hackers.

Question 38

Threats in a computerized enviroment

Answer 38

Virus: piece of computer system that that causes harm to files and programs. Requires a host to propagate

Worm: a program like a virus that does not need a horse and can propagate itself over a network independently.

Denial-of-Service Attack : one computer or a group of computers bombards another computer with a flood of network traffic

Phishing: sending of a phony email to lure people to a phony website to lure a person to giving their information to a scammer

Question 39

Firewall

Answer 39

• hardware and software, the prevents unauthorized users from gaining access to a network, i.e a gatekeeper

Question 40

Steps in Disaster Recovery

Answer 40

1. Assess the risks
2. Identify mission-critical applications and data
3. Develop the plan
4. Who’s responsible?(determine leadership responsibilities during disaster)
5. Test the disaster recovery plan

• storing important files on backups is a strong characteristic of disaster recovery

Question 41

Types of off-site locations

Answer 41

Hot site - fastest, quickest way for company to resume database activities in the event of a disaster

Cold Site - slower, takes 1 -3 days to resume database activities

Warm Site - compromise of a half day to a full day between a hot and cold site