Chapter 15 – Information Systems and Data Governance

Question 1

Manangement Information System and ERP

Answer 1

ACCOUNTING INFORMATION SYSTEM

• A mgmt info system (MIS) typically receives input from a transaction processing system, aggregates it, then reports it in a format useful to middle management in running the business. Classification:
  
  1. Accounting: general ledger, accounts receivable, purchasing and accounts payable, payroll processing, fixed asset management, and tax accounting.
  2. Finance: capital budgeting, operational budgeting and cash management.
  3. Manufacturing: production planning, cost control and quality control.
  4. Logistics: inventory management and transportation planning.
  5. Marketing: sales analysis and forecasting.
  6. Human resources: projecting payroll, projecting benefits obligations, employment level planning, and employee valuation tracking.
• An ERP is an integrated system that covers for several or all of these functions.

ACCOUNTING INFORMATION SYSTEM

• A mgmt info system (MIS) typically receives input from a transaction processing system, aggregates it, then reports it in a format useful to middle management in running the business. Classification:
  
  1. Accounting: general ledger, accounts receivable, purchasing and accounts payable, payroll processing, fixed asset management, and tax accounting.
  2. Finance: capital budgeting, operational budgeting and cash management.
  3. Manufacturing: production planning, cost control and quality control.
  4. Logistics: inventory management and transportation planning.
  5. Marketing: sales analysis and forecasting.
  6. Human resources: projecting payroll, projecting benefits obligations, employment level planning, and employee valuation tracking.
• An ERP is an integrated system that covers for several or all of these functions.

Question 2

• An accounting information system is composed of:

Answer 2

1. General ledger/financial reporting system (GL/FRS) – FCCS: gets transactions and reports producing income statement, balance sheet, statement of cashflow and other reports.
2. Mngment reporting system (MRS): production reports, pro forma financial statements, budgets, cost-volume-profit analysis, and other internal reports.
3. Transaction processing system – Oracle Hyperion: is a system that performs the routine transactions (each transaction must succeed or fail) necessary to conduct business. A PAYROLL IS A TPS.

Question 3

Database (Primary purpose ++)

Answer 3

• Data in database are integrated to eliminate redundancy of data items (DWH).
• Database management system is DWH, it allows programmers and designers to work independently of the technical structure of the database.

THE PRIMARY PURPOSE OF A DATABASE IS TO HAVE A SINGLE STORAGE LOCATION FOR EACH ITEM OF DATA.

DATABASE IS NOT ESSENTIAL FOR THE STORAGE OF LARGE DATA SETS SINCE THE NEED ARISES MORE FROM THE MULTIPLICITY OF APPLICATIONS THAN FROM THE QTY OF DATA STORED. IT IS ALSO A COLLECTION OF RELATED FILES.​

• Examples: DB2, Oracle, SQL Server, Access Microsoft (etc).
• However, they also require
  
  • Use of sophisticated hardware and software
  • Highly trained technical personnel.
  • Increased security control.

Question 4

Normalization

Answer 4

Assures that each data element is stored as few times as necessary.assures that each data element is stored as few times as necessary.

Database normalization is the process of structuring a relational database[clarification needed] in accordance with a series of so-called normal forms in order to reduce data redundancy and improve data integrity.

Question 5

Features of RDBS (Cardinality and Integrity)

Answer 5

• Cardinality: how close a given data element (stored in a field) is to be unique.
  
  • High: exist only once is a given table (ID from a client)
  • Medium: not unique but that has a restricted value possibility.
  • Low: has a very small range of values (M/F, 1/0)
• Referential integrity means that for a record to be entered in a given table, there must already be a record in some other table ( foreign key must be referred to a primary key)

Question 6

Data Base Mapping Facility

and

Query Management Facility

Answer 6

• Data can be visualized in QMF (Query management facility) like Tableau.
• Database mapping facility is a software used to evaluate and document the structure of a database like Atlassian.

Question 7

OLAP (Online Analytical Processing)

Answer 7

• Also called multidimensional data analysis (Adaptive - ROLL UP AND DIMENSIONS)
• The following techniques are replacing OLAP:
  
  • In-memory analytics: data is stored directly on PC’s RAM instead of retrieving data from hard drive.
  • Search engine technology: stores data at a document/transaction level, and data is not pre-aggregated like it would be when contained in a OLAP or in-memory technology application. Users are able to have full access to raw data and create aggregations themselves.

Question 8

Distributing DBs (methods: snapshot, replication and fragmentation/partioning)

Answer 8

• Snapshot (copy for distribution)
• Replication (creating and maintaining replica copies at multiple locations)
• Fragmentation/partitioning ( separating the database into parts and distributing where they are needed).

Question 9

Data mining

Answer 9

• The process of analyzing data from different perspectives and summarizing it into useful information.

Question 10

Enterprise Performance Management (EPM) is associated with

Answer 10

• BI and ERP
• Budgeting and forecasting
• Financial reporting
• Variance analysis and improvement.

Question 11

DATA GOVERNANCE AND RISK

Answer 11

• Uniform processing of transaction helps with high volume calculations, but can fail due to programming.
• Reduced segregation of duties could happen due to a computer based system.
• Automation of order flows requires careful coding to avoid mass errors. At the same time, independent verification of transactions should be adopted as an important compensating control.
• Company gets exposed to malwares

Question 12

COBIT (definition and terms)

Answer 12

• To reduce risks, COBIT (Control Objectives for Information and Related Technology) was set up as a control and governance framework that addresses information technology.
• Important terms
  
  • Effectiveness deals with information’s relevance to the business process and receipt in a timely, correct, consistent and usable manner.
  • Efficiency concerns the provision of information through the optimal (most productive and economical) use of resources.
  • Confidentiality concerns the protection of sensitive information unauthorized disclosure. It includes the safeguarding of assets.
  • Integrity: accuracy and completeness of data.
  • Availability.
  • Compliance both internal and external.
  • Reliability relates to the usefulness of data allowing mgmt to exercise its governance responsibilities.

Question 13

COBIT (Data Governance Focus areas)

Answer 13

• Strategic alignment – linkage of business plan with IT plan.
• Value delivery – implementing value proposition throughout the delivery cycle.
• Resource management – optimal investment and mgmt. of IT resources.
• IT risk.
• Risk management >> establishing and maintaining controls are management functions.
• Performance measurement.

Question 14

COBIT (Data Resources)

Answer 14

• Applications are automated user systems and manual procedures that process the information.
• Information.
• Infrastructure is the hardware, software, tech, and facilities that enable the processing of applications.
• People are the personnel required to plan, organize, acquire, implement, etc.. the information systems.

Question 15

COBIT 5 KEY PRINCIPLES

Answer 15

• Principle 1: Meeting Stakeholder Needs (via value creation)
  
  • Value creation (MAIN PRINCIPLE OF COBIT 5) happens via:
    
    • Realization of benefits
    • Optimization of risks
    • Optimal use of resources.
  • In response to the identified stakeholder needs, enterprise goals are established.
  • GOALS Cascade:
    
    • 17 generic goals tied to balance scorecard model.
    • IT related goals are drawn to address before.
    • Enablers or components are identified.
• Principle 2: Covering the enterprise end to end.
• Principle 3: Applying a Single , Integrated Framework
• Principle 4: Enabling a holistic approach
  
  • Enablers (are interconnected):
    
    • Principles, policies and frameworks
    • Processes
    • Organizational structures
    • Culture, ethics, behavior
    • Information (RESOURCE)
    • Services, infra, applications – ORGANIZATIONAL STRUCTURE (RESOURCE)
    • People, skills and competencies (RESOURCE)
  • Resources must be optimized.
• Principle 5: Separating Governance from Management
  
  • Governance: board of directors evaluating, directing and monitoring.
  • Management: plan, build, run and monitor.

Question 16

• FROM COBIT 5 TO COBIT 19

Answer 16

• COBIT 19 extends COBIT 5 adding 6 governance system principles(rules practices and processes) and three governance framework (structure, base for the system) principles.
• 6 principles of governance system:
  
  • Provide stakeholder value.
  • Take a holistic approach. Synergies among components that can now be:
    
    • Generic
    • Variance (specific)
  • Dynamic governance sustem
  • Governance distinct from management
  • Tailor governance to enterprise needs
    
    • Design factors (like threat landscape, technology, enterprise strategy) affect the blue print of governance system.
  • End to end enterprise cover.
• 3 principles o governance framework.
  
  • Conceptual model: identify components and relationships to achieve automation and consistency.
  • Open and flexible.
  • Aligned with major standards: the governance framework aligns relevant regulations, standards, frameworks, and best practices.
• An IT governance program has two separate phases:
  
  • Phase 1. Pre-planning is the development stage (identify stakeholders and their needs).
  • Phase 2. Program implementation involves activating the system, comparing the status of the system with the goals and make adjustments when needed.

Question 17

COBIT PERFORMANCE MANAGEMENT (CPM)

Answer 17

• Capability levels. The CPM measures capability level ascending from 0 to 5 (higher that is well defined or continuous improvement enabled).
• Maturity levels. Order of maturity by using focus areas = governance issue.
  
  • 0 incomplete
  • 1 Initial
  • 2 Managed
  • 3 Defined
  • 4 Quantitative
  • 5 Optimizing

Question 18

COSO ERM Framework (is an extension of the internal control cube)

Answer 18

>> Adds strategic as objective.

>> Adds risk response, objective identification and objective setting to components

Question 19

• DATA LIFE CYCLE and RECORD RETENTION POLICY

Answer 19

​

• DATA LIFE CYCLE

1. Data capture:
   
   1. Utilizing data: from an outside organization.
   2. Data entry: new data created.
   3. Signal reception: data is acquired that has been created by control systems within the organization.
2. Data maintenance:
   
   1. Data is provided for synthesis and usage.
   2. Cleansing and enrichment
3. Data synthesis and analytics
   
   1. Creation of data value and modelling for investment decisions.
4. Data usage
   
   1. Data in support of the enterprise.
5. Data publication (sending data to OUTSIDE the organization)
6. Data archival
7. Data purging (data elimination)

RECORD RETENTION POLICY

>> Helps to not saturate archival and REDUCES STORAGE COSTS.

>> For some documents, there are minimal time restrictions (like tax, 7 years)

>> Important is that the company has a defined retention policy and sticks to it.

Question 20

Limitations of COSO

Answer 20

• LIMITATIONS
  
  • It is only REASONABLE ASSURANCE.
    
    • Objectives must be reasonable/suitable.
    • Judgement is faulty.
    • Breakdowns happen (pc failure, fatigue, misunderstanding)
    • Mgmt may override controls.
    • Collusion can circumvent processes.
    • External events can impact.