BEC - Notes Chapter 4

http://cpacfa.blogspot.com
Introduction to information technology
Components of a business information system
Hardware - the actual physical devices
Software - the systems and programs that process data, turning into information
Data - raw facts
Network - communication media that allows multiple computers to share data and info simultaneously
People - the different people associated with business information system\

A business information system has three primary roles in business operations

- Process detailed data
- Assist in making daily decisions
- Assist in developing business strategies

Information is used by different levels in the organization for different purposes

A management information system (MIS) - provides management and other end users with reports

An accounting information system (AIS) - type of management information system, it is part transaction
processing system and partly knowledge system

Sequence of events in an AIS

1. Transaction data is entered into the AIS
2. The original paper source documents (if any), are filed
3. Transactions are recorded in the appropriate journal
4. Transactions are posted to the general and subsidiary ledgers
5. Trail balances are prepared
6. Financial reports are generated

An audit trial should allow an auditor to trace the work from both begin to end, and, end to beginning

A decision support system (DSS) - provides interactive support for managers during the decision making
process. A DSS is a type of MIS

Executive information systems (EIS) - provides senior executives with immediate and easy access to internal
and external information to assist the executives in monitoring the business. EIS assists in strategic, not daily,
decision making.

Types of reports
Exception reports - produced when a specific problem or exception occurs
Demand reports - produced on-demand
Ad Hoc reports - produced on-demand, without the need of a programmer to get involved. Also known as
a user report writer
Query reports - produced based on a specific question posed by the end user (type of Ad hoc report)
Push reports - produced based on information provided by end user (pushes information to computer)

Roles and responsibilities within the IT Function

System analyst - person who designs the computer system, the thinker
Internally-developed system - these analysts will design the overall application system\
Purchased-system - analysts may be called system integrators
Computer programmer - writes the computer programs
- Application programmer/software developer - responsible for writing and/or maintaining application
program. Also tests application programs and prepares computer operating instructions
1
 BEC - Notes Chapter 4
http://cpacfa.blogspot.com
- System programmer - responsible for installing, supporting, monitoring, and maintaining the operating
system
Computer operator - responsible for scheduling processing jobs, running or monitoring scheduled production
jobs, hanging tapes, and distributing reports
Control clerk - Reviews error and correction log, and rectifies situation

System administrator
- Database administrator - responsible for maintaining and supporting the database software. May also
perform some security functions for the database
- Network administrator - establishes, monitors and supports the computer network
- Web administrator - responsible for information on a website

End users are any workers in an organization who enter data into a system or who use the information process
by the system

Segregate (never combine)

- System programmers and Application computer programmers
- Computer operators and Computer Programmers
- Security administrators and Computer operators
- Security administrators and Computer programmers

IT Fundamentals
The Central Processing unit (CPU) is composed of:
- The Processor - interprets program instructions and coordinates input, output and storage devices (the
control unit) and performs arithmetic calculations (the arithmetic logic unit)
- The primary storage - the main memory to store program instructions and data until the program
instructions are executed

Secondary storage devices - means to permanently story programs and data (hard drive, CD-rom, optical disks)

Peripherals - devices that transfer data to or from the CPU but do not take part in the actual processing of data
Input devices - devices that get information into the computer (keyboards, mice, microphones)
Output devices - devices that transfer data out of the computer (monitor, speakers, printers)

Processing power - MIPS (millions of instructions per second)

Multiprocessing - the coordinated processing of programs y more than one processor

System software - programs that run the computer and support system management operations
Operating system - provides the interface between the user and the hardware
Database mgmt system (DBMS) - controls the development, use and maintenance or the database

A database is a integrated collection of data records and data files

A DMBS is not a database, but a tool

Relational database - data is stored in two-dimensional tables that are related to each other via keys (i.e. look
up your information based on your student number)

There are 4 main functions of a DMBS

1. Database development - use DMBS to create a new or empty database
2. Database query - Use DMBS to retrieve information based on a query
3. Database maintenance - use DMBS to improve effectiveness (get info we need to run the business)
and efficiency (working fast enough)
4. Application development - use DMBS to turn database into a computer software application
2
 BEC - Notes Chapter 4
http://cpacfa.blogspot.com

Types of databases
a) Operational database - supports day to day operations
b) Analytical database - consist of summarized data used primarily by managers
c) Distributed database - physically distributed ion different pieces of local or remote hardware
d) End-user database - developed by end users

Advantages of DBMS
a) Reduction of data redundancy and inconsistency
b) Potential for data sharing
c) Data independence
d) Data standardization
e) Improved data security
f) Expanded data fields
g) Enhanced information timeliness, effectiveness and availability

Disadvantages of DBMS
a) Expensive
b) Highly trained personal required
c) Increased chances of breakdowns
d) Possible obscuring of the audit trail
e) Specialized backup and recovery procedures required

Application software - is the diverse group of systems and programs that an organization uses to accomplish its
objectives.

Networks - an interconnected group of computers and terminals

Local Area Network (LAN) - permits shared resources (software, hardware and data) among computers within
an area
- Server - is a node dedicated to providing services or resources to the rest of the network
- Network operating system - manages communication over a network
- Router - used to route packets of data through LANS
- Bridge - used to connect segments of LAN which use the same network protocol

Most LAN and WANS are set up as client/server systems. Workstations are referred to as clients. Other
processors that provide services to the workstations are called servers

Network topology defines the physical configuration of devices and the cables that connect them

Wide Area Network (WAN) - employ non-dedicated public communication channels (less secure than LAN)

Value Added Networks (VAN) - privately owned and managed networks that provide additional services beyond
standard data transmission
- Process transactions in batches as opposed to real time so there is a transmission delay

Transaction files - temporary, journals are transaction files (sales journal is called the sales transaction file)
Master file - permanent, ledgers are master files (A/R ledger is called the A/R master file)

Dollar fields - usual batch total term (a batch may contain $100 debits and $100 credits)
Hash total - totalled item is not in dollars (a batch of customer numbers)

When manual controls are built into a computerized environment, they are calles programmed controls. 2 types
1. Input controls - verify that transaction data is entered correctly (valid, complete, and accurate)
3
 BEC - Notes Chapter 4
http://cpacfa.blogspot.com
2. Processing controls - verify that transaction data is processed correctly

Risks, controls, disaster recovery and business continuity

4 main risks with respect to systems
1. Strategic risk - risk we design or choose a bad system or technology
2. Operating risk - risk we do things incorrectly
3. Financial risk - risk of having financial resources lost, wasted or stolen
4. Information risk - risk of loss of data integrity, incomplete transactions or hackers

Risks can be divided into 3 catergories

1. Errors - unintentional mistakes
2. Intentional acts - fraud or irregularities
3. Disasters - fire, flood, war

Application controls - controls that apply to the processing of individual transactions (what happens inside the
computer

Firewalls - a system, often both hardware and software, of user identification and authentication that prevents
unauthorized users from gaining access to network resources
Firewalls deter but cannot completely prevent intrusion by outsiders
Firewalls do not protect against viruses

An application firewall, as opposed to a network firewall, is designed to protect specific application services
from attack.
Application firewalls are not meant to replace network firewalls but merely an additional safety barrier

Virus - requires a host program, so it cannot run independently

Worm - runs independently and propagates itself over a network (it cannot attach to another program)
Trojan Horse - what you think
Denial of Service attack - one computer bombards another computer with information to prevent legitimate
users from accessing the network

Data and procedural controls may include the use of a control group (members of the user departments) to
ensure the system is running properly

Son-father-grandfather backup concept - runs 3 sets of backups

[newest backup] - [2nd oldest backup] - [oldest backup]

Data validation
Check digits - exist when some kind of technique is used to compute a digit to add to an existing #
Limit tests - calculates whether the data value is within certain limits
Reasonable checks - calculates whether data value has a specific relationship with other data values

Encryption keys
The public key is distributed to others in a separate transmission. The sender of a message uses the private key
to encrypt the message, and the receiver uses the public key to decrypt the message

Cold site - off site location that has all the electrical connections, but does not have the physical equipment
Hot site - off site location that is completely equipped to immediately ready to run operations

4
 BEC - Notes Chapter 4
http://cpacfa.blogspot.com
Electronic Commerce
E commerce is the electronic consummation of exchange (buying and selling) transaction

E business is more general than e-commerce and refers to any use of information technology to perform
business processes in an electronic from

EDI is a computer-to-computer exchange of business transaction documents in structured formats that allow the
direct processing of data by the receiving system

Costs of EDI include legal costs, hardware costs, costs of translation software, costs of data transmission, costs
associated with security

EDI controls include encryption

Audit trails in EDI should include
- Activity transactions
- Network and sender/recipient acknowledgements

The greatest risk in an organizations use of EDI is an unauthorized access to the organizations system

B2B commerce make purchasing decisions faster, simpler, safer, more reliable and more cost effective

B2C is less complex that B2B because there is IT infrastructure and a supply chain only on one side of the
transaction.

Enterprise resource planning system (ERP) is a cross functional system that integrates and automates many
business processes

Supply chain mgmt (SCM) is concerned with the four important characteristics or every sale: what, when,
where and how much

SCM might incorporate, planning, sourcing, making and delivery

SCM is a extended ERP system and addresses the entire supply chain

Customer relationship mgmt (CRM) - provide sales force automation and customer services in an attempt to
manage customer relationships