BEC 4
Info Systems & Communication
Information Technology Components
1) Hardware: physical computer
2) Software: systems & programs that process data and turn data into info
3) Data: raw facts (production or test data)
4) Network: communication media that allows multiple computers to share data simultaneously
5) People: In IT dept
Three Primary Roles in Business Ops
1) Process Detailed Data: Transaction processing system-process and record transactions
necessary to conduct business.
2) Assist in Making Daily Decisions
3) Assist in Developing Business strategies (ex: business info systems (EIS))
Data Capture Techniques:
1) Manual Entries-physically entered by individuals
2) Source Data Automation-devices capture transaction data (i.e. ATMS, point of sale)
Functions Performed on Data: collect, process, store, transform and distribute
Accounting Information System (AIS): type of mgmt info system that is partly a transaction
processing system. Creates an audit trail for accounting transactions.
Objectives: to record valid transactions, properly classify those transactions, record transactions at
proper value and in proper period and properly present transactions and related info in FS.
Transaction Processing Modes
Transaction Files: electr journals used to update Master Files (sales journal Sales Transaction File)
Master File: electronic ledgers (AR ledger=Accounts Receivable Master File)
Master File Update: process of transaction files updating the master file.
Grandfather-father-son file rotation: newest file(son) is kept for next processing cycle, the next
newest file (father) is retained in case problems in processing and therefore processing has to be
repeated and the oldest file (grandfather) is retained off-sire for disaster recovery.
PROCESSING (Batch vs OLRT)
Batch Processing: input docs are collected and grouped by type of transaction. The groups
(batches) are processed periodically (daily, weekly, and monthly). Slower than OLRT.
Batch Processing Steps:
1) Create a transaction file (batch file) by manually entering data.
Edit process/data validation: process of editing and correcting data
2) Update master file by sorting the transaction files into same order as master file and update
relevant records in master file.
Online, Real Time Processing: transactions are entered and master files updates as transactions
are entered. OLRT require random access storage devices bc it is hard to determine the order the
transactions were entered. No delay, immediate processing.
Centralized Processing: maintain all data at a central location.
-enhanced data security, consistent processing, increased need for processing power and data
storage, bottlenecks can occur.
1
BEC 4
Info Systems & Communication
Decentralized (Distributed) Processing: computing power, appls, and work are spread out over
several locations via LAN or WAN. Each remote computer performs a portion of the processing,
thus reducing the processing burden on the central computer or computers.
Disadvantages of computerized processing
-increased likelihood of unauthorized access
-concentration of info, so is security is breached, potential damage is greater
-computer disruptions may cause errors or delays
Advantages of computer processing
-more opportunities for data analysis
Periodic Scheduled Reports: made available on reg basis to end users of system
Exception Reports: produced when a specific condition or exception occurs
Demand Reports :( pull report) report available on demand.
Ad Hoc Report: report that doesn’t currently exist but can be created on demand without having to
get a software developer or programmer involved.
Query: specific question made up of various criteria that end user can pose to MIS and extract all
transaction or other info that meet that criteria.
Push Report :( ex every time user logged onto comp, a report window displayed latest and most up
to date report the user needs)
Dashboard-style Reports: present summary info necessary for mgmt action (critical data in
summary format such as speed, engine activity & oil pressure on car dashboard)
Categories of Business Information Systems:
1) Decision Support System (DSS): assist mgmt in making daily decisions, provide mgmt w/
interactive computer-aided tools that subjective judgments with objective analytical data.
(Sometimes called Expert Systems (ES))
2) Management Information System (MIS): provides managerial and other end users with
reports
3) Executive Information Systems (EIS): only used by senior execs to gather internal and external
info that assist in strategic (long-term) decision making.
4) Transaction Processing System (TPS): record routine and daily transactions necessary to
conduct business.
System Development Life Cycle (SDLC)
1) System Analysis & Planning: define nature and scope of project and identify strengths and
weaknesses. Determine system feasibility.
2) Conceptual Design: identify and evaluate appropriate design alternatives
3) Physical Design: write computer programs, create files & DBs, and develop controls
4) Implementation & Conversion: install new hardware/software, hire or relocate employees, test
& modify new procedures,
5) Training
6) Testing: test effectiveness of docs and reports, user input, controls, etc.
7) Operations & Maintenance
Information Systems Steering Committee Functions:
-Set governing policies for AIS
-Ensure top mgmt participation, guidance & control
-facilitate integration of IS activities to increase goal congruence and reduce goal conflict.
2
BEC 4
Info Systems & Communication
Enterprise Risk Mgmt Framework: designed to identify potential events, manage risk to be within
appetite and provide reasonable assurance regarding the achievements of entity objectives.
Types of IC
Preventive: occur prior to an error. Designed to deter problems before they arise.
Detective: occur after an error or irregularity
Corrective: procedures taken to identify cause of problem, correct results of errors and modify
system so that it doesn’t happen again.
Role of Technology Systems in Control Monitoring
General controls: designed to make sure an organization’s control environment is stable and wellmanaged include:
1) IS mgmt controls
2) Security mgmt controls
3) IT infrastructure controls
4) Software acquisition, development and maintenance controls
Application Controls: prevent, detect and correct transaction error and fraud and provide
reasonable assurance as to system
1) Completeness
2) Accuracy
3) Validity
4) Authorization
Input Controls (garbage in, garbage out)
Forms Design-prenumbering forms
Turnaround doc-record of company data sent to an internal party and returned by external
Party to the system as input. Ensures that all input is accounted for.
Edit Checks-validates data before its successfully input
Processing Controls
Data Matching-match two or more items of data prior to taking action (match PO, invoice,
and receiving report)
File Labels-ensure most current files are updated
Header: located at beg of each file. Contains file name and expiration date
Trailer: located at end of file. Contains batch totals calculated during input
SEGREGATION OF DUTIES: dividing responsibilities for different portions of a transaction
(authorization, recording and custody) among several ppl.
System Analysts vs Computer Programmers
System Analysts (system and hardware designers) help users determine their info needs and
design an info system to meet those needs. In charge of hardware.
Computer Programmers (software designers) take design provided by system analysts and create
an info system by writing computer programs. In charge of application software.
Computer Operators vs Computer Programmers
Security Administrators vs Computer Operators & Computer Programmers
Security Administrators: responsible for restricting access to systems, applications or DBs to the
appropriate personnel.
3
BEC 4
Info Systems & Communication
System Analyst: design overall application systems that are developed internally and may decide
what type of computer network is needed. Usually work with end users to determine the
requirements for a system and design specifics of the system to satisfy the requirements.
System Integrators (system analyst for purchased apps) also, integrates the new app with existing
applications by designing interfaces.
Application Programmer: responsible for writing and/or maintaining application programs. Also,
tests apps and prepares computer operator instructions. Should NOT be given write/update access
to data in production systems or unrestricted and uncontrolled access to application program
change mgmt systems. (Use TEST data only!)
System Programmer: responsible for installing, supporting, updating, and maintaining the OS.
Should NOT be given write/update data in production systems.
IT supervisor: manage functions and responsibilities of IT dept
Security Administrator: responsible for the assignment of initial pws and maintenance of pws
System Administrator
1) Database Administrator (DBA) (develops program for scientist): responsible for
Maintaining and supporting DB software.
2) Data Administrator (scientist) responsible for definition, planning and control of data
within a DB
3) Network Administrator: support computer networks.
4) Web Administrator: responsible for info on website.
Data input clerk: prepare, verify and input data
Hardware Technician: sets up and configures hardware
Uninterrupted Power Supply (UPS): used to prevent systems from shutting down during outage.
Program Modification Controls: controls over the modification of programs being used in
production apps. Includes both controls that attempt to prevent changes by unauthorized
personnel and also controls that track program changes so that there is a record of what programs
are running in production.
Certificate Authority: organization that issues public and private keys and records the public key
in a digital certificate.
Digital Signatures: asymmetric encryption to create legally binding electronic docs.
Electronic Commerce: uses private network or internet to execute buy/sell transactions
Electronic Business: any use of IT to perform business processes (can look up info)
Electronic Data Interchange (EDI): computer-to-computer exchange of business transaction docs
Inventory mgmt and product distribution as well as buy/sell transactions
A) Requires a standard data format.
Mapping (fields): process of linking organizations terminology to data elements in standard
EDI terminology.
-VAN is more secure than internet but uses batches so it is slower than internet and internet is
cheaper.
-EDI allows transmissions of electronic docs between computer systems in diff organizations.
-requires a standard data format
-reduces handling costs and speeds transaction processing
4
BEC 4
Info Systems & Communication
Costs of EDI
Legal Costs: costs of modifying and negotiating trading contracts with partners
Hardware Costs
Costs of translation software
Costs of data transmission
Process reengineering and employee training costs
Costs for security, monitoring and control
Audit trails in EDI systems should include logs of failed transactions, network sender/recipient
acknowledgements.
Enterprise Resource Planning System (ERP):multi-departmental enterprise system that integrates
all departments and is comprised of a number of modules that allows info to be shared across
depts...
Supply Chain Mgmt System: integration of business processes from customer to supplier
Concerned with
What goods were ordered?
When should the goods be delivered?
Where the goods should be delivered?
How much are the goods?
Customer Relationship Mgmt System (CRM): provides sales force automation and customer
services in attempt to manage customer relationships. Objective is to increase customer
satisfaction and therefore increase revenue and profitability.
Strategic Risk: risk of choosing inappropriate technology.
Operating Risk: doing the right things in the wrong way.
Financial Risk: risk of having financial resources lost, wasted or stolen
Information Risk: risk of loss of data integrity, incomplete transactions or hackers.
Risk: possibility of harm or loss
Vulnerability: possibility of harm or loss due to a weakness in design
Network Firewall: physical device that protect network as a whole
Application Firewall: protect specific software
Packet Filtering: examines packets of data as they pass through firewall to determine if they meet
all rules
Malware
a) Virus: piece of computer program that inserts itself into some other program to propagate. It
requires a host, so it can’t run independently.
b) Worm: special type of virus that can run independently and normally propagates over a
network. Can’t attach itself to other programs
c) Trojan horse: program that appears to be harmless but contains a hidden and unintended
function. Normally does not replicate itself.
Other threats
Denial of Service: one computer bombards another computer with a flood of info
Phishing: sending of phony emails to get private information
5
BEC 4
Info Systems & Communication
Hardware
1) Central Processing Unit-control center of the computer system.
a) Processor: brain/chip that interprets program instructions, coordinates input, output
b) Primary storage: main memory
c) Secondary storage: hard drives, magnetic disks
RAID allows for hard drive mirroring
Database Mgmt System-not a database, but a tool to create new DBs (ORACLE)
Relational Technology-data collected in tables (files) that are related to each other via keys.
Normalization-process of separating data into logical tables.
Network
Local Area Network (LAN): permit shared resources among computers within a limited area
Node-any device connected to a network
Workstation-client machine
Server-provides services or resources to rest of network
Transmission Media-physical path between nodes
Network Operating System (NOS)-manages communication over network
Communication Devices/Modems- allows communication between networks
Value Added Network (VAN):
1) Private
2) Secure
3) Delay data transfer b/c batch processing
4) Expensive
Internet
1) Public
2) Fast
3) less-expensive
4) Less secure
Disaster Recovery: plans for continuing operations in the event of destruction
STEPS:
1) Assess risks
2) identify mission-critical apps and data
3) Develop plan
4) Determine personnel responsibilities
5) Test the plan
Full backup-exact copy of entire DB. Time consuming
Partial backups:
1) Incremental backup-copies only data items that have changed since last backup
2) Differential backup-copies all changes made since the last FULL backup
Cold site-few days
Hot Site-Few hours
Warm- .5-1 day
6