Information Technology[1][1]

Published on May 2016 | Categories: Topics, Books - Fiction | Downloads: 47 | Comments: 0 | Views: 1269
of 33
Download PDF   Embed   Report

Comments

Content

Introduction to information technology Information system (information technology): Information system processes data and transaction to provide users with the information they need to plan, control and operate an organization. Types of business information systems:
1. Transaction processing systems (TPS):

Involve the daily processing of routine transactions. Examples include; airplane reservation, payroll and human resource system, accounting system of all types, cash receipt, and cash disbursements. 2. Management information system (MIS): MIS is designed to provide past, present, and future information for planning, organizing, and controlling the operations of the organization. It differs from business information system in that it provides managements with predefined reports to help in decision-making.
-

Decision Support Systems (DSS): is interactive system that combines models and data to resolve nonstructural problems with extensive user involvement. Examples include; Spreadsheets, project planning software, databases, ad-hoc querying, traffic planning, capital investment planning. DSS doesn’t automate decision, but rather provide managers with interactive computer aided tools.

3. Expert systems: Computer systems that apply reasoning methods to data in a

specific relatively structured area to render advice or recommendations, much like a human expert.
4. Executive information (or support) systems (EIS): provide senior executives

with immediate and easy access to internal and external information to assist them in monitoring business conditions in general. *Note: TPS,MIS,DSS=daily decision Types of reports: 1. Periodic scheduled reports: made available to end users on a regular basis (daily, weekly, monthly reports) 2. Exception reports: Red flag reports, when specific conditions/exception occurs. EIS=Strategic decision

3. Demand reports: available on demand “pull” report. 4. Ad Hoc reports: doesn’t exist yet, but can be created on demand without having to get software developer “on the fly” 5. Extract specific data from MIS based on your criteria.
6. Push report: information is “pushed” and sent to computer screen or computer

desktop. i.e. if every time an end user logged on to a computer, a report pops-up and displayed lasts report that the end user need. *Accounting Information System (AIS) is a sub-system of MIS and it’s partly TPS and knowledge system Roles and responsibilities within the IT function:

A system analyst is the designer of the system. He designs the system in consultation with the users and communicates the design to the programmers. A system flowchart is a tool used by the analyst to define the systems requirements. After the design of the system has been done, the design is sent to the programmers. There are two types of programmers:

System programmer (software engineer) (operating system) Responsible for modifying, adapting, developing the system software (operating systems) and utility software. The systems programmer should not maintain custody of output in a computerized system. At a minimum, the programming, operating, and library functions should be segregated in such computer systems.

Application programmer: Is responsible for writing, testing, and debugging the application programs from specification provided by the system analyst. A program flowchart is used by the application programmer to determine the program logic.

A computer operator is responsible for data input, loading tapes , running computer operations, and maintaining a log. They ensure that data are input properly and correctly processed and needed output is produced.

The librarian is responsible for keeping custody of data, software and documentation, and allowing access to authorized users.

Data control (control group): The data control group ensures that source data have been properly approved, monitor the flow of work through the computer, and reconciles input and output (control totals), and maintain a record of input errors to ensure their correction and resubmission and distributes system output. Control group is responsible for the distribution of all computer output.

A database administrator is responsible for maintaining databases and providing access to authorized users

A network administrator is responsible for maintaining network reliability and allowing network access to authorized users

A web administrator maintains the website (web server) and the contents of it. He supervises web developers.

Segregation of Duties within the IT function:


Segregate programming, operations, and the library functions. The following are how those segregations work

Programming: system analyst and programmer should not be involved in computer operations nor control or review the output. Operations: data input clerks and computer operators should not have access to program code (programming) that would be enable them to modify programs nor should they control the output (custody). Library: control clerks and librarians should not change programs (programming) nor to operate computers (operations)

• • •

Operators and librarians should have no access to make changes to applications programs. They also should not have programming knowledge. Computer operator should NOT have access to operator instructions and detailed program listings. operators, programmers, and the library duties must be segregated

IT Controls Application Controls (or logical controls):
o o o

Preventive controls: designed to prevent errors and fraud Detective controls and automated controls designed to detect errors and fraud. User controls and corrective controls allow individual users to follow up on detective errors and fraud.

Input controls:
o

Field checks: data is validated as to correct length, character types and format. i.e. state zip code which only accepts number and specific length.

o

Validity checks: data entered is compared to data in the system to be sure it matches one of them. i.e. state abbreviation. If u enter LF instead FL it will be rejected. Limit (reasonableness) test: data entered is compared to upper and lower limit. CPA score limit btw 0-99.
Reasonableness test (check)

o

o

is a data validation check on whether a data value has a certain relationship with other data values Check digit: an extra digit added to an identification number determined by a formula applied to the rest of the number. It is associated with specific pattern (A1, A2, B3, A4, opse!! It will catch B3 because it doesn’t follow the pattern of data.). It can’t be used with dollar values Sign Check: determines if the data in a field have the appropriate arithmetic sign. i.e. quantity order filed is never be a negative. Missing data check: check if any required field left blank. Record count: total number of records entered into the program at that time. Financial total (batch total) the total dollar amount. Hash total: the total of values that do not have a meaning, but serve as a way to verify the correct entry of these values. i.e. Total of account numbers.

o

o

o o

o o

Processing controls: once data has been input, processing controls ensure that the data is properly manipulated to produce meaningful output. o Systems and software documentation allows system analyst to ensure that processing programs are complete and thorough. o Computer programs are tested using error testing compilers to ensure that they don’t have programming language errors. o Systems testing to make sure that the programs within the system are interacting properly. o From a controls standpoint, most controls can be as readily implemented in batch systems as in online systems.

Output controls: ensure that the processing results are valid and monitor the distribution and use of output. It can be monitor using numbered forms, distribution lists, and requiring signature of certain reports.

Information Technology fundamentals

Hardware:
1. Central Processing Units (CPU): The principal hardware components of a

computer (brain). It decodes and carries out the instruction.

-

Control unit: interprets and executes program instructions and logic. Arithmetic/logic unit: performs arithmetic and logical comparison and calculation Primary memory: Random access memory (RAM) is the main memory of the computer. It is temporary memory which stores data while it is being processed, affected by the power. Read Only Memory (ROM) is permanent memory which holds basic low level program and data particular to computer’s hardware. Not affected by the power.

-

2. Secondary storage devices: Hard drives or magnetic disks, floppy disks, CD-ROM, Optical disks, and magnetic tape. Sequential storage devices: data is accessed sequentially, i.e. magnetic tape. Random storage devices: accessed randomly, i.e., magnetic disks.

RAID (Redundant Array of Independent Disks) combine multiple disk drives into an array. If one is crashed, the other has the data. 3. Peripherals:
-

Input devices: keyboards, mice, scanners, magnetic ink character readers (MICR), touch sensitive screens, and microphones. Output Devices: printers, speakers, cathode ray tubes, plotter (graphic printer)

-

Multi-processing: running one program on more than one CPUs. It is the coordinated processing of programs by more than one processor. Two types:
- Symmetric multiprocessing: one operating system control the processing - Parallel processing: simultaneous use of more than one computer to execute a program.

When multiple processors or computers process the same program, there is an efficiency loss to provide the control of the overall processing. This factor is called the multiprocessing (MP) factor. Processing power is often measured in term of MIPS, which is millions of instruction per second (not minute) Multi-tasking (multiprogramming): several parts of a program running at the same time on a single processor.

Software: 1. System software
-

Operating System: Manages the input, output, processing, and storage devices and the operation of the computer. Windows, UNIX, Linux, Mac OSX Utility program

-

2. Application programs: programs designed for specific uses such as Word

processing, spreadsheets, and database systems.
3. Database Management System (DBMS)

o Data storage: Bit= Binary Digit (0 or 1) Byte=group of 8 bits Field=group of bytes (vertical column) i.e. employee SCN Records= group of fields (horizontal row) File=group of records. o Database: Integrated Collection of data records and data files. o DBMS:(not a database) A tool/program that allows organizations to create new DB and work the data in them.
o

Database turning: program that allow the DBA to test the database to ensure that the database is operating both effectively and efficiently. Relational Technology: data is stored in two-dimensional tables that are related to each other via key. Normalization: the process of separating the database into logical tables to avoid certain kinds of updating difficulties referred to anomalies. Data dictionary: contain information about the structure of the database.

o

o

o

DBMS:
o

Data query language(structured query language) SQL: retrieving, sorting, ordering, records. (hoc query). SQL consists of the following:

-

Data control language: specify privileges and security rules. The data
control language is a type of database language used to specify the privileges and security rules governing database users.

-

Data definition language (DDL) used to build the data dictionary (the database structure of the database. The data definition language defines the database structure and content, especially the schema and subschema descriptions, including the names of the data elements contained in the database and their relationship to each other.
o

Data manipulation language (DML) marinating the database, updating the database, inserting data, and deleting data. Data manipulation
language provides application programs with a facility to interact with the database to facilitate adding, changing, and deleting either data or data relationships

Types of databases:
o

Operational databases: store detailed data needed to support day to day operation. EX: TPS Analytical databases: store data and information extracted from the operational database. The information and data is summarized for managers. EX: DSS, ESS Data Warehouses: stores data from current and previous years from each department and dump them into huge warehouse. It is useful for data mining which means process the data in the data warehouses to identify trends, patterns, and relationships. A limited data warehouse is called Data Mart. Data mining CANNOT be done manually. It is inordinate amount of data.

o

o

-

Data mining can

be defined as the extraction of implicit, previously unknown, and potentially useful information from data. It is usually associated with an organization's need to identify trends. Data mining involves the process of analyzing the data to show patterns or relationships in that data. Thus, pattern recognition, or the ability of the data mining software to recognize the patterns

(or trends), is the critical success factor for data mining (at least in the opinion of the examiners).

o

End-user databases: database developed by end users at their workstation. i.e. from their emails, downloads, etc.

Advantages of a DBMS: o Data independence. o Data sharing o Reduce data redundancy and inconsistency. o Data standardization. o Improved data security. o Expanded data fields. o Enhanced information, timeliness, effectiveness, and availability. Disadvantages o Highly trained personal are necessary. o Installation of database and conversion of traditional files costly o Specialized backup and recovery procedures required. o Increase of hardware and software breakdown. o Possible obscuring of the audit trail as a result of data movement from one file to another Database structure:
1) Hierarchical Model: The hierarchical data model organizes data in a tree

structure. There is a hierarchy of parent and child data segments.
2) RDBMS - relational database management system) A database based on the

relational model. A relational database allows the definition of data structures, storage and retrieval operations and integrity constraints. In such a database the data and relations between them are organized in tables.

Object-Oriented Model: Object DBMSs add database functionality to object programming languages. They bring much more than persistent storage of programming language objects. Network Model: The popularity of the network data model coincided with the popularity of the hierarchical data model. Some data were more naturally modeled with more than one parent per child.

Programming language: Programming languages like COBOL, Pascal, Basic and Visual Basic, and C and C++, allow programmers to write programs in source code. Source code is human readable which is translated or compiled into object code machine language (0-1) o Desk checking: used to discover and eliminate bugs.

Networks Network is an interconnected group of interconnected computers and terminals. Types of networks:
1. Local Area Networks (LAN): is normally a private network that link several

different user machines, computers, printers, databases to other shared devices within a limited geographic area (small area) often with the same building.

o

Node: a node is any device connected to a network. i.e. PC, Printer etc. Workstation: a node (usually a PC) that is used by end users.

o

o

Server: is a node dedicated to providing services or resources to the rest of the network (i.e. a file server maintain data files, a print server provides access to high quality printers, a database server provides access to a specific database). Is not generally directly accessible by individual users but only through the network software. Network Interface Card: (NIC) a circuit board installed on a node that allows the node to connect with and communicate over the network. Transmission Media: is the physical path between nodes and a network. It could be fiber optic cable, wireless, coaxial cable (similar to TV cable) Network Operating System (NOS) manage communication over a network. It may be a client/server system or peer-to-peer system. Communications devices/modems: provides remote access and provides a network with the ability to communicate with others. Communication/network protocols: Set of rules that allow various pieces of hardware/software to perform various functions needed to transmit information to one place to another. Gateways: a combination of hardware and software that links to different types of networks. i.e. allow different email systems to communicate. Router: route packets of data through interconnected LANs or WAN Bridge is a device that divides LAN into two segments which both use the same set of network protocols.

o

o

o

o

o

o

o o

Client/server is complex because
1) Number of access points

2) Concurrent operation of multiple user session 3) Widespread data access and update capabilities

This type of system doesn’t use rational database. Most client/server application operates on a three-tiered architecture consisting of desktop client, application, and database.

Network topologies:
o

Bus: use a common backbone to connect all the devices on the network. If one device is down, they are all down. Only one device can transmit at a time, other wait till backbone is free. Ring: formed in a ring with each device connected to other two devices. If one device down, they are all down. Star: formed in a star with each device connected to a central hub. The hub controls the transmission. If one device is down, it is only down. If the hub is down, the entire network is down. i.e. telephone system connected to a PBX and many home networks. Tree: connect multiple stars into a bus. Each hub is connected to the bus and handles the transmission for its star. i.e. phone network of a large city.

o

o

o

2. Wide Area Networks (WANs) may be a VAN, internet, and point to point

network. Link computers or LANs in different locations over a large geographical area, often a country or continent through the use of phone lines and satellite etc.
a. Value Added Networks (VANs):

VAN is a secure and private network maintained by an independent provider. They provide communications services beyond the mere transmission of data. VAN is private, more secure, expensive, and slow because it uses batch system (periodic).

b. Virtual Private Networks (VPNs)

Allow you to send information over the Internet but encrypts it in such a way that it is private and secure. It is similar to private network, but runs on the internet. Therefore, the cost is lower.

c. Internet-based Networks: Public, less secure, inexpensive, fast because it uses OLRT (perpetual)
3. Intranets: uses Internet protocols to establish a network internal to the company.

It links internal documents and databases using web-based technology.
4. Extranets: permit company supplier, customers, and business partners to have

direct access to the company’s network. Transaction processing modes:
o

Transaction files (temporary): are files used to update the master files. Transaction files are temporary files. In the computerized environment, journals called transaction files. i.e. sales journal is called the sales transaction file. Master files (Permanent) update or maintenance: when transactions are used to update balances in master files, this called master files update or maintenance.

o

Methods of processing:
o

Online, real-time processing (perpetual, immediate): Transactions are entered into a computer system as they occur. The master file is immediately updated with the data from the transaction. It requires random access storage devices, e.g. magnetic disk Online Analytical Processing (OLAP) allows end user to retrieve data from a system and perform analysis using statistical and graphical tools.

o

o Batch processing (periodic, delay): Source documents are grouped into batches, and control totals are calculated. Periodically, the batches are entered into the computer system, edited, sorted, and stored in a temporary file. The temporary transaction file is run against the master file to update the master file. Processing of transactions in a batch system is uniform.

In batch processing, the grandfather-father-son file procedure can be used either to recover from processing problems or to retain files off-site for disaster recovery..

Batch total, often used in batch processing, are totals of dollar fields in transaction. the total computed from the batch is compared to an input batch total for the batch of transaction; if the two total are the same, processing of the batch can continue. Hash totals, often used in batch processing are totals of fields in transactions other than dollars. The total computed from the batch is compared to an input hash total for the batch of transactions; if the two totals are the same, processing of the batch can continue.

o Centralized processing:
-

Maintain all data and perform all data processing at a central location. Mainframe and large server computing applications are often examples of centralized processing. Advantage: enhance data security, consistent processing. Disadvantage: high cost, increase the need for processing power and data storage, reduction in local accountability, input/output bottlenecks at high traffic times, and increase inability to respond in timely manner to information requested from remote locations.

-

o

Decentralized (distributed) processing: (end-user computing) The distribution of computer processing among multiple computers in different locations linked by a communication network. Each remote computer performs portion of processing, reducing burden on central computer.

o Point of Sale Processing (POS)

An integrated transaction system that delivers information in real time, which immediately updates inventory, sales, and financial statement each time a POS’s transaction is completed. POS system is usually centralized so that secure data can be shared throughout the organization. POS system integrates an entity’s website, catalogues, and stores with the rest of the organization. Other system operation considerations: 1. Disappearing Audit Trail o Paper audit trails are substantially reduced in a computerized environment. If a client processes most of its financial data in electronic form, without any paper documentation, audit test should be performed on a continuous basis. o Computer systems should be designed to supply electronic audit trails, which are often as effective as paper audit trails. 2. Uniform transaction processing: o Processing consistency is improved in computerized environment because clerical errors are virtually eliminated. However, Systematic errors such as in programming logic are increased. 3. Potential for increased errors and irregularities: Increases the likelihood of unauthorized access. Companies review of the system excess log which has electronic lists of who has accessed or has attempted to access systems or parts of systems or data or subsets of data.
o

Concentration of information in computerized systems means that if system security is breached, the potential for damage is much greater than in manual systems.

o Decreased human involvement in transaction processing results in decreased opportunities for observation. o Errors or fraud may occur in the design or maintenance of application programs. o Computer disruptions may cause errors or delay in recording transaction. 4. Potential for increased supervision and review: o The increased availability of raw data and management reports affords greater opportunity for both the client and the auditor to perform analytical procedures.

Risks, Controls, disaster recovery, and business continuity

Risks:
o o o o

Strategic Risk: risk of choosing inappropriate technology. Operating Risk: risk of doing the right things the wrong way. Financial Risk: risk of having financial resources lost, wasted, or stolen. Information Risk: risk of loss of data integrity, incomplete transaction, or hackers. Specific Risk: errors, intentional acts, disasters.

o

Risk Management

- Definitions o Risk = probability of harm or loss o Threat = any hostile intent o Vulnerability = characteristic of a design that renders the system to a threat o Safeguards and controls = firewall - Types of Controls o General Controls – password to enter computer o Application Controls – password to enter a program o Physical Controls – Locks on Doors o Segregation of Duties Access controls:
1. Physical access: Locks

2. Electronic Access: o User identification codes (user ID and password) Backdoor is a means of access to program or system that bypasses normal security. A programmer will sometimes install a backdoor so that the program or system can be easily accessed for troubleshooting or other purposes. Backdoors should be eliminated.
o

Callbacks on dial-up systems: call users’ phone when their ID log in.

o

Firewall (deter, not to prevent) is a system often both hardware and software of user identification and authentication (valid user has access to the system) that prevents unauthorized users from gaining access to network resources, acting as a gatekeeper, it isolates a private network from a public network. It does not prevent or protect against viruses



Network Firewalls= physical device “box” protect the network as a whole. Application firewalls: as opposed to a network firewall which is designed to protect specific application from attack by examining the data in packets as opposed to just the data in packet header that is examined by network firewall. It basically provides additional user authentication. It is NOT less expensive, easer to excess, nor easier to install that network firewalls.



Firewall methodologies:

1) Packet filtering: examines packets of data as they pass through the firewall. It is the

simplest form of firewall configuration.
2) 2) circuit level gateway: allow data into a network that result from requests from

computers inside the network
3) Application level gateway: examines data coming into the gateway. They can be

used to control which computers in a network can access the internet and can also be used to control which internet websites or pages can be viewed once access in allowed. Threats in a computerized environment:
o

Virus is a piece of computer program that inserts itself into some other program, including operation systems, to propagate. It requires a host program to propagate it, so it cannot run independently. Worm is a program (special type of virus) that can run independently and normally propagates itself over a network. It cannot attach itself to other programs.

o

o

Trojan horse is a program that appears to have a useful function but that contains a hidden and unintended function that presents a security risk. It does not replicate itself.

o Denial-of-service attack: One computer bombards another computer with a flood of information intended to keep legitimate users from accessing the target computer or network.
o

Phishing is the sending of phony emails to try to lure people to phony web sites asking for financial information. Spam is unsolicited email to increase burden to individual and companies.

o

Data Encryption (scrambling transmissions)
Digital Certificates o To send encrypted message, apply for digital certificate from certificate authority o Longer length of key – more secure (128 bits) o Brute-force attack – attacker tries every possible key until right one is found o Public Key Encryption  Encrypted using public key, decrypted using private key o Private Key Encryption  Both sender and receiver must have the private key

Disaster Recovery And Business Continuity Disaster Recovery planning devises plans for the restoration of computing and communications services after they have been disrupted by an event such as an earthquake, flood, or terrorist attack. o Focus primarily on the technical issues involved in keeping system up and running, such as which files to back up and the maintenance of backup computer systems or disaster recovery services. o The major player is the organization itself and external service provider. o Types of recovery planning:
o

Hot site: an off-site location that fully equipped meaning it has all computers and data ready to begin operations immediately in the event of disaster. Cold site: office space that is reserved in case of a computer or network emergency. It requires setup of computers and loading of data before operation can begin.

o

The decision to set up a hot or a cold site is dependent on the natural of the threats, risks, nature of business and etc. Banks will definitely set up a hot site, but a merchandising company will probably set up a cold site. Also, if a company operates in a region where the incident of a terrorist attack is probable, a cold site is the best option. Steps in a disaster Recovery: 1. Assessment of the risk. 2. Indentify mission-critical applications and data. 3. Develop a plan to handle the mission-critical applications. 4. Determine responsibilities of the personal involved. 5. Test the disaster recovery plan.

Backup approaches: 1. Grandfather-Father-Son method (Batch):
2. Rollback: undoing changes to a database up to a point where it was known to

function correctly.
3. Checkpoint: the system is backed-up at a certain point called checkpoint in a

separate disk or tape. If there a problem, the system is restarted at the last checkpoint. Backup facilities:
1. Hot site: an off-site location that fully equipped meaning it has all computers and

data ready to begin operations immediately in the event of disaster.
2. Cold site: office space that is reserved in case of a computer or network

emergency. It requires setup of computers and loading of data before operation can begin.
3. Reciprocal agreement (or mutual aid pact):

An agreement between two or more organization to aid each other with their data processing need in the event of a disaster. 4. Internal site: Large organizations with multiple data processing centers rely upon their own sites for backup in the event of a disaster.

Mirroring uses a backup sever that duplicates all the process and transaction of primary server. If the primary server fails, the backup server can immediately take its place without any interruption in the service. It is very expensive.

Electronic Business

E-Commerce: is the electronic consummation of exchange (buying and selling) transactions. It uses a private network or the internet as the communication provider. Certain types of ecommerce involve communication between previously known parties or between parties that have had no prior contracts or agreements with each other. In the recent past, ecommerce was an option for many kinds of business. Today, it is a cost of doing business for most types of business. E-Business:

E-Business is a more general term than e-commerce and refers to any use of information technology, particularly networking and communications technology, to perform business processes in an electronic form. The exchange of this electronic information may or may not relate to the purchase and sales of goods or services. E-commerce relates to buying and selling transactions. Electronic Data Interchange (EDI) (standard format) One of the first types of e-business/e-commerce was EDI. EDI is computer to computer exchange of business transaction documents (purchase orders, confirmations, invoices, etc.) in structured formats that allow the direct processing of the data by receiving system. EDI started with buyer-seller transactions (e.g., invoices and purchase orders) but was then expanded to inventory management and product distribution. Extensible Markup Language (EML): sent data in a flexible format, as opposed to EDI which sent date in a standard format.
-

EDI reduces handling costs and increases processing speed. Because EDI speeds transaction processing, the business cycle is generally shortened and year-end receivable balances are reduced

o Suppliers and buyers can use EDI to improve inventory management by speeding up processing of sales/purchase/inventory transactions. o EDI requires that all transactions be submitted in a standard data format (international language)
o

Mapping: is the process of determining the correspondence between data elements in an organization’s terminology and data elements in standard EDI terminology. Once the mapping has been completed, translation software can be developed or purchased to convert transactions from one format to the other.

o EDI can be implemented using direct links between the trading partners trough VANs and the internet. o Reduce human effort in the processing of business documents.

Cost of EDI:
1. Legal costs associated with modifying and negotiating trading contracts with

trading partners and with communications providers.
2. Hardware Costs such additional communications equipment, improved servers,

modems, routers.
3. Cost of Translation Software to translate data into the very specific EDI

formats.

4. Cost of Data Transmission if VAN is used.

5. Cost of Reengineering process and training costs for affected applications. 6. Costs associated with security, monitoring, and control procedures. EDI Controls: auditors need to review the following: o Activity logs of failed transactions. o Network and sender/recipient acknowledgments.

EDI vs. E-COMMERCE

Item Cost Security Speed Network

EDI More expensive More secure Slower (batch) VAN (private)

E-Commerce Less expensive Less secure Faster (OLRT) Internet (Public)

Business-to-business (B2B) when a business sells its products or services to other businesses. o Speed- allow business transact with each other more rapidly than traditional phone, fax, and mail. o Time- transactions between businesses in different countries can occur regardless of the different time zones of each country. o Personalization: (complete an online profile) o Security- transactions that contain private information are encrypted with then undecipherable. o Reliability- there is no opportunity for any human errors. o It’s NOT more secure than B2C or C2C and government is not involved in it. o There is no complete security, even if data encryption is used. Business-to-Consumer (B2C) when a business sells its products or services to the public. Consumer-to-Consumer (C2C) when consumer sell products to other consumers such as on eBay.

Enterprise resource planning system (ERP) ERP is a cross-functional enterprise system that integrates and automates the many business processes that must work together in manufacturing, logistics, distribution, accounting, finance, and human recourse functions of a business. ERP software is comprised of number of modules that can function independently or as an integrated system to allow data and information to be shared among all of the different departments and divisions of large businesses. ERP purposes and objectives:
o o

ERP systems store information in a central repository (main database) so that data may be entered and accessed and used by the various departments. ERP systems can provide vital cross-functional information quickly to managers across the organization in order to assist them in the decision-making process.

Supply Chain Management systems (SCM) viewed as extension of ERP SCM is the integration of business processes from the customer to the original supplier and includes purchasing, materials handling, production planning and control, logistics and ware housing, inventory control, and product distribution and delivery. It has four important characteristics of every sales; what, when, where, and how much. What – goods received must match goods ordered When – goods should be delivered on/before date promised Where – goods should be delivered to location requested How Much – cost of goods should be as low as possible

o The objective of SCM is to achieve flexibility and responsiveness in meeting the demands of customers and business partners.
o

Functions include planning, sourcing, making, and delivery.

Customer Relationship Management (CRM) CRM provides sales force automation and customer services in an attempt to manage customer relationships. CRM records and manage customer contracts, manage salespeople, forecast sales and sales targets and goals, manage sales leads and potential sales leads, provide and manage online quotes and product specifications pricing, and analyze sales data. o The objective is to increase customer satisfaction and thus increase revenue and profitability.

o

Divided into Analytical CRM which creates and exploits knowledge of a company’s current and future customers to drive business decisions and operational CRM which is the automation of customer contract points.

Electronic funds transfer (EFT) Also referred to as the automated clearing house (ACH) used for direct deposit and automated deposit of funds between financial institutions. o Reduces the problem of float. o Form of electronic payment for banking and relating industries. o Often provided by a third-party vendor who acts as the intermediary between the company and the banking system. o Security is provided through various types of data encryption. Application service providers (ASP) ASP provides access to application programs on a rental basis. They allow smaller companies to avoid the extremely high cost of owning and maintain today’s application systems by allowing them to pay only for what is used. The ASPs own and host the software. o Advantages of utilizing an ASP are the lower costs, both from a hardware, software and people standpoint, and greater flexibility.
o

Disadvantages are the possible risks to the security and privacy of organizations’ data and poor support by ASP.

Auditing in computerized environment: - Transaction tagging

-

Embedded audit modules: are sections of an application program code that collect transaction data for the auditor. Such modules allow the auditor to capture specific data as transactions are being processed.

- Test deck (test data) - Integrator test facility - Parallel simulation

Notes from the HW: Encryption performed by physically secure hardware is more secure than that performed by software because software may be more accessible from remote locations. In addition, because hardware decrypts faster than software, more complex algorithms (which are more difficult to "crack") may be used. - Edit checks are designed to ensure that invalid inputs are rejected. A list of rejected transactions would be produced to allow the correction and resubmission of such transactions.

-

provide the computer operating system with the ability to schedule, resource allocation and data retrieval functions based on a set of instruction provided by Job control language

-

operators, programmers, and the library function be segregated

-

The primary purpose of boundary protection is to prevent the mixing of data on a magnetic memory disc and a core storage unit.

-

An echo check or control consists of transmitting data back to the source unit for comparison with the original data that were transmitted. In this case, the print command is sent to the printer and then returned to the CPU to verify that the proper command was received. Ex: when CPU sent signal to the printer to start printing, and the printer send signal back to the CPU approving the instruction.

-

Algorithm: a detailed sequence of actions to perform to accomplish some task. It is step-by-step approach

-

Complier: compile a complete translation of a program in a high-level computer language before the program is run for the first time. Converts procedure or problem-oriented language to machine language.

Distributed data processing: A distributed data processing system is a network of computers located throughout an organization's different facilities normally spread over a wide area to fulfill information processing needs. information processing made possible by a network of computers dispersed throughout an organization.

File-oriented system: focuses on individual application, each with its own set of files and with each file physically separate from the other files. In other hand, DBMS focuses on data rather than a particular application.

File-oriented system vs. DBMS: A Database Management System (DMS) is a combination of computer software, hardware, and information designed to electronically manipulate data via computer processing. Two types of database management systems are DBMS’s and FMS’s. In simple terms, a File Management System (FMS) is a Database Management System that allows access to single files or tables at a time. FMS’s accommodate flat files that have no relation to other files. The FMS was the predecessor for the Database Management System (DBMS), which allows access to multiple files or tables at a time (see Figure 1 below).

Virtual memory is memory where portions of a program that are not being executed are stored, but it is not real memory. It is actually a part of disk storage. When the part of the program that is being stored in virtual memory is to be executed, the part of the program is retrieved and stored in real memory. (It’s NOT part of the real memory)

When application software is purchased, the purchaser may or may not receive a copy of the source code. The source code may or may not be escrowed. Escrow of the source code supposedly protects the purchaser (not the seller) if the software vendor fails to live up to its contractual obligations. Manteca may or may not be provided (support and update)

Most client/server application operate on a three-tiered architecture consisting of desktop client, application, and database. RAID disk storage, while relatively inexpensive, does not necessarily mean lower performance and reliability.

It is correct that processing power is often described in terms of MIPS. However, the MIPS measurement is only one of the factors in determining the overall processing power of a particular processor or computer system. For example, the internal and external (to the processor itself) data transfer speed is also important. If a particular application system is input/output intensive, like many commercial application systems are, data transfer speed might be much more important than pure processing power.

In a relational database, the data are stored in two-dimensional tables that are related to each other by keys, not implemented by indexes and linked lists. Indexes and linked lists were normally used in the earlier hierarchical and tree-structured databases. Object-oriented databases can be used to store comments, drawings, images, voice, and video that do not normally fit into more structured databases. However, object-oriented databases are normally slower than, not faster than, relational databases.

Programs may be either interpreted or compiled. However, when programs are interpreted, not compiled, each line of source code is converted into executable code immediately before it is executed. Interpretation is normally slower than compilation because it is harder to optimize (for performance) an interpreted program. Optimization normally is part of the compilation or linking process. Programs are normally written in source code that is then translated into object code. The translation is the compilation or interpretation of the source code. If a program is compiled, broadly speaking, the object code is retained and is what is executed. If a program is interpreted, the interpreted code is what executes. If the program is executed again, it is interpreted again. Compared to batch processing, real-time processing has the advantage of timeliness of information because data is updated more quickly. Auditing is normally easier with a batch system than with an online system. With an online system, it is harder, although certainly not impossible, to build effective audit trails. With less effective audit trails, it is more difficult to audit, and sometimes considerably different approaches to auditing (auditing around a system instead of auditing through a system) must be taken. There is no difference as to the two systems efficiency and ease.

TCP/IP is not limited to exchanges of funds. The Internet is used for a lot more than just exchanges of funds, although it is certainly used for that. Knowing only that TCP/IP is the basis for the Internet, and nothing else, this choice can be readily eliminated. TCP/IP is not limited to large (or even small) mainframe computers. It can and is used by any type of computer. Knowing only that TCP/IP is the basis for the Internet, and nothing else, this choice can be readily eliminated. The actual physical connections among the various networks are not limited to TCP/IP ports. There are plenty of other "ports" that are used for Internet communications. Ports are discussed in the B4 Technical Addendum; they are not discussed in the main text. This choice is probably the next best choice since it takes just a little more knowledge to eliminate it.

If an application package is purchased from an outside vendor and installed, system analysts may be called system integrators. For purchased applications, their main responsibility would not be to modify the application to perform the specific functions required from the application but would be to design any interfaces, to convert the initial data for the application, and to provide training to end users.

Network and database administrators duties can be performed by one person.

Computer operator, programmer, and security administrator functions must be segregated.

A digital signature is a means of ensuring that a message is not altered in transmission. It is a form of data encryption.

Even if a company has a strong firewall and an application that run on its network, it does not protect it completely from viruses. Also, that does not mean that the company should not install an anti-viruses system.
Program modification controls are controls over the modification of programs being used in production applications.

Program modification controls include both controls that attempt to prevent changes by unauthorized personnel and also that track program changes so that there is an exact record of what versions of what programs were running in production at any specific point in time. Program change control software normally includes a software change management tool and a change request tracking tool. Program change control often involves changing what are effectively the same programs in two different ways simultaneously. Normally, an environment has both production programs and programs that are being tested. Sometimes, production programs require changes (production fixes) at the same time the test versions of the same programs are being worked on. This process must be controlled so that one set of changes does not incorrectly overlay the other.

A company uses application software packages. The license agreements for the packages do not invariably provide the right to make backup copies of the software for disaster recovery purposes. Standard disaster recovery plans are limited to the restoration of IT processing. However, the plans may be extended to the restoration of functions in end user areas. Disaster recovery service providers will do almost anything related to disaster recovery for the right amount of money, as long as that service is specified (and priced) in the disaster recovery contract. Most disaster recovery service providers will not provide services that were not specified in the disaster recovery contract. If and when a disaster occurs, the customer normally gets what the customer has been paying for. The major emphasis in disaster recovery is normally the restoration of hardware and telecommunication services.

It is difficult at best to figure out what the word "controls" is doing in any of these choices in a disaster recovery question. So let's just ignore it; it really does not make any difference to the answer. In addition, and more importantly, we have to make sure that we note the word "uninterrupted" in the question. We have to assume that the disaster recovery being referenced here is more stringent than either the hot site recovery or cold site recovery discussed in the text (i.e., the ability to recover from a disaster instantaneously with absolutely no downtime of any kind). This type of disaster recovery would normally be some kind of "mirror" facility, where two identical processing facilities are maintained at different geographical locations and all transactions are processed simultaneously at both facilities, and where either facility can take over instantaneously for the other if one is lost. This kind of disaster recovery is normally quite expensive, but it is sometimes worth it in some businesses. Downtime (or the complete lack thereof) is a key factor in the disaster recovery plan. Backup is always essential in any disaster recovery plan. Choice "c" is the only choice with both downtime and backup. - Encryption would be more important than verifying message authenticity.

- External labels will prevent file destruction by properly identifying each file.

- Automated transactions are not subject to the same types of authorizations as are manual transactions,

After supply chains are set up, they can’t remain unchanged, Supply chains have to be constantly reengineered as products change and to increase efficiency and reduce costs.

- Accounting information system can be partly a transaction processing system and a knowledge system\ - Uninterrupted power supply (UPS): backup system that don’t shut down

Prepared by, Aiman Almeqham

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close