You are on page 1of 15

Chapter 4 – Information Technology

Introduction to Information Technology:

1. Hardware: actual physical computer or computer peripheral device.
2. Software: programs that process data and turn that data into information. General (i.e. MS Word) or
specific (internal audit program).
3. Data: raw facts. Production data (real, live data) or test data (staging/false data) are kept separately.
4. Network: communication media that shares data and information simultaneously.
5. People: various job titles and job descriptions (internal and/or outsourced).
* Information organized and processed data. Data  Information

Stakeholder: anyone in the organization who has a role in creating or using the documents and data
stored on the computers or networks.

Business Information System – a software that accurately records and summarizes transactions for the
business; basic component of a business. 3 roles in business operations:
1. Process detailed data: transaction processing systems process and record the transactions
necessary to conduct the business.
2. Assist in making daily decisions: management information systems, decision support systems,
and knowledge systems meet the varied information needs of the different organizational levels
of the business.
3. Assist in developing business strategies: executive information systems collect and summarize
data on which strategic decisions will be made.

Lower-level: more detailed Higher-level: less detailed

Human errors: random Computer errors: systematic

Series of events: hardware technicians – network administrators – software developers – end user

Accounting Information Systems: Type of management information system, partly transaction

processing system, partly knowledge system.

Components of BIS

Transaction Decision Support Management Knowledge System Executive

Processing System System Information System (KS) Information System

Accounting Information

Becker – 2008 Edition Chapter 4 Page 1 of 15

Example of accounting audit trail:

Source document  Journal  Ledger  Trial Balance  Financial Statements Reports
(invoice, timecard)

File original paper source document

Objective of AIS: record valid transactions, properly classify, input proper values, record in proper
accounting period, and present the transactions in the financial statements.

Well-designed AID contains an audit trail that allows a source document or a source transaction to be
traced from input all the way to the final output and backwards!!!
- Test for completeness, existence, vouch...

Components of BIS:
TPS – systems that process and record routine daily transactions necessary to conduct the business.
DSS – assist managers in making daily business decisions. Do not automate decisions, but provide
interactive tools with subjective judgments. Data driven and model driven systems “Expert systems”.
MIS – Management reporting systems (MRS). Provide managerial and other end users with reports
ES – Only used by top managers for monitoring business conditions. Assist in strategic, not daily decision

Types of reports:
1. Periodic scheduled reports – available on regular basis to end users (weekly, monthly).
2. Exception reports – “red flag reports”. Produced when specific condition occurs.
3. Demand reports – “pull reports”. Some information from MIS is available on demand.
4. Ad Hoc reports – “on the fly”. Does not currently exist, but can be created on demand without
having to get a software. Called a user report writer.
a. Query – specific question made up of various criteria
5. Push Reports – similar to pull reports, it is a specific or general reports downloaded and possibly
aggregated from the internet. Example: if every time an end user logged on to a computer, a
report window displayed the latest report that the end user needed.

People – Roles and Responsibilities Within the IT Function

Segregation of duties – most important characteristics.

System Analyst: Architect of the overall computer hardware specifications.

- Internally-developed system:
o With end users, determine the requirements for a system
o Design the specifics to satisfy those requirements
o Design the overall application system

Becker – 2008 Edition Chapter 4 Page 2 of 15

- Purchased system:
o System analysts are system integrators
o Learn the purchased application
o Integrate it with existing applications by designing interfaces
o Determine how to convert the initial data from other applications
o Provide training to end users

Computer Programmer: include application programmers and system programmers

- Application programmer/software developer
o Responsible for writing/maintaining application programs.
o Handles the testing of application
o Train computer operator
o Programming budget will normally be devoted to program maintenance
- System programmer
o Install, support, monitor, and maintain operating system.
o Forecast hardware capacity and perform other capacity planning functions.
o Time can be spent testing and applying operating system upgrades
- For internal control, system programmers and application programmers should not be given
write/update access to data in production systems.

Computer Operator:
- Outdated, because automated now.
- Scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes.
- End users are NOT computer operators.

Control Clerk:
- Outdated, because automated now.
- Logged/input and maintained error and correction logs

IT Supervisor:
- Manage the functions and responsibilities of the IT department.

File Librarian:
- Store and protect programs and tapes from damage and unauthorized use.
- Most work is now automated.

Security Administrator:
- Responsible for assignment of initial passwords and often the maintenance of those passwords.

System Administrator:
- Database Administrator (DBA)
o Responsible for the actual software – maintaining and supporting the database
o May perform security functions.
o Perform similar functions for database software as system programmers for operating
o Should not have write/update access to data in production databases
o More technical

Becker – 2008 Edition Chapter 4 Page 3 of 15

- Data Administer
o Responsible for the definition, planning, and control of the data within a database
o More administrative
- Network administrator
o Support computer networks.
o Network performance monitoring and troubleshooting
o Also called: telecommunication analysts and network operators
- Web Administrator
o Responsible for information on a web site
Data input clerk
- Outdated
- Prepare, verify, and input data to be processed
Hardware Technician
- Sets up and configures hardware and troubleshoots any resulting hardware problems.
End user
- Any workers who enter data into a system or who use the information processed by the system.

Segregation of Duties:
- Organization and operating controls deal mainly with the structure of an IT department and how
duties are segregated within that department.
- IT department is a support group. It does not initiate or authorize transactions.
- Break down the transaction = Authorizing, Recording, and Custody
- Objective: prevent any one person from having total control over all aspects of transaction

Segregation of duties with the IT Department:

- System Analysts vs. Computer Programmers

o System analysts  design overall computer systems  Hardware
o Computer programmers  in charge of application software  Software
o Must separate the two duties, otherwise you bypass all security systems

- Computer Operators vs. Computer Programmers

o Must separate the two duties, if not, one can make unauthorized and undetected
program changes

- Security Administrators vs. Computer Operators and Computer Programmers

o Must separate the duties, otherwise one can give himself and another person access to
unauthorized areas and can steal information or assets.

IT Fundamentals

CPU- control center of computer. Inside CPU, main circuit board  Motherboard.
All internal hardware plugs into motherboard.
A. The processor: Chip (i.e. Intel Pentium)  Computer brain.
a. Interprets program instructions and coordinates input, output, and storage devices
and performs arithmetic calculations.

Becker – 2008 Edition Chapter 4 Page 4 of 15

B. Primary storage: RAM  high speed processing memory, expensive.
a. Main memory to store program instructions and data until the program instructions
are executed.

Random access memory (RAM) stores data temporarily while it is being processed.
Read-only memory (ROM) used to permanently store data to power the computer.

Secondary Storage Devices: Hard drive  electronic warehouse for storing programs/data, in expensive
 Examples: hard drives, floppy disks, CD-ROM
 RAID: Redundant Array of Independent Disks  used for disk storage
◊ Used on server, not on PC.
◊ Combine multiple inexpensive disk drives into an array of disks drives to obtain
performance, capacity and reliability that exceed that of a single large disk drive

Peripherals: transfer data to or from the CPU but do not take part in the actual processing of the data.
A. Input devices: Keyboards, mice, scanners, magnetic ink character readers (MICR), microphone
B. Output devices: transfer data from CPU to media. Printers, speakers, monitors

Multiprocessing: coordinated processing of programs by more than one processor

Multiprogramming: several parts of program running at the same time on a single processor
Parallel processing: simultaneous use of more than one computer to execute a program

Softwares: system software, programming languages, and application software

System software  programs that run the computer and support system management operations
1) Operating System: interface between the user and the hardware. Defines commands to be
issued and how they are issued.
2) Database Management System (DBMS) 
a. Data storage definitions:
1. Bit = a binary digit (0 or 1) with which all computer data is stored
2. Byte = group of normally 8 bites. Also called characters
• 1 KB = 1,000 bytes
• 1 MB = 1 million bytes
• 1 TB = 1 trillion bytes
3. Field = group of bytes. Vertical columns. Ex. Employee number or name
4. Record = group of fields representing the stored data. Horizontal rows
5. File = collection of related records arranged in some kind of sequence

“Database” and “DBMS” are different!

- Database = integrated collection of data records and data files. Stored data.
- Database Management System (DBMS) = a tool. Separate computer program creating new
databases. Allows maintenance. Includes data dictionary or data repository. Ex. MS Access, SQL.

Relational Technology: data stored in two-dimensional tables `related` to each other via keys

Normalization: process of separating data into logical tables

Becker – 2008 Edition Chapter 4 Page 5 of 15

Object-Oriented Database: conventional databases, both relational and non-relational, are designed for
homogeneous data structured into predefined data fields and records organized in rows and tables.

Main uses of DBMS:

 Database development  creates new, empty database
 Database query  end users retrieve specific data
 Database maintenance  test after creating and test for database tunings.
o Effectiveness: functioning properly
o Efficiency: working fast enough
 Application development  automated to user-friendly screens and forms for anyone to use,
instead of creating queries.

Types of Database:
 Operational database: stores detailed data to support daily operations. Ex. TPS
 Analytical databases: store data extracted from operational databases. Ex. EIS, DSS
 Data warehouses: stores from operational and management databases.
◊ Data mining: a large amount of diverse data is processed for trends, patterns, etc
◊ Data mart: limited scope data warehouse
 Distributed databases: physically distributed on either local or remote hardware
 End-user databases: developed by end users at their workstations. Ex. Email, address book.

Advantages of DBMS:
◊ Reduction of data redundancy and inconsistency
◊ Potential for data sharing
◊ Data independence
◊ Data standardization
◊ Improved data security
◊ Expanded data fields
◊ Enhanced information timeliness, effectiveness, and availability

Disadvantages of DBMS:
◊ Cost  computer hardware and software
◊ Highly trained personnel are necessary  DBA is a technical position
◊ Increased chances of breakdowns  Network down
◊ Possible obscuring of the audit trail
◊ Specialized backup and recovery procedures required  backup necessary

Programming languages  COBOL, Pascal, VB, C and C++

Application Software: (i.e. word processors, spreadsheets, databases)

1. Licensing the use of software  1 license, 1 software
2. Escrowing the source code  store backup copy in safe, offsite location
3. Groupware/shareware  freeware, be careful, you get what you pay for!

Becker – 2008 Edition Chapter 4 Page 6 of 15

Network: interconnected group of interconnected computers and terminals.

 Local Area Networks (LANs)

o Permit shared resources (software, hardware, and data) among computers within a
limited area
o Node: device connected to a network
o Workstation: client machine. Note that is used by end users
o Server: node dedicated to providing services or resource to the rest of the network
 Not directly accessible by individual users but through the network software
o Network Interface Card (NIC): Ethernet card. Circuit board installed on a node that
allows the node to connect with and communicate over the network
o Transmission Media: Physical path between nodes on a network. (i.e. CAT5, fiber optics,
cable, wireless)
o Network Operating System (NOS): manages communication on network. (MS Windows)
o Communications Devices/Modems: Cable/DSL, high speed, internet modems. Translate
data into the analog format needed to use telephone lines.
o Communications/Network Protocols: Set of rules.
 Establish an interface between the sender and receiver
 Transmit the information
 Route messages along the various paths the information might travel
 Check for transmission errors
 Covert messages from one speed or transmission format to another
 Most common: TCP/IP  transmission control protocol / internet control
o Gateways and routers: hardware and software that connect different types of networks
by translating between network protocols.
 Router: packets of data through several interconnected LANs or WAN
 Bridge: connect segments of a LAN which use same set of network protocols.
o Client/Server Configurations:
 Master servers, PCs for end users
o Network Topologies:
 Bus network: common backbone to connect all of the devices on network
 Ring network: peer-to-peer  not used in modern business!
 Star networks: telephone systems connected to a central “hub”
 Trees network: connects multiple stars into a bus. i.e. phone network if a large
city, where each neighborhood is like a star

 Wide Area Networks (WANs)

o Allow national and international communications.
o Employ non-dedicated public communication channels.
o May be provided by value added networks or internet-based networks
o Value Added Networks (VAN):
 Privately owned, expensive, and provide more than standard data transmission
 Used for electronic data interchange (EDI)
 Extra services: automatic error detection, protocol conversion, message storing
 Private network = good security
 Batch transactions and send them at night when line traffic is lower = Delay data
transfer for hours

Becker – 2008 Edition Chapter 4 Page 7 of 15

 Charge a fixed fee plus a fee per transaction and can be prohibitively expensive
for smaller companies
o Internet-Based Networks:
 Establish communication between LANs and transmit EDI transactions
 Transactions transmitted immediately = online, real time = very fast
 Internet costs are lower, EDI is more affordable for smaller companies
 Affordability = the number of potential customers increase
 Not private, but virtual network = not secure!
o Intranets and extranets:
 Use internet protocols & public communications media, not proprietary system
 Intranets: connects geographically separate LANs within a company
• Company’s private website for only employees
• Navigated with a standard web browser (i.e. Internet Explorer)
 Extranets: permit company suppliers, customers, and business partners to have
direct access to the company’s network
• Port/doorway for select individuals through firewall into intranet

Value Added Networks Internet Based Networks

Private Public
More Secure Less Secure
Expensive Inexpensive
Slow – Batch system Fast – Online, real time

System Operation

Terminology for Transaction Processing Modes

1. Transaction files = journals (i.e. sales journals). Files used to update the master files. Transaction
files are temporary files.
2. Master files = ledgers (i.e. A/R ledger).
3. File maintenance = process of transactions being used to update balances in master files.
4. Permanent files = when master files represent data.
5. Processing methodology = batch and online, real time

6. Batch processing = transactions collected, grouped, and processed periodically. Use sequential
storage device (magnetic tape) or random access storage device (disks). ALWAYS a delay.
◊ Step 1: Create a transaction file. Done by data validation (i.e. entering/verifying data).
◊ Step 2: Update the master file. Done by sorting files and updating records. If random access,
then no sorting needed.
7. Compare manual and computer-generated batch control totals
◊ Dollar fields = batch dollar total
◊ Hash total = if item total is not dollars
◊ Document counts = ???
8. Batch used in tradition systems

Becker – 2008 Edition Chapter 4 Page 8 of 15

Online, Real time:
9. Requires random access storage device
10. Immediate processing = no delay
11. Used in networked systems
12. Point of sale (POS) systems
13. Online analytical processing
14. Scanners
15. Importing data

Centralized vs. decentralized Processing

Central processing = maintain all data processing at central location. (ex. Mainframe and large server
computing applications.)

*Today centralization and decentralization are often a matter of degree.

Decentralized processing = occurs when computing power, applications, and work is spread out over
many locations. (ex. Via LAN or WAN). Each remote computer performs a portion of the processing.

Advantages of centralized processing:

- Enhanced data security
- Consistent processing
Disadvantages of centralized processing:
- Possible high cost
- Increased need for processing power and data storage
- Reduction in local accountability
- Bottlenecks = input/output bottlenecks can occur at high traffic times
- Larger delay in response time from centralized location to remote locations

Other System Operation Considerations:

Disappearing audit trail:
- Paper audit trails are substantially reduced in a computerized environment. If client processes
most of its financial data in electronic form, with no paper trail, audit tests should be performed
on a continuous basis
- Computer systems should supply electronic audit trails which are as effective as paper trails
Uniform transaction processing:
- Clerical errors are virtually eliminated = processing consistency is improved
- Increased potential for systematic errors

Potential for increased errors and irregularities  negatives:

- Likelihood for unauthorized access. Easier to break into servers
- If system security is breached = potential for damage is much greater than manual systems
- Decreased human involvement in transaction processing = decreased observation
- Errors or fraud may occur in design or maintenance
- Computer disruptions may cause errors or delays in recording transactions

Becker – 2008 Edition Chapter 4 Page 9 of 15

Potential for increased supervision and review  positives:
- Computer systems provide more opportunities for data analysis
- Increased data analysis = reduce the additional risk with lack of segregation of duties
- Increased availability of raw data and management reports = easier to perform analytical


Risks, Controls, Disaster Recovery, and Business Continuity

Strategic Risk: risk of choosing inappropriate technology.

Operating Risk: doing the right things in the wrong way. (could be timing issue too)
Financial Risk: having financial resources lost, wasted, or stolen.
Information Risk: Risk of loss of data integrity, incomplete transactions, hackers.0

Specific Risks:
- Errors: carelessness, failure to follow directions, misplaced transactions, bugs, crashes
- Intentional acts: sabotage, embezzlement, viruses
- Disasters: fire, flood, earthquakes, war, terrorism

Risk: possibility of harm or loss.

Threat: danger to asset or hostile intent
Vulnerability: characteristic that renders the system susceptible to a threat
Safeguards and controls: firewall

Risks can be assessed and management.

- Identify
- Evaluate the probability
- Evaluate exposure
- Identify controls against the risk
- Evaluate costs and benefits of implementing the controls
- Implement controls that are cost effective

Types of controls:
- General control: passwords into computer
- Applications control: passwords to get into program
- Physical control: locks on doors
- Segregation of duties

Physical access: Locks

Electronic access:
- User Ids and password = private, secret
- Backdoor: access to a program or system that bypasses a normal security = Not Good!!!
- Maintenance of security levels = restrict, limited access

Becker – 2008 Edition Chapter 4 Page 10 of 15

- Call-backs on dial-up systems: Customer calls, but the system automatically hangs up and calls
the number on system and talk to the customer to verify it really is the customer
- File attributes: restrict writing, reading, and directory privileges for a file. (i.e. read-only)
- Firewalls: hardware and software, system of authentication, prevents users from gaining access
to network resources. Gatekeeper
o Deter, not prevent. Do not guard against viruses.
o Network firewalls: physical device, “box”.
o Application firewalls: software program
 Protects specific applications from attack
 Use in addition to network firewalls
 Provides additional user authentication
 Packets: small pieces of data that travel over a network. Part of message
o Main differences between firewalls = the level it examines the data packets
o Packet filtering: examine packets as they pass through the firewall. Simplest.
o Circuit level gateways: allow data into a network that result from requests from
computers inside the network
o Application level gateways: examine data coming into the gateway in a more
sophisticated fashion. Most secure, but can be slow.
- Threats in a computerized environment:
o Virus: piece of program that inserts itself into another program to propagate
o Worm: special type of virus which runs independently and propagates. Does not attach
itself to other programs. (Common in address books. Sends out emails.)
o Trojan horse: program that appears to have a useful function but contains hidden and
unintended function = security risk. Does not replicate itself.
o Denial-of-service attach: one computer bombards another computer with a flood of
information intended to keep legitimate users from accessing the target computer or
network. (i.e. million people go on the same website at same time, the server goes
down. The website can’t service anyone until server restarts)
o Phishing: sending of phony emails to try to lure people to phony websites asking for
financial information. Spam: unsolicited emails.

Safeguarding records and files: hardware can be replaced, but data cannot. So always keep data safe

Backup files: everyday!

- Use the son-father-grandfather concept
- Back-up all critical application data
- Backups of systems that do not shut down  UPS (Uninterrupted power supply)
- Planned, implemented, and run back-ups regularly

Program modification controls: now automated, but previously done by program librarian (person)
1. Controls that attempt to prevent changes by unauthorized personnel.
2. Controls that track program changes so that there is an exact record of what versions of what
programs are running in production.

Data encryption: scrambling transactions. Problem  they can be lost, stolen, or broken in to

Digital certificates: from of data security. Individual wishing to send an encrypted message applies for a
digital certificate from a certificate authority. Public and private keys involved. Longer the key, the safer.

Becker – 2008 Edition Chapter 4 Page 11 of 15

Disaster recovery and business continuity

Disaster recovery: plans for continuing operations in the event of destruction of not only program and
data files but also processing capability.
- Major players: organization itself and/or the disaster recovery services provider (i.e. IBM)
Steps in disaster recovery:
1. Assess the risks
2. Identify mission critical applications and data
3. Develop a plan
4. Determine responsibilities of the personnel involved
5. Test the disaster recovery plan
Advantage: if disaster occurs, than the organization can be back up in little or no time.
Disadvantage: it is very costly.

Types of disaster recovery:

1. Use of a disaster recovery service. If company contracted an outside disaster recovery service
provider, then use them when needed.
2. Internal disaster recovery. If company needs instantaneous resumption of processing when
disaster occurs, then they have their own duplicate facilities in separate locations. Data is
mirrors = very expensive.
3. Multiple data center backups. Use one data center to backup the other.

Cold site: off-site location that has all the electrical connections and other physical requirements for
data processing, but it does not have the actual equipment. Usually takes 1-3 days to put up. The
cheapest form of off-site location.

Hot site: off-site location that is “completely” equipped to “immediately” take over the company’s data
processing. Backup copies of essential data files and programs may also be maintained at the location or
a nearby data storage facility.
- Telecommunications network: hardest aspect of recovery
- Floor space and equipment determination. Not all companies will announce a disaster at the
same time, so floor spacing and equipment to be provided by a disaster recovery provider is
determined based on probability
- Personnel issues: must have knowledgeable personnel on hand.

Electronic Business

Electronic commerce (e-commerce): electronic consummation of exchange transactions. It uses private

or internet network, buying/selling transactions online. In the past, it was an option, and today it is a
cost of doing business.

Electronic business (e-business): general term, refers to use of information technology, particularly
networking and communications technology, to perform business process electronically. It may or may
not relate to buying/selling. Example: see company’s catalog online.

Becker – 2008 Edition Chapter 4 Page 12 of 15

Electronic Data Interchange (EDI): type of e-business/e-commerce. Computer to computer exchange of
business transaction documents in structured formats that allow the direct processing of the data by the
receiving system. Started with buy/sell transactions and expanded to inventory management and
product distribution.
- Reduced handling costs and increased processing speed
- Standard data format  international language
o Mapping: fields. A computer in USA can send information to China. The computer can
remap it into Chinese.
- Communications: implement EDI by through VANs or network of VANs or over the internet.
Usually it is a VAN => more secure
- Features of EDI:
o Allows transmission of electronic documents between organizations
o Reduce cost, higher speed. But must be integrated with the organization’s AIS
o All transactions must be submitted in a standard data format. Translation software
converts transaction data into EDI.
Uses of EDI:
- To permit direct but very controlled access to databases of other organizations
- Improve inventory management by speeding up the processing of sales/purchase/inventory
- Example: computer knows when inventory is low and automatically orders it, eliminates human
Costs of EDI:
- Legal costs: modifying and negotiating trading contracts. Occurs when organizations have an
established relationship and have agreed to conduct certain business through EDI.
- Hardware costs: hardware capable of using EDI
- Costs of translation software: acquiring/developing and maintaining the translation software to
translate data into the very specific EDI formats.
- Costs of data transmission: decreasing costs. VAN
- Process reengineering and employee training costs for affected applications:
o Lower employee costs since everything is automated
o Need to reengineer business processes for automation
- Costs associated with security, monitoring, and control procedures: constant monitoring, tight
EDI Controls: Audit trails include
- Activity logs of failed transactions
- Network and sender/recipient acknowledgements
EDI risks: greatest risk – unauthorized access to organization’s systems

Comparison of EDI and E-Commerce:

EDI vs. E-Commerce Comparison Summary

Item EDI E-Commerce
Cost More Expensive Less Expensive
Security More Secure Less Secure
Speed Slower (Batch) Faster (Online, Real Time)
Network VAN (Private) Internet (Public)

Becker – 2008 Edition Chapter 4 Page 13 of 15

Business to Business (B2B)  Wholesale markets
- Electronic Market: Where there is no pre-existing relationships amongst business
- Direct Market: Where there is pre-existing relationships amongst business
Business to Consumer (B2C)
Consumer to Consumer (C2C)  e-Bay

B2B Advantages:
- Speed: time is money. Save time, save money.
- Timing: transactions between businesses in different countries in different time zones.
- Personalization: business completes an online profile, it can log-in and customize its settings
- Security: transactions are encrypted and undecipherable, so useless to a hacker.
- Reliability: no opportunity for human errors since its between computers.
- Factors to consider:
o Selection of business model
o Channel conflicts (stealing business from competitors)
o Legal issues
o Security

Components of B2B selling site:

- Customer connecting to the website
- Website behind firewall
- Website consists of order entry system and catalog system which the customer can browse
- Seller’s back office system for inventory management, order processing, and order fulfillment
- Seller’s back office accounting system
- Seller’s payment gateway communicating through the internet to validate and authorize credit
card transactions

B2B vs. B2C:

- B2C is less complex than B2B
- B2B needs more participants, involve more complex products, order fulfillment be more certain
- Payment mechanism is a problem for B2C

Enterprise resource planning systems (ERP)

- Cross-functional = multi-dimensional system integrates and automates the many business
processes that must work together in the manufacturing, logistics, distribution, accounting,
finance, and HR.
- Can function independently and together as a system
ERP functions:
- Store information in a central repository so data can be entered and access
- Improves ability to monitor and track sales, expenses, customer service, destruction
- Provide vital cross-functional information quickly to managers across the organization
- Assists with decision making process = strategic planning “EIS”

Becker – 2008 Edition Chapter 4 Page 14 of 15

Supply chain management systems (SCM): Four important characteristics of sale:
- Goods received should match the goods ordered  What
- Goods should be delivered on or before the data promised  When
- Goods should be delivered to the location requested  Where
- Cost of goods should be as low as possible  How much
- Flexibility and responsiveness = planning, sourcing, making, delivery

Customer Relationship Management Systems (CRM):

- Provide sales force automation and customer services to manage customer relationships
- Record and manage customer contacts, manage salespeople, forecast sales and sales targets
- Increase customer satisfaction = increase revenue
- Markets to each customer individual
- Assumes: 20% of customers generate 80% of revenue
- 2 categories:
o Analytical CRM: creates and exploits knowledge of current and future customers
o Operational CRM: automation of customer contact points

Electronic Funds Transfer (EFT): electronic payment for banking and retailing.
- Uses Federal Reserve Fedwire system (automated clearing house network)
- Third-party acts as intermediary between the company and banking system
- Third-party vendor is heavily insured and bonded.
- Security provided through data encryption
- Reduces errors because no manual data entry

Application Service Providers (ASP)

- Provide access to application programs on a retail basis
- Allows small companies to avoid high costs of owning and maintaining today’s application
systems by allowing them to pay only for what is used.
- ASPs own and host the software
- Advantage of ASP:
o Lower costs from hardware and software
o Greater flexibility
- Disadvantage of ASP:
o Possible risks to security and privacy of data
o Poor support by ASP

Components of LAN:
1. Transmission media
2. Nodes
3. Workstations
4. Servers
5. Network interface cards
6. Operating systems
7. Communication devices

Becker – 2008 Edition Chapter 4 Page 15 of 15