Professional Documents
Culture Documents
Components:
1. Hardware: actual physical computer or computer peripheral device.
2. Software: programs that process data and turn that data into information. General (i.e. MS Word) or
specific (internal audit program).
3. Data: raw facts. Production data (real, live data) or test data (staging/false data) are kept separately.
4. Network: communication media that shares data and information simultaneously.
5. People: various job titles and job descriptions (internal and/or outsourced).
* Information organized and processed data. Data Information
Stakeholder: anyone in the organization who has a role in creating or using the documents and data
stored on the computers or networks.
Business Information System – a software that accurately records and summarizes transactions for the
business; basic component of a business. 3 roles in business operations:
1. Process detailed data: transaction processing systems process and record the transactions
necessary to conduct the business.
2. Assist in making daily decisions: management information systems, decision support systems,
and knowledge systems meet the varied information needs of the different organizational levels
of the business.
3. Assist in developing business strategies: executive information systems collect and summarize
data on which strategic decisions will be made.
Series of events: hardware technicians – network administrators – software developers – end user
Components of BIS
Overlap
Accounting Information
Systems
(AIS)
INPUT OUTPUT
Source document Journal Ledger Trial Balance Financial Statements Reports
(invoice, timecard)
STORE FILE
File original paper source document
Objective of AIS: record valid transactions, properly classify, input proper values, record in proper
accounting period, and present the transactions in the financial statements.
Well-designed AID contains an audit trail that allows a source document or a source transaction to be
traced from input all the way to the final output and backwards!!!
- Test for completeness, existence, vouch...
Components of BIS:
TPS – systems that process and record routine daily transactions necessary to conduct the business.
DSS – assist managers in making daily business decisions. Do not automate decisions, but provide
interactive tools with subjective judgments. Data driven and model driven systems “Expert systems”.
MIS – Management reporting systems (MRS). Provide managerial and other end users with reports
ES – Only used by top managers for monitoring business conditions. Assist in strategic, not daily decision
Types of reports:
1. Periodic scheduled reports – available on regular basis to end users (weekly, monthly).
2. Exception reports – “red flag reports”. Produced when specific condition occurs.
3. Demand reports – “pull reports”. Some information from MIS is available on demand.
4. Ad Hoc reports – “on the fly”. Does not currently exist, but can be created on demand without
having to get a software. Called a user report writer.
a. Query – specific question made up of various criteria
5. Push Reports – similar to pull reports, it is a specific or general reports downloaded and possibly
aggregated from the internet. Example: if every time an end user logged on to a computer, a
report window displayed the latest report that the end user needed.
Computer Operator:
- Outdated, because automated now.
- Scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes.
- End users are NOT computer operators.
Control Clerk:
- Outdated, because automated now.
- Logged/input and maintained error and correction logs
IT Supervisor:
- Manage the functions and responsibilities of the IT department.
File Librarian:
- Store and protect programs and tapes from damage and unauthorized use.
- Most work is now automated.
Security Administrator:
- Responsible for assignment of initial passwords and often the maintenance of those passwords.
System Administrator:
- Database Administrator (DBA)
o Responsible for the actual software – maintaining and supporting the database
software.
o May perform security functions.
o Perform similar functions for database software as system programmers for operating
system.
o Should not have write/update access to data in production databases
o More technical
Segregation of Duties:
- Organization and operating controls deal mainly with the structure of an IT department and how
duties are segregated within that department.
- IT department is a support group. It does not initiate or authorize transactions.
- Break down the transaction = Authorizing, Recording, and Custody
- Objective: prevent any one person from having total control over all aspects of transaction
IT Fundamentals
CPU- control center of computer. Inside CPU, main circuit board Motherboard.
All internal hardware plugs into motherboard.
A. The processor: Chip (i.e. Intel Pentium) Computer brain.
a. Interprets program instructions and coordinates input, output, and storage devices
and performs arithmetic calculations.
Random access memory (RAM) stores data temporarily while it is being processed.
Read-only memory (ROM) used to permanently store data to power the computer.
Secondary Storage Devices: Hard drive electronic warehouse for storing programs/data, in expensive
Examples: hard drives, floppy disks, CD-ROM
RAID: Redundant Array of Independent Disks used for disk storage
◊ Used on server, not on PC.
◊ Combine multiple inexpensive disk drives into an array of disks drives to obtain
performance, capacity and reliability that exceed that of a single large disk drive
Peripherals: transfer data to or from the CPU but do not take part in the actual processing of the data.
A. Input devices: Keyboards, mice, scanners, magnetic ink character readers (MICR), microphone
B. Output devices: transfer data from CPU to media. Printers, speakers, monitors
System software programs that run the computer and support system management operations
1) Operating System: interface between the user and the hardware. Defines commands to be
issued and how they are issued.
2) Database Management System (DBMS)
a. Data storage definitions:
1. Bit = a binary digit (0 or 1) with which all computer data is stored
2. Byte = group of normally 8 bites. Also called characters
• 1 KB = 1,000 bytes
• 1 MB = 1 million bytes
• 1 TB = 1 trillion bytes
3. Field = group of bytes. Vertical columns. Ex. Employee number or name
4. Record = group of fields representing the stored data. Horizontal rows
5. File = collection of related records arranged in some kind of sequence
Relational Technology: data stored in two-dimensional tables `related` to each other via keys
Types of Database:
Operational database: stores detailed data to support daily operations. Ex. TPS
Analytical databases: store data extracted from operational databases. Ex. EIS, DSS
Data warehouses: stores from operational and management databases.
◊ Data mining: a large amount of diverse data is processed for trends, patterns, etc
◊ Data mart: limited scope data warehouse
Distributed databases: physically distributed on either local or remote hardware
End-user databases: developed by end users at their workstations. Ex. Email, address book.
Advantages of DBMS:
◊ Reduction of data redundancy and inconsistency
◊ Potential for data sharing
◊ Data independence
◊ Data standardization
◊ Improved data security
◊ Expanded data fields
◊ Enhanced information timeliness, effectiveness, and availability
Disadvantages of DBMS:
◊ Cost computer hardware and software
◊ Highly trained personnel are necessary DBA is a technical position
◊ Increased chances of breakdowns Network down
◊ Possible obscuring of the audit trail
◊ Specialized backup and recovery procedures required backup necessary
System Operation
Batching:
6. Batch processing = transactions collected, grouped, and processed periodically. Use sequential
storage device (magnetic tape) or random access storage device (disks). ALWAYS a delay.
◊ Step 1: Create a transaction file. Done by data validation (i.e. entering/verifying data).
◊ Step 2: Update the master file. Done by sorting files and updating records. If random access,
then no sorting needed.
7. Compare manual and computer-generated batch control totals
◊ Dollar fields = batch dollar total
◊ Hash total = if item total is not dollars
◊ Document counts = ???
8. Batch used in tradition systems
Central processing = maintain all data processing at central location. (ex. Mainframe and large server
computing applications.)
Decentralized processing = occurs when computing power, applications, and work is spread out over
many locations. (ex. Via LAN or WAN). Each remote computer performs a portion of the processing.
Specific Risks:
- Errors: carelessness, failure to follow directions, misplaced transactions, bugs, crashes
- Intentional acts: sabotage, embezzlement, viruses
- Disasters: fire, flood, earthquakes, war, terrorism
Types of controls:
- General control: passwords into computer
- Applications control: passwords to get into program
- Physical control: locks on doors
- Segregation of duties
Electronic access:
- User Ids and password = private, secret
- Backdoor: access to a program or system that bypasses a normal security = Not Good!!!
- Maintenance of security levels = restrict, limited access
Safeguarding records and files: hardware can be replaced, but data cannot. So always keep data safe
Program modification controls: now automated, but previously done by program librarian (person)
1. Controls that attempt to prevent changes by unauthorized personnel.
2. Controls that track program changes so that there is an exact record of what versions of what
programs are running in production.
Data encryption: scrambling transactions. Problem they can be lost, stolen, or broken in to
Digital certificates: from of data security. Individual wishing to send an encrypted message applies for a
digital certificate from a certificate authority. Public and private keys involved. Longer the key, the safer.
Disaster recovery: plans for continuing operations in the event of destruction of not only program and
data files but also processing capability.
- Major players: organization itself and/or the disaster recovery services provider (i.e. IBM)
Steps in disaster recovery:
1. Assess the risks
2. Identify mission critical applications and data
3. Develop a plan
4. Determine responsibilities of the personnel involved
5. Test the disaster recovery plan
Advantage: if disaster occurs, than the organization can be back up in little or no time.
Disadvantage: it is very costly.
Cold site: off-site location that has all the electrical connections and other physical requirements for
data processing, but it does not have the actual equipment. Usually takes 1-3 days to put up. The
cheapest form of off-site location.
Hot site: off-site location that is “completely” equipped to “immediately” take over the company’s data
processing. Backup copies of essential data files and programs may also be maintained at the location or
a nearby data storage facility.
- Telecommunications network: hardest aspect of recovery
- Floor space and equipment determination. Not all companies will announce a disaster at the
same time, so floor spacing and equipment to be provided by a disaster recovery provider is
determined based on probability
- Personnel issues: must have knowledgeable personnel on hand.
Electronic Business
Electronic business (e-business): general term, refers to use of information technology, particularly
networking and communications technology, to perform business process electronically. It may or may
not relate to buying/selling. Example: see company’s catalog online.
B2B Advantages:
- Speed: time is money. Save time, save money.
- Timing: transactions between businesses in different countries in different time zones.
- Personalization: business completes an online profile, it can log-in and customize its settings
- Security: transactions are encrypted and undecipherable, so useless to a hacker.
- Reliability: no opportunity for human errors since its between computers.
- Factors to consider:
o Selection of business model
o Channel conflicts (stealing business from competitors)
o Legal issues
o Security
Electronic Funds Transfer (EFT): electronic payment for banking and retailing.
- Uses Federal Reserve Fedwire system (automated clearing house network)
- Third-party acts as intermediary between the company and banking system
- Third-party vendor is heavily insured and bonded.
- Security provided through data encryption
- Reduces errors because no manual data entry
Components of LAN:
1. Transmission media
2. Nodes
3. Workstations
4. Servers
5. Network interface cards
6. Operating systems
7. Communication devices