EIS चालीसा - Handwritten Notes Summary

EIS चालीसा - Handwritten Notes
INDEX
S No. Topics Page No.
1. Automated Business Process 1 – 20
2. Financial and Accounting System 21 – 43
3. Information System & Its Components 44 – 69
4. E-Commerce, M-Commerce and Emerging Technologies 70 – 94
5. Core Banking Solution 95 – 120
You are the master of your

destiny. You can influence,
direct and control your own
environment.
You can make your life what
you want it to be. No One
Can Stop You Except You!!
Start!! For more Content, Subscribe Unacademy YouTube Channel, Telegram Channel & Download the App.
CA Kishan Kumar Automated Business Processes
C HAPTER 1
A UTOMATED B USINESS P ROCESSES
1. BUSINESS PROCESS
▪ Business Process is co-ordinated & standard set of activities

➢ to accomplish specific Objectives of an organization
➢ set by Top Management as per their vision & mission.
▪ Key guiding factor for any Business process shall be Top Management Vision & Mission.
▪ The success or failure of an organization is dependent on how meticulously business processes have been
designed and implemented.
▪ Business Process Management is the
➢ Systematic approach to improving Business Process which
➢ helps an organization to achieve 3E’s i.e., Efficiency, Effectiveness & Economy.
▪ It is 24x 7 process to ensure improvement in all parameters.
Types of Business Processes / Vision & Mission of Top Management is achieved by implementing
Operating Processes Supporting Processes Management Processes

It deals with ▪ It helps improve efficiency of ▪ It monitors, measures & controls
a) core business & value chain; Organization by providing activities related to Operating
& support to business processes & Processes & Supporting
functions in organization. Processes.
b) delivers value directly to
customers by providing ▪ It does not provide value to ▪ Like Supporting Processes, it
goods or services or both. customers directly. does not provide value to
customers directly but it has a
Represents essential business ▪ However, hiring right people for
direct impact on the efficiency
activities to achieve goals / the right job has a direct
of the Enterprise.
object. of business. impact on efficiency of the
Enterprise. E.g. Strategic Planning, Budgeting,
E.g. Order to cash [O2C]; Procure
Infra capacity Management,
to Pay [P2P]; Developing E.g. Accounting, HR, IT, Legal,
Internal communication etc.
Products, Manufacturing Work-place safety.
Marketing etc.
P a g e |1
Automated Business Processes CA Kishan Kumar
2. B U S I N E S S P R O C E S S A U T O M A T I O N – R E M O V I N G H U M A N I N T ER V E N T I O N
▪ It is technology enabled automation of activities or services to achieve specific function/ task/ objective.
▪ This can be done for different functions like, sale, Purchase, supply chain management, HR, IT etc.
▪ Involves use of integrated Apps & s/w in automating business processes throughout Organisation.
▪ BPA enables business process to operate effectively and efficiently.
Features/ Objectives/ Factors affecting success of BPA Advantages/ Benefits of BPA

BPA objectives shall be achieved when BPA ensures a) Quality & consistency - Ensures every action is
the following: performed identically to provide reliable &
a) Confidentiality - To ensure that data is only consistent experience to stakeholders.
available to person who has right to see it.
b) Time saving - It reduces no. of tasks required
b) Integrity - Ensure that there is no unauthorized to perform an activity. This saves time & add
change/ amendment in data. value.
c) Availability - To ensure that data is available c) Reduced cost - It enables simultaneous

when asked for. performance of tasks by using lesser resource.
So cost, especially labour cost, reduces.
d) Timeliness - To ensure that data is available in
right time. d) Reduced Turnaround time - BPA eliminates
unnecessary tasks & streamlines BP. Info.
To ensure that above parameters are met, BPA needs flows in better way resulting in reduced
to have appropriate internal controls. turnaround time.
e) Improved operating efficiency - Since time
consumed & cost required to do a task reduces.
f) Governance & reliability – Consistency of
Business process means stakeholders can rely
on BP to offer quality service to customer.
3. W H I C H B U S I N E S S P R O C E S S E S S H O U L D B E A U TO M A TE D ?
▪ Every business process is not a good fit for automation. Companies tend to automate those business
processes that are time and resource-intensive or those that are subject to human error.
▪ Following are the few examples of processes that are best suited to automation:
1. Processes involving Automating these processes results in reduction of cost and work efforts. E.g.
high-volume of making purchase orders; generating invoices etc.
tasks or repetitive
tasks
2. Processes requiring Automating these processes results in reduction of waiting time and in costs. E.g.,
multiple people to Help desk services; Tracking of goods etc.
execute tasks
3. Time-sensitive BPA results in streamlined processes and faster turnaround times. It eliminates
processes wasteful activities and focus on enhancing tasks that add value. For example -
online banking system, railway/aircraft operating and control systems etc.
4. Processes involving Since every detail of a particular process is recorded. These details can be used to
need for demonstrate compliance during audits. For example- invoice issue to vendors,
compliance and Employee management system i.e. Salary calculations & employee Attendance.
audit trail
5. Processes having Some processes are cross-functional and have significant impact on other processes
2|P a ge
significant impact and systems. E.g., the marketing department may work with sales department.
on other processes Automating these processes results in easy sharing of information resources and
and systems improving the efficiency and effectiveness of business processes.
4. C H A L L E N G E S I N V O L V E D I N B U S I N E S S P R O C ES S A U T O M A T I O N
1. Automating Sometimes organizations start off BPA by automating the processes they find
Redundant suitable for automation without considering whether such processes are necessary
Processes and create value. In other cases, some business processes and tasks require high
amount of tacit knowledge (that cannot be documented and transferred from one
person to another) and therefore seek employees to use their personal judgment.
2. Defining Complex This requires a detailed understanding of the underlying business processes to develop
Processes an automated process.
3. Staff Resistance Human factor issues are the main obstacle to the acceptance of automated
processes. Staff may see BPA as a way of reducing their decision-making power.
Moreover, the staff may perceive automated processes as threat to their jobs.
4. Implementation The implementation of BPA involves significant costs like acquisition cost of
Cost automated systems & special skills required to operate and maintain these systems.
5. BPA I M P L E M E N T A T I O N :
Steps Explanation
i) Define why we plan to Answer to this Question provides justification for implementing BPA. List of
implement BPA generic reasons for justifying BPA may include-
a) Errors in manual process leading to enhanced cost
b) Payment process not streamlined leading to duplicate payment.
c) Payment for G/Sr supplied not received on time.
d) Poor debtor management system leading to more bad debts.
e) Poor customer services.
f) Delay in furnishing documents during audit.
ii) Understand Rules/ Any BPA must comply with applicable laws & regulations. Hence it is essential
Regulations under to Understand Rules/ Regulations under which business performs.
which business E.g. Books of A/c must be maintained for specified time as per Income Tax
performs Act.
iii) Document the process All current processes & documents which are planned to be automated must be
we want to automate correctly & completely documented.
Things to be kept in mind-
a) What docs needs to be captured?
b) Where do docs come from - Vendor or accounting software?
c) What format are they in: Paper, FAX, E-mail or PDF?
d) What is the impact of regulations on processing of these documents?
e) Can there be a better way to do the same job?
Benefits :-
1. Provide clarity on process.
2. Helps identify source of inefficiencies, bottlenecks & problems.
P a g e |3
Steps Explanation
3. Allows designing the process to focus on desired results.
iv) Define the objectives/ Enables the developer & user to understand reason for doing BPA. While
goals to be achieved by determining objectives of BPA, Goals should be-
implementing BPA
S → Specific i.e., clearly determined
M → Measurable – Easily quantifiable in monetary terms
A → Attainable – Achievable through best result.
R → Relevant – Entity Must be in need of BPA.
T → Timely- Achieved with a given time frame.
v) Select BPA Entity needs to appoint an Expert who can implement BPA. Selection depends
consultant/Company on-
a) Objectivity of consultant in understanding entity’s situation.
b) Does he have experience with entity BPA?
c) Is he experienced in resolving critical issue?
d) Can he can recommend combination of H/w & S/w for BPA & implement
it?
vi) Calculate ROI It helps in convincing Top Management to say ‘Yes’ to BPA exercise.
Some of the methods for justification of BPA are-
a) Cost saving; being clearly computed and demonstrated.
b) Time saving; How BPA could lead to reduction in required manpower.
c) The cost of space regained from paper, file cabinets, etc. is reduced.
d) Eliminating fines to be paid for delayed payment & eliminate double
payment
e) Taking advantage of early payment
f) Reducing cost of audits and lawsuits.
vii) Developing BPA Once requirements have been documented, ROI is computed & approval of Top
Management obtained, Consultant develop required BPA.
viii) Testing of BPA Before making the BPA live, BPA should be tested fully to determine-
a) How it works
b) Remove all problems
c) Enable improvement before official launch.
Testing helps increase user adoption and decreases resistance to change.
Final version of process is documented for
a) Training of new employees &
b) Future reference.
4|P a ge
6. RISKS & ITS MANAGEMENT
6.1. R I S K
Refers to
➢ Any uncertain event that may result in loss for an organization
➢ Any uncertain event that may result in significant deviation from planned objective resulting in negative
consequences
Characteristics of Risk Source of Risk

a) Potential loss exists due to threat/vulnerability. a) Commercial & legal relationship
b) Uncertainty of loss expressed in terms of b) Economic circumstance
probability of loss; immediate direct financial c) Human behaviour
loss as well as loss due to its impact in the long
run like loss of reputation and business [Approx. d) Natural Event
loss] e) Political circumstance
c) Probability/ likelihood of that threat attacking f) Technology & Technical issue
organization [%]
g) Management activities & control
Types of Risk
Business Risk Technology Risk Data Related Risk
Physical Access of Electronic Access

Data of Data
A. B U S I N E S S R I S K
Business risk is a broad category which applies to any event or circumstances related to business goals.
Businesses face all kinds of risks ranging from serious loss of profits to even bankruptcy
a) Strategic Risk Risk that prevents an organization from achieving its strategic objectives. E.g. Risk
related to strategy, regulatory, global market condition like recession.
b) Financial Risk Risk that results in negative financial impact to organization. E.g. Volatility of foreign
exchange rate, interest rate, liquidity risk etc.
c) Regulatory Risk Risk that can expose organization to fines & penalties due to non- compliance with
laws. E.g. - violation of law w.r.t Taxation, Environment, Employee health.
d) Operational Risk that can prevent organization from operating in most effective and efficient
Risk capacity. E.g. - risk of loss resulting from inadequate or failed internal processes,
fraud or any criminal activity by an employee etc.
e) Hazard Risk Risks that are insurable. E.g. - Nature disaster, Asset impairment, Terrorism etc.
f) Residual Risk Risks remaining even after counter measures are applied. All risk can’t be eliminated.
It should be minimized & kept at an acceptable low level.
P a g e |5
B. T E C H N O L O G I C A L R I S K
BPA is technology driven and this dependence on technology has led to various challenges. All risks related
to the technology equally apply to BPA.
a) Downtime due to technology failure Information system facilities may become unavailable due to
technical problems or equipment failure.
b) Frequent change or obsolescence of Since technology keeps on evolving & is changing rapidly, there is
Technology a risk of obsolescence of tech resulting in loss.
c) Dependence on vendor due to BPA requires staff with specialized domain skills to manage IT
outsourcing of IT service deployed. These services could be outsourced to vendors and
there is heavy dependency on vendors.
d) External threat leading to cyber If I.S can be accessed anytime & anywhere using internet, there
fraud/ crime is a risk of fraud.
e) Proper alignment of tech with Business must ensure it.
business objectives & legal
requirement :
f) Higher impact due to intentional or Employee are weakest link in tech environment. Employees are
unintentional act of employee expected to be trusted individuals that are granted extended
privileges, which can easily be abused.
g) Need to ensure continuity of business Organizations must have well documented business continuity
in case of major emergency plan.
6.2. R I S K M A N A G E M E N T & R E L A T E D T E R M I N O L O G Y
Risk Management refers to Process of

➢ identifying, assessing risk,
➢ taking steps to mitigate/ reduce risk to
➢ acceptable level based on Risk Appetite &
➢ monitoring it.
Effective Risk management involves
a) Identifying high level risk exposure
b) Risk appetite, i.e, ability/ willingness of entity to take risk
a) Asset Refers to something of value to the organization; e.g., information in electronic or
physical form, software systems, employees.
Assets have one or more of the following characteristics:
i) They are recognized to be of value to the organization.
ii) They are not easily replaceable without cost, skill, time, resources or a combination.
iii) They form a part of the organization’s corporate identity.
iv) Their data classification may be Proprietary, highly confidential or even Top Secret.
b) Vulnerability Refers to weakness in the system safeguards that exposes the system to threats.
It may be a weakness in information system/s, cryptographic system (security
systems), or other components (e.g., system security procedures, hardware design,
internal controls) that could be exploited by a threat.
6|P a ge
Vulnerabilities potentially “allow” a threat to harm or exploit the system.

Some examples of vulnerabilities are given as follows:
i) Leaving the front door unlocked makes the house vulnerable to unwanted visitors.
ii) Short passwords (less than 6 characters) make the automated information system
vulnerable to password cracking or guessing routines.
Normally, vulnerability has at least one of the following conditions:
i) ‘Allows an attacker to execute commands as another user’ or
ii) ‘Allows an attacker to access data that is contrary to the specified access
restrictions for that data’ or
iii) ‘Allows an attacker to pose as another entity’ or
iv) ‘Allows an attacker to conduct a denial of service’.
c) Threat Refers to any entity, circumstance, or event with the potential to harm the software
system or component through its unauthorized access, destruction, modification, and/or
denial of service.
Threat has capability to attack on a system with intent to harm.
Assets and threats are closely correlated. A threat cannot exist without a target asset.
Threats are typically prevented by applying some sort of protection to assets.
d) Exposure: Refers to extent of loss the enterprise has to face when a risk materializes. It is not just
the immediate impact, but the real harm that occurs in the long run.
For example - loss of business, failure to perform the system’s mission, loss of
reputation, violation of privacy and loss of resources etc.
e) Likelihood: Refers to estimation of the probability that the threat will succeed in achieving an
undesirable event.
f) Attack: Refers to attempt to gain unauthorized access to the system’s services or to
compromise the system’s dependability.
In software terms, an attack is a malicious intentional fault, usually an external fault
that has the intent of exploiting vulnerability in the targeted software or system.
Basically, it is a set of actions designed to compromise CIA (Confidentiality, Integrity or
Availability).
g) Counter An action, device, procedure, technique or other measure that reduces the vulnerability
Measure: of a component or system is referred as Counter Measure.
For example, well known threat ‘spoofing the user identity’, has two countermeasures:
a) Strong authentication protocols to validate users; and
b) Passwords should be stored in some secure location.
Similarly, for other vulnerabilities, different countermeasures may be used.
P a g e |7
After above analysis, strategies for managing Risk are decided. Not all risk requires controls to counter them
[cost Benefit analysis]
6.3. R I S K M A N A G E M EN T S T R A T EG I ES / R E S P O N S E [5 T S ]
Tolerate/ Accept Terminate/ Eliminate Transfer / Share Treat/ Mitigate Turn Back
In case of minor If risk is associated Risk may be When other options Where probability
risk i.e., where with use of a shared with are not feasible, or impact of Risk is
impact or technology, trading partners suitable controls must very low, then
probably of supplier, or vendor, & suppliers. be developed & management may
occurrence is low, it can be E.g. Outsourcing implemented decide to ignore the
Management may eliminated by of IT a) to prevent risk Risk.
accept risk as cost
➢ Replacing tech Infrastructure from occurring, or
of doing business. mgt.
with more robust b) to Minimize its
products; and Risk can also be impact.
➢ by seeking more insured.
capable
suppliers and
vendors.
7. ENTERPRISE RISK MANAGEMENT
It is a process which is applied by –

➢ BOD, management & other personnel
➢ For strategy setting
➢ To identify potential event that may affect entity &
➢ Manage risk within Risk appetite
➢ To provide reasonable assurance that entity’s objective will be achieved.
All entities face uncertainty which presents both risk & opportunity, with potential to erode or enhance
value.
ERM helps management to effectively deal with uncertainty and associated risk and opportunity and
8|P a ge
thereby enhance its capacity to build value.

ERM is relevant for every entity, whether for profit, not-for-profit, or a governmental body.
ERM does not create risk free environment.
Internal Objective Set Identify Events Assess Risk

Environment which presents OT
Monitor Control Risk Response
7.1. E N T E R P R I S E R I S K M A N A G E M E N T
ERM Framework
ERM provides a framework of eight interrelated components for risk management which involves:
➢ identifying potential threats or risks.
➢ determining how big a threat or risk is, what could be its consequence, its impact, etc.
➢ implementing controls to mitigate the risks.
i) Internal Environment It is foundation for risk management. It involves analysis of organization/ entity,
people of organization & environment in which it works.
ii) Objective setting ERM involves setting of objectives in line with Vision & Mission of management
& consistent with risk appetite of entity.
iii) Event Identification Includes identifying uncertain events, internal as well as external, which may
represent opportunity, risk or both.
iv) Risk Assessment Involves analysis in terms of likelihoods of risk & impact on entity.
v) Risk Response Management selects risk response in line with entity risk tolerance & risk
appetite. Higher Risk Appetite = Higher Risk tolerance = Lower Risk response
vi) Control Activity Refers to policies & procedures established to mitigate risk & maintain it at
acceptable level.
vii) Info & Risk response & controls to be applied are communicated to relevant employee
communication across the entity for carrying out necessary activities for risk management.
viii) Monitor entire ERM Entire ERM process should be monitored regularly &, if necessary, modified.
process
7.2 . B E N E F I T S O F ERM
a) Align risk appetite with ERM helps in aligning risk appetite with its strategy for achieving
strategy goals.
b) Link growth, risk & return Entities accept risk as part of value creation & expect return
commensurate with risk taken.
c) Minimize operational surprise ERM provide advanced ability to identify potential, event, assess risk &
& Losses respond to it.
d) Seize opportunity ERM enables organization to identify opportunity & take advantage.
e) Enhanced risk response ERM helps to identify & select alternative risk response i.e 5 Ts
P a g e |9
decision
f) Identify & manage Cross Entity faces various risks. Management needs to manage not only
Enterprise risk individual risk but also related risk.
g) Provide Integrated response to ERM helps to provide integrated solution for multiple risks.
multiple risk
8. CONTROLS – MEANING & IMPORTANCE
Refers to policy, procedures & practices that are designed to provide reasonable assurance that
a) Business objectives are achieved
b) Undesired events are prevented, detected or corrected
c) Risks are mitigated
d) Assets are safeguarded and
e) Efficiency and effectiveness of Business Processes are achieved.
8.1. T Y P ES O F C O N TR O L S
Manual Control Automated Control Semi- automated Control

Involves physical verification Involves verification that is done Involves verification that is partly
that actual material received is automatically by computer manual & partly automated.
as per PO & it is reflected system and exceptions Eg- verification of goods received
correctly in vendor’s invoice. highlighted. with PO can be automated but the
vendor invoice matching could be
done manually in a reconciliation
process.
Order [Po] → 1000 qty of A + grade material
Quantity & Quantity & Quality Quantity &

Quality as per PO as per Invoice Quality as
Received
8.2. IT C O N TR O L S O B J EC TI V E S
Meaning Need
Statement of desired result or purpose to be a) Control cost & remain competitive
achieved by implementing controls within an IT b) To promote reliability & efficiency
activity.
c) Makes organization Resilient & helps them sustain
Implementing right type of controls is any disruption in Business Process
responsibility of management.
d) Provides policy & guidance for directing &
IT Controls helps perform dual role monitoring performance of IT activity to achieve
a) Enables enterprise to achieve objective objective
b) Mitigate Risk
8.3. T Y P ES O F IT C O N T R O L S
10 | P a g e
IT General Control (ITGC) App Control

It is macro in nature & pervades across IT environment Application represents the interface between the
& Information System in organization & applies to all user and the business functions.
systems & processes. It includes: App Controls refers to control implemented in an
1. IT security policy → Approved by sr. Management App to prevent, detect & correct errors.
& covers all systems & process in organization These controls are in-built in the App and ensures
w.r.t. how to protect a company’s information CIA & ACA of data / info. For example, in Banking
assets. App, withdrawals are not allowed beyond limits,
2. Administration, Authentication & Access → There etc
should be proper policy for administration of Example- [DEBTS]
system and & authorization of users in I.S.
a) Data edit i.e., Editing of data should be allowed
3. Separation of key IT functions → Org should ensure only for permissible field.
Key demarcation of duties for different personnel b) Error reporting i.e., Errors in processing are
within IT department & ensure that there are no reported.
Segregation of Duties (SoD) conflicts.
c) Exception reporting i.e., all exceptions are
4. Mgt of system acquisition & implementation → reported.
Process of system authorization & implemented
should be controlled. d) Balancing of processing totals i.e., Debit &
Credit of all transaction are tallied.
5. Proper development & implementation of App/ s/w.
e) Transaction logging i.e., all transactions are
6. Controls to ensure CIA and ACA of S/W & Data. identified with unique ID & logged.
7. Change Management → IT system must change f) Separation of Business function i.e., Authority
with change in business needs & environment or for transaction initiation and transaction
regulatory compliance. In such case, change mgt authorization should be with different
ensures smooth transition personnel.
8. User training & qualification of Operations
personnel→ IT personnel should have necessary
skills.
9. Review of SLA with vendors to ensure service are
delivered as per SLA.
10. Monitoring of system, App S/W to ensure its
functions properly.
8.4. K E Y I N D I C A T O R S O F E F F E C T I V E IT C O N T R O L S
IT controls implemented in an organization are considered to be effective on the basis of following criteria:
a) Ability to Plan & Execute new work like infrastructure upgradation to support new product/service.
b) Development projects are delivered on time and within budget, and better product and service offerings
compared to competitors.
c) Ability to allocate resource predictability.
d) Protect against new threats & vulnerability & recover from any disruption.
e) Ensure CIA & ACA of data
f) Heightened security awareness among users & security conscious controls.
8.5. F R A M E W O R K O F I N T E R N A L C O N T R O L A S P E R SA 315
P a g e | 11
SA 315 - Identifying & assessing the Risk of Material Misstatement by understanding entity & its
Environment
SA 315 defines Internal Control as
➢ Policy, practice & procedure implemented by TCWG & MGT
➢ To provide reasonable Assurance about achieving Entity’s objective regarding
a) Reliability of F.S
b) Efficiency & effectiveness of operations
c) Safeguarding of assets
d) Compliance with applicable laws & regulations.
Need for I.C → It helps organisation in ensuring RECS.
Note: I.C. mitigates Risk & does not eliminate it.
8.6. C O M P O N E N T S O F I N TE R N A L C O N TR O L A S P E R SA 315
Information &
Control Environment Risk Assessment Control Activities Monitoring of Control
Communication
It is a set of It involves Refers to P, P, P to It is necessary for It is Ongoing & cyclic
Standards, process & identification of a) Mitigate Risk & entity to collect process of Monitoring
structure that Risks & its important info each of 5
provides basis for assessment in b) Achieve objective about I.C. & components of I.C to
implementing I.C. terms of likelihood They are performed communicate ensure it is
It comprises of & its impact. at all levels of the with functioning smoothly.
Risk Assessment entity and may be a) employees for Comprises of
▪ integrity & ethical preventive or
& its tolerance implementatio
values of Org detective in nature. ▪ Ongoing evaluations
depends on n of I.C.
built into business
▪ organizational objective of an Includes elements like (internal)
processes which
structure organization. authorizations, b) external provide timely
▪ assignment of Risk Assessment approvals, parties in information.
authority & resp. forms the basis verifications, reco. response to
for determining and business requirements ▪ Separate
▪ accountability etc. how risks will be performance reviews & evaluations
managed. that ensure expectations conducted
BOD & Senior Mgt
(external). periodically to
establish the tone a) Transactions are
assess risks &
at the top regarding authorized
effectiveness of
the importance of
b) Duties are ongoing evaluations.
I.C. including
segregated
expected standards Findings are
of conduct. c) Proper Records evaluated against
are Maintained Mgt’s criteria and
d) Assets are deficiencies are
safeguarded communicated to
Mgt & BOD as
appropriate.
8.7. L I M I T A T I O N O F IC
▪ I.C. provides reasonable assurance & not absolute assurance about achieving entity’s objective of RECS.
12 | P a g e
▪ I.C. is subject to certain inherent limitations as follows:

a) Management consideration that cost of I.C. should not exceed expected benefit of IC.
b) I.C. is not effective in case of Transaction of unnatural nature e.g., human error due to carelessness.
c) Possibility of circumvention of I.C. through collusion with employees & other party.
d) Possibility of abuse of I.C. by person responsible for exercising I.C. i.e Director/TCWG.
e) Manipulation by management w.r.t transactions, estimates & judgements required in preparation of
F.S.
9. R I S K S A N D C O N T R O L S F O R S PEC I F I C B U S I N ES S P R O C ES S E S
In computerized B.P., Controls are checked at 3 levels
Configuration Masters Transactions

▪ Refers to the way a S/W is set ▪ Refers to the way various ▪ Actual transaction entered in
up initially. parameters are set up for all App s/w by user.
modules of software, like
▪ It defines how s/w will ▪ Changes frequently & entered
Purchase, Sales, Inventory, and
function & what options are by user
Finance etc.
displayed.
▪ Ex – Sale transaction, purchase
▪ Masters are set up first time
▪ Various modules of enterprise transaction, journal transaction,
during installation & these are
like Procurement , sale, HR etc Payment etc.
changed whenever the business
must be configured. Sample Risk [02c]
process rules or parameters are
Example changed.
Transaction Incorrect Amt
1) User activation & deactivation ▪ Relatively permanent in nature
– Defining process for setting i.e., does not change frequently. Amount Paid Incorrect
up entry to system using user Period
ID & Password. Example
Incorrect Party
2) Users Access & privilege – 1) Customer Master Data
Defining process for access to 2) Vendor / supplier M.D. 1) Transaction recorded by
particular function of App 3) Material M.D. incorrect amount.
based on Role &
Responsibility. 4) Employee M.D. 2) Transaction recorded in
incorrect period
3) Password management - Common Risks for any master
Defining criteria like length of data 3) Transaction recorded in
password, use of special Incorrect Ledger.
1) Change made to _____ M.D.
characters, frequency of 4) Amount paid or received is not
file by unauthorised person.
change correct.
2) Invalid change made to ___
4) Mapping A/C ledger with 5) Amount paid/ Received in
M.D. file.
transactions incorrect period.
3) Delay in making change to
5) Control on parameters: Creation 6) Amount paid/ Received
_____ M.D. file
of Customer Type, Vendor Type, recorded in incorrect party.
year-end process 4) M.D. file is not updated.
5) Access to ____ M.D. file not
restricted to authorized user.
9.1. S I X B U S I N ES S P R O C E S S E S :
P a g e | 13
Procure to Pay Order to Cash Inventory Human Fixed General

[P2P] [O2C] Cycle Resource Asset Ledger
C M T C M T C M T C M T C M T C M T
1) Procure to pay [Purchase]

▪ Refers to process of obtaining & managing RM needed for manufacturing a product or providing service.
▪ Using automation, it is possible to have a seamless ‘procure to pay’ process covering the complete life-
cycle from point of order to payment.
▪ 9 steps from MM module of ERP.
▪ Relevant Ledger: Accounts Payable
▪ Examples of Vendor Master Data file:
a) Name b) Contact c) Address d) Bank details e) GSTIN f) Credit Period & limit
Details
2) Order to cash [Sale]

▪ Refers to a process of receiving order & fulfilling the order of customer’s required Goods & Services.
Steps/Sub-Process Involved
Customer Order Delivery Invoicing Collection Accounting

order Fulfillment Note from Customer
a) Customer order → Customer order received is documented

b) Order Fulfillment → Order is fulfilled or service is scheduled
c) Delivery Note → Order is shipped to customer or service is performed
d) Invoicing → Invoice is created and sent to customer
e) Collection from → Customer sends payment /Collection
Customer
f) Accounting → Payment is recorded in general ledger.
Relevant Ledger: Accounts Receivable
▪ Examples of Customer Master Data file:

a) Name b) Contact c) Address d) Bank e) GSTIN f) Credit Period & limit
Details details
3) Inventory cycle
▪ Process of accurately tracking the on-hand inventory level (measured in number of days).
3 Phases Involved
a) Ordering Phase → Time required to order & receive RM.
14 | P a g e
b) Production Phase → Time taken to convert RM into Finished Goods ready for use by customer.
c) Finished Goods & → Finished Goods that remains in stock & delivery time to customer.
delivery
▪ Examples of Inventory/Material Management Master Data file:

a) Stock Item b) Stock Description c) Stock Group d) Units of measurement
4) Human Resource
▪ HR lifecycle refers to HRM & covers all stages of an employee’s time within the organization & the role
played by HR at each stage.
4 stages involved
a) Recruitment & ▪ Recruitment - Process of hiring which involves placing job ads, selecting
onboarding candidates, conducting interview & choosing / finalizing etc.
▪ Onboarding - Process of getting successful applicant set up in organization [Id
card , laptop, Access & privilege]
b) Orientation & ▪ Orientation - Process by which employee becomes part of company workforce i.e.,
Career Planning Learning job, establishing relationship etc.
▪ Career planning - Employee & supervisor work out long-term career goals of
employee.
c) Career ▪ It is essential to provide career development opportunity for retaining employee
Development for long term.
d) Termination or ▪ Ensure all exit policies are followed, exit interviews are conducted & employee is
transition removed from system.
▪ Examples of Employee/ Payroll Master Data file:

a) Employee Name b) Designation c) Address d) Gender e) Salary Structure
5) Fixed Assets
▪ Process of ensuring that all F.A. of enterprise are tracked for purpose of –
➢ Financial Accounting [Dep];
➢ Preventive maintenance; &
➢ Theft deterrence.
▪ It involves maintaining proper details of quantity, type, location, condition & depreciation of asset.
6 Steps Involved
1. Procuring an Asset On purchase of an asset, entry is made in A/C system when invoice is
received.
2. Registering or Adding an For depreciation purpose, details like date of acquisition, type, &
Asset depreciation basis is registered
3. Adjusting an Asset Adjustment is required due to repair, improvement, change in basis for
depreciation etc.
P a g e | 15
4. Transferring an Asset To other branches, subsidiaries or dept. within the organization group. This
needs to be reflected accurately in the fixed assets management system.
5. Depreciating an Asset Refers to decline in economic & physical value of Asset. Depreciation should
be properly calculated.
6. Disposing an Asset When as asset is no more in use, becomes obsolete or beyond repair, it is
disposed off. Any difference between the book value, and realized value, is
reported as a gain or loss and dep is no longer charged.
Mode of disposal – Sale, Abandonment or Trade-in
▪ Examples of FA Master Data file:

a) Type b) Location c) Depreciation Basis
Risk & Control at Transaction Level

Wrong Amount FA Acquisition
Wrong Period Depn
Wrong Party Disposal
6) General Ledger
▪ Process of recording the transaction in system to finally generate reports from system.
▪ Input for GL→ Financial transaction
▪ Output for GL → Reports like BS, P&L, CFS, Ratio Analysis etc.
5 steps involved
a) Entering of financial transaction in Accounting system
b) Review of transaction
Control
c) Approval of transaction
d) Posting of transaction
e) Generation of financial report
▪ Examples of GL Master Data file:
a) Ledger b) Group c) Voucher Type
10. R E G U L A T O R Y & C O M PL I A N C E R E Q U I R EM EN T S
Companies Act, 2013 IT Act, 2000
10.1. C O M P A N I ES AC T, 2013
Section 143 [Powers & duties of Auditor & Auditing

Section 134 [FS, BOARD’S REPORT etc.]
Standard]
Director Responsibility Statement (DRS) shall state Auditor report shall state
that
➢ Whether co. has
a) Directors had taken sufficient care for
16 | P a g e
➢ maintaining adequate A/C record ➢ adequate Internal Financial Control &

➢ for safeguarding Asset of company ➢ operating effectiveness & such control during
relevant FY.
➢ for preventing & detecting fraud & other
irregularity.
b) Directors, in case of Listed Co., had laid down
internal financial control & that such IFC are
➢ Adequate [ adequacy of design] &
➢ Operating effectively.
10.2. IC AI G U I D A N C E N O T E S O N A U D I T O F I N T ER N A L C O N T R O L O V E R F I N A N C I A L S T A T E M E N T S
Management Auditor Responsibility

Responsibility
Section 134 ▪ Auditor has to express an opinion the effectiveness of Co’s internal
financial control over FR.
▪ A company’s I.C. is said to be effective if there is no material weakness in
I.C.
▪ No material weakness = I.C. is effective
▪ Auditor should perform Audit to obtain sufficient evidence to get reasonable
assurance that no material weakness exists in I.C.
10.3. CORPORATE GOVERNANCE
▪ CG ensures that company works in best interest of stakeholders i.e. shareholders, Govt., society, bank
etc.
▪ It refers to Framework of Rules & practice by whole BOD ensures
➢ Accountability
➢ Fairness and
➢ Transparency in
Co's relationship with its stakeholders.
▪ CG Framework consists of
a) Contract between Company & stakeholders for distribution of rights, responsibilities & Rewards.
b) Procedure for reconciling conflicting interest of stakeholders with their role.
c) Procedure for supervision, control & Information flow to serve as checks & balance.
11. I N F O R M A T I O N T E C H N O L O G Y AC T 2000, A M EN D E D B Y 2008
Introduction Key Objective/ Computer Related Principle of SPDI

Provisions Advantage offence privacy
11.1. I N T R O D U C T I O N O F IT A C T
▪ IT Act covers all internet activities in India, i.e., all online transaction in India.
P a g e | 17
▪ It provides validity & legal sanctity to all online/ Electronic Transactions, Docs, signature etc.
▪ It also provides penalties & remedies in case of non- compliance & offence.
11.2. K E Y P R O V I S I O N S O F IT A C T
Section 43 - Penalty If any person, without permission of the owner or any other person who is in-
and compensation for charge of a computer, computer system or computer network (hereinafter
damage to computer, ‘Computer resource’)
computer system, etc. a) accesses or secures access to such computer resource;
b) downloads, copies or extracts any data from such computer resource;
c) damages or causes to be damaged any computer resource;
d) disrupts or causes disruption of any computer resource;
e) denies or causes the denial of access to computer resource by auth.
persons;
f) destroys, deletes or alters any information residing in computer resource;
g) introduces or causes to be introduced virus etc. into any computer resource;
h) steal, conceals, destroys or alters or causes any person to steal, conceal,
destroy or alter any computer source code,
he shall be liable to pay damages by way of compensation to the person so
affected.
Section 43A: Where a body corporate, possessing, dealing or handling any sensitive personal
Compensation for data or information in a computer resource which it owns, controls or operates,
failure to protect data.
➢ is negligent in implementing and maintaining reasonable security and
➢ thereby causes wrongful loss or wrongful gain to any person,
➢ such body corporate shall be liable to pay damages by way of compensation
to the person so affected.
Punishments for various Computer Related Offences
Section Nature of Offence Punishment
65: Tampering with If a person knowingly or intentionally Imprisonment – upto 3 years; or
Computer Source conceal, destroys or alter or cause other Fine - upto 2 lakhs; or
Documents person to conceal, destroys or alter a source
code used for a computer resource when Both.
source code is required to be kept by law.
66E: Punishment for If a person intentionally or knowingly Same as above
violation of privacy captures, publishes or transmits the image
of a private area of any person without his
or her consent.
66 C: Punishment for If a person Fraudulently make use of Imprisonment – upto 3 years; and
Identify theft electronic signature, password or other Fine – upto 1 Lakh
Identification feature of a person
66D: Punishment for If a person cheats by personation using any Same as above
cheating by computer resource
personation by using
computer resource
18 | P a g e
66: Computer Related If a person, fraudulently does any act Imprisonment – upto 3 years; or
Offences u/s 43 referred to in section 43 Fine – upto 5 Lakhs; or
Both.
66 B: Punishment for If a person dishonestly and knowingly Imprisonment – upto 3 years; or
dishonestly receiving receives or retains stolen computer resources Fine – upto 1 Lakhs; or
stolen computer or communication devices.
resource or Both.
communication device
11.3. O B J E C T I V E O F C Y B E R L A W / A D V A N T A G ES / W H Y IT A C T W A S EN A C T E D
i) To grant legal recognition for transactions carried out by means of electronic data interchange or
electronic commerce in place of paper-based method of communication. [Section 4]
ii) To give legal recognition to digital signature for authentication of any information or matter, which
requires authentication under any law. [Section 3]
iii) To facilitate electronic filing of documents with Government departments. [Section 6]
iv) The Act now allows Government to issue notification on the web thus heralding e-governance.
v) To facilitate electronic storage of data.
vi) To provide legal sanction to transfer fund electronically to and between banks and financial
institutions.
vii) To provide legal recognition for keeping books of account in electronic format by bankers. [Section 4]
viii) To provide legal infrastructure to promote e-commerce and secure information system.
ix) To manage cyber-crimes at national and international levels by enforcing laws.
11.4. C O M P U T E R R E L A T E D O F F E N C E
‘Cyber Crime’ finds no mention either in IT Act 2000 or in any legislation of the Country. Cyber Crime is not
different than the traditional crime. The only difference is that in Cyber Crime, the computer technology is
involved and thus it is a computer related crime.
1. Credit card fraud Credit card cloning is common fraud committed against person using credit
card.
2. Cyber Terrorism Terrorist use virtual & physical storage media to hide info & record of illegal
business.
3. Cyber pornography Its legal in few countries but child pornography is illegal across world.
4. Cyber crime Any crime using computer technology is known as cyber-crime.
5. Phishing & Email Involves fraudulently acquiring PIN, Password sensitive info through
scams pretending/ masquerading itself as a trusted entity.
6. Source code theft It is most critical part of s/w & regarded as crown jewel/ Asset of company.
7. Harassment using of a person on social media.
fake profile
8. Online sale of illegal Involves sale of drugs, narcotics etc.
Articles
9. Webpage defacement Homepage of a website is replaced with defamatory post or pornographic
material.
P a g e | 19
10. Introducing virus, worms, Bombs & Trojan.
11.5. P R I V A C Y
Main principle on data protection & privacy under IT Act are

a) Defining data, Information, Computer database etc.
b) Creating civil liability if any person accesses or attempts to secure access to computer, computer
system & computer network.
c) ___________ criminal liability _____________.
d) Declaring any computer, computer system or computer network as Protected.
e) Imposing penalty for breach of confidentiality & privacy.
f) Setting up hierarchy of regulatory authority, namely adjudicating authority, Appellate Authority.
11.6. S E N S I T I V E P E R S O N A L D A T A I N F O R M A T I O N
Personal Data Section 43A of IT Act SPDI (Rule 3)

Info. relating to natural prescribes SPDI Rules 2011 which defines a a) Password,
person which, directly or data protection framework for b) Financial Info,
indirectly, is capable of
➢ Processing of digital data c) Mental/ physical health
identifying such person.
➢ By body corporate. condition,
d) Medical Record,
e) Biometric &
f) Sexual orientation
11.7. S C O P E O F SPDI
Applies on Body corporate which include Firm, sole Excludes:

proprietor or other association of individuals (a) Government Bodies & individuals using big data
engaged in commercial & profession activities.
(b) Others having no access to big data.
Rule 5 Body corporate shall obtain consent in writing from provider of SPDI, before collecting
Consent to collect SPDI, about usage of such data.
Rule 6 Disclosure of SPDI by body corporate to any third party requires permission from
Consent to disclose provider of SPDI. No permission required if-
a) Such disclosure is necessary for compliance with legal obligation
b) Such disclosure has been agreed to in contract b/w body corporate & provider of
SPDI.
20 | P a g e
Financial Accounting System
CFinancial
HAPTER 2 System
Accounting
F INANCIAL A CCOUNTING S YSTEM
1. INTRODUCTION
❖ Financial Accounting System (FAS) is integral part of any business & acts as backbone for it.
❖ FAS includes other forms of business management like HR, inventory, customer relationship management etc.
R Requirement from FAS is different for different person & it should fulfill Needs of all users simultaneously
Accountant’s view Auditor’s view Business Manager/Owner’s view

▪ B.S. and P&L must be ▪ B.S. and P& L must be ▪ Right info at right time for
prepared easily w/o much correct at any point of time right decision making.
effort & time. i.e. as per AS & gives true &
fair view.
2. C O N C E P T S I N C O M P U T E R I Z E D A C C O U N T I N G S Y S T E M S
2. 1. TYPES OF DATA
MASTER DATA NON-MASTER DATA

a) Relatively permanent data that is not expected to change frequently i.e. can a) Data which changes
change but not frequently. frequently.
b) Example: Our Name, Address, Blood Group, Gender, Date of Birth etc b) Entered by user.
c) Created by Database administrator. Examples
d) Generally, not type by the user, rather than selected from the available list i) Amount recorded in ledger
▪ To maintain standardization as we need to collect all the data at one place ii) Voucher Number
for reporting; and iii) Date of Entry
▪ To avoid confusion while preparing reports. Eg- same ledger may be written iv) Age & weight
differently.
2.2. M A S T E R D A T A (All business process modules must use common master data.)
Accounting Master DATA Inventory Master Data Payroll Master Data Statutory Master Data
P a g e | 21
Includes names of Includes System of calculating Date related to statute/

salary & recording law.
▪ Ledgers ▪ Stock items
employee related details. Different for different
▪ Groups ▪ stock groups
Includes taxes.
▪ Voucher types. ▪ Inventory voucher
types ▪ Name of employee No control on this data
Opening balance b/f. ▪ Group of employees as statutory changes are
(Just like physical made by Government.
godown, details of ▪ Salary heads like
stock are maintained in Basic Pay, HRA, Examples
computer for easy Allowances etc. ▪ Different types of TDS,
search) TCS, GST & their rates.
Why Master and Non-Master Data?

Basic objective of accounting system is to record input in the form of transactions and generate output in the
form of reports.
Transactions Processing Reports
2.3. VOUCHER
Voucher Meaning Voucher Number

▪ Voucher is a documentary evidence of transaction. ▪ Unique identity of any voucher. May be used to
Before recording any transaction in the accounting search for any voucher.
system, it must be supported by documentary proof.
▪ It is a non-master data.
▪ Example: Receipt given to a customer after making
▪ Features / Peculiarities:
payment by him/her is documentary evidence of
amount received. a) Voucher number must be unique.
▪ In computer language, voucher is a place where b) Each voucher type shall have separate unique
transaction is recorded. numbering series.
▪ It is a master date. c) Recorded in chronological order.
d) Numbered serially.
▪ Diff Transactions = Different vouchers.
e) May have separate suffix and prefix [Sale -001-
KKC].
2. 4. V O U C H E R T Y P E S
S No. Voucher Type Use

Module - Accounting
1 Contra For recording of four types of transactions as under:
Cash deposit in bank; Cash withdrawal from bank;
Cash transfer from one location to another; Fund transfer from our one bank
account to our own another bank account.
2 Payment For recording of all types of payments by any mode (cash/bank)
3 Receipt For recording of all types of receipts by any mode (cash/bank)
22 | P a g e
S No. Voucher Type Use
Module - Accounting
4 Journal For recording of all non-cash/bank transactions. E.g., Depreciation, Provision,
Financial
discount given/received, Accounting
Purchase/Sale System
of fixed assets on credit, write-off etc.
5 Sales For recording all types of trading sales by any mode (cash/bank/credit).
6 Purchase For recording all types of trading purchase by any mode (cash/bank/credit).
7 Credit Note For making changes/corrections in already recorded sales/purchase transactions.
8 Memorandum For recording of transaction which will be in the system but will not affect the
trial balance. In other words, memorandum vouchers are used to record suspense
payments, receipt, sales, purchase etc.
Module - Inventory
9 Purchase Order For recording of a purchase order raised on a vendor.
10 Sales Order For recording of a sales order received from a customer.
11 Stock Journal For recording of physical movement of stock from one location to another.
12 Physical Stock For making corrections in stock after physical counting.
13 Delivery Note For recording of physical delivery of goods sold to a customer.
14 Receipt Note For recording of physical receipt of goods purchased from a vendor.
Module - Payroll
15 Attendance For recording of attendance of employees.
16 Payroll For recording all employee–related transactions like salary calculations.
2.5. A C C O U N T I N G F L O W : 7 S T E P S (5 S/W , 2 H U M A N )
Transaction → Voucher Entry → Posting → Balancing -→ Trial Balance – P/L - BS

Human performed by software
Since Steps are mechanical, Time consuming and huge efforts are required.
In few cases, voucher entry can be automated & performed by s/w automatically.
E.g. Interest calculation on monthly basis can be done by s/w automatically at the end of the month.
2.6. FUNDAMENTALS OF ACCOUNTING
▪ Basic objective of any Accounting S/w is to generate two primary accounting reports , i.e., P&L and Balance
sheet.
▪ For FAS, ledgers may be classified in two types only Ledger having Debit Balance and Ledger having Credit
Balance.
▪ Every ledger is classified in 1 of 4 categories only i.e., Income , expense , Asset or liability.
▪ There may be any number of sub- groups under these four basic groups. (Asset → fixed Asset → P&M –Office
Equipment – Motor vehicle )
▪ Since balance in P/L account i.e Net Profit or Net Loss is reflected in Balance sheet, everything in accounting
s/w boils down to balance sheet.
P a g e | 23
Grouping of ledgers Is important as

a) it tells software what is ‘nature of the ledger’ & where it should be shown at the time of reporting.
b) facilitates better presentation while reporting.
Note - S/w cannot prevent incorrect grouping of ledger.
3. T E C H N I C A L C O N C E P T S – C OM PU T E R I Z E D FAS
WORKING OF Any SOFTWARE/Restaurant
FRONT END BACK END
Part of software which actually Part of software which interacts

interacts with users. with front end but not users
User Front End Back End
3.1. FRONT END & BACKEND – MEANING & WHY SEPARATE?
PARTICULARS FRONT END BACK END

Meaning Part of the overall software which actually Part of the overall software which does not
interacts with user using the software. directly interact with user but interact
with Front End only.
24 | P a g e
PARTICULARS FRONT END BACK END
Domain expertise Meant for handling request form users Meant for storing and handling the data.
Presentation Meant for presenting information in proper Not meant for presentation and it’s not
format , different colors, etc. expected also.
User Experience User interface should be simple and intuitive It processes raw data and no need of user
i.e., min help should be sought by user experience.
Language Can speak in user’s language as well as Speaks only in technical language not
technical language understood by layman (user)
Speed Separate back-end software is used for handling (storage/processing) data. This reduces
load and increases speed.
3.2. APPLICATION SOFTWARE
Application software generally comprises of three layers which together form the Application namely; an
Application Layer, an Operating System Layer and a Database Layer. This is called Three Tier architecture.
a) Application Layer receives the inputs from the users and performs certain validations like, if the user is
authorized to request the transaction.
b) Operating System Layer then carries these instructions and processes them using the data stored in the
database and returns the results to the application layer.
c) Database Layer stores the data in a certain form.
3.3. INSTALLED APP VS CLOUD BASED APP
Installed App Web Based App Cloud Based App

Program installed on hard Program installed on Co’s web server & Many organizations do not install
disk of user’s computer. accessed through internet connection. financial App on their own IT
infrastructure as cost may be prohibitive.
They host app on internet & outsource IT
Function.
Common method to achieve this are IaaS
and SaaS. (Chapter 4)
3. 4. DIFFERENCE BETWEEN INSTALLED APP AND CLOUD BASED APP
Basics Installed App Cloud Based App

Installation & Needs to be installed in each computer one by Installed on Cloud. Updation and maintenance
Maintenance one. Its time consuming and difficult to update. is responsibility of cloud service provider.
Accessibility User can access software only from the system Software is available online and can be
its installed. Thus, Restricted Accessibility. accessed 24 x7 through internet.
Mobile App Difficult to use software through Mobile. It is easier to use software through mobile as
data is available 24x7.
Performance Faster Performance as data is picked from local It depends on speed of internet which may
server without internet. fluctuate, thus affecting performance.
Data storage Physically stored in premises of user or hard disk Data is stored in cloud service provider’s server.
of user’s server computer. Ownership of data is defined in SLA in which
P a g e | 25
Basics Installed App Cloud Based App

rights & responsibility of each party is defined.
Data security Full physical control of the user. Data is not in control of user or owner. Hence,
there should be Back up & disaster recovery
plan
Flexibility More flexible as it is easy to write desktop App Allows flexibility in respect of Cap expenditure
using user’s hardware like processor Camera, wi- and Opex.
fi etc. Disadvantage: More capex & Opex required.
Non – integrated System → System of maintaining data in decentralized way. Each dept. has its own
database separately. Two major problems:
a) communication Gap &
b) Mismatched Data (leads to confusion between various departments)
4 . I N T E G R A T E D E N T E R P R I S E R E S O U R C E P L A N N I N G [ E R P]
▪ It is an enterprise-wide integrated information system designed to,

➢ co-ordinate all the info. System resources & activities needed to
➢ complete business process, such as order fulfillment.
▪ Covers functions like A/c & finance function, manufacturing, supply chain management, HRM, CRM etc.
and integrate into one unified database.
▪ An ERP must cover at least two functions or more.
Examples
Tally: Accounting & Inventory
Quickbook: Accounting & payroll
SAP, Oracle, MFG Pro, MS Axapta: Multi modules
5. E RP I S B A S E D O N
Centralized / common DB Modular S/w DB

▪ Data from different functions is integrated. ▪ Enables a business to
▪ It allows every department to store & retrieve a) Select the module it needs
information in real time. b) Mix & match modules from diff. vendors
▪ Info. Should be accurate, complete & authentic/ c) Add new modules or delete existing modules.
reliable & easily accessible. ▪ Add new modules of their own to improve
business performance
1 ERP → 1 Centralised Database → Multiple s/w modules.

Definition of ideal ERP may change as per organization. However, generally single centralized DB is used
which contain all data for various s/w modules.
Manufacturing Financial HR SCM PROJECT CRM Data w/h
26 | P a g e
6. B E N E F I T S O F E R P
1. Use of new technology like client server tech., cloud computing, mobile computing etc.
2. Information Integration as it automatically updates data b/w related functions.
3. On-time shipment as process involved in delivery of goods is automated and errors are reduced.
4. Better customer satisfaction Customer can place order, track order etc. sitting at home.
5. Reduction in Lead time Time elapsed b/w placing of order & receiving it.
6. Reduction in Cycle time Time elapsed b/w placement of order & delivery of order.
7. Reduction in Quality cost ERP eliminates duplication/ redundancy of process & provide tools for Total
Quality Management.
8. Improved Flexibility by making info available across dept, automating process which helps it to
react to changing environment in a better way.
9. Improved Analysis, planning & as it enables use of many decision support systems & “what if scenario”.
decision
10. Improved supplier performance it provides vendor management tools & procurement support tools.
11. Improved resource utilization Efficiency is increased as inventory is maintained at minimum level &
machine downtime is minimum.
7. R I S K & C O N T R O L I N E RP E N V I R O N M E N T
Two Major Risks arising due to use of Centralized Common Database (all Data at one place)
▪ All persons in an organization access same set of ▪ All users use same data for recording transactions.
data on day-to-day basis.
▪ This results in Risk of putting incorrect data in the
▪ This Poses/ results in risk of leakage of info. or system by unauthorized user.
access of info. System by unauthorized person. E.g. - HR person recording, purchase data.
E.g.- sales person checking salary of his friend in
production dept.
Control: RBAC
8 . R O L E B A S E D A C C E S S C O N T R O L : (R B AC )
It is a policy neutral access control mechanism that

a) Allows employees have access rights to access info they need to do their job; and
b) Prevents them from accessing information that doesn’t pertain to them.
It is an approach of restricting system access to authorized users on “Need to Know” & “Need to Do” basis.
Advantage: Facilitates administration of security in large organisation with hundreds of users & thousands
of permissions.
Mandatory Access Control (MAC) Discretionary Access Control (DAC)

▪ MAC criteria are defined by the system ▪ DAC involves physical or digital measures and is less
administrator, strictly enforced by the Operating restrictive than other access control systems as it
System and are unable to be altered by end users. offers individuals complete control over the resources
they own.
▪ Only users or devices with the required information
security clearance can access protected resources. ▪ The owner of a protected system or resource sets
P a g e | 27
Mandatory Access Control (MAC) Discretionary Access Control (DAC)

▪ A central authority regulates access rights based on policies defining who can access it.
multiple levels of security.
▪ Organizations with varying levels of data
classification, like Govt. and military institutions,
typically use MAC to classify all end-users.
8 .1. TYPES OF ACCESS
Create Data Alter Data View Data Print Data
a) Create Data Can be allowed or disallowed to various employees for

b) Alter Data ➢ master data,
c) View Data ➢ transaction data &
d) Print Date ➢ Report
Examples of Access that can be allowed & disallowed for various types of Personnel:
Directors Complete access to all Reports, Masters & Transactions but only for viewing. Can’t create or alter.
CFO Same as director but in some cases, creation or alteration access to Masters & Transactions may
be given.
Head of a Full access to all Department related masters & transactions. No access to non-related masters,
Department transactions and reports.
Accountant Can make voucher entry & view accounting master data. Can’t create masters or access Reports.
Data Entry Very limited access should be given. Can’t create accounting masters or access Reports.
Operator
9. E R P I M P L E M E N T A T I O N , R I S K & C O N T R O L
▪ ERP Implementation is a huge task and requires substantial money, time & patience
▪ Success, in terms of payback or RoI of ERP, depends upon successful implementation & once implemented,
proper usage of ERP.
1 0. ISSUES IN IMPLEMENTATION OF ERP
People Issues Process Issues Technological Other Implementation Post Implementation

Issues Issues Issues
Most critical for success Main reason for Organisation Explained in Explained in
or failure of ERP. ERP is to should be abreast subsequent parts subsequent parts
of latest
Includes ▪ Improve,
technology to
▪ Management streamline the
survive and thrive.
process and
▪ Employee
▪ make it more
▪ Implementation team effective &
28 | P a g e
People Issues Process Issues Technological Other Implementation Post Implementation
Issues Issues Issues
▪ Vendor & Consultant efficient.

10.1. People Issues
BASIS RISK CONTROL
Top management ERP Implementation will fail if Top ERP Implementation should start only after
support Management does not support as huge Top Management is fully convinced and
funds are required. assures full support.
Change There will a change in job profile i.e., some Proper training with well documented manual
management job will become irrelevant & new jobs will be should be provided for smooth transition in
created. job profile.
Training It mainly happens at end of ERP Proper project-based training should be
Implementation. Management may curtail provided by skilled experts.
training to save cost.
Staff Turnover Due to integration of departments, it Allocation of employees to task as per their
becomes complex & employees tend to leave. skills & fixing remuneration accordingly.
Consultants May not be familiar with internal working of Consultant should be assigned a senior
organizational culture manager (a liaison officer) to help them
understand Co’s culture.
10.2. Process Issues

BASIS RISK CONTROL
Program management There may be information gap between Bridge the information gap between them
a) Day to day operation
so that they are in sync.
b) ERP Function
Business Process BPR is not just change but dramatic Requires overhauling of Organizational
Reengineering change & dramatic improvement in way structure, job descriptions, skill
business is conducted. development, & training in use of IT.
10.3. Technological Issues

BASIS RISK CONTROL
Software functionality ERP offers various functions. Organization should install only those
implementing all can be disastrous. functions which are required by it.
Technology Due to advent of new technologies ERP should be modular, easily updatable &
obsolescence evolving rapidly, ERP may get obsolete. quality vendor support.
Enhancement & ERP is not upgraded and kept upto date. Vendor should be carefully selected & ERP
upgradation should be fully updated.
Application Portfolio It focuses on selection of new business APM ensures proper selection of business
Management application. application. Also avoids duplication of Apps.
10.4. OTHER IMPLEMENTATION Issues

BASIS RISK CONTROL
P a g e | 29
Lengthy implementation It may take between 1 to 4 years depending Care should be taken to keep momentum
Time upon size at organization. high & enthusiasm alive.
Insufficient funding Budget is allocated without consulting Necessary to allocate required funds & also
Experts & then work stops due to lack of allocate some funds for contingencies.
fund.
Data safety Since there is only one set of data, if its Back up and disaster recovery plan should
lost, whole business stops. be maintained. Strict physical & Logical
access control should be maintained.
System Failure Since there is central database, in case of Allocate alternate Hardware and Network
system failure, entire business operations (Internet) arrangement.
will get adversely affected.
Data Access Leakage & Unauthorized Access of data. Access rights need to be defined carefully
& provided on ‘need to do’ & ‘need to know
basis’.
10.5. Post implementation Issue → Lifelong Commitment
1 1. A U D I T O F E RP S Y S T E M
Objectives of I.S. Control

▪ To ensure CIA (confidentiality, Integrity & Availability) of data.
▪ Restricted access to authorized users & prevents unauthorized access.
▪ Objective of Audit & Controls do not change in ERP Environment.
▪ ERP should produce Accurate, Complete & authentic information on timely basis.
In computerized environment, this accomplished by
• Combination of controls in ERP system Controls in Environment in which ERP

system operates including OS
1 1.1. C O N T R O L S
General Controls Application Control

Includes Control over Deals with individual business process / function or Application
system.
▪ IT management,
Key questions to be asked by Auditor are
▪ IT infrastructure,
i) Does the system process according to GAAP (Generally
▪ security management & s/w acquisition Accepted Accounting Principles) and GAAS (Generally
▪ monitoring and reporting IT Activity, Accepted Auditing Standards)?
ii) Does it meet the needs for reporting, whether regulatory or
▪ Security Mgt. & Maintenance
organizational?
Applies to all systems in an organisation
iii) Does the system protect confidentiality and integrity of
from mainframe computer to client.
30 | P a g e
Management Environmental information assets?
Control Control iv) Does it have controls to process only authentic, valid,
Deals with Operational Control accurate transactions?
organisation Policy, administered v) Are all system resources protected from unauthorized
procedure & planning through computer Financial
accessAccounting
and use? System
w.r.t. ERP system centre/computer
control. operations group vi) Are user privileges based on what is called ‘role-based
and the built-in access?’
operating system vii) Is there an ERP system administrator with clearly defined
controls. responsibilities?
viii) Are there adequate audit trails and monitoring of user
activities?
ix) Are users trained?
x) Do they have complete and current documentation?
xi) Is there a problem-escalation process?
Auditing Aspect
Auditing of Data Auditing of Process
Physical Security Access Control Function Audit Input Validation
Ensure Physical Ensure Access is given on Includes Testing of different Involves checking of rules
Control Over Data “Need to know” and “Need modules/functions & features for input of data into the
to Do” basis. in ERP and system.
Testing of overall process of E.g. Cash sale should be
part of process in system & recorded on date of sale,
comparing it with actual. not before, not later.
1 2. B U S I N E S S P R O C E S S M O D U L E S A N D T H E I R I N T E G R A T I O N W I T H F I N A N C I A L A N D A C C O U N T I N G S Y S T E M S
Business Process refers to

➢ set of co-ordinated activities that are performed
➢ to realize a business goal like order fulfillment.
How to manage Business Process?
1. Define the task/steps in the process.
2. Establish performance measures.
3. Describe organization set up to enable standardization & adherence to process throughout organization.
Business Process Flow
Number & type of business processes and how the processes are performed would vary across enterprises.
It is also impacted by automation. However, most common processes flow a generic life cycle.
ACCOUNTING FLOW
SOURCE
DOCUMENT
P a g e | 31
1. Source Document A document that captures data from transactions and events.
2. Journal Transactions are recorded into journals from the source document.
3. Ledger Entries are posted to the ledger from the journal.
4. Trial Balance Unadjusted trial balance containing totals from all account heads is prepared.
5. Adjustments Appropriate adjustment entries are passed.
6. Adjusted Trial balance The trial balance is finalized post adjustments.
7. Closing Entries Appropriate entries are passed to transfer accounts to financial statements.
8. Financial statement The accounts are organized into the financial statements.
13. B U S I N E S S P R O C E S S M O D U L E S (Profit making is Objective)
TRADING BUSINESS MANUFACTURING BUSINESS SERVICE BUSINESS

Buying & selling of Goods Includes all aspects of Trading & Involves selling of skills / knowledge/
without modification. Additional aspects of efforts/ time.
Requires manufacturing conversion of raw E.g. Doctors, Architects, Chartered
a) Accounting module material finished goods. Accountants, are the professionals into
Requires service business.
b) Inventory module
a) Accounting module
There may be other type of business
into service, i.e. courier business,
b) Inventory module security service, etc.
c) Manufacturing Module No inventory so no inventory module.
1 4. F U N C T I O N A L M O D U L E S O F E R P
Financial Controlling Selling & Material Production Plant

Accounting Module Module Distribution Management Planning Maintenance
Project System 1. Quality Supply Chain Human Resource Customer

Management Management Management Management Relationship
Management
.
1 4.1. F I N A N C I A L A C C O U N T I N G M O D U L E [ F& A]
Overview & Objective Features:

9. Most important & critical module of a) Tracking Flow of Financial Data across the org. in a controlled
overall ERP system. manner & integrating all info for effective decision making.
10. It Connects with all other modules.b) Creation of Org. Structure → Defining Company, company codes,
11. Objective is to generate Financial functional areas, Controls.
Statement. c) General Ledger Accounting → Creation of Chart of Accounts,
32 | P a g e
Account Groups, creation of General Ledger Account.
d) Account Receivables → creation of customer master data &
customer related finance attributes like payment terms.
e) Account Payables
Financial → creation
Accounting Systemof vendor master data & vendor
related finance attributes like payment terms.
f) Asset Accounting → creation of Asset Master Data.
g) Tax Configuration & Creation and Maintenance of House of
Banks.
1 4. 2. C O N T R O L L I N G M O D U L E [ CO]
Overview Key Features:

▪ Facilitates coordination, monitoring a) Cost element accounting – Provides overview of costs and revenues
and optimization of business that occur in an organization. It is basis of cost A/c & enables user
processes in organization. to display cost of each element i.e. Material, Labour, Overhead.
▪ Help in analyzing actual figures with b) Cost Centre accounting - Provides info on cost incurred w.r.t. various
planned data. dept/functional areas like marketing ,HR, Legal etc.
▪ It controls cost elements & revenue c) Activity based Costing- Facilitates analysis of cross function cost
elements. allocation to various cost centres.
d) Product cost accounting- Analysis of cost incurred to manufacture
a product or provision of service.
e) Profit Centre accounting- Evaluates P&L on individual independent
areas of business.
f) Profitability accounting - Reviews info. w.r.t. Co’s profit by
individual market segment.
1 4.3. S A L E S & D I S T R I B U T I O N M O D U L E [ S&D]
It is used by organisation to support sales & distribution activities of goods & services starting from enquiry to
order and ending with delivery.
Pre-sale Sales Order Inventory Delivery of Billing Payment
Activities Processing Sourcing Material
Prospecting of On receipt of PO, Ensuring Goods Should be as per Raising of sales Receipt of
customers, SO (Qty, Rate, are ready & SO. invoice against payment &
identifying them, Description) is available for Inventory will delivery of recording it
fixing recorded in delivery reduce on material to against sales
appointment, books. recording of this customer invoice
showing demo & Transaction
submit quotation
Features
Setting up Org. structure ▪ Creation of new Co., Co. code, sales organisation, distribution channels, divisions,
maintaining sales office, etc.
Assigning org units ▪ Assigning individual component created above to each other like company code to
company, sales organization to company code, distribution channel to sales
organization, etc.
Defining pricing component ▪ Like sale document, billing, tax related component etc.
P a g e | 33
Customer master data ▪ Setting up Customer master data records and configuration.
1 4. 4. M A T E R I A L M A N A G E M E N T M O D U L E [ M M]
▪ It manages material required, processed & produced in an org.

▪ It handles all kinds of purchase transactions.
▪ Popular Sub Component
a) Vendor master data
b) Consumption based planning
c) Purchasing
d) Inventory management accounting
Process
Evaluation of Quotation
Production Sends Purchase Purchase Evaluate Request wrt current If requisition accepted Select best
Dept Requisition Dept stock and pending order ask for quotation from option & place
approved vendor order (send PO)
Recording of Receipt of Mat. by

Payment to Store dept issue Store dept. which
purchase invoice RM to Prod. Dept
vendor issues GRN/MRN
by A/c Dept.
1 4.5. P R O D U C T I O N P L A N N I N G M O D U L E [ PP]
It includes software designed especially for production planning & management.

Multiple Multiple
Issue of RM Steps Steps
from store
It collaborates with the following

a) Master Data ▪ This includes material master, work centres, & bill of materials
b) Sales & operation planning (SOP) ▪ which provides ability to forecast sales & prod plans.
c) Distribution Resource Planning (DRP) ▪ allows company to plan demand for distribution centre.
d) Material Requirement planning (MRP) ▪ allows company to plan material required for production.
e) Capacity Planning ▪ which evaluates capacity utilization of plants.
f) Production Planning ▪ Assists in planning the production of goods
g) Product Cost Planning ▪ Evaluates value of material components to determine value of the
product.
34 | P a g e
1 4.6. P L A N T - M A I N T E N A N C E M O D U L E [ P M]
Overview Objectives:
▪ It is a functional module. a) Achieve minimum breakdown and to keep machines in good
Financial Accounting
working condition System
at minimum cost.
▪ It handles maintenance of
equipment & enable efficient b) Keep machines in a condition that they are used at optimum
planning of production. capacity.
▪ This application component provides c) Ensure availability of machines & service required by other sections
comprehensive software solution for of factory for performing their functions at optimum capacity.
all maintenance activities that are
performed within a company.
1 4.7. P R O J E C T S Y S T E M M O D U L E [ P S M]
▪ Integrated project management tool used for planning & managing projects & portfolio management.
▪ It ensures that:
a) Projects are executed within budget & time.
b) Resources are allocated to project as per requirement.
Example: DLF is executing a project of building a mall
ERP Implementation
Create Create Project Budgeting Project Project

templates Project Planning Implementaion Copletion
1 4. 8. Q U A L I T Y M A N A G E M E N T M O D U L E [ QM]
▪ Helps in management of quality in production across processes in an organization.

Process
a) Quality Planning ▪ Refers to process of Planning production activities to achieve goal of meeting
customer requirement in time, within available resources.
b) Quality control ▪ Refers to System of maintenance of proper standard in manufacture of goods,
especially by periodic random inspections of the product.
▪ It involves checking & monitoring of the process and products with an intention
of preventing non-conforming materials from going to the customer.
c) Quality Assurance ▪ Concentrates on
➢ Identifying various process
➢ Defining objective of each process
➢ Establishing procedure standards for getting required result &
➢ Documenting the procedure to enable everyone to follow the same.
d) Quality Improvement ▪ Never ending process as customer needs & expectation keeps changing.
1 4.9. S U P P L Y C H A I N M O D U L E [ SC M]
▪ It is network of
P a g e | 35
➢ autonomous & semi- autonomous activities that

➢ procures RM, processes it & transfer it to intermediate goods & then to finished goods &
➢ finally delivering it to customer/ consumer through distribution channel.
▪ This is called SCM System which implies that a product reaches from manufacturer to customer through supply.
▪ SCM Module helps organisation to optimize its supply chain & streamline its process.
RM Manufacturer Manufacturing Distribution Retailer/ Consumer

Customer
1 4.1 0. C U S T O M E R R E L A T I O N S H I P M A N A G E M E N T M O D U L E [ C RM]
▪ It is a system which aims at

➢ Improving relationship with existing customers
➢ Finding new prospective customer
➢ Winning back former customer.
▪ It helps org to manage relationship with customers & to determine who are high value customer & documenting
their interaction with org.
▪ Only large ERP has this module and it does not exchange transaction with other modules as it does not have
transactions like Purchase, Sale.
Key Benefits
a) Improved customer ▪ CRM helps analyses need / issue of customer & provide service to address the issue
relationship (feedback).
b) Increase customer’s ▪ Using data of customer, marketing campaign can be planned in an effective way.
revenue Also repeat customer also helps in increasing sales.
c) Maximize up-selling ▪ CRM allows up selling i.e., giving premium product that fall in same category to
& cross selling customers. It also allows cross-selling i.e., selling complementary product based on
previous purchase.
d) Better Internal ▪ Helps better communication within org as sharing customer data helps different
communication departments to work together.
e) Optimize marketing ▪ It helps to plan marketing in a better way as it enables Org to understand the
customer needs and behavior in a better way.
1 4.1 1. H U M A N R E S O U R C E P L A N N I N G [ HR M]
a) It manages human capital of organization.

b) It handles all activities from hiring of employee to evaluating its performance, managing promotions, handling
payroll etc.
c) It exchanges very few details with other modules.
Features
a) Maintains Employee Database.
b) Defines leave, holidays, PF, ESI etc.
36 | P a g e
c) Handles input transaction like attendance, leave, holidays, advance etc
d) Generate payroll reports.
15. I N T E G R A T I O N O F V A R I O U S M O D U L E S O F E RFinancial
P Accounting System
▪ ERP has many modules & all modules are inter-related & inter- dependent.
▪ All modules must work in harmony with other to get desired result.
Integration (Illustrative)
i) MM with FICO ii) HRM with FICO iii) MM with PP iv) MM with PP
v) MM with S&D vi) MM with QM vii) PP with S&D viii) SD with FICO
IMPORTANT POINTS FOR INTEGRATION OF MODULES:

1) Master data across modules must be same & shared with all modules.
2) Common transaction data must be shared with other modules where required.
3) Separate voucher types to be used for each module for easy identification of dept. recording it.
4) Figure & transaction flow across department. So, system should be designed accordingly. E.g. closing
stock is reported in Trading a/c as well as BS.
16. R E P O R T I N G S Y S T E M & M A N A G E M E N T I N F O R M A T I O N S Y S T E M ( MI S )
Report ▪ Presentation of info in proper & meaningful way. E.g. BS, P/l Account, CFS.
Reporting System ▪ system of regularly reporting on pre-decided aspects.
Objective of Reporting System ▪ Give right info to right people at right time for right decisions making.
Two Basic Reports ▪ Balance sheet & P&L
▪ Used for basic analysis of financial position & financial Performance.
For decision making by Mgt, more reports are required. Hence, we need proper reporting system to serve the purpose.
16. 1. M A N A G E M E N T I N F O R M A T I O N S Y S T E M ( MIS )
▪ It is a tool for providing accurate, relevant, timely & structured info/ data to managers for decision
making.
▪ It is a tool used by manager to evaluate business process & operations.
▪ Large businesses have separate MIS department whose only job is to gather info & create MIS reports.
▪ Tech used - Simple S/w and spreadsheets (small businesses) to sophisticated one (large ones).
Types of MIS Depends on number of divisions/departments in an organization
➢ Sales & Marketing
➢ Manufacturing & Production
➢ HR etc.
➢ Accounting & Finance
It automatically collects data from various areas within a business & generates
Daily report On-demand Daily report
P a g e | 37
Sent to key member throughout Org as prescribed Allows managers & other users to generate customised
MIS report whenever needed.
16. 2. F E A T U R E S O F MIS R E P O R T S
Relevant Timely Accurate Structured

Should contain Should contain info. w.r.t what is Should not contain Info should be presented in
Specific info. happening now or in recent past. mistake or wrong info. simple manner which is
related to business Old data is not required. If needed, easily understood by Mgt.
can be generated on-demand.
17. D A T A A N A L Y T I C S & B U S I N E S S I N T E L L I G E N C E
17.1. Data Analytics

Process of analyzing data sets to
➢ draw conclusions about the info. they contain with
➢ aid of specialized system & software.
Data Information Knowledge Intelligence Intelligent

Decision
w/o Context Data + Context Info + Insight Knowledge + Foresight
Tech. tools used for Data Analysis Application Area of Data Analytics
▪ Business Intelligence a) Bank & credit card companies analyses withdrawal &
spending pattern to prevent fraud.
▪ Data mining
b) Healthcare Org. mine data to evaluate effectiveness of
▪ Machine Learning treatment of diseases like AIDS, Covid-19, Cancer.
▪ OLAP [Online Analytical Processing] c) E- commerce Company & Marketing Sr company use D.A. to
▪ Text Mining identify website visitors who are more likely to buy a product
or service.
d) Mobile Network operators examine data to forecast how to
retain customer.
17. 2. TYPE OF DATA ANALYTICS
Quantitative Qualitative Exploratory Confirmatory Data Mining Machine Predictive

D.A. D.A. D.A. D.A. D.A. Learning Analysis
Analysis of Analysis of Aims to find Applies involves Artificial It seeks to
numerical Quantitative pattern & statistical tech sorting Intelligence predict future
data with non- relationship to determine through technique events like
quantifiable numerical in data. whether large data that analyses customer
variable that data like hypotheses sets to data more behaviour,
can be picture, video Akin to about a data is identify quickly than equipment
measured etc. Detective true or false. trends, conventional failure etc.
using statical work patterns & analytical
Akin to work
38 | P a g e
Quantitative Qualitative Exploratory Confirmatory Data Mining Machine Predictive
D.A. D.A. D.A. D.A. D.A. Learning Analysis
measures of judge during relationships model/ tech /
a trial Softwares
Big Data Analytics applies data mining, predictive analytics and machine learning tools to sets of big data that
often contain unstructured and semi-structured data.
Text mining provides a means of analysing documents, emails and other text-based content.
17.3. PROCEDURE OF DATA ANALYTICS
Data collected
for analysis Participants in Data Analytics Process
a) Data Analyst
Data from diff
source is combined b) Data Engineer
in std. form c) Data Scientist – Builds data analytical
model using predictive modelling tools and
Integrated data loaded
other software & languages like SQL, Python.
in analytical system
etc.
Fix data quality
problem
Analytical mode is
run on data set
Communicate result generated to

business executives for decision making
17. 4. B U S I N E S S I N T E L L I G E N C E (T O O L F O R D A T A A N A L Y T I C S )
Refers to technology driven process for

➢ analyzing data &
➢ presenting actionable Info
➢ to help corporate executives & other users to make informed decisions.
BI Tech used OLAP Data Warehouse Hadoop System Cloud Computing
Data Mining Text Mining Predictive Analysis Data visualization S/w
BI Apps can be bought separately from different vendors or as part of unified B.T.
Platform. E.g.- QlikView, Tableau
REASONS FOR BI BENEFITS OF BI

Ultimately objective of BI - Improved timeliness & a) It improves overall performance of Co. It helps in
quality of Info which helps users in making
▪ Accelerating decision making
informed decisions.
It reveals to user ▪ Optimizing internal business process
a) Position of firm vis-a-vis competitors. ▪ Increasing operational efficiency
b) Market condition & future trends. ▪ Gaining competitive Adv over business Rivals.
P a g e | 39
REASONS FOR BI BENEFITS OF BI

c) Change in customer behavior & spending pattern b) Helps identify market leads & spot business
d) Capabilities of Firm. problem that needs to be addressed.
e) What other firms in market are doing c) Helps in enhancing customer experience by allowing
timely & appropriate response to their problems.
f) Social, Regulatory & political environment.
1 8. B U S I N E S S R E P O R T I N G / E N T E R P R I S E R E P O R T I N G
Refers to
a) public reporting of financial data by business enterprises or
b) Regular provision of info to decision makers within an organization to support them in their work.
It involves ETL with data warehouse & one or more reporting tools.
What does an organisation report? Types of Business Reporting
a) Vision, mission, objective & strategy a) Financial & Regulatory Reporting. E.g. Annual
b) Governance, arrangement & risk management Report
c) Financial, society & environmental performance b) Environmental, Social & Governance Reporting
d) Trade off b/w long-term & short-term strategies c) Integrate Reporting
1 8.1. WHY IS BUSINESS REPORTING IMPORTANT?
a) Allows organizations to present a cohesive explanation of their business and helps them engage with
internal and external stakeholders.
b) Crucial for stakeholders to assess organizational performance and make informed decisions
c) Various stakeholder groups are demanding increased ESG information, as well as greater insight into how
these factors affect financial performance and valuations.
d) High-quality reports also promote better internal decision-making.
e) High-quality business reporting is at the heart of strong & sustainable org, financial markets & economies.
19. X B RL: E X T E N S I V E B U S I N E S S R E P O R T I N G L A N G U A G E
▪ It is an Open International standard language for

a) Digital business reporting &
b) Exchanging business information.
▪ It is often termed as ‘bar codes for reporting’.
▪ It is managed by global not for profit consortium, XBRL International Inc. (more than 600 Org)
▪ It simplifies the way, people can prepare, share, use & analyse business data.
▪ It is used across the world in more than 50 countries.
19. 1. X B RL T A G G I N G
▪ It is a process by which
➢ financial data is tagged/linked with
40 | P a g e
➢ most appropriate element/ definition in taxonomy (dictionary of accounting terms)
➢ that best represent the data.
▪ All XBRL reports use same taxonomy.
▪ Numbers tagged with same element areFinancial
comparableAccounting
irrespective ofSystem
how they are described by those
preparing reports.
▪ This tagging facilitates
a) identification/classification of data.
b) interchange of data b/w different I.S. & different users
c) comparison between the reports.
19. 2. W H A T D O E S X BR L D O ?
XBRL makes reporting more accurate and more efficient. It allows unique tags to be associated with reported
facts, allowing:
a) People publishing To do so with confidence that the information contained in them can be consumed and
reports analysed accurately
b) People consuming To test them against a set of business and logical rules, to capture and avoid mistakes at
reports their source.
c) People using the To do so in the way that best suits their needs.
information
d) People consuming To do so confident that the data provided to them conforms to a set of sophisticated pre-
the information defined definitions
19.3. U S E R S O F X BR L
1) Regulators a) Financial Regulators. E.g. RBI for regulating banks.

b) Securities Regulator [SEBI] & Stock Exchanges which analyse performance &
compliance of listed co.
c) Business regulators that need to receive & provide corporate data like F.S. of
Company to public [mca.gov.in]
d) Tax Authority for assessing tax compliance
2) Government ➢ Govt. agencies improve government reporting by standardizing the way reports are
prepared & shared with other Government Agencies as well as public.
3) Data providers ➢ like credit rating agencies who use data to create comparisons, Rating & other
value-added info like ratios of different Company to participants.
4) Analyst & ➢ Analyst - To understand relative risk & related performance
Investor
➢ Investors - To evaluate worth of a company & make decision w.r.t investment.
5) Company ➢ Company who is required to provide Business report to regulators.
➢ Company who needs to move info. in complex Group.
6) Accountant ➢ One who prepare XBRL reports.
19. 4. F E A T U R E S O F X BRL:
P a g e | 41
a) Clear Definition ▪ It allows creation of reusable & authoritative elements/definitions i.e., Taxonomy
that best represent financial data. These elements/ taxonomies are developed by
Regulators, AS setters, Government agencies etc.
b) Testable ▪ It allows creation of business rules, that can be logical or mathematical.
Business Rules
▪ These rules stop poor quality information from being prepared, shared or used.
▪ It flags/ highlight questionable info resulting in corrective action or explanation.
▪ Provides value added info like ratios.
c) Multi–lingual ▪ Allows definitions i.e. Taxonomy to be prepared in as many languages as possible.
support It can also be translated into other languages.
d) Strong software ▪ Supported by wide variety of s/w - large vendor to small vendor.
support
2 0. A P P L I C A B L E R E G U L A T O R Y & C O M P L I A N C E R E Q U I R E M E N T S
▪ RC refers to Organization’s adherence with laws, regulations & guidelines relevant for business.
▪ Organizations aspire to ensure that they are aware of relevant laws, rules & regulation & take steps to comply
with it.
▪ Organizations are using consolidated & harmonized sets of compliance controls so that all necessary
compliance are met w/o unnecessary duplication of efforts & activities.
▪ Violation of regulatory compliance leads to punishment like interest, penalty, fee & prosecution.
TYPEs OF REGULATORY COMPLIANCE
GENERAL RC SPECIFIC RC
Applicable to all irrespective of anything Applicable to specific type of business only.

Eg.- Income tax Eg.- Co. law applies to Co. only
2 0.1. REGULATORY COMPLIANCE AND ACCOUNTING SYSTEM
▪ Closely connected as R.C requires data & A/c data comes from A/c system. Two Approaches:
Basis Same Software For A/C & Tax Compliance Diff. Software For A/C & Tax Compliance
Ease of operation LESS - As its integrated system, making MORE - As this is used only for one
changes at one place may affect other single purpose, so more specialised
aspects also
Features & LESS - As this is not an exclusive system for MORE - As its exclusive for Tax
functionality tax compliance compliance
Time & effort LESS - As this is integrated system, no time MORE - As data needs to be moved
required to transfer data to compliance s/w from A/c s/w to Tax s/w.
Accuracy MORE – As no movement of data between LESS - As there are two separate
different systems, so no error systems, possibility of mismatch of
data is always there.
Cost MORE – Customizing A/c system for Tax LESS – as its specific s/w, its less
compliance is more costly than purchasing
42 | P a g e
separate Tax compliance s/w complicated and hence less cost
P a g e | 43
Information System & Its Components
C HAPTER 3
I NFORMATION S YSTEM & I TS C OMPONENTS
1. INTRODUCTION
Data Information System

Raw & unorganized piece of information Processed form of data. Group of inter-related & inter
without context. Data is organized by dependent components working
It is not meaningful & does not convey organization from internal together to achieve a common
any message as such. & external sources. goal.
It may be E.g. Traffic light Human Body
a) Qualitative (weight , Height, Colour)

or
b) Quantitative (Numbers)
2. I N F O R M A T I O N S Y S T E M / C O M P U T E R B A S E D I.S. (CBIS)
It is the combination of Hardware, software, people, data resources & Network which
a) Processes Data into Information
b) For specific purpose/objective.
Example:
Tally: Accounting Software in India
QuickBooks: Accounting Software across world.
Objectives Characteristics
To convert the data into information a) CBIS is developed on the basis of predetermined objective.
which is useful and meaningful. b) Inter-related and Inter dependant sub- system.
It helps Enterprises in: c) If one sub –system fails, whole system won’t work.
a) Making Decision. d) Components Interact among themselves.
b) Controls the operation. e) Work done by individual sub–system is integrated to
c) analyze problems and create new achieve common goal.
products or services as an output
44 | P a g e
Information System & its Components
3. I N F O R M A T I O N S Y S T E M M O D E L
I.S. Model provides a framework that emphasizes four major concepts that can be applied to all types of
information systems:
a) Input Data is collected from an organization or from external environments and converted into
suitable format required for processing.
b) Process A process is a series of steps undertaken to achieve desired outcome or goal. It facilitates
conversion of data into information.
c) Output The system processes the data by applying the appropriate procedure on it and the
information thus produced (output) is stored for future use or communicated to user.
d) Feedback I.S. needs feedback that is returned to appropriate members of the enterprises to help
them to evaluate at the input stage.
4. C O M P O N EN TS O F I N F O R M A TI O N S Y S T E M
Network &
PEOPLE Computer System Data Resource
Communication System
Anyone who manage, Comprise of ▪ Data ▪ Computer Network
run, program or use I.S.
Hardware Software ▪ Database ▪ Telecommunication
▪ Programmers
▪ Input Device ▪ OS S/W ▪ Database
▪ System Admin. Management
▪ Processing ▪ App S/W System
▪ Data Entry Device
Operator ▪ DBMS Module
▪ Storage
▪ Help Desk Device
▪ CIO ▪ Output Device
P a g e | 45
4.1. HARDWARE
Tangible portion of Computer System that can be seen and touched.

Input device Processing device Data storage device Output device
Device through which user Device used to process Memory where data & Device through which
interacts with system i.e., data using program program is stored on system responds
Instructions are given to instructions, perform temporary or Provides output to
information system. calculations, and permanent basis. decision makers to solve
Types control other hardware problem.
devices.
a) Text based Input– Examples
Keyboard Examples
Speakers,
b) Point based Input– Mouse, Central Processing Unit Headphones,
light pens. (CPU),
Screen (Monitor),
c) Image based – Scanner, Mother board,
Bar Code, QR Code reader, Network Card, Printer,
MICR Sound Card etc. Video
d) Audio based - Microphone
4.1.1. P R O C E S S I N G D E V I C E
▪ Most common processing device is CPU which is the actual hardware that interprets and executes the
software instructions.
▪ Built on a small flake of silicon containing the equivalent of several million transistors.
▪ Transistors are like switches which could be “ON” or “OFF” i.e. taking a value of 1 or 0.
▪ CPU is known as brain of computer & consists of following three functional units:
Control Unit ALU Processor Registers
It It performs Registers are part of the computer processor which is used
➢ controls flow of ➢ arithmetic ➢ to hold a computer instruction,
data & instruction operations such as
➢ perform mathematical operation &
to and from addition,
memory, subtraction, ➢ execute commands.
multiplication,
➢ interprets the These are high speed, very small memory units within CPU
and
instruction; and for storing small amount of data (mostly 32 or 64 bits).
➢ logical comparison Registers could be
➢ controls which
of numbers: Equal
tasks to execute
to, Greater than, a) accumulators (for keeping running totals of arithmetic
and when. values),
Less than, etc.
b) address registers (for storing memory addresses of
instructions),
c) storage registers (for storing the data temporarily) and
d) miscellaneous (used for several functions for general
purpose).
46 | P a g e
4.1.2. D A T A S T O R A G E D EV I C ES
Primary memory Secondary memory

Also known as Main Memory or Internal Memory. It is directly accessed by It is external memory.
the processor using data bus. Mainly of two types: Not directly accessible by
RAM ROM CPU but can be accessed
by Primary Memory.
a) Stores data that computer is using a) Stores data which are intact
at present even when power is off. E.g. Characteristics
BIOS, Boot system a) Non-volatile
b) Volatile in nature i.e. info is lost as
soon as possible Power is lost b) Non-volatile in nature
(permanent storage),
b) Large capacity,
c) Information stored can be Read & c) Information stored can be only
Modified Read & not modified. c) Slower speed,
d) Has high impact on system's d) Has no impact on system's d) Economical
performance. More running Apps = performance. Examples
more RAM consumed e) Cheaper & slower Hard disk, Pen drive,
e) Costly & Higher speed memory card etc.
Cache Memory - Helps to bridge the huge speed gap b/w Registers & primary
memory.
It is smaller, very fast memory in-built into CPU. Acts as a buffer between
RAM & CPU.
Cache memory stores data frequently used by main memory so that
Registers/CPU can access it faster. E.g. Values that have been computed
earlier.
Processor Cache Memory Primary memory Secondary Memory

Registers
4.1.3. O U T P U T D E V I C E S
▪ Output devices are devices through which system responds.

▪ CBIS provide output to decision makers at all levels in an enterprise to solve business problems, the
desired output may be in visual, audio or digital forms.
▪ Information shown on a display device is called soft copy because the information exists electronically
and is displayed for a temporary period.
Types of Output
a) Textual output comprises of characters that are used to create words, sentences, and paragraphs.
b) Graphical are digital representations of non-text information such as drawings, charts,
outputs photographs, and animation.
c) Tactile output such as raised line drawings may be useful for some individuals who are blind.
d) Audio output any music, speech, or any other sound.
e) Video output consists of images played back at speeds to provide the appearance of full motion.
P a g e | 47
4.2. SOFTWARE
▪ Set of instructions & programs that tells Computers what to do. Created through a process of
coding/programing through language like C++, JAVA
▪ Two types:
Operating system Application Software
Set of instruction/program/software that Include all software that causes computer to
perform useful tasks other than running the
➢ manages H/w resource and
computer itself.
➢ acts an intermediary b/w hardware & App software.
It addresses real-life problems of its end users
Example which may be business or scientific or any
Windows, Linux, Android, Tizen, Harmony OS, iOS other problem.
Activities by OS [HUMAN –FT] It can be:
a) Performing hardware function- acts as intermediary a) Standardised - MS Office

b/w H/w & App s/w. b) Customized - KKC
b) User Interface- Helps to connect user with I.S. It may Group of App S/w is called App suite.
be GUI based (uses icons and menus) or CUI based. Examples
c) Memory management – Maximizes available App suite – MS office, G Suite
memory & storage. Provides Virtual Memory (later)
Content Access S/w – VLC, Abode PDF Reader
d) Logical Access Control – OS helps in user
identification & Authorization through Password PIN. Enterprise S/w – ERP like SAP
e) Network capability - Helps to connect various Advantages Disadvantages
hardwares.
a) Addresses user d) Costly
f) File Management – Keeps a track of where each file needs development App
is stored based on which it provides the file retrieval. S/W
b) Low threat from
g) Task Management - Facilitates a user to work with virus e) Risk of Virus attack
more than one App at a time i.e. Multitasking. Also,
allows more than one user to use the system i.e. Time c) Regular update
sharing.
h) Hardware Independence – Any device irrespective of
manufacturer or design can use OS to run itself. OS
provides Application Programme Interface (APIs)
used to create App without considering the details of
H/w.
Virtual Memory is not a separate device but an imaginary memory supported by OS.
IF RAM required to run a program falls short, OS moves data from RAM to a space in HDD called paging
file.
This frees RAM to execute the work Thus, it is allocation of HD space to help RAM.
4.3. DATA RESOURCE
Organization generates & collects huge quantity of different type of data like production related data, HR
related data, market related data etc. These are stored in DATABASES.
48 | P a g e
Database Database Management System Database Models

Refers to set of logically inter- Software that helps organization in Determines
related organised data i.e., data of organising, controlling & using the a) Logical structure of
some context data stored in DB. database
To manage unrelated data, Helps to create & maintain well b) Manner in which data can
separate database is used. organized database. be stored, organized &
They store both operational data Normally single user. manipulated.
(produced from day to day Operations that it can perform – Types of Database Models
working) as well as non-
operational data (used for ▪ Adding, Deleting or Modifying a) Hierarchical Database
education, research etc.) files in database & Model
Hierarchy of database b) Network Database Model
▪ Retrieving data from existing file
a) Database: Collection of Files. c) Relational Database Model
Examples
b) File / Table / Entity: d) Object Oriented Database
Collection of Records. Commercial DBMS – MY SQL, Oracle Model
Personal DBMS – MS Access, Open
c) Record: Collection of Fields.
Office Base
d) Field: Collection of Characters
e) Characters: Collection of Bits.
A) H I E R A R C H I C A L D A T A B A S E M O D E L
▪ Records/ nodes are arranged logically in hierarchy of relationship in Inverted Tree Structure.
▪ Top parent record in the hierarchy that “own” other records is called Parent Record/ Root Record which
may have one or more child records, but no child record may have more than one parent record.
▪ Types of Relationships - 1 to 1 relationship, 1 to Many relationship
▪ Data is accessed from top to down manner
▪ Search is difficult & Time consuming.
B) N E T W O R K D A T A B A S E M O D E L
▪ Variation of Hierarchical database.

▪ It views data in sets where each record is composed of one owner record & one or more member record.
▪ Record can be member of more than one set at same time.
▪ Users can access database from any point to search DB.
▪ Types of Relationships - 1 to 1, 1 to many, many to 1, many to many.
▪ More flexible & faster search in DB.
C) R E L A T I O N A L D A T A B A S E M O D E L
▪ It allows organisation of data in Two-dimensional Table structure.

▪ Most Popular; Highly flexible; More Efficient & Faster Search
▪ Three key terms used in RDBMS
a) Relations – A relation is a table with columns and rows.
P a g e | 49
b) Attribute – Columns of the relation are called Attributes [Identify key Attribute]
c) Domain – Set of values that attributes can take.
▪ Relational database contains multiple tables.
▪ For each table, one of the fields is identified as a Primary Key, which is the unique identifier for each
record in the table.
▪ If the primary key of one table is used in another table to access the former, it is called Foreign Key.
▪ Example: MS Access, MYSQL, Oracle
D) O B J E C T O R I E N T E D D A T A B A S E M O D E L
▪ OODBMS is a set of objects.

▪ Objects are pre- defined set of program codes used to perform a specific task.
▪ OODBMS helps to store more complex data like audio, image, video etc.
▪ Example - Computer Added Design & Engineering, Multimedia video processing
4.3.1. A D V A N T A G E S O F DBMS
1. Program & File Consistency As file formats & programs are standardized.
2. Minimize data redundancy as duplication of info is either eliminated or controlled or reduced.
3. Allows data sharing same info is available to different users.
4. Integrity can be maintained Database contains Accurate, consistent & upto date data.
Change in Database is allowed to be made only by authorised person.
5. User Friendly Enable user to access data & use it easily without need of computer
expert.
6. Improved Security Since multiple users uses same data, necessary to define user access
rules.
7. Data Independence Data resides in DB & not in App; so both are independent.
8. Faster application Since data is already present in DB, so App developer has to think only
development about logic to retrieve data in the way a user needs.
4.3.2. D I S A D V A N T A G E S O F DBMS
1. Costly & Time in terms of both system and user-training.

consuming
2. Security Risk It may be possible for some unauthorized user to access the DB. In such cases,
it could be at all or nothing proposition.
50 | P a g e
4.3.3. S O M E C O N C E P T S R E L A T E D W I T H D A T A B A S E
A. B I G D A T A
▪ Refers to such massive large data sets that conventional database tools do not have processing power
to analyze them. E.g.- Google handle billions of searches every day.
▪ Some industries that use big data analytics include E-commerce (Amazon), Retail Business (Walmart),
Healthcare Industry, Hospitality Industry etc..
Benefits of Big Data Processing
a) Improved Customer Services as it is helps in reading & evaluating customer feedback.
b) Better Operational Integration of Big Data technologies and data warehouse helps an Org to
Efficiency offload infrequently accessed data, this improving efficiency.
c) Better Decision Making by using outside intelligence. E.g. Access to social data from Facebook,
Twitter etc. helps Org to finetune their business strategy.
Also helps in Early identification of risk to the products/services, if any.
B. D A T A W A R E H O U S E
▪ Data warehouse is a large collection of business data used for storage & analysis to help an organization
make decisions.
▪ However, directly analyzing the data that is needed for day-to-day operations is not a good idea as it
creates interference in normal functioning of Organisation.
▪ The process of extracting data from operational databases and bringing it into the data warehouse is
commonly called ETL, which stands for Extraction, Transformation, and Loading.
a) First stage, the data is Extracted from one or more of the organization’s databases.
b) Second stage, the data so extracted is placed in a temporary area called Staging Area where it is
Transformed like cleansing, sorting, filtering etc. of the data as per the information requirements.
c) Final stage, Loading of the data so transformed into a data warehouse which itself is another
database for storage and analysis.
Features i.e. data warehouse should meet following criteria:
a) Uses Non-Operational Data i.e. a copy of data from the active databases
b) Data Is time Variant i.e. when data is loaded in data warehouse, it receives time stamp which allows Org.
to compare over a period of time.
c) Data is standardized in terms of rules & format like Date, Units of measurements etc.
Two School of thoughts/Approach
Bottom-Up Approach Top-Down Approach
Step I: Create small data warehouses known as Step I: Create enterprise wise data warehouse
Data Marts to solve specific problems.
Step II: Combine them to form large data Step II: As specific needs are identified, create
warehouse. smaller data marts from data ware house.
P a g e | 51
Benefits of Database Warehouse

a) Better understanding of data.
b) Determine inconsistent data as it provides centralized view of all collected data.
c) Generate one version of truth viz. number of employees, sales etc.
d) Create historical record of data which allows an Organization to analyze trends.
e) Data warehouse can be used along with Business Intelligence tools for new information & analysis.
C. D A T A M I N I N G
▪ Process of analyzing large data to find previously unknown trends & pattern to make decision.
▪ This is accomplished through automated means against extremely large data set such as data warehouse.
▪ Examples of Data Mining tools - MS Excel, Oracle Data Mining, Rapid Miner
The steps involved in the Data Mining process
1. Data Integration ▪ Data is collected and integrated from all the different sources which could
be flat files, relational database, data warehouse or web etc.
2. Data Selection ▪ All the collected data may not be required for data mining. So, we select
only those data which we think is useful for data mining.
3. Data Cleaning ▪ The data that is collected may contain errors, missing values or
inconsistent data. It needs to be cleaned to remove all such
inconsistencies.
52 | P a g e
4. Data Transformation ▪ The cleaned data needs to be transformed into an appropriate form for
mining using different techniques like - smoothing, aggregation,
normalization etc.
5. Data Mining ▪ Various data mining tools are applied on the data to discover the
interesting hidden patterns.
6. Pattern Evaluation and ▪ Involves visualization, transformation, removing redundant patterns etc.
Knowledge Presentation: from the patterns generated from data mining .
7. Decisions / Use of ▪ This step helps user to make use of the knowledge acquired to take better
Discovered Knowledge informed decisions.
D. D I F F E R E N C E S B / W D A T A B A S E , D A T A W A R E H O U S E & D A T A M I N I N G
DATABASE DATA WAREHOUSE DATA MINING

This stores real time This stores both historic & This analyses data to find previously
information. transactional data. unknown trends.
Example: In a tele- Example: In the same tele- Example: In the same tele-
communication sector, the communication sector, communication sector, information
database stores information information in a data warehouse will be analysed by data mining
related to monthly billing will be used for product techniques to find out call duration
details, call records, promotions, decisions relating to with respect a particular age group
minimum balance etc. sales, cash back offers etc. from the entire data available.
Its function is to record Its function is to report & analyse Its function is to extract useful data
4.4. N E T W O R K I N G A N D C O M M U N I C A T I O N S Y S T EM S
1. Computer Network Collection of Computers & other hardware interconnected by communication

channel/ mode/ medium which allows sharing of data, resources & information.
2. Telecommunication Refers to sharing/exchanging of data/info over computer network. It helps in
a) Increase in efficiency of operations;
b) Improvement in effectiveness of management; and
c) Innovation in market place.
3. Network & Consists of both hardware as well as software.
Communication Links various piece of hardware & transfer data from one physical location to
System another.
Computers and communications equipment can be connected in networks for
sharing voice, data, images, sound and video.
Types:
Connection Oriented N/w Connection Less N/w
First connection is established No prior connection is made before
between sender & receiver. data exchange.
Then data is exchanged Inspired by portal Network.
E.g. – Telephone; Transfer of movie E.g. – Email, SMS
from laptop
P a g e | 53
Computer Network is used to address following issues:

1. Routing Process of deciding on how to communicate the data from source to destination in a
network.
2. Bandwidth Amount of data which can be transferred across the network in a given time. Higher
bandwidth, higher is the speed of data transfer.
3. Resilience Ability of a network to recover from any kind of error like power failure, connection
failure etc. If one server is down, other will manage.
4. Contention Situation where there is some conflict for some common resource in a network. Policy
should be made for priority access.
Benefits of computer network Value & impact of telecommunication

a) Computation power is distributed among computers in a) Time compression - Enables organization
Network. This reduces load on individual system & to transmit data & information quickly &
improve performance. accurately b/w remote sites.
b) User communication - it allows users to communicate b) Overcoming Geographical Dispersion -
using e-mail, video conferencing etc. Enables Org with units in remote areas to
c) Resource sharing - Data stored in Database can be
function as I unit.
shared across different systems using computer network. c) Restructuring of Business Relationship -
Similarly, H/w like Printer can be shared. Eliminates intermediaries from various
d) Reliability - Enable critical operations to run across business processes. This results in
different systems which are distributed across network. increased operational efficiency.
Hence reliability increases.
e) Distributed nature of information - Enables distribution
of Info geographically as well as consolidation of info
when required. E.g. Preparing Financial Statements of
Bank.
5. I N F O R M A T I O N S Y S T E M C O N T R O L S
▪ Objectives of I.S. Controls

a) Undesired risk, events are prevented, detected created
b) To ensure Business objectives are achieved.
▪ How above objectives are achieved?

By designing & implementing effective information control framework which
➢ comprises policies, procedures, practices, and organization structure
➢ that gives reasonable assurance that business objective shall be achieved.
▪ Critical controls lacking in a computerized environment are as follows
a) Lack of management understanding of IS risks and related controls;
b) Lack of awareness and knowledge of IS risks and controls amongst the business users and even IT
staff;
c) Absence or inadequate IS control framework;
d) Complexity of implementation of controls
54 | P a g e
6. T Y P ES O F I.S. C O N T R O L S
Objective of Controls Nature of I.S. Resources Audit Functions

Preventive Detective Corrective Environmental Physical Access Logical Access Managerial App
Control Control Control Control Control Control Functions Controls
6.1. I.S. C O N TR O L S B A S ED O N O B J EC T I V ES
Preventive Controls Detective Controls Corrective Controls

It prevents errors, omissions or Designed to detect errors, Designed to correct errors, omissions
security incidents from omissions or security incidents or security incidents once they have
happening. that escape preventive controls. been detected.
Proactive in nature. Investigative in nature. Reactive in nature.
Can be implemented in manual Characteristics: Reduces impact of risk/ security
or computerized environment. a) Clear understanding of lawful incident once it has been detected.
Characteristics: activities. Characteristics:
a) Clear-cut understanding b) Established mechanism to a) Minimizing impact of threat
about the vulnerabilities of refer the reported security b) Identifying root cause of problem
the asset. incident to appropriate
person. c) Provide remedy
b) Understanding probable
threats. c) Interaction with preventive d) Getting feedback
c) Provision of necessary control to prevent such act e) Modifying preventive controls to
controls to prevent probable from occurring in future. prevent future occurrence.
threats from materializing. d) Surprise checks by supervisor. Corrective process should also be
Examples Examples subject to preventive & detective
controls.
▪ Locks; Security Guards ▪ Fire alarm, CCTV camera,
Generally, its more effective to prevent
▪ Fireproof walls, Smoke ▪ Cash Counting. error or detect them as early as
detectors possible to their source.
▪ Review of payroll reports
▪ Qualified Personnel Examples
▪ Monitor actual expenditures
▪ PIN & Password against budget ▪ Quarantining the virus,
▪ Firewall & Anti-virus ▪ Duplicate checking of ▪ System Rebooting,
calculations
▪ Corrective journal entries
▪ Internal audit functions
▪ Business Continuity Plan
▪ Bank reconciliation
▪ Backup procedure
▪ Intrusion Detection System
P a g e | 55
6.2. C O N T R O L S B A S E D O N N A T U R E O F I.S. R ES O U R C ES
6.2.1. Environmental Controls - Related to IT environment in which I.S. functions. Environmental exposures
& relevant controls are as follows:
Fire Water Electricity exposure Pollution Damage
Damage to equipment & Damage to equipment & Due to electrical faults Major pollutant is
facility due to fire. facility due to water related like sudden upsurge in Dust which can
Controls incidents like pipe burst, power supply, voltage cause permanent
cyclone, floods etc. fluctuations etc. damage to H/w.
a) Fire resistant material
Controls Controls Controls
b) Install manual &
a) Install water alarms at a) Voltage regulator & a) Regular
automatic alarm at
strategic location. strategic locations Circuit breakers cleaning
b) Use of water proof walls, b) UPS/Generator b) Prohibition on
c) Install smoke detectors
ceilings & floors c) Emergency Power
eating ,
d) Install fire extinguishers drinking &
c) Put computer room off switch
e) Emergency Exit/Fire exit above Ground floor but smoking in I.S
plan not top floor facility.
c) Power leads
d) Proper drainage system
from two sub-
station
6.2.2. Physical Access Control – Relates to physical security of I.S. resources. It is applied against physical
exposures which include abuse of information processing device, theft, damage, Blackmail etc.
Physical information
Locks on doors Logging on Facility Others
medium
a) Bolting door lock - a) Personal Official record of access/ a) CCTV monitored by
No duplicate key. Identification activity security.
b) Cipher locks
Number (PIN) – a) Manual logging – Visitors b) Simple security guard.
combination locks means to identify & sign visitor’s log
verify authenticity c) Controlled visitor
- To enter, a indicating their name, access – Responsible
person presses a of user. User needs date & time of visit,
to login by inserting employee will escort
four-digit number, company represented,
a card in some purpose of visit, & person
visitor
and the door will
device and then to see d) Single entry point
unlock for a
enter their PIN via a
predetermined PIN keypad for b) Electronic logging - e) Dead Man’s Door -
period authentication. Combination of Pair of doors where
c) Electronic door biometric security & first entry door must
b) Plastic card - used close & lock, for
lock-magnetic or electronic security
for identification second door to open,
chip-based system.
purposes. with only one person
plastics card key Maintains details/logs of
c) Identification badge permitted in the
is used to gain access attempt, whether holding area.
access in these failed or successful.
systems. f) Alarm system &
Perimeter fencing
56 | P a g e
6.2.3. L O G I C A L A C C E S S C O N T R O L
▪ Applied to protect I.S. from logical access violators like Hacker, current & past employees, IS personnel,
End User etc.)
▪ Ensures that access to system, data, program, OS is restricted to authorized users only.
▪ Key factors considered in designing logical access controls include
➢ confidentiality and privacy requirements,
➢ authorization, authentication and incident handling,
➢ virus prevention and detection,
➢ firewalls, centralized security administration, user training and tools for monitoring compliance
Logical Access Exposure/ Risk, if no logical access control is applied
Technical Exposure Asynchronous Attack
Includes Unauthorized modification of data & s/w. Data that is waiting to be transmitted is
Types liable to unauthorized access called
Asynchronous attack.
a) Data diddling - Change in data before or after entering it
into system. Limited tech knowledge required. These attacks make use of the timing
difference between the time when the
b) Bomb - Malicious code which explodes when logic inside the data is inputted to the system and the
code is satisfied causing immediate damage. Can’t infect time when it gets processed by the
other programs & hence damage is not widespread. system.
Logical bomb – E.g. If turnover reaches 1 crore, delete all Types
data.
a) Data leakage - Leaking of information
Time bomb - Explodes at given time. out of computer by copying data into
c) Trojan house - Malicious s/w or code that looks legitimate external devices or print outs.
/harmless program. Once installed, it can damage, steal or b) Wire tapping - Spying on info being
disrupt the system. E.g. Christmas card. transmitted over computer network.
d) Worm - Malicious program which self-replicates itself in c) Subversive Attack - Enables intruders
ideal memory, thus slowing computer. No other damage is to access data being transmitted & also
caused. modify/violate integrity of data.
e) Rounding down - Round off of small fraction of an amount d) Piggybacking - Act of following an
and transfer this amount to unauthorized A/c. unauthorized person through a secured
f) Salami Technique - slicing of small fixed amount of money door that intercepts and alters
from computerized transaction & transfer to unauthorized transmissions.
A/c.
g) Trap door/Back Door - Created by developer to gain access
for maintenance. Can be misused by unauthorized users to
access software as well.
h) Spoofing - involves forging one’s source address. One
machine is used to impersonate the other & user is made
to think that s/he is interacting with the operating
system.
P a g e | 57
Logical Access Control

App & Monitoring
User access User
Network access control OS Access Control System Access
Management responsibility
control
a) User Reg- Info a) Password Internet connection a) Automated terminal a) Information
w.r.t. user is use- should exposes Organization to identification - access restriction
documented. be strong harmful elements. Ensures that only - Access to info is
De-registration (min length, a) Policy on use of N/w authorized terminal is restricted by App.
is equally imp. special - Selection of connected to I.S. User can access
b) Privilege
character)& appropriate services b) Terminal log-in
only those data
Management- should be and approval to procedure - User which is
User access changed access them should provides ID and authorized.
and privileges periodically be part of this password to login b) Sensitive System
should be b) Unattended policy. system. First line of isolation - Based
aligned with user b) Enforced path - User
defence. on critical
his duties i.e. equipment - is routed through a c) Access token - After constitution of
‘Need to know user should definite path for successful login by system in Org, it
basis’ or ‘Need be educated connecting to Org. user, OS generates may be necessary
to do basis’. not to leave network that may be access token which to run specific
c) User password
their device through firewall. contains user info. system in
mgt - Involves unattended This info is used to isolation. E.g. Cash
& c) Firewall - System counting.
activities like that enforces access provide access to user
creation, unprotected. during the session. c) Event logging - all
control between two
storage, networks d) Access control list - events should be
revocation & OS has A.C.L which logged (user id,
reissue of d) Encryption - time of access,
Discussed later. contains info on
password. user’s access rights. terminal location
d) Review of user e) Segregation of etc), archived &
network -Sensitive e) Terminal timeout - reviewed.
access rights Logout the user if
over a period of N/w is segregated
from other. system is inactive for d) Monitor System
time as duties specified period. use - Based on
& f) Call back devices- risk assessment
responsibilities Aims to keep intruder f) Limitation of and criticality of
change. off the intranet. It connection time- system, it should
ensures access to Define available time be monitored.
N/w is allowed only slot for connection to Extent of detail
from authorized OS. and frequency of
telephone no. or g) Duress alarm – review depends on
terminal. User is means to alert sensitivity of
required to enter a authorities if user is system.
password & then the forced to execute a
system breaks the command
connection. If caller h) Password Mgt. -
is authorized, the could enforce
call back device dials selection of good
the caller’s no. to passwords.
establish a new
connection.
58 | P a g e
6.3. C L A S S I F I C A T I O N O F C O N T R O L S B A S E D O N A U D I T F U N C T I O N S
Auditors have found two ways to be useful when conducting information systems audits, as given below:
Managerial Controls Application Control
Objective: Managerial Control ensures that I.S. is Objective: App controls ensures data remains
developed, implemented, operated & maintained in complete, accurate & valid through input, update
planned and controlled manner. & storage.
Types Ensures processing is complete.
a) Top Management & I.S. Management Controls Types
b) System Development Management Controls a) Boundary Controls
c) Programming Management Controls b) Input Controls
d) Data Resource Management Controls c) Processing Controls
e) Quality Assurance Management Controls d) Output Controls
f) Security Management Controls e) Database Controls
g) Operations Management Controls f) Communication Controls
6.3.1. M A N A G E R I A L C O N T R O L S
6.3.1.1. T O P M A N A G E M E N T & I.S. M A N A G E M E N T C O N T R O L S
▪ Controls of Top Management should ensure that I.S. functions properly & meets strategic business
objectives.
▪ Scope of controls includes Framing high level of IT policies, procedures & standards
▪ Controls flow from the top of an Organization to down but responsibility still lies with the senior
management.
▪ 4 Major functions of Senior Management:
Planning Organising Leading Control
Top Mgt. prepares plan for To create IT organizational Includes motivating & Comparing actual
achieving I.S. goals. Two structure with documented Communicating with performance with
types of plans (Strategic & roles and responsibilities Personnel. planned
Operational plan). and agreed job descriptions. Ensures that personal performance.
Steering committee shall Includes arranging and objectives are aligned In case of any
assume overall responsibility allocating Resources needed with Org. objectives so deviation, corrective
for I.S. function. to achieve goals determined that there is harmony action is taken.
in Planning phase. of objects w/o conflict
6.3.1.2 . S Y S T E M D E V E L O P M E N T M A N A G E M EN T C O N TR O L S
▪ Related to process of system development life cycle.

▪ Ensures proper documentation & authorizations are available for each phase of system development.
▪ 6 steps
1. System Authorization All systems must be properly & formally authorized to ensure their economic &
Activities technical justification and feasibility.
P a g e | 59
2. User Specification User needs to provide detailed requirement in written form (known as Functional
Activities Requirements Document). It discusses user’s view w.r.t problems
3. Technical Design User’s specification is converted into technical design by system developer.
Activities
4. Programme Testing All modules must be tested before implementation.
Result of test is compared with standard to determine if there is any error in
logic or program.
5. User Test & Before implementation, all modules are tested as whole by user & ensures that
Acceptance it functions as per requirement of user.
6. Internal Auditor’s Should be involved at inception of system development process to examine &
Participation give suggestions on system requirements & controls throughout all phases.
6.3.1.3. P R O G R A M M I N G M A N A G E M E N T C O N T R O L S
▪ Major phase in system development life cycle.

▪ Objective: To produce or acquire & to implement high-quality programs that is Authentic, accurate &
complete
▪ Six phases of program development lifecycle & related controls are as below:
Phases Controls
1. Planning Uses of different techniques for s/w development like WBS [Work breakdown structure]
& PERT [Program evaluation Review technique]
2. Design Structured / systematic approach to design programme.
Modular design
3. Coding Structured/ systematic approach is adopted for coding Program.
4. Testing Program is tested before implementation. Three types:

a) Unit test → Testing of individual program module.
b) Integration test → Testing of group of program module.
c) Whole of Programme testing → Focuses on whole Program
5. Operation & Involves monitoring and making changes in system when required on timely basis.
Management Three types:
a) Repair/ corrective → Remove errors from s/w or fix the bugs.
b) Perfective → Program is finetuned to reduce resource consumption. E.g. Better UI
c) Adaptive → Change in s/w due to change in user requirement.
6. Control Runs parallel in all phases. Two Major Purposes:

a) Control over s/w lifecycle phases to ensure task progress is as per plan & corrective
action should be taken in case of any deviation.
b) Control on overall s/w development / acquisition process to ensure it is accurate,
authentic & complete.
60 | P a g e
6.3.1.4. D A T A R E S O U R C E M A N A G E M E N T C O N TR O L S
Objectives w.r.t. Data Resource Management Controls

a) confidentiality of Data is maintained → Access control
b) Integrity of Data is preserved → update control
c) Availability of Data to users when needed → Back up control
Access Control Update Control Back up Control
Ensures that data is available It ensures that database is Back up refers to making copy of data
only to authorized user. It updated by authorized persons & storing it somewhere else so that it
involves: only. can be used when first copy of data
i) User access control through is not available.
PIN, Password, CARD etc. It helps to ensure availability of data
ii) Encryption of data etc.
when required.
The above is accomplished by

a) Appointing senior trust worthy persons
b) Segregating duties to the extent possible
c) Maintaining & monitoring logs of data administrator & data administrator’s activities.
6.3.1.5. Q U A L I T Y A S S U R A N C E M A N A G E M E N T C O N T R O L
Quality Assurance management is concerned with ensuring that

a) I.S produced achieve certain quality goals.
b) Development, implementation & maintenance is done as per Quality standard.
Who will ensure Quality Assurance?
QA Personnel who ensures
a) Quality goals are established & clearly understood by all stakeholders.
b) Compliance occurs with standard.
c) Best practices in the industry are also incorporated during the production of information systems.
6.3.1.6. S E C U R I T Y M A N A G E M E N T C O N T R O L
Related to Control based on nature of I.S. resources i.e., it covers

a) Environmental Control (E.g. Fire, water)
b) Physical Access Control
c) Logical Access Control
However, despite all controls, disasters i.e., events which critically hit the business continuity in irreversible
manner may occur.
Controls for disasters
i) Disaster Recovery Plan - Deals with how the organization recovers from a disaster and comes back to
its normalcy. A comprehensive DRP comprise four parts –
➢ an Emergency Plan,
➢ a Backup Plan,
P a g e | 61
➢ a Recovery Plan and

➢ a Test Plan.
ii) Insurance - Adequate insurance must be able to replace Information Systems assets and to cover the
extra costs associated with restoring normal operations.
6.3.1.7. B U S I N E S S C O N T I N U I T Y P L A N N I N G C O N TR O L S
BCP mainly deals with

➢ carrying on the critical business operations in the event of a disaster so as to
➢ ensure minimum impact on the business.
The BCP controls are related to having an operational and tested IT continuity plan, which is in line with
the overall business continuity plan, and its related business requirements.
6.3.1.8. O P E R A TI O N S M A N A G E M E N T C O N T R O L
It is responsible for daily functioning of H/w & S/w in efficient manner.

Involves Control w.r.t
1. Computer Operation Ensures proper functioning of H/W & S/W on day-to-day basis.
2. Network Operations Ensures proper functioning of network devices, communication channels etc.
3. Data Preparation & Keyboard environment & facilities should be designed to promote speed &
Entry efficiency.
4. File Library Management of Org. data stored in machine- readable storage media like CD/
DVD, pen-drive & Hard disk.
5. Help Desk Assist end-user in deploying & using H/W & S/W & resolving issues.
6. Documentation & Ensures documentation of

Programme Library
• Security Policy
• BCP/DRP
• System development related documents
7. Management of Responsible for carrying out day to day monitoring of outsourced contracts.
outsourced operations
6.3.2. A P P L I C A T I O N C O N T R O L S
Objective → to ensure that data remains complete, accurate and valid during its input, update and
storage.
Boundary Input Processing Output Communication Database

Control Control Control Control Control
Control
62 | P a g e
6.3.2.1. B O U N D A R Y C O N T R O L S
Refers to access control mechanisms that links the authentic users to the authorized resources. Involves
Identification & Authentication of users by S/w & Authorization i.e., privilege management.
Biometric
Cryptography/Encryption Password PIN ID Card
Device
Conversion of clear text into a cipher text
Helps in Similar to Used to store Includes
for storage and transmission over identification password but info for use of
networks by sender. Receiver decrypts this
of users is independent authentication thumb,
cipher code using auth key. through of any user id. purpose. retina etc.
Strength of cryptography depends on time confirmation Assigned to as
& cost to decipher the cipher text by of user id user by Org. biometric
crypto analyst. allotted to control
them. Helps in user tech.
Three techniques of cryptography are identification.
a) Transposition - Permute the order of
characters within a set of data,
b) Substitution- Replace text with a key-
text
c) Product Cipher - combination of
transposition and substitution.
6.3.2.2. I N P U T C O N T R O L S
Applied to ensure that data input in system is correct & complete.

Source
Data Data Coding Controls Batch Controls Validation Controls
Controls
Required These controls are aimed Process of grouping Intended to detect errors in
where at reducing the error together transactions that transaction before data is processed.
physical during data feeding. has relationship with each
source other.
doc. is
Field Record File
used to Transcriptio Transposit Financi Hash Doc.
Interrogati Interrogat Interrogatio
initiate n Error ion Error al Total Total Total
on ion n
transacti
on. E.g. Error in Change in Grand Grand Gran Examines Includes Includes
Invoices. entry made position of total is total is d character
▪ Reasonab ▪ Version
Controls by human two digits calculat calculat total s of data
le-ness usage -
or OCR. while ed for ed for of in the
▪ Use check i.e., Always
Types: entry is each any No. field.
pre- whether use latest
made. field code on of Includes
number ▪ Addition value in version
Types: containi a Doc docs
ed ▪ Limit field is
Error - ng in the / ▪ Data file
source Extra ▪ Single– check reasonabl
monetar batch. recor security -
docume digit Two against e or not.
y E.g. d in for access
nt Added. adjacent amount. the pre- ▪ Valid to
Source sign- to
Serial digits batc defined authorize
▪ Truncatio Doc determin
no are h. limit d users
n Error - Serial e which
reversed. only.
▪ Should Digit is No. ▪ Picture sign is
be removed. ▪ Multiple check valid in ▪ File
P a g e | 63
sequent ▪ Substitutio - Non- against field. E.g. updation

ial n Error – adjacent invalid weight &
digits characte can’t be maintena
▪ Periodic Replacem
are rs in cm nce done
Audit. ent of a
changed by auth.
digit with ▪ Sequence
. Users only
another check–
To follow
a
required
order
matching
with a
logical
seq.
6.3.2.3. P R O C E S S I N G C O N T R O L
Responsible for computing, classifying & summarizing Data.

Virtual
Real Memory Data Processing
Processor Controls Memory
Controls Controls
Controls
To reduce errors & irregularities in processing. Seeks to Used when Applied to identify
a) Error detection & correction – Processor may detect & RAM is error during data
mal-function due to design defect, damage etc. correct error insufficient to processing.
of real execute a Required to ensure
Failure can be transient (temporary), memory/ program.
intermittent (periodic) or permanent . both the
RAM & This control is completeness and
In case of transmit or intermittent errors restart Prevent required to the accuracy of
the device, but in case of permanent errors, halt unauthorized map virtual data being
the processor & report. access. memory processed.
b) Timing Control - CPU should run a program for address with Generally enforced
specified time only. Once time is completed, real memory through DBMS.
another program should run else there will be address.
infinite loop & it will consume CPU.
c) Component Replication – In some cases,
processor failure can result in heavy losses.
Hence Redundant Processor should be kept.
6.3.2.4. O U T P U T C O N T R O L
Applied to ensure that output is presented, formatted & distributed to users in a secured & consistent
manner.
Controls Over Spooling/ Report Retention Storage &
Printing Queueing distribution & Control Logging of
Collection Sensitive, critical
Forms
Output should Simultaneous Peripheral Time gap b/w Considers the Pre-printed
be printed on Operations Online generation & duration for stationery like
correct printer. distribution of which output Co. letter Head,
64 | P a g e
User should be If more than I user gives print report should be is to be Blank cheques
trained to select command, printer should print reduced. retained etc. should be
correct printer. in sequential order & save A log should be before being stored securely
other print command for maintained for destroyed. to prevent
printing after current job is reports that Date should be unauthorized
printed. were generated deter-mined destruction or
Ensure that user can continue and to whom for each removal and
working while print operation is these were output. usage.
getting completed. distributed.
6.3.2.5. D A T A B A S E C O N T R O L S
Applied to ensure that integrity of database is maintained while updating the database. Two types:
Update Controls Report Controls
a) Sequence check b/w transaction & master file - a) Print suspense A/c entry - so that corrective
Synchronous & correct sequencing b/w master action can be taken on time.
files & transaction file is critical to maintain b) Print-Run-to Run Control Totals: Helps in
integrity of updating, addition or deletion of identifying errors or irregularities like record
master file. dropped erroneously from a transaction file,
b) Ensure all records on transaction file are processed wrong sequence of updating or the application
- Transaction file records are mapped with software processing errors.
respective master file c) Existence /Recovery control - Backup &
c) Maintain a suspense A/c - Where master record & recovery strategies together are required to
transaction record are mismatched due to failure restore any failure in DB.
in corresponding record entry in master file, such d) Standing data - Application program use many
mismatches are maintained in suspense file. internal data to perform functions like bill
d) Process multiple transactions for a single master calculation based on rate list or interest rate
file in correct order. calculation etc. Maintaining integrity of price
rate or Int. rate is critical.
6.3.2.6. C O M M U N I C A T I O N C O N T R O L S
Applied to ensure that the data transmitted over network is accurate, complete & authentic.
Physical
Component Line Error Controls Flow Control Channel access Control
Controls
d) Mitigates possible While transmission of Applied, when there is Two different nodes in a
effects of data through transmission difference in speed at network can complete to
exposures to line, there can be data which two nodes in a use a communication
physical loss due to noise network can send, receive channel.
components of distortion called line error. or process data resulting a) Where possibility of
System. These errors must be in loss of data. contention of channel
detected & corrected. exists, some type of
channel access control
should be used.
P a g e | 65
7. I N F O R M A T I O N S Y S T E M ’ S A U D I T I N G - B Y IS A U D I TO R
Process of attesting/ assuring / confirming objective of –

a) External Auditor that focuses on Safeguarding of Assets & Integrity of Data; and
b) Internal Auditor that focuses on Effectiveness & Efficiency.
Objectives of I.S. Audit
Asset Safeguarding Data Integrity System Effectiveness System efficiency
e) I.S. Asset i.e., H/w It is fundamental attribute Involves evaluating To optimize use of
S/w, data, info (quality) of auditing. Whether I.S. meets various I.S. resources
etc. must be It should be maintained at all requirements of
b) To compete task with
protected by using time & data should not be business & users in minimum consumption of
internal control accessible to unauthorized decision making or resources.
from unauthorised users. not.
access.
7.1. R E A S O N S / N E E D F O R I.S. A U D I T
Factors which influence Organisation/Management w.r.t. Implementation of Controls & Audit of Computers
are:
1. Value of computer H/w , ▪ These I.S resources are valuable & important & must be safeguarded
S/w & Personnel
2. Maintenance of Privacy ▪ An organization collects a lot of data which are private regarding
individuals. Any leakage of private personnel data is against interest of
company & must be protected.
3. Controlled evolution of ▪ Use of technology & reliability of computer system can’t be guaranteed.
computer use Hence it must be audited.
4. Cost of Data Loss ▪ Data is very critical resource of an organization . Data loss can cause
severe damage to Organization & hence it must be protected.
5. Cost of Incorrect Decision ▪ Management takes decisions based on information produced by I.S. In
case of incorrect info, management can take incorrect decision which
affects the Organization adversely.
6. Cost of Computer Abuse ▪ Unauthorized access to computer system may cause huge damage. It
may also result in introduction of virus, malware, hacking, theft of data
etc.
7. Cost of Computer error ▪ Error may occur while performing a task which may incur huge cost for
Orgn.
7.2 . I.S. C O N T I N U O U S A U D I T
Real time production of information → Real time recording → Real time Auditing → Continuous Assurance
about Quality of data.
Thus, Continuous Audit reduces time gap between occurrence of Client’s event & Auditor’s assurance service
thereon.
Two basis for collecting audit evidence are:
66 | P a g e
a) Embedded module (Audit S/w) in system to collect, process & print Audit Evidence.
b) Special Audit records used to store Audit evidence collected.
Types of Continuous Audit Tools
System
Integrated Test Continuous &
Snapshots Control Audit Audit Hook
Facility Intermittent Simulation
Review File
Helps in tracing a ITF involves SCARF Variation of SCARF. Audit
transaction as it flows in creation of involves Used as Trap exception routines
App system. dummy entity/ embedding whenever App system that flags/
Built into the system at Test data in App audit S/w uses DBMS. highlights
points where material system. module suspicious
within an Procedure transactions
processing takes place. This test data is
incorporated in App system ▪ DBMS passes all as soon as
Takes image of flow of to provide they occur
normal data used transactions to CIS
Transactions as it moves continuous on a real
as input in App which determines
through the App. monitoring time basis.
system as a whether it wants to
These images are utilized means to verify of system’s examine it further. Thus,
to assess Authenticity, processing transactions. auditors can
completeness & accuracy ▪ CIS simulates the App
Info be informed
of process being carried • Authenticity collected is
system process.
of
out by system. • Completeness & written on ▪ Result of selected questionable
Important points to • Accuracy. SCARF transactions processed transactions
consider- master file. by CIS is compared as soon as
Auditor must decide
Similar to with result produced they occur.
a) Locate the snapshot a) Method to be by App s/w to
point based on snapshot This
used to enter determine whether
materiality. technique approach of
test data in both are same or not.
with data real-time
b) Determine when will System.
collection ▪ In case of any diff, notification
snapshot be captured. b) Method for capabilities. displays a
exceptions are
c) Reporting system is removing effect identified by CIS & message on
designed & of ITF written to exception auditor’s
implemented to transaction. file. terminal.
present data in
Advantage:
meaningful manner.
No modification in App
system but provides
online audit capability
Advantages of Continuous Audit Techniques

1. Timely, Evidence would be available timelier & in a comprehensive manner. Entire
Comprehensive & processing can be evaluated & analyzed rather than examining inputs and
Detailed Auditing outputs only.
2. Surprise test As evidences are collected from the system itself by using continuous audit
capability techniques, auditors can gather evidence without knowledge of systems staff
and application system users. This brings in the surprise test advantages.
3. Information to Continuous audit technique provides information to systems staff regarding the
system staff on test vehicle to be used in evaluating whether an application system meets the
meeting of objectives of asset safeguarding, data integrity, effectiveness, and efficiency.
objectives
P a g e | 67
4. Training for new Using the Integrated Test Facilities (ITF)s, new users can submit data to the
users application system, and obtain feedback on any mistakes they make via the
system’s error reports.
8. A U D I T T R A I L
▪ Refers to logs that record activities at system, App & user level.
▪ Provides detective control to help achieve security objectives.
▪ Ensures that a chronological record of all events that has occurred in system is maintained.
▪ Example: App logs contain details w.r.t who initiated a transaction, who authorized it, date, time etc.
Need for Audit Trail
To Answer Queries Fulfill Statutory Detect Errors Monitoring

Requirements Systems
Accounting AT Operations AT
Shows source & nature of data & processes that Record of attempted or actual resource
update database. consumption in a system.
8.1. O B J E C T I V E S O F A U D I T T R A I L
Detecting Unauthorised access Reconstructing Events Personal Accountability

In real time or after the event.used to reconstruct the steps that Audit trail is used to monitor user
Helps protect the system from led to events such as system activity at lowest level of detail
outsiders who are attempting to failures, security violations by Preventive capability i.e. act as
breach control. individuals, or App processing deterrent for potential violators if
errors. they know that their actions are
Such Knowledge can be used to not recorded in an audit log.
assign responsibility and to avoid
similar situations in the future.
8.2. I M P L E M E N T A T I O N O F A U D I T T R A I L /G E N E R A TI N G A U D I T T R A I L S
Info. in Audit Trail is useful for

➢ Accountants in measuring damage or loss due to App errors, Abuse of authority etc.
➢ It helps in assessing whether controls in place are adequate or not & need for Additional Control.
Audit logs, however, can generate data in overwhelming detail. Important information can easily get lost
among the superfluous detail of daily operation.
Thus, poorly designed logs can be useless.
68 | P a g e
8.3. A U D I T O F V A R I O U S C O N T R O L S
Role of I.S. Auditor Audit of Controls

a) To determine whether objectives of controls are met a) Conduct Risk assessment. Higher risk, more
or not. control
b) Assess effectiveness of controls b) Conduct review of controls i.e. whether controls
are implemented or not & whether working
effectively or not
c) Whether controls are monitored by qualified
personnel or not
9. S E G R E G A T I O N O F D U T I E S
▪ It advocates that Privilege/ Access Rights should be given on “Need to Do” & “Need to know” basis.
▪ Ensures that single individual do not passes excess privilege that could result in unauthorized activity like
fraud or manipulation of data security.
▪ For example-the person approving the purchase orders should not be allowed to make payment and
pass entries in the books at the same time.
▪ Both preventive & detective control should be place to manage SOD control.
Examples of SoD Controls
Transaction Split custody of high value Periodic review of user
Work Flow
Authorization assets rights.
I.S requires 2 Password to an encryption key Internal audit Applications that are
or more person that protects sensitive data personnel can workflow-enabled can use a
to approve can be split in two halves, one periodically review user second (or third) level of
certain half assigned to two persons, access rights to approval before certain high-
transactions and the other half assigned to identify whether any value or high-sensitivity
two persons, so that no single segregation of duties activities can take place.
individual knows the entire issues exist. E.g. workflow application
password. that is used to set up user
Two keys for sensitive locker. accounts can include extra
management approval steps
in requests for administrative
privileges.
When SOD issues (conflicts b/w access rights of individuals) are encountered, Management needs to
mitigate the matter. How?
Reduce access privilege of individual user so Introduces new mitigation control
that conflict no longer exists. If management determines that the person need to
retain privileges which are viewed as conflict, new
preventive & detective control needs to be implemented
like increased logging of records, reconciliations of data
sets etc.
P a g e | 69
E-Commerce, M-Commerce &
Emerging Tech
C HAPTER 4
E-COMMERCE, M-COMMERCE & EMERGING TECHNOLOGY
1. E-C O M M E R C E
▪ Refers to doing Business (Buying, Selling & Other related functions like inventory mgt.) electronically.
▪ Means use of Technology (Internet, computer, Mobile, Apps, website etc.) to enhance processing of
commercial transactions between company, customer & business partners like seller.
▪ Involves automation of variety of transactions such as B2B, B2C, C2C, C2B etc. through Reliable &
Secure Technology.
2. D I F F E R E N C E B E T W E E N T R A D I T I O N A L C O M M E R C E & E-C O M M E R C E
Basis Traditional Commerce E- Commerce

Transaction Processing Manual Electronically
Customer Interaction Face to face Screen to face
Business scope Limited to particular area Worldwide reach
Availability for business Limited Time 24x7x 365
Information Exchange No uniform platform Provides uniform platform
Fraud Relatively less due to personal More Risk due to Lack of physical
interaction b/w buyer and seller. presence & unclear legal issues
3. B E N EF I TS O F E-C O M M E R C E
Individual User Seller Government

a) Time Saving - Some products a) Reduction of Cost - of overhead (salary), a) Instrument to fight
such as e-books, recharge of Rent, marketing and advertisements [E- corruptions - as all
mobile can be delivered online mail /Digital marketing] etc. transaction are
through internet. b) Recurring Payments made easy. recorded, No tax
b) Various Options- by diff.
evasion.
c) Instant Transaction - which are processed
sellers which are easy to in real time, so no. of sales made b) Reduction in use of
compare. increases. ecologically
c) Convenience – w.r.t. d) Increased Customer Base - since no. of damaging material.
Searching, placing Order and people getting online is increasing.
Payment.
e) Easier Entry into New Market - as reach
d) Anytime Access - of e-commerce is worldwide.
[24X7X365]
f) Efficiency Improvement - Reduction in
70 | P a g e
E-Commerce, M- Commerce& Emerging Tech
e) Easy to Find Reviews - User ➢ Time required to complete
can give feedback & ratings transactions;
which helps buyer to make ➢ Errors in billing, invoicing & data
better decision. entry
f) Coupon and Deals ➢ Inventory holding cost due to JIT.
4. D I S A D V A N T A G E S O F E-C O M M E R C E
a) Internet Connection Internet connectivity is a pre-requisite to perform online transactions. It may not
be available in rural or remote areas.
b) High start-up costs Various components of costs involved with e- commerce are due to following
▪ Connection: Connection costs to Internet.
▪ Hardware/software: Includes cost of sophisticated computers, routers etc.
▪ Set up: Includes employee work hours involved in setting up systems.
▪ Maintenance: Includes costs involved in training of employees & maintenance
of web-pages.
c) Legal issues The legal environment in which e-commerce is conducted is full of unclear &
conflicting laws.
d) Security Concerns There is risk of security and reliability of network and internet as well as fear of
safety and security to the personal information due to the increased spywares
and malwares
e) Cultural Some customers are still somewhat fearful of sending their credit card numbers
impediments over the Internet. Also, many customers are simply resistant to change.
f) Some businesses Items such as perishable foods and high-cost items such as jewellery and
may never lend antiques may be impossible to adequately inspect from a remote location.
themselves to e-
comm
5. E-C O M M E R C E B U S I N E S S M O D E L S & E-C O M M E R C E M A R K E TS
▪ B.M. means organization of product, service & information flows for benefits of suppliers & customers.
▪ A business model enables a firm to
➢ analyze its environment more effectively and
➢ exploit the potential of its markets;
➢ better understand its customers; and
➢ raise entry barriers for rivals.
▪ An e-business model is the adaptation of an organization’s business model to internet economy.
▪ E-business models utilize the benefits of electronic communications to achieve the value additions.
▪ Some of the e-market models are explained below:
1. E-shop It is an online version of retail stores that sells products & services online. It is
convenient way of effecting direct sale to customers.
No intermediaries are involved, hence cost & time delay is reduced.
Eg- www.vanheusenindia.com
2. E- malls It is e-retailing model of a shopping mall.
P a g e | 71
Emerging Tech
It is Conglomeration of different e-shops situated in an e-commerce location.
Eg – www.emallofAmerica.com
3. E- Auction It provides channel of communication (auction websites) though which bidding process
for products & services can take place between completing buyers.
Eg – www.bidderboy.com
4. Portals It is a website that serves as a gateway on the internet to a specific field of interest or
an industry.
It is a channel through which websites are offered as content.
Firms control the content or portal and earn revenue by charging customers for
subscription or advertising.
Website + login + motive is to earn money.
Eg – www.mca.gov.in, Netflix, Tax sutra, Taxmann.com
5. Buyer They bring together large no. of buyers so that they can enjoy savings which are
Aggregator generally enjoyed by large volume buyers.
Firms collects info about Goods/Services, make services providers their partners & sell
under its own brand. Eg- www.zomato.com, Ola, Uber
6. Virtual Community of customers who share common Interest & use internet to communicate
Community with each other.
It helps participants as they get greater benefits like solving queries, sharing ideas etc.,
without additional cost. E.g.- Microsoft community
7. E- marketing Process of marketing a product or service using the Internet. E.g.- Mail marketing,
digital marketing.
It changes relationship b/w buyer & seller as market information is available to all
parties in the transaction.
8. E-Procurement Refers to Management of all procurement activities though electronic means.
E- procurement infomediaries provide upto date & real time information w.r.t. supply of
material to business partners.
Leads to efficiency in accessing info & saving of time & cost. E.g. www.e-procure.gov.in
9. E- distribution e-distributor is a Co. that supplies products & services directly to individual business.
E-distribution helps in achieving efficiency by managing large volume of customers,
automating orders, communicating with partners and providing value added services like
order tracking.
An example of a firm specializing in e-distribution is www.wipro.com that uses internet
to provide fully integrated e-business enabled solutions that help to unify the
information flows across all the major distribution processes.
The e-business models relating to e-business markets can be summarized as given below:
Consumer to Consumer Government Business to

Business to Consumers Business to to Consumer
Consumer to Business Government
[B2C] Business [B2B]
[C2C] [C2B] [G2C] [B2G]
Refers to online Refers to Consumers Consumers Allows Variant of B2B
retailers who sell commerce b/w sell directly to set prices & consumers to model.
products & services company, its other Companies provide Govt. accredits
72 | P a g e
Consumer to Consumer Government Business to

Business to Consumers Business to to Consumer
Consumer to Business Government
[B2C] Business [B2B]
[C2C] [C2B] [G2C] [B2G]
through internet. suppliers or other consumers bid to offerfeedback & selected
Supports activities participants. through online product & ask info. like websites.
within consumer chain. Supports supply classified Ads, service. land search, These websites
chain of Org. auctions or E.g.- license act as a
Focuses on sell side personal confirmation,
activities. E.g. Comparison vehicle medium of
selling. exchanging
Types www.Indiamart. of interest ownership etc.
com Matches rates of information
Revenue from Govt.
a) Direct sellers - E.g. loans by Businesses use
stream of authorities.
vanheusenindia.com various these websites
buyers with banks to Government to
b) Online
sellers & vice customers provides the
Intermediary- E.g. -versa. information ➢ File Reports
Amazon.com like Paisa
E.g. OLX.in Bazar asked for. ➢ Pay taxes
c) Community built ➢ Sell Goods &
E.g.
around shared services to
interest like e-Seva Govt
cooking, (Andhra
photography etc. Pradesh)
E.g.
www.cookingmatter
s.com
6. C O M PO N EN TS O F E-C O M M E R C E
Technology Internet/ Payment

User E-Commerce Vendors Web Portal
Infrastructure Network Gateway
Any Refers to Org/ Entity E-commerce is It is Key to Provides system of
individual / providing the G/s user technology driven. success of interface/ computer
organization asked for. E.g. Flipkart. To be successful, web e- comm. front end processes
or anybody They need to ensure site should be: Transaction through that
using e- following for effective & & Critical which user authorizes,
commerce a) Scalable with Enabler. interacts verifies, and
efficient Transactions: minimal effort to
platforms. with e- accepts or
a) E-commerce catalogues handle peak traffic Faster commerce declines
E-comm and product display - internet
vendors b) Easy to use and results in vendor. payment on
all info should be convenient behalf of
need to displayed properly. better e- Can be
ensure that commerce. accessed merchant
c) Implementing
user’s b) Suppliers & SCM - through through
Responsive Design secure
loyalty is Should have enough to make website laptop,
built & also right suppliers who are desktop, Internet
accessible & usable connections.
that their financially & operation- on every device. mobile &
products are ally stable. hand-held Last & most
not Following tech. enable device. crucial part of
Should provide real-
delivered to time stock inventory & e-commerce: Simplicity e- comm
wrong short delivery time. a) Computer server & transactions.
and clarity
person. DB - Backbone of e- of content on Assures seller
c) W/H operations - Where commerce.
Goods are stored & web portal is of receipt of
packed as per pre- E-Comm Vendors directly payment.
determined standard. invest huge amount linked to Various
in such infra. customer modes are
d) Shipping & Returns -
P a g e | 73
Emerging Tech
Technology Internet/ Payment
User E-Commerce Vendors Web Portal
Infrastructure Network Gateway
Supplementary & b) Mobile App - Smaller experience of ▪ Debit card
complementary to w/h version of computer buying a
operation. Fast return is s/w programmed to product ▪ Credit Card
USP of vendors. run on mobile/ tablet. online. ▪ UPI
e) Showroom and offline Expensive & runs on 1 ▪ COD
purchase - Many type of OS.
vendors have opened c) Digital Library -
outlets for customer Special library
experience of their focussed on
products. collection of digital
f) Marketing & loyalty objects (text, audio,
program - To establish video) stored in e-
long-term relationship media format.
with customer. Type of info. retrieval
g) Privacy policy - Explains system.
usage of customer’s d) Data Interchange -
data in as per IT Act Electronic
2000. communication of
h) Security policy - So that data b/w different
data is safe through parties.
tech like SSL. There are defined
standards to ensure
seamless comm.
7. A R C H I T E C TU R E O F N E T W O R K ED S Y S TE M
Architecture refers to style of designing/ method of construction. In e-Business, it denotes the way
network architectures are built. E-Commerce runs through network connected system
Two Tier Architecture Three Tier Architecture
User DB Server User App Server DB Server
Presentation Tier/ Presentation Application/ Logic/ Database

Client Tier/ Client Database Tier Tier /Client Tier Business/Middle Tier Tier
App Tier
Top level & Controls App functionality Same as
Refers to Data like Product displays info. by performing detailed Two tier
interface that data, Price data, related to goods processing.
allows user to customer data & and services on All processing is done at
interact with e- other data is kept website. this level like how data
commerce here. For login & can be created, displayed,
vendor. All information is checking the stored and changed, data
User can login to stored & retrieved products, App tier security mgt, load
e-commerce from this tier. is used. balancing etc.
through this tier User has no
74 | P a g e
& all information access to data at

is displayed to this level by can Thus, it is a client-server architecture in which the business
him. view it through logic, computer data storage and user interface are developed
Client Tier. and maintained as independent modules on separate
platforms.
All e-commerce & M-commerce applications follow three-tier
network architecture.
7.1. A D V A N T A G E S & L I M I TA TI O N S O F T W O - T I ER A R C H I T EC T U R E
Advantages Disadvantages / Limitations

a) Easy to setup & maintain due to simple a) Performance declines if number of users increase.
structure. b) Restricted flexibility as any change in version of
b) Higher system performance since business logic s/w needs to be installed in each user’s device.
& database are physically close. c) Lesser choice of DBMS.
c) Processing is shared b/w client & database.
Hence more users can interact with system.
7.2 . A D V A N T A G E S & L I M I TA TI O N S O F T H R EE T I E R A R C H I T EC TU R E
Advantages Disadvantages / Limitations

a) Change Mgt. (updating version of s/w) - Any a) Increased need of network traffic management,
component change can be done on App server load balancing & fault tolerance.
rather than user’s device in easy & faster way. b) Current tools are relatively immature & complex.
b) Dynamic load balancing - if some bottleneck in
c) Maintenance tools are inadequate for
performance occurs, the server process can be maintaining server.
shifted to another server in real time.
c) Separation of DB tier, Client tier & App tier -
results in quicker development of s/w.
d) Other Benefits - Higher performance, Flexibility
in deployment of Architecture due to modular
s/w, Scalability, Improved security & data
integrity.
8. M- C O M M E R C E
▪ Refers to Buying & Selling of Goods & services and related activities though wireless hand-held devices
like mobile phones and Personal Digital Assistants (PDAs) like tablet etc.
▪ M-commerce enables users to access the Internet without needing to find a place to plug in.
▪ Growth in m-Commerce has been through App. It can be downloaded by user or pre-installed.
E-Commerce Architecture Vide Internet & Mobile Apps

Layer/Tier E-commerce vide Internet E-Commerce vide Mobile Apps
Client/ Presentation Web server, web browser & Internet Mobile web browser, Mobile App, Internet
Tier (user interface) Helps the e-commerce customer to Helps the e-commerce customer to
connect to e-commerce merchant. connect to e-commerce merchant.
P a g e | 75
Emerging Tech
Application Tier App server & Back–end server. Same
(includes seller, logistic partner,
Payment gateway)
It allows customer to check the
products available on merchant’s
website.
Database Tier DB server i.e., Info store house where Same
all data is stored.
9. W O R K F L O W O F E-C O M M E R C E
1. Customers Login Customer log-in on e-commerce website or mobile App.

2. Product / Service Customer selects products / services from available options.
3. Customer Places Order is placed for selected product / service by customer.
Order
4. Payment Customer selects the payment method. In case payment methods is other than
Gateway Cash on Delivery (COD), the merchant gets the update from payment gateway
about payment realization from customer.
5. Dispatch and This process may be executed at two different ends. First if product / service
Shipping Process inventory is managed by e-commerce vendor, then dispatch shall be initiated at
merchant warehouse. Second, many e-commerce merchants allow third party
vendors to sale through merchant websites.
6. Delivery All merchants have provided their delivery staff with hand held devices, where the
Tracking product / service delivery to customers are immediately updated.
7. COD Tracking In case products are sold on COD payment mode, merchants need to have
additional check on matching delivery with payments.
10. R I S K S & C O N T R O L S I N E- C O M M E R C E
10.1. Risks i.e Possibility of Loss in case of e-commerce are high compared to general internet activities.
76 | P a g e
Security of credit Quality Issue →

Privacy & Security of card issue → Risk of Actual product may
sensitive personal data differ from product
cloning Dr/Cr card
ordered
Problem of
Delay in delivery of Anonymity → Needs
goods & hidden cost Needs internet & no to identify &
(delivery/ processing personal touch authenticate user as
cost) well as supplier
Repudiation of contract
Denial of service → → seller may repudiate Attack from Hacker →
Due to unavailability order after accepting it. E-commerce website
of system due to customer can also refuse may be attacked by
virus, bomb etc. to accept delivery hackers
10.2. C O N T R O L S → N E C E S S A R Y F O R E A C H P A R T I C I P A N T O F E- C O M M ER C E
1. User ▪ To ensure that genuine users are on e- commerce website. This prevents attack on
website from Hackers.
2. Seller/Merchant ▪ Should be financially & operationally stable. Control is needed for
➢ Product catalogues
➢ Price catalogues
➢ Discount and promotional schemes
➢ Shipping & return
➢ Accounting for cash received through Cash on Delivery mode of sales.
3. Government ▪ Two major concerns - Tax accounting of Goods/Services sold & only legal G/Sr are
sold.
4. Network Service ▪ To ensure availability & security of network. Any downtime can be disastrous.
Provider
5. Technology ▪ Includes all service other network service. E.g. cloud computing, App Backends etc.
Service Provider ▪ To ensure availability & security of technology.
6. Logistics ▪ Responsible for timely delivery of product as ordered.
service provider ▪ Success or failure of any e-commerce / m- commerce venture finally lies here.
7. Payment ▪ To ensure effective & efficient processing of payment.
Gateway
10.3. C O N TR O L S F O R M I T I G A T I N G R I S K
Communication of Ensure
Educate participants organizational compliance with Protect your e-commerce website from
about nature of risk policy to Industry Body Intrusion
Customers standard
Policy may include a) Privacy policy RBI releases a) Hackers - Use security software
a) Frequency and i.e., How data these standards package to protect website.
from time to
P a g e | 77
Emerging Tech
nature of will be used time which must b) Virus- Scan website daily for viruses.
educational b) Information be complied. c) Password - Ensure employees use
programmes. Security policy strong password & change it
b) Participants for periodically.
c) Shipping &
such programme Billing policy Also access of ex-employees must be
Example d) Return & terminated.
“Dos and Don’ts” Refund policy d) Regular s/w update - Website should
for online payments have newest version of security s/w.
advertised by e) Sensitive data - Encryption of
Banks. financial & other confidential data.
11. G U I D E L I N E S & L A W S G O V E R N I N G E- C O M M ER C E
11.1. G U I D E L I N E S G O V E R N I N G E- C O M M E R C E (D EC I D ED B Y E- C O M M E R C E )
All e-commerce vendors need to create clear policy guidelines for the following & communicate it to its
users.
Product
Billing Shipping Delivery Payment Return
Guarantee/Warranty
Format Shipping Mode of delivery? Mode Which goods can Proper display
of Bill Date & - Courier be returned? guarantee/warranty
- COD
Details in Time, - Hand delivery - online Within how many on website
Bill Expected payment days? Also send G/w
When will goods
Applicable date of be delivered? Specific payment Process of document along
GST dispatch verifying with product.
& mode for specific
- Time & date authenticity
delivery product must be
Where delivery is highlighted. Duration after
to be made? which money will
- Home be refunded.
- Office
11.2. C O M M E R C I A L L A W S G O V E R N I N G E-C O M M ER C E
All e-commerce transactions are essentially commercial transactions. Hence following laws are applicable:
1. Income Tax Act 1961 ▪ Act to levy & collect Income Tax on Income.
▪ concerned with deciding place of origin of Transaction for tax purpose.
2. GST Act, 2017 ▪ Covers all aspect of E- commerce
▪ Each supplier is required to upload details of outward supply on common
portal.
3. Companies Act, 2013 ▪ Regulate companies. All major e-commerce organizations are companies.
4. Factories Act, 1948 ▪ Regulates working condition of workers. Extend to place of storage as well
as transportation.
5. Customs Act, 1962 ▪ Deals in Import/ Export of goods. India is signatory to GATT of WTO &
can’t levy custom duty that are not WTO compliant.
78 | P a g e
6. Consumer Protection ▪ Act to safeguard interest of consumers. It is source of most of litigation.

Act, 1896
7. Foreign Exchange ▪ Regulates FDI & flow of foreign exchange in India.
Management Act,
▪ FDI upto 100% allowed in e- commerce dealing in B2B e- commerce.
1999
8. Competition Act, ▪ Regulates practices that have appreciable adverse effect on competition
2002 through competition commission.
▪ checks predatory pricing by E-Commerce vendors.
9. Indian Contact Act ▪ Defines constituents of valid contract.
11.3. S P E C I A L L A W S G O V E R N I N G E- C O M M E R C E
Information Technology Act, 2000 RBI Act, 1934

▪ Govern all internet activities in India including all RBI frames guidelines to be followed by E-
online transaction in India. Commerce & M- Commerce.
▪ Provides legal sanctity to online transactions, E.g. Conversion of Dr/Cr card into chip-based card.
online contracts & provides for penalty for non- OTP/PIN must for online payments or
compliance. payments at PoS.
▪ Refer Chapter 1 & 5 for detailed discussion.
11.4. T R E N D S I N E-C O M M E R C E
E- marketers need to develop not only their product quality but also user experience to retain customers.
Social Mobile Artificial
Content Predictive Analysis Biometrics
commerce commerce Intelligence
Due to great Social media
P.A. helps in analysing Since e- User is Use of AI like
competition in is integral
customer’s behaviour commerce moving from fully
e-commerce, a part of asuch as If customer involves serious desktop to automated
visually customer does not return within security threats mobile chat bot is
attractive online habit.
30days, he is lost. such as hacking, computing. another latest
website or Latest trend It helps to spamming, 55% online trend.
display of is to use online fraud, traffic is Chatbot is first
product is no a) predict customers theft of
social media buying habits as generated on point of
more sufficient. for doing e- confidential mobile & its contract &
per their taste & data etc.,
Latest trend is commerce preference, both increasing. answers all Q
to use video for like FB, Biometric of consumers.
Q&Q & verification is a Creation of
content Google etc. mobile apps Also known as
marketing to b) segmenting means to solve
customers in security issues & mobile messenger
attract marketing is bots.
customers. different using physical
categories & characteristics latest trend. Live chat users
Shoppable improve of users such as tend to spend
videos instead of conversions by fingerprint, face more & buyer
images enables offering or voice. conversion rate
customer to is higher.
shop directly ▪ Right customers
from videos. ▪ the right product
▪ in the right way
▪ at the Right time
P a g e | 79
Emerging Tech
12. D I G I T A L P A Y M E N T
▪ It is way of payment which is made through digital modes.

▪ Also known as electronic payment as No cash is involved & Transaction is completed online.
Advantages Disadvantages / Drawbacks / Limitations
a) Easy & Convenient a) Overspending
b) Accessible from anywhere b) Risk of data theft server of digital payment service provider
c) Less Risk if used wisely
can be hacked.
c) Difficult for non-technical person
d) Written record of transaction
d) Disputed transactions: In case of misused of electric money
e) Discount from taxes
by someone else, it is very difficult to receive a refund.
f) Competitive advantage to business
e) The necessity of internet access
g) Environment Friendly
f) Increased business costs: additional costs in procuring,
installing and maintaining sophisticated payment-security
technologies.
12.1. T Y P E S D I G I T A L P A Y M E N T
Traditional Methods New Methods
12.1.1. T R A D I TI O N A L M E T H O D S
Cards
Internet Banking
Debit Card Credit Card Smart Card
Small plastic card Small plastic card Prepaid card similar to credit card Customers login to
containing unique no. issued by a bank/ and debit card in appearance, but his/ her bank
linked with bank A/c issuer, allowing the has a small microprocessor chip in account and
number holder to purchase it to store customer’s personal info. makes payments.
Issued by a bank & goods or services on such as financial facts, encryption All public sector
allows the holder to credit. keys, account information & so on. banks & large
make payment Buyer’s cash flow isa) These are not linked to any bank private sector
directly from his not instantly account & user is not mandated to banks allow this
Bank A/c. impacted as user have a bank account. facility to their
Buyer’s cash is makes payment to b) It is used to store money which is customers.
instantly affected i.e. card issuer at end of reduced as per usage.
as soon as payment billing cycle.
c) E.g. Mondex and Visa Cash cards.
is approved, buyers
account is debited.
12.1.2. N EW M ETH O D S
UPI [Android only] IMPS Mobile Apps Mobile Wallet AEPS USSD
Unified payment Immediate BHIM/Bharat Mobile wallet or Aadhar Unstructured
80 | P a g e
UPI [Android only] IMPS Mobile Apps Mobile Wallet AEPS USSD
interface. Payment Interface for e-wallet is Enable Supplementary
It is payment mode System money digital version Payment Service Data
to make instant Facilitates Developed by NPCI of a physical or system is a Banking or *99#
fund transfer from Instant inter- (National real-life wallet. Aadhaar is mobile
sender’s bank bank electronic Payment Corp. of Users can keep based digital Banking based
account to the fund transfer India) his/her money payment on Digital
receiver’s bank in E-wallet & mode. payment that
through Mobile, Based on UPI & works on basic
account through ATM & Net built on IMPS use it when AEPS allows
the mobile App. needed bank to bank phone through
banking. infra. SMS.
Steps Allows user to It stores bank transactions
account or i.e. money No need of
▪ User downloads send or receive
money to/ from Dr/Cr card info will be smartphone or
UPI APP such deducted Internet
other UPI address on mobile
as PhonePe, from sender’s
by device. Can be used for
Google Pay, A/c and
Used to make credited to financial as well
BHIM a) scanning QR
payment to as non –
code; or the payee’s
▪ Create VPA/ UPI merchants financial
A/c directly. operations like
ID b) using A/c listed with
number with mobile wallet Customers checking bank
▪ Register for
Mobile Banking Indian service provider. need to link balance,
Financial Aadhar with generating MPIN
▪ Link Bank A/c Systems Code E.g. PAYTM Bank A/c etc.
with UPI ID & (IFSC) code Mobikwik Can be used
Transfer Fund. or for financial
Freecharge
It can be used to c) MMID (Mobile as well as non
transfer funds b/w Money – financial
two accounts as Identifier) operations
well. Code for users Planning to
who don’t have launch
a UPI-based
bank A/c
Crypto Currency ▪ It is a digital currency (no physical form) produced by public network rather
than any Government or bank. It is completely decentralized i.e, no controlling
authority.
▪ It is a medium of exchange. Strong cryptography is used to ensure that payments
are sent & received safely.
▪ Records of individual coin ownership is stored in computerized database using
strong cryptography.
▪ Strong cryptography makes it nearly impossible to counterfeit & doubled spend
▪ E.g. – Bitcoin, Litecoin, Ethereum
▪ Advantages: Less transaction processing, fast transfer b/w sender & receiver, no
risk of hacking or counterfeit currency.
Mobile Banking ▪ Service provided by a bank or other FI that allows its customers to conduct
different types of financial & non-financial transactions remotely using a
mobile device such as a mobile phone or tablet & the Mobile App provided by
Bank or FI.
▪ Each Bank provides its own mobile banking App for Android, Windows and iOS
mobile platform(s).
P a g e | 81
Emerging Tech
P ART II - E MERGING T ECHNOLOGIES
13. V I R T U A L I S A T I O N
▪ Refers to creation of virtual version of a device or resource such as server, network or storage device etc.
▪ It provides a layer of abstraction between hardware and software working on them.
▪ Core Concept – Partitioning which divides one physical hardware into multiple logical server/ virtual
machines and each logical server can run an OS independently.
▪ Example - Partitioning of a hard drive is considered virtualization because one drive is partitioned in a
way to create two separate hard drives.
▪ Helps in cutting IT expenses, enhancing security, and increasing operational efficiency.
13.1. A P P L I C A TI O N A R EA S O F V I R TU A L I S A T I O N
Server Testing and

Disaster Recovery Portable App Portable workspace
consolidation training
It consolidates Can be used as hot Useful for kernel It enables to have It helps to create
many servers into standby and in development of OS portable Apps portable
fewer servers. case any virtual & OS courses for where Apps can be workspaces/ OS
Known as machine is down, training and executed from that can be carried
physical to virtual its work can be testing. removable device on devices like
transformation. handled by other (PD/HD) directly memory stick, USB,
virtual machines, without installing iPad.
Each physical thus helping in it into system
server is known disaster recovery. main disk.
as virtual
machine host &
virtual machines
appear as real.
13.2. T Y P ES O F V I R T U A L I S A T I O N
Hardware Virtualization Network Virtualization Storage Virtualization

▪ Known as platform ▪ It is a method of combining ▪ Refers to pooling of data
virtualisation available resources by splitting form multiple storage devices
bandwidth/network into into what appears to be a
▪ Involves creation of virtual
multiple channels. single device that is managed
machines that acts like real
centrally.
computer with OS. ▪ Each channel is independent &
can be assigned/reassigned to ▪ Helps to perform job of back
▪ S/w on these virtual machines
any server. up, achieving (old & unused
is separate from underlying
data), recovery easily by
H/W ▪ It allows a large physical
disguising the complexity of
network into multiple logical
▪ Basic idea of virtualization is storage access network
networks and vice- versa.
consolidation of server where [SAN].
multiple servers are ▪ Intended to optimize speed,
consolidated to create virtual
82 | P a g e
server scalability, flexibility etc.
▪ Two softwares: Hypervisor and
virtual machine manager.
14. G R I D C O M P U T I N G
▪ It is a computer network in which each computer’s resource (processor, storage, Network etc.) is shared
with other computer in a system/network.
▪ It is a distributed architecture of large number of computers connected to solve complex problems. E.g.:
Data mining.
▪ In the grid computing model, servers or personal computers run independent tasks and are loosely
linked by the Internet.
▪ It turns a computer network into a powerful super-computer.
14.1. B E N E F I T S O F G R I D C O M P U T I N G
1. Access to additional like computational power, Network, storage etc.

resources
2. Making use of under – It provides a framework to use/ exploit unutilized IT resources in an Org.
utilized resource
3. Resource Balancing It enables RB in which if a computer’s load peaks, it can transfer its
work to another computer with less utilization.
4. Parallel CPU capacity It helps in scalability & faster performance
5. Reliability Since high –end computing systems are used, grid computing is reliable.
Further due to multiple resources, if one computer fails, work will
continue as its work will be transferred to another computer in network.
6. Management It helps in better management of large No. of computer systems. It also
manages priorities among different projects.
14.2 . T Y P E S O F R E S O U R C E S I N G R I D
Special Equipment
Computation Power Software and capacities,
Storage Communications
(CPU) License architecture and
policies
It’s the most common ▪ Each machine ▪ Refers to ▪ Refers to those ▪ Different
resource shared in G.C. on grid network s/w installed in computers in a
Processors offered by provides some bandwidth Grid which are Grid will have
members of Grid may storage, even issued for too expensive different
differ in architecture, if temporary. sending one work for installation architectures,
memory etc. but can from one on each operating
▪ Storage may
still be shared. computer/ member systems, devices,
be memory
machine to computer. capacities, and
Three ways to exploit attached to
another. equipment.
this resource in G.C.: processors, ▪ Some S/W
RAM, ROM or ▪ Bandwidth is vendor permits ▪ Grid can use
a) To run an App on
secondary critical resource to install such criteria for
computer in grid
devices like and it should be s/w on all assigning job to
P a g e | 83
Emerging Tech
rather than locally. Hard Drive redundant and computers in any member of
b) To run an App that efficient, else it grid but at any Grid.
may affect given time,
needs to be executed ▪ For example,
multiple times on effectiveness of only limited no.
some machines
diff. computers in a G.C. of computer
may be
Grid. will be able to
designated to
use the s/w.
c) To split the work in only be used for
separate parts so medical research.
that it can be
executed in parallel
on different
computers.
14.3. A P P L I C A T I O N S O F G R I D C O M P U T I N G
a) Civil engineers collaborate to do experimental research to design, execute, analyze, and validate
different models in earthquake engineering.
b) Insurance companies mine data from partner hospitals for fraud detection.
c) In scientific research, using an entire network of computers to analyze data.
d) In film industry, to give special effects in a movie.
e) In financial industry, to forecast the future of a particular stock.
14.4. G R I D C O M P U T I N G S E C U R I T Y C O N S T R A I N TS / I S S U ES TO C O N S I D E R
G.C. is a highly collaborative & distributed computing model. To develop secure Grid, following need to be
considered:
a) Secured Single Sign- User should be needed to authenticate once & should be able to access resources,
on use them, & to communicate internally without further authentication.
b) Mgt. & Protection of User’s credentials like User Id, Passwords, PIN should be protected.
credentials
c) Support for secure Among Grid member computers.
group connections
d) Support for multiple There should be security for multiple participants of a Grid based on public and
implementation private key cryptography.
e) Inter-operability Access to local computer resource should have local security & there should be
between Grid Security Inter-operability between Grid Security & local security.
& local security
f) Standardization: Since G.C. is highly integrated system, standardizing protocols and interfaces
between Grid participants is a big issue.
g) Exportability The code should be exportable i.e. they cannot use a large amount of encryption
at a time.
15. C L O U D C O M PU T I N G
▪ “The Cloud” refers to applications, services, and data storage on the Internet.
84 | P a g e
▪ C.C. refers to accessing these computing resources through internet. E.g. Google Drive, E-mail, Netflix
etc.
▪ It is a combination of H/w & S/w based resources delivered as a service which can be accessed online.
15.1. C H A R A C T E R I S T I C S O F C L O U D C O M P U T I N G
All the characteristics may or may not be present in a specific Cloud solution.
a) Elasticity & Scalable Gives the user ability to expand or reduce resources according to requirement.
b) Pay per use User pays for cloud services only when they use it.
c) On Demand Cloud service is not permanent part of IT infrastructure. It is availed when
required.
d) Resiliency Failure of a server or storage resource does not affect Org as work is migrated
to different server in same data center or to different data center with or
without human intervention.
e) Multi – Tenancy Public cloud offers its services to multiple users making it multi–tenancy
f) Work load It is related with resiliency & cost consideration. A cloud service provider may
Management move workload from one data center to another due to:
a. save cost [where operating data center is cheap]
b. regulatory considerations
b) better network bandwidth.
15.2. A D V A N T A G E S O F C L O U D
a) Streamline business by getting more work done in less time with less resource.
process
b) Reduced capital Cost No need to spend huge amount on s/w & H/w etc.
c) Reduced spending on Tech as data can be accessed on demand on pay as per use basis.
Infrastructure
d) Improved Flexibility Fast changes can be done in work environment.
e) Pervasive Accessibility Data can be accessed from anywhere on any device through internet.
f) Minimize maintenance As infrastructure is maintained by cloud service provider.
g) Globalise the workforce As people can access cloud with internet across world.
15.3. D R A W B A C K S O F C L O U D
a) Loss of internet connection will result in loss of Access to cloud.

b) Security is major concern as data & Application working depend on third party.
c) Scalability may be affected as No control of user on IT infrastructure.
d) While cloud service provider provides unlimited capacity to user, there may be some restrictions on
services.
e) Inter-Operability- If two Apps use different cloud service providers, they may not co-operate with each
other.
P a g e | 85
Emerging Tech
15.4. TYPES OF CLOUD C O M PU T I N G E N V I R O N M EN T ( B A S ED ON USAGE &
DEPLOYMENT)
Private Cloud Public Cloud Hybrid Cloud Community Cloud

It resides within the It is provisioned for It is a combination of at least 1 It is provisioned for
boundaries of Org & open use by general Private (internal) cloud & at exclusive use by specific
used exclusively for public. least 1 Public (external) cloud. community of consumers
Org benefit. Also called Provider It may be regarded as a private from Organizations that
Also called Internal Clouds. cloud extended to public cloud. have shared concerns
Cloud or Corporate like security, compliance
May be owned & Aim is to use power of public etc.
Cloud operated by Business cloud by retaining benefit of
Can be managed by or Academic or Govt. Private Cloud. May be owned,
single organization organization or any managed, & operated by
Typically offered in either of one or more of the Org
[on premise private combination thereon. two ways:
cloud] or can be in community, a third
Administrated by 3rd a) A vendor has private cloud party or a combination
outsourced to third party vendor over
party [outsourced Pvt & forms a partnership with of them, and it may
Internet a public cloud provider or exist on or off premises.
cloud].
Sr. is offered on Pay b) a public cloud vendor forms In this, a private cloud is
Built by Internal IT per use basis.
Team using concepts partnership with a vendor shared between several
of Virtualisation & that provides private cloud organizations.
Grid Computing platforms.
15.4.1. C H A R A C T E R I S T I C S O F C L O U D C O M P U T I N G E N V I R O N M E N T
Basis Private cloud Public cloud Hybrid Cloud Community cloud

Security & High as it is deployed Less as it is offered Partially Secure - Partially Secure -
Privacy & managed by the by Third Party higher than public & higher than public &
Org itself lesser than private lesser than private
Cost Very High Affordable Less than Private Cost Effective
SLA Weak Stringent Stringent Stringent
Scalability Not Easy Highly Highly Yes
Specific Centralised Control Loss of Autonomy & Complex Mgt. Loss of Autonomy &
Points Privacy Privacy
15.5. T Y P E S O F C L O U D C O M P U T I N G S E R V I C E M O D E L
National Institute of Standards and Technology (NIST) defines three basic service models through which
cloud services are offered to users. These are as follows:
Infrastructure as a Service (IaaS) Platform as a Service [PaaS] Software as a Service [SaaS]
It is a H/w level service which provides It provides the user ability to It provides ability to user to
computing resources like access an App over internet.
➢ Develop & Deploy
➢ Processing power ➢ app on platform S/w is installed, managed,
➢ Memory provided by Sr provider. updated & upgraded by cloud
➢ Network & Service provider.
PaaS changes Application
86 | P a g e
➢ Storage development from local User get access to App on pay

machine to online. per use (subscription) basis.
to cloud users to enable them to run
App on demand on pay per use basis. It provides Types
IT resources are installed & managed by - Programming language a) E-mail as a service (EaaS)
cloud Service provider & users use - App framework -
infrastructure in form of virtual - Database Provides integrated system
machine. - Testing Tools of mailing, record
Example - Other S/w development management, migrating,
tools integration etc.
AWS, Google Compute Engine,
OpenStack Example b) API as a service (APIaaS) -
Characteristics Google APP Engine Helps to explore
functionality of web services
a) Web Access - Enables user to Microsoft Azure Compute like Google Maps, Payroll
Access infra over Internet. No
Processing etc.
physical access.
c) Testing as a service (TaaS)
b) Metered Service - Allows user to
-
rent infrastructure rather than buy
it & pay on usage basis. Provides s/w testing
capabilities to users.
c) Scalability & Elasticity
Difference between SaaS &
d) Shared Infrastructure - Multi
PaaS is that PaaS represents a
Tenancy
platform for App development,
e) Centralized Management - It while SaaS provides online Apps
ensures effective Resource that are already developed.
Management
15.5.1. F I V E I N S T A N C E S O F I A A S
Backend as a Database as Desktop as a

Network as a service Storage as a service
service service service
NaaS provides data STaaS provides
BaaS provides DBaaS provides DTaaS enables
communication storage infrastructure
back-end infra to database user to use
capacity to the user to to user to store data
users to connect infrastructure desktop
execute data intensive online. their App to cloud to user to virtualization
activities requiring User can access data Infrastructure. create, store, without buying
more network like from anywhere & Additional services modify & own
video conferencing. anytime over Internet. include user mgt, access infrastructure.
Enables creation of push notification databases.
virtual N/w & other N/w etc.
components.
Infrastructure is owned & managed by vendor
User pays on demand & pay as per use
User can use infrastructure w/o buying it
Accessible over Internet anytime and anywhere
P a g e | 87
Emerging Tech
15.6. I S S U E S W I T H C L O U D C O M P U T I N G
Software Bugs in Interoperability

Hidden Unexpected Legal Threshold
development large scale
cost Behaviour resources policy
in cloud distribution
Such cost App may Need to Developers It’s Each C.C. Main
may perform well at adhere to face difficult to vendor has objective of
include Co’s internal several difficulty in remove different APIs implementing
higher data center developing errors in & format for T.P. is to
▪ Regulatory
N/w but it may not secure Apps very large- importing/ Inform C.C.
requiremen
charge for work in same that can be scale exporting data. service
t
storage & manner in hosted in distributed Industry C.C. provider &
database cloud. ▪ Privacy cloud. system. standard do user about
Apps, for App behaviour laws not exist. what they
users who must be should do.
may be ▪ Data This creates
checked for security problem of A carefully
located unexpected drafted T.P.
far from law achieving
behaviour. interoperability outlines*
cloud These laws
service *E.g. How App vary from of App b/w two Generally, T.P
provider. allocates country to C.C vendors. is not present
resources on country & It is also & only legal
sudden Cloud users difficult to doc is SLA.
increase in have no move infra
demand and control over from one Cloud
how it where data is to another
allocates physically
unused stored.
resources
16. M O B I L E C O M P U T I N G
▪ Technology that allows transmission of data via a computer/ mobile device without having to be
connected to a fixed physical link (wireless).
▪ Users can transmit data from remote locations to other remote or fixed location, thus solving issue of
‘Mobility’
▪ Widely established, rapidly evolving & rapidly growing across world.
16.1. K E Y C O M P O N EN TS O F M O B I L E C O M PU TI N G
Mobile Communication Mobile Hardware Mobile Software

Infrastructure put in place to Handheld mobile device that Actual Program that runs on mobile H/w.
ensure seamless & reliable receives or access service of
It is the operating system of that
communication. mobility. Appliance and is essential component
Includes Mobile towers, E.g. – Portable Laptops, Tablet, that makes the mobile device operate.
comm. protocols & data laptop, mobile phone. Apps are also being developed by
formats etc. Organizations for use by customers.
88 | P a g e
16.2. WORKING OF MOBILE COMPUTING
a) User enters or accesses data on hand held computing device using App.
b) This new data is transmitted from hand held computing device to physical I.S. where DB shall be
updated & New data is accessible to other system user as well.
c) Now, both systems i.e., handled device & physical I.S. have same information & they are in sync.
d) This process works in same way starting from other direction.
16.3. BENEFITS OF MOBILE COMPUTING
a) Flexibility in working It has enabled users to work from anywhere as long as they are connected to a
network, thus enabling work from home or work while travelling.
b) Increase in as workers can simply work efficiently and effectively from which ever
Employee’s location they see comfortable and suitable.
Productivity
c) Improved Customer For example, by using a wireless payment terminal the customers in a
Service restaurant can pay for their meal without leaving their table.
d) Remote access to Provides mobile workforce with remote access to work order details, such as
work order details work order location, contact information, required completion date.
e) Improved Enables to improve Mgt. effectiveness by enhancing information flow & ability
Management to control mobile workforce.
effectiveness
f) Facilitates excellent Mobile computing facilitates excellent communication.
communication
16.4. LIMITATIONS OF MOBILE COMPUTING
a) Insufficient Bandwidth It uses technologies such as GPRS & EDGE & 3G, 4G networks which are
slower than direct cable connection. Higher speed wireless LANs are
inexpensive but have very limited range.
b) Security standard Since public network is used, VPN should be carefully used.
c) Power consumption In case power is not available, batteries are used which are expensive.
d) Human Interface with device Small screen and small keys are hard to use.
e) Transmission Interface Weather, terrain and the range from the nearest signal point can all
interfere with signal reception. Signal in tunnel, lift, rural area may not
be good.
f) Potential Health Hazard No mobile should be used while driving as it distracts drivers. Cell phone
may interfere with sensitive medical devices, thus causing health issues.
17. G R E E N C O M P U T I N G
▪ Study & practice of environmentally sustainable computing or IT.

▪ Refers to using computer & IT resources in
➢ More efficient, Responsible & Environment friendly way.
P a g e | 89
Emerging Tech
▪ Objective
Reduce use of Maximize efficiency Promote recycling Bio – degradability of

hazardous material defunct product
17.1. G R E E N C O M PU T I N G B ES T P R A C T I C ES
Make
Recycle Reduce
Develop sustainable environmentally
consumption of Conserve Energy
Green Computing plan sound purchase
paper
decision
Involve all ▪ Dispose e- ▪ Purchase IT ▪ By using E- ▪ Use LCD & LED
stakeholders. waste as per resources based mail & monitors instead
Includes Govt. on Green electronic of CRT.
guidelines & Attributes. archiving.
a) Checklist ▪ Use notebook/
regulations.
▪ Recognize ▪ Online Laptop rather than
b) Recycling policies
▪ Manufacturer manufacturer’s marketing the Desktop.
c) Recommendation must offer efforts to reduce rather than
for purchasing G.C. ▪ Use power
safe end of life environmental paper-based
Management
d) Reduction of paper mgt. & impact of product marketing.
feature to turn off
consumption recycling by reducing or
▪ While printing, hard drives and
options when eliminating use
e) Use cloud print both sides displays after
product is of
computing so that using smaller several minutes of
unusable. environmentally
multiple Org share font size. inactivity.
sensitive
common infra. ▪ It should
material. ▪ Use ‘Track ▪ Use alternative
recycle
f) Create awareness changes’ in E- source of energy
computer ▪ Use shared
about commitment document like solar energy.
using its Resources &
to G.C. rather than red
recycling virtualization ▪ Adapt more of Web
line correction
service. that can help to conferencing
on paper.
improve resource instead of
utilization, reduce travelling.
energy costs &
simplify maint.
17.2. G R E E N IT S E C U R I T Y S E R V I C E S & C H A L L EN G E S
▪ Green Security is a new research field which involves defining & investigating security solutions under
the energy-aware perspective.
▪ The objectives of Green Security are to:
a) Evaluate the actual security mechanisms in order to assess their energy consumption.
b) Building new security mechanisms by considering the energy costs from the design phase.
▪ Need to evaluate a client’s infrastructure to accommodate green technology is really a vital issue’.
▪ Green security can be a cost-efficient and lucrative green IT service for solution providers.
90 | P a g e
18. B R I N G Y O U R O W N D E V I C E (BYOD)
▪ It is a business policy that allows Employees to use their preferred IT device like Laptop for business
purpose.
▪ Employees can connect personal device to corporate network to access information & application.
▪ It makes workspaces flexible as it enables employees to work beyond required hours.
18.1. A D V A N T A G E S O F BYOD
a) Happy Employees as Employees love to use own device at work & need not carry multiple
devices.
b) Increased Employee as he is not required to learn working on new system.
efficiency
c) Lower IT Budget Leads to financial saving as Org is not required to provide device to staffs.
d) Reduced support requirement as Employees maintain the device on their own, resulting in cost saving.
e) Early adoption of technology as Employees are more proactive in adopting new technologies which leads
to enhanced productivity.
18.2. E M E R G I N G T H R E A T S / D I S A D V A N T A G E S O F BYOD
Network Risk Device Risk Application Risk Implementation Risk

Referred as ‘Lack of Device Referred as ‘Loss of Referred as ‘App Virus Referred as ‘Weak
Visibility’ Device’ & Malware’ BYOD policy’
IT practice team is unaware Device can be lost or Employee’s personal Effective
about total no of devices stolen causing enormous device may not be implementation of
connected to Org network. loss in terms of finance protected by security BYOD program should
This can be hazardous. & reputation. S/w. cover implementation
Company trade secrets Org is not clear who is policy along with
Suppose virus hits N/w & above technical issues.
company needs to scan all can be retrieved from a responsible for device
devices connected to N/w. misplaced device. security - Organization Note: A strong BYOD
or employee. policy mitigate the
It may be possible some risk.
employee’s device skip scan.
19. WEB 3.0
Introduction
➢ Web 1.0 → Initial days of Google/Prior to Google. Static page that could be read. No write, No sharing
➢ Web 2.0 → Dynamic page + Read & write (users can upload photos, comment on other’s photo).
Resulted in Social media network b/w people & people.
➢ Web 3.0 → Web 2.0 + such device & website are able to generate, store & share data with other
compatible devices w/o human intervention.
P a g e | 91
Emerging Tech
Web 3.0
It is known as semantic web. (Study of how language is used to produce meaning).
Refers to websites wherein raw data is generated by computer/devices (TV, AC, etc) & shared with other
devices without direct human intervention.
It is next step in evolution of Internet & web-tech. It uses
a) Semantic web tech
b) AI
c) User behavior
d) Widgets/Apps
e) User engagement depending on interest of users .
Example Content management systems along with artificial intelligence can answer questions posed by
the users, because the application can think on its own and find the most probable answer, as per
context
In this way, Web 3.0 can also be described as a “machine to user” standard in the internet.
19.1. C O M PO N E N T S O F WEB 3.0
Semantic web Web Services/Apps

▪ It allows machines to interpret data/info so that ▪ Software system that supports computer to
machines are able to take decision on their own computer interaction over internet.
by finding and acting upon relevant data on
web.
▪ It provides common framework to web user that
can be used to share & access data across
website.
19.2. F U T U R E O F W E B T E C H N O L O G I E S
a) Web 4.0 called “Intelligent Web” is autonomous, proactive, content-exploring, self-learning,

collaborative, and content-generating agents based on fully matured semantic & Artificial Intelligence.
Examples- Services interacting with sensors or virtual reality services.
b) Web 5.0, “The Telepathic Web/The Symbionet Web” is set to be highly complex future web generation,
to be present after the year 2030 in which some things such as brain implants are expected to be
popular.
c) Brain implants will give people the ability to communicate with the internet through thought, to think
of a question and open up a web page.
d) Any sort of payments, such as groceries, will be paid for with a microchip in the brain or the hand and
all devices will be connected to the internet.
20. I N T E R N E T O F T H I N G S (IOT)
▪ IoT is a system of –
➢ interrelated Computing devices, mechanical & Digital machines, animals or people with capability to
92 | P a g e
➢ transfer data over internet

➢ without human to human or human to machine interaction.
▪ Embedded with electronics, Internet connectivity, and other forms of hardware (like sensors), these
devices can communicate & interact with others over the Internet, and can be remotely monitored and
controlled.
▪ E.g. Washing machine with wi-fi capacity can connect themselves to home wi-fi & once connected, can
be controlled through manufacture’s app from anywhere.
20.1. A P P L I C A T I O N S O F IOT
a) All home appliances to be connected and that shall create a virtual home. Home owners can keep track
of all activities in house through their hand-held devices including home security through CCTV.
b) Office machines shall be connected through net.
HR managers can see how many people had a cup of coffee from vending machine & how many are
present.
How many printouts are being generated through office printer?
c) Governments can keep track of resource utilizations / extra support needed.
Under SWACHH mission government can tag all dustbins with IOT sensors. They (dustbins) generate a
message once they are full.
d) Smart Wearables
e) Connected Cars
f) Smart Supply Chain
20.2. R I S K S O F IOT
Risk to User
Risk to Product Privacy, Intentional Environmental
Technology Risk
Manufacturer Security Autonomy & Obsolescence Risk
Control
a) Data storage Greatest Risk of loss of On launching Due to Lack of May have
& analysis threat control over new device, technology impact on
must be Since devices personal life as features of old standard & house air
secured & are personal data device may be Due to variety quality due to
protected. connected to may be leaked. disabled or of H/w & S/w use of heavy
b) Manufacture N/w, they will Other major slowed down. used on earth metals
r not be hit by all concern is Who Where a different in devices.
providing IOT N/w related has ownership of manufacturer devices, it’s
will not be risks like this personal buys another, it difficult to
able to data may not support develop App.
▪ Hacker
survive in old devices sold.
future. ▪ Bomb
▪ Trojan
etc.
P a g e | 93
Emerging Tech
21. A R T I F I C I A L I N T E L L I G E N C E (AI)
▪ Intelligence means ability to use memory, knowledge & experience to solve a problem.
▪ Intelligence exhibited/ displayed by a machine is called AI.
Application Risks
➢ Autonomous vehicle (self-driving cars) a) AI Relies on data it gets. Thus, incorrect Input will give
incorrect conclusions.
➢ Creating Art, poetry
b) AI (robots) carries security threat. Countries are
➢ Playing online game like chess discussing to have a kill switch in AI capable devices.
➢ Online Assistants (SIRI, ALEXA) c) In long term, AI may kill people’s skill of thinking the
➢ Medical diagnosis, in cancer Research unthinkable. AI can’t think out of the box.
➢ Robotics
22. M A C H I N E L E A R N I N G ( ML)
▪ Application of AI that enable computers to learn automatically without being explicitly programmed.
▪ Science and art of programming computers so that they can learn from data & can change when
exposed to new data.
▪ Machine learning can be used for solving problems that either are too complex for traditional
approaches or have no known algorithm such as speech recognition.
▪ Application & risks are similar to AI.
94 | P a g e
Core Banking Systems
C HAPTER 5
C ORE B ANKING S YSTEMS
1. O V E R V I E W O F B A N K I N G S E R V I C E S
1.1. I N T R O D U C T I O N
Key factors/ reasons that enabled Banks to compete at world level & provide basic banking services to citizens
of India staying in remotest area of India are as follows:
a) Rapid development & adoption of IT by Banks which facilitates anytime & anywhere access.
b) Global business opportunities leading to Indian opportunities & customer’s demand for integrated services.
c) Growth of Internet penetration across India.
d) Successive Government’s focus towards financial inclusion for all Indians. E.g. Jan Dhan Yojana.
1.2. C H A R A C T E R I S T I C S / K E Y F E A T U R E S O F B A N K I N G B U S I N ES S
a) Custody of Large volume of Monetary Items like cash & Negotiable Instruments.
b) Dealer in Large volume (in number, value and variety) of transactions.
c) Operating through Wide Network of Branches & Departments, which are geographically dispersed.
d) Increased possibility of fraud making it mandatory for Banks to provide multi-point authentication checks
& high level of information security.
1.3. F U N C T I O N S O F B A N K / M A J O R P R O D U C TS & S E R V I C ES P R O V I D E D B Y B A N K S / T Y P ES O F B A N K I N G
SERVICES
Acceptance of
Core functions deposit
[Pay Interest] Lending of money
[Earn Interest]
S No. Functions Explanation

1 Acceptance of ▪ Most important function of a commercial bank which fuel the growth of
Deposits banking operations.
▪ Banks accept deposits from customers for a pre-defined period.
P a g e | 95
Core Banking Solution

▪ Various forms of Acceptance of deposit are Fixed deposit, Current A/c deposit,
Saving deposit, Recurring deposit, Flexi deposit etc.
2 Granting of ▪ It constitutes major source of earning by commercial banks.
Advance/ Lending
of money ▪ Various forms - Cash credit, Loans, Overdraft, Discounting of Bills etc.
▪ Bank helps in disbursement of loans under various social welfare schemes
like Kisan credit card, mudra Yojana etc.
3 Remittances ▪ Involves transfer of funds from one account to another account.
▪ Common modes:
a) Demand draft – It is issued by one branch of a Bank and are payable by
another branch of the Bank. The demand drafts are handed over to the
Applicant.
b) Mail Transfer – It is a way of remitting money from one place to another
through a Bank. Bank does not hand over any Instrument to Applicant and
transmission of the instrument is responsibility of the branch.
c) Electronic Fund Transfer – EFT facilitates almost instantaneous transfer of
funds between two centers electronically. Types of EFTs are as follows:
RTGS (Real Time Gross NEFT (National Electronic IMPS (Immediate
Settlement) fund transfer) Payment System)
Type of EFT where the Type of EFT that facilitates It is instant inter-bank
transmission takes transfer of funds from any EFT done through
place on a real-time bank branch to any mobile or internet
basis. individual having an account banking.
In India, it is done for with any other bank branch Unlike other two, it is
high value transactions. in the country. available 24x7
Min value – 2L Comparatively slower including on bank
No minimum value holiday.
4 Collection ▪ Involves collecting proceeds on behalf of customers by collecting bank.

▪ Customers can submit instruments like cheque, draft etc which are drawn in
their favour, with their Bank for collection of amount from drawee bank.
▪ For these services, Banks charge nominal collection fees.
5 Clearing ▪ Involves collecting instruments on behalf of customers of Bank by clearing
house.
▪ Clearing house settles inter Bank transactions among banks & Post Offices.
▪ There may be separate clearing house for MICR [Magnetic Ink Character
recognition] & non MICR instruments.
▪ MICR is technology that allows machine to read & process cheques enabling
thousands of cheque transactions in short time.
▪ Electronic Clearing Services (ECS) is used extensively for bulk clearing which
is an electronic method of fund transfer from one bank account to another.
It takes two forms:
96 | P a g e
ECS credit ECS Debit
In this, number of beneficiary In this, large number of accounts with
accounts are credited by debiting the Bank are debited for credit to a
periodically a single account of the single account.
bank. Examples: Tax collections, loan
Examples: Payment of amounts instalment repayment, investments in
towards dividend distribution, interest, mutual funds etc.
salary, pension, etc.
6 Letter of Credit & Letter of Credit Guarantee
Guarantee
It is an undertaking by Bank to the It is provided by Bank, on request of
payee (supplier of goods & services) customer of Bank (supplier), to
➢ to pay him on behalf of buyer ➢ buyer of Goods / services
➢ any amount upto the limit ➢ to guarantee performance of
specified in L.C contractual obligation or
➢ provided T&C are satisfied. ➢ for submission to Govt. authorities
like customs in lieu of the
stipulated security deposit.
7 Credit Card ▪ Processing of Application for credit card is entrusted to separate division at
central office of Bank.
▪ It is linked to one of the international credit card networks like VISA, Master,
Amex or India’s own RuPay which currently issues debit cards but credit cards
are also expected to be launched in near future.
8 Debit Card ▪ Issued by central office of Bank where customers have their account.
▪ It facilitates withdrawal of money from ATMs as well pay at authorized
outlets. When debit card is used for a transaction, amount is immediately
deducted from customer’s account.
9 Other Banking Operations
High Net Worth Risk
Back operations Retail Banking Specialized Services
Individuals (HNIs) management
Covers all Known as front Specialized It is done at Underwriting: Life
operations done office services to HNIs - Strategic Process of assessing insurance
by back office. operations that based on value/ credit worthiness or
provide direct volume of deposits - Tactical
Related to risk of a potential
services to / transactions. - Operational borrower & his
- General leger customers for & ability to repay
- MIS personal use. loan.
- technology
- Reporting E.g. Debit areas of Critical process
cards, personal Bank while determining
- Compliance loans,
etc. grant of loan to
mortgages etc. customer.
P a g e | 97
2. C O R E B A N K I N G S Y S T E M / S O L U T I O N
2.1. I N T R O D U C T I O N T O CBS
C •Centralised
O •Online
R •Real Time
E •Exchange/Environment
Common IT solution where

Central shared database
CBS
Supports entire banking application & function.
It allows customers to use various banking facilities irrespective of bank branch location.
2.2. C H A R A C T E R I S T I C S O F CBS
a) Common Database in Central Server located at Data Center.

b) Centralized Banking App s/w having several components to meet the demands of Banking industry.
c) Supported by Advanced Technology infrastructure.
d) Modular structure and can be implemented in stages as per requirements of Banks.
e) Enables integration of all third-party apps [BHIM] & in-house banking s/w.
f) Branches function as delivery channels providing services to its customers
2.3. E X A M P L E S O F CBS
Finacle BaNCS Flexcube FinnOne bankMate
2.4. K E Y M O D U L E S O F CBS
Core of CBS
• Back Office • Mobile Banking
• Data Warehouse • Internet Banking
• Credit Card System • Central Server • Phone Banking
comprising of App
• ATM Switch Server & Database • Branch Banking
Server
Back End Front End
Applications Applications
98 | P a g e
S No. Modules Explanation
1 Back Office ▪ Part of Bank comprising of Administration and Support Personnel who are not
client facing.
▪ Back-office functions include settlement, record maintenance, regulatory
compliance , Accounts & IT.
2 Data warehouse ▪ Banking professionals use data warehouses to simplify and standardize the
way they gather data and finally get to one clear version of the truth.
3 Credit Card ▪ It provides services of
system
➢ Customer Management
➢ Credit Card Management
➢ Customer Information Management
➢ online transaction authorization
➢ Supports Payment Application
4 ATM ▪ It is an electronic Banking outlet that allows customers to do basic banking
transactions without help of any branch official.
▪ Need debit card or credit card to access ATM.
▪ Enables customer to perform
➢ Quick self-service online transactions like Deposit, Withdrawal etc.
➢ to more complex transactions like bill payments.
5 Mobile Banking ▪ Internet Banking
and Internet
Banking ▪ Mobile Banking
▪ Phone Banking
6 Branch Banking ▪ Due to CBS, Front end & Back-end processes within a bank have been
automated resulting in seamless workflow. Branch Confines itself to following
key functions:
a) Creating manual document capturing data required for Input into s/w.
b) Initiating Beginning of Day (BOD) operations
c) End of Day (EOD) operations
d) Reviewing reports for control and error correction.
e) Internal Authorization.
2.5. C O R E F E A T U R E S O F CBS ( O T H E R T H A N B A N K I N G S E R V I C ES )
In addition to basic banking services that a Bank provides through use of CBS, the technology enables
Banks to add following features to its service delivery:
i) Online real time processing
ii) Transactions are posted immediately
iii) All database updated simultaneously
iv) Centralized operations [All data stored in one common database]
v) Anytime, anywhere access to customers and vendors
P a g e | 99
vi) Banking access through multiple channels like mobile, web etc.
vii) Remote interaction with customers
viii) Automatic processing of standing instructions like auto deduction of credit balance on specific date.
ix) Centralized Internet application for all accounts
x) Business and Services are productized.
3. C O M P O N E N T S & A R C H I T E C T U R E O F CBS
3.1. T E C H N O L O G Y C O M P O N E N T S O F CBS
Data centre/ Connectivity Enterprise Security Online

Application Database
Data recovery to Corporate Architecture & transaction
Environment Environment
centre N/w & Internet Solution monitoring
Consists of App Consists of Includes various There should To ensure security; Effective
servers that host centrally located App servers, DB be adequate proxy servers, monitoring
different CBS like database servers servers, web bandwidth to firewalls, intrusion should be done
Flex Cube, Bank that store the servers etc. and deal with the detection systems as part of
Mate etc. and is data for all various other volume of are used to protect managing
centrally used by branches of the technological transactions the network from fraud risk mgt.
different Banks. Bank. components. so as to any malicious Proper alert
Access to these Data may Proper prevent attacks and to system should
application include awareness slowing down detect any be enabled to
servers will customer master should be and resulting unauthorized identify any
generally be data, interest created among in lower network entries. changes in the
routed through a rates, account the employees efficiency. Periodic log settings.
firewall. types etc. through periodic assessment and
It is updated by trainings and testing are carried
App servers. mock drills for out to assess
disaster recovery vulnerability &
procedures. identify
weaknesses.
3.2. K E Y A S P EC T S B U I L T W I T H I N A R C H I T EC TU R E O F CBS
1. Information flows This facilitates Information flow within Bank and increases speed and
accuracy of decision-making.
2. Customer Centric This enables Bank to target customers with right offers at right time to
increase profitability.
3. Regulatory Compliance This has built-in and regularly updated regulatory platform which ensures
complex compliance by Banks. Eg:- maintain required % of CRR, SLR
4. Resource optimization This optimizes resource utilisation through improved assets sharing, reusability,
faster processing and increased accuracy.
3.3. CBS IT E N V I R O N M E N T
CBS is a Technology Environment based on Client-Server Architecture, having a

➢ Remote Server (called Data Centre) and
100 | P a g e
➢ Clients (called Service Outlets which are connected through channel servers) branches.
The server is a sophisticated computer that accepts service requests from different machines called
Clients. The requests are processed by the server and sent back to the clients.
Constituents / Types of servers used in deploying CBS are as follows

a) Application ▪ It performs necessary operations & updates the A/c of a customer in DB server.
server
▪ Whatever transaction a customer does at any Branch of Bank, it is updated at
centralized database by App server.
b) Database Server ▪ It contains data of entire Bank like account of customers and master data like
customer master data, employee data, rates for loan, etc. It is accessed by App
server.
c) Automated Teller ▪ It contains details of ATM A/c holders. When central DB is busy due to central
Machine Channel end of day activity or due to any other reason, file containing A/c balance of
Server customers is sent to ATM switch (file is called positive balance file).
▪ This ensures continuity of ATM operations.
▪ ATM PIN numbers of the ATM account holders is not stored in ATMCS but in
IBCS.
P a g e | 101
d) Internet Banking ▪ It stores username & password of all internet Banking customers and the branch
Channel Server to which the customer belongs. Such information is not stored in ATM servers.
e) Internet Banking ▪ It stores Internet Banking software which authenticates customer with login
Application details stored in IBCS.
Server
f) Web Server ▪ It hosts website and all internet related S/w. All online requests on website are
serviced through web server.
▪ It is a program that uses HTTP (Hypertext Transfer Protocol) to serve the files
that form Web pages to users, in response to their requests.
g) Proxy Server ▪ It’s a computer that offers indirect n/w connection to other network server.
▪ Client connects to proxy server and then requests a connection or file or resource
available on different bank server.
h) Anti-virus ▪ It is used to host Anti-virus software. It is installed for ensuring that all s/w being
Software Server deployed on CBS are first scanned to ensure that they are safe from
virus/malware.
3.4. F U N C T I O N A L A R C H I T E C T U R E O F CBS
CBS is the ERP software of a Bank. It covers all aspects of Banking operations from
➢ Micro- to macro operations and covers all Banking services ranging from
➢ Back office to front office operations
➢ Transactions at counter to online transactions &
➢ G.L to reporting.
However, it is modular in nature & it is implemented for all functions or core functions as decided by
management.
Implementation depends on Need and critically of specific Banking service provided by the Bank.
Eg:- If FOREX transactions of Bank are minimal, related functions may not be implemented.
3.5. I M P L E M E N T A T I O N O F CBS
Deployment and Implementation of CBS should be controlled at various stages to ensure that Bank’s
automation objectives are achieved.
1. Planning Planning for implementation of CBS should be done as per Bank’s strategic and
business objectives.
2. Approval Since high investment and recurring costs are involved, decision must be approved by
B.O.D.
3. Selection There are multiple vendors of CBS, each solution has key differentiators. Bank should
select the right one as per their objective & requirements.
4. Design & Develop Earlier CBS was developed in-house by Banks. Currently, its mostly procured. There
or Procured should be control over design and development or procurement of CBS.
5. Testing Extensive testing must be done before CBS is live. Testing is done at various phases:
102 | P a g e
- at procurement stage (to test suitability)
- to data migration (to ensure all existing data is migrated)
- to testing processing of different types of Transactions of all modules (to ensure
correct results are produced)
6. Implementationa) Must be implemented as per pre-defined & agreed plan in a time bound manner.
7. Maintenance CBS needs to be properly maintained. E.g. Program bugs fixation.
8. Support To ensure it is working effectively.
9. Updation CBS must be updated based on changing requirements of business, technology &
regulatory compliances.
10. Audit Should be done internally & externally to ensure controls are working as expected.
4. CBS R I S K S , S E C U R I T Y P O L I C Y & C O N T R O L S
4.1. R I S K S A S S O C I A T E D W I T H CBS
1. Operational Risk Refers to risk arising from direct or indirect loss to Bank due to inadequate or failed
➢ Internal Process, People & System.
Operational risk necessarily excludes business risk and strategic risk.
The components of operational risk include:
Transaction Information
Legal Risk Compliance Risk People Risk
Processing Risk Security Risk
Arises because Refers to risk Refers to risk Refers to Refers to risk
of faulty arising due to arising exposure to legal arising from
reporting of use of info. because of penalties & loss
➢ lack of
important systems & the an organization
➢ treatment trained key
market environment can face when it
of clients, personnel,
developments in which these fails to act as
to Bank systems ➢ sale of per industry ➢ tampering of
management. operate. products, laws and records and
May also occur or regulations.
➢ nexus
due to errors in ➢ business between front
entry of data practices and back-end
for processing. of a Bank. offices.
2. Credit Risk Refers to risk of an Asset/Loan becoming irrecoverable due to outright default or Risk
of unexpected delay in servicing of loan.
A form of counter party risk since Bank and borrower usually sign a loan contract.
3. Market Risk Refers to risk of losses in Bank’s trading book due to changes in
➢ equity price; commodity price; Interest rate; foreign currency rate etc.
To manage this risk, Bank deploys highly sophisticated mathematical & statistical
techniques.
4. Strategic Risk/ Refers to risk that earnings will decline due to change in business environment. E.g.
Business Risk New competitor, change in demand of customer etc.
5. IT Related Risk Some of the common IT risks related to CBS are as follows:
a) Ownership of Data is stored in data center. Bank must establish clear ownership of data so that
P a g e | 103
Data / Process accountability can be fixed and unwanted changes to the data can be prevented.
b) Authorization It ensures only authorized person can enter data in CBS. If authorization process is
process not robust, unauthorized person can access customer Information & other sensitive
data.
c) Authentication Username, password, PIN, OTP are commonly used for authentication process.
process
d) Several S/w A Data center may have as many as 100 different interfaces & App software.
Interface across It requires adequate Infra. like uninterrupted power supply, backup generator etc.
diverse n/w
e) Maintaining Maintaining optimum response time & uptime can be challenging.
response time
f) Access Control Since Bank is subjected to all types of attack, designing access control is a
challenging task.
g) Change It reduces risk that new system is rejected by users. However, it requires changes at
management App level & data level of DB - Master files, transaction files and reporting software.
4.2. SECURITY POLICY
Large organizations like Financial Institutions and Banks need to have laid down framework for security with
proper organization structure, defined roles, responsibilities within the organization.
Since Banks deal in third party money and need to create a framework of security for its systems, this
framework needs to be of global standards to create trust in customers in and outside India
Information security → Refers to ensuring CIA of Information. It is critical to mitigate risk of risk of
Information Technologies.
RBI has suggested use of 1SO 27001: 2013 to implement information security. Also advised to obtain 1SO 27001
certification for data centers.
Information security comprises following sub-processes:
a) Info Security Policies, Refers to processes related to approval & implementation of Info security.
Procedures & I.S. policy is the basis for developing detailed procedures & practices for I.S.
Practices security & implementing it.
b) User Security Refers to the security of various users of I.S. It defines how users are created and
Administration Access is granted or disabled as per Organization structure & Access matrix.
c) Application Security Refers to how security is implemented at various aspects of Application. E.g. Event
Logging
d) Database security Refers to how security is implemented at various aspects of database. E.g. RBAC
e) Operating system Refers to how security is implemented at various aspects of OS.
security
f) Network security Refers to how security is implemented at various aspects of network & connectivity
to the servers. E.g. Use of VPN for employees, implementation of firewalls etc.
g) Physical Security Refers to how security is implemented for physical access. For example - Disabling
the USB ports.
104 | P a g e
Risk & Control w.r.t. Information Security
Risk Control
a) Lack of Management Direction & Commitment to Security policies are established and management
protect Information Asset. has to monitor compliance with policies.
b) User accountability is not established All users are required to have unique user ID.
c) Potential loss of CIA of data/ Info Appropriate physical access controls should be
implemented.
Vendor default password for OS, DB, N/w etc. User
should change it on receiving software.
d) It is easier of unauthorized users to guess Password should be complex & changed frequently
password of an authentic user
e) Security breach may go undetected Access to sensitive data is logged and log should be
reviewed regularly by management.
f) Inadequate preventive measure for server and IT Adequate environmental controls should be
system in case of environmental threats like flood, implemented like fire alarm, disaster recovery plan,
fire etc. back up etc.
4.3. I N T E R N A L C O N T R O L S Y S T E M I N B A N K
I.C. helps mitigate the risk and must be integrated in IT solution implemented at Bank’s Branches.
Objectives of I.C. a) Ensuring Accuracy and completeness of A/c record
in Bank b) Timely preparation of reliable F.S.
c) Orderly & efficient conduct of business
d) Compliance with regulatory requirements
e) Safeguard of Assets through prevention & detection of fraud.
f) Adherence to management policy.
Examples of I.C. i) Maker Checker process - Work of one staff is checked by another worker irrespective
of nature of work.
ii) System of job rotation among staff exists.
iii) Financial and Administrative powers of each Employee is fixed & communicated.
iv) All books are to be regularly balanced and confirmed by authorized official.
v) Fraud prone items like currency, valuables etc should be in custody of 2 or more
officials of Bank.
vi) Details of lost security forms are immediately sent to controlling authority.
4.4. IT C O N T R O L S I N B A N K
IT risks are mitigated by implementing right type & level of IT controls in automated environment.
It is done by integrating controls into Info Tech/CBS.
Examples:
a) System maintains records of all log-ins and log-outs.
b) Transaction is allowed to be posted in Dormant A/c only with supervisory password.
P a g e | 105
c) System checks whether the amount to be withdrawn is within the drawing power.
d) Access to system is available only b/w stipulated hours & specified days only.
e) User Timeout is prescribed [auto log out in case system is inactive]
f) User should be given access on “Need to know basis”
g) Once end of day operations are over, ledger can’t be opened w/o supervisory password.
4.5. A P P L I C A T I O N S/ W - C O N F I G U R A T I O N , M A S T E R S , T R A N S A C T I O N S A N D R EP O R T S
There are 4 Gateways through which an Enterprise can control, access & use the various menus and
functions of Software. Examples of each are given below:
Configuration Master Transaction Reports

a) User Activation & a) Customers a) Deposit Transaction – Generated periodically or on
Deactivation master data – opening of A/c, demand by users at diff. level
Process Type, name withdrawal, Interest
Address, PAN computation etc. - Standard
b) User access &
privileges b) Employees b) Loan & Advance - Ad-hoc
management Master Data - Transaction CBS has extensive reporting
c) Password
Employee name, c) General Ledger - Entry of feature like:
management ID, Date of expenses, Interest, a) Summary of Daily
joining, charges etc. Transactions
designation,
salary etc. b) Daily general ledger
c) Tax Master Data c) MIS report for each product/
– Tax rates, service.
slab, TDS rate d) Report of exceptions
etc.
e) Activity logging and review.
Risk & Control w.r.t. Application Controls

Risk Control
a) Inaccurate calculation of Interest Interest is auto calculated as per defined rules
b) Inaccurate assignment of rate codes The interest rate code is defaulted at the account level
c) Charges not levied resulting in loss of revenue or The charges applicable for various transactions as per
inappropriate charges levied resulting in account types are properly configured as per bank rules.
customer disputes The Charges are in compliances with RBI & bank’s
policies.
d) Inappropriate reversal of charges resulting in System does not permit reversal of the charges in excess
loss of revenue. of the original amount charged.
e) Incorrect classification of NPA resulting in Configuration/customization exists in the application to
financial misstatement. perform the NPA classification as per relevant RBI
guidelines.
106 | P a g e
5. CORE B U S I N E S S P R O C E S S E S – R E L E V A N T R I S K S & C O N T R O L S
CASA Credit Card Mortgage Loan Loan & Trade Treasury process E-commerce Internet
finance Transaction Banking
▪ Process ▪ Process ▪ Process ▪ Process ▪ Process ▪ Process ▪ Process
▪ Risk & Control ▪ Risk & Control ▪ Risk & Control ▪ Risk & control ▪ Risk & Control
5.1. C U R R E N T A C C O U N T S A V I N G A C C O U N T [C ASA]
Risks & Controls w.r.t. CASA

Risk Control
1. Credit limit is set up in CBS by unauthorized Access right to authorize credit limit should be
person. restricted to authorised personnel only.
2. Credit line set up in CBS is not in line with Credit committee checks financial ratio, net worth and
Bank’s policy ensure credit limit is as per policy of Bank.
3. Customer master data defined in CBS is Access right to authorize customer master data in CBS
inaccurate should be restricted to authorised personnel only
4. Interest/ charge being calculated in CBS is Interest/ charge is auto calculated as per defined rules
incorrect
5. Unauthorized person is approving CASA SOD is maintained b/w initiator and authorizer of
transaction in CBS transaction for processing of transaction.
P a g e | 107
6. Inaccurate A/c entries generated in CBS CBS should be configured to generate entry as per
defined rules AS.
5.2. C R E D I T C A R D
Process Flow of Issuance of Credit Card
Credit Card Process Flow of Sale - Authorization Process of Credit Card Facilities
Process Flow of Clearing & Settlement process of Credit Card Facility
Process Flow - Issuance of credit card

Same as CASA
Process Flow - Using Credit Card / Authorisation Process of Credit Card facilities
Process Flow - Clearing & Settlement of Credit Card facilities
Risks & Controls w.r.t. Credit Card – Same as CASA (first 4 points)
5.3. M O R T G A G E L O A N
Refers to a secured loan which is secured on Borrower’s property.

A charge/lien is created on the property as collateral. If borrower defaults on repayment of loan, lender can
sell the property to recover due amount.
108 | P a g e
Mortgages are used by individuals and businesses to make large real estate purchases without paying the
entire value of the purchase up front.
Home Loan Top – up Loan Loan for under –construction
property
Traditional mortgage for Additional loan is applied by a Loan is granted in parts/tranches as
purchase of property. customer who is already having a per construction plan.
Customer has an option of loan either for refurbishment or
selecting fixed or variable renovation of the house.
rate of interest.
Risks & Controls w.r.t. Mortgage Loan

Risk Control
Incorrect customer and loan detail is captured in Secondary review is performed by independent team
CBS who will verify details captured in CBS with offer letter.
Incorrect loan amount is disbursed Same as above
Interest amount is incorrectly calculated and Interest is auto-calculated by CBS based on pre-defined
charged rules i.e., Loan Amount, Interest rate, Tenure etc.
Unauthorized changes made to loan master data SOD must exist in CBS. Every transaction entered in CBS
and customer master data must be authorized by another person.
Reviewer cannot edit any details submitted by person
putting data.
P a g e | 109
5.4. L O A N A N D T R A D E F I N A N C E P R O C E S S
Lending business is main business of Bank. It is carried on by bank by offering various credit facilities.
It carries inherent risks and Bank can’t lend more than calculated risk.
Bank should ensure:
a) Proper recovery of funds lent by it; and
b) Be aware of legal remedies & laws w.r.t credit facilities provided by it .
Classification of Credit Facilities

Fund Based Credit Facilities Non-Fund Based Credit Facilities
Involves outflow of funds i.e., money of Bank is lent Does not involve outflow of fund
to customer. Types:
Types: Letter of credit
Cash credits / Overdrafts Guarantee
Term loans / Demand Loans
Discounting of Bills
Process Flow - Customer Master Creation in Loan Disbursal System
110 | P a g e
Process Flow - Loan Disbursal / Credit Facility Utilisation & Income Accounting
Approaches for availing credit facility as per sanction letter
Customer Bank
Provide credit facility after verifying credit limit in loan disbursal system
Fund Based Credit Facilities Non-Fund Based Credit Facilities

Funds are disbursed and loan is recorded in CBS as Facilities are granted
recoverable. 3 Accounting Entries
3 accounting entries a) On booking Facility
a) On booking loan Contingent Asset – Dr
Loan A/c – Dr To contingent liability
To customer A/c b) On booking Commission Income [accrued
b) On booking Interest/Discounting Income [accrued over tenure of Guarantee/L.C.]
daily] Customer – Dr
Customer A/c – Dr To commission
To Interest c) On maturity
c) On maturity Contingent liability – Dr
Customer A/c – Dr To contingent Asset
To Loan a/c
S. No. Product Income for banks Accounting of Income

1. Cash Credit/ Interest Credits Interest accrued on daily basis at agreed rates
Overdraft credits/ Overdraft
balances
2. Demand Loans/ Interest on Demand Interest accrued on daily basis at agreed rates
Terms Loans Loans/Term Loan
3. Bill Discounting Discounting Income Interest accrued on daily basis at agreed rates
4. Bank Guarantee Commission Commission accrued over the tenure of the
bank guarantee.
5. Letter of Credit Commission Commission accrued over the tenure of the L.C.
Risks & Controls w.r.t. Loans & Advance Process

Same as Mortgage Loan & first 4 points of CASA.
5.5. T R E A S U R Y P R O C E S S
Products in Investment Category Product in Trading category
- Government security - Foreign exchange
P a g e | 111
- Shares - Derivatives (Future & Option)

- Debenture and Bonds
- Venture capital fund
Mutual funds
Core Areas of Treasury Operations – can be divided into the following broad compartments
Front office Middle office Back office
F.O. operations consist of M.O. operations include It supports front office. B.O.
dealing room operations where a) Risk Management operations include
dealers enter into deal/trade a) Confirmation of deals entered by
with corporate & Inter Bank b) Pricing & Valuations front office Team
counter parties. c) Responsible for Treasury A/c
b) Settlement of funds/ securities
Deals are entered by dealers on d) Documentation of various
various trading platforms like c) Performs Front office and Back-
deals &
Telephone, Broker & other office reconciliation to ensure
e) Producing financial result accuracy & completeness of all
private channels.
analysis & budget forecast & deals in a day
Dealer is responsible for
f) Preparing financial statement d) Checking and confirming
checking
for regulatory reporting. existence of valid & enforceable
- Counter party credit time. ISDA (International swap dealer
- Eligibility & Other regulatory Association) Agreement.
requirements of Bank before
entering into deal with
customers.
All risks are borne by dealer.
112 | P a g e
Risks & Controls w.r.t. Treasury Process
Risk Control
a) Unauthorized security set-up in systems such as Appropriate SOD and review controls to ensure
F.O./ B.O. accurate security set-up.
b) Inaccurate trade is processed Appropriate SOD and review controls for ensuring
accuracy of Trade processing.
c) Unauthorized confirmations are processed Complete and accurate confirmations to be
obtained from counter-party.
d) Inaccurate info flow b/w 3 systems Inter-system reconciliation & Inter-system
Interfaces
e) Insufficient securities available for settlement Effective controls on security & margins
f) Insufficient fund available for settlement Effective controls on security and margins.
5.6. I N T E R N E T B A N K I N G P R O C E S S
P a g e | 113
Facilities Available in Internet Banking

a) Password change
b) A/c Balance check
c) Fund transfer
d) Statement of A/c
e) Request cheque Book
f) Credit Card/ Debit card request /payment / Block
g) Opening of FD/ RD and breaking it.
5.7. E-C O M M E R C E T R A N S A C T I O N P R O C E S S I N G
Most of the e-Commerce transactions involve advance payment either through a credit or debit card
issued by a bank.
The figure below highlights flow of transaction when a customer buys online from vendor’s e-commerce
website.
114 | P a g e
6. A P P L I C A B L E R E G U L A T O R Y A N D C O M P L I A N C E R E Q U I R E M EN TS
REGULATORY AND COMPLAINCE

REQUIREMENTS
Banking Negotiable IT Act 2000

Regulations Act, Instruments Act, RBI Regulations PMLA, 2002 amended by 2008
1949 1881
6.1. B A N K I N G R E G U L A T I O N A C T , 1949
It regulates all Banking Companies in India Including co-operative Banks. It provides framework for regulating
and supervision of commercial Banks.
It gives RBI power to:
a) License Bank
b) Regulating shareholding and voting rights
c) Supervise appointment of BOD and Management
d) Merger and acquisition, Liquidation
e) Impose penalties
f) Control moratorium [Period of time during which borrower need not to pay EMI on loan]
g) Issue directives to Bank in Interest of public & Bank.
h) Give instructions for Audit.
RBI also provides
i) tech platform for NEFT and RTGS & other Central processing (clearing house).
ii) Guidelines on how to deploy IT.
6.2. N E G O T I A B L E I N S T R U M E N T A C T , 1881
Truncated Cheque i.e. electonic image of a paper cheque NI Act gives validity &
Cheque
enforceability to these
Electronic cheque i.e. cheque in electrnoic form two types of cheque.
6.3. RBI R E G U L A T I O N S
RBI was established on 1st April, 1935 as per RBI Act, 1934.
Key functions of RBI:
1. Monetary RBI formulates, implements & monitors monetary policy with objective of:
authority a) maintaining price stability; and
b) ensuring adequate flow of credit to productive sectors
Tools: CRR, SLR, Open market operations
P a g e | 115
2. Issuer of Currency Issues, exchanges or destroys currency and coins with objective of providing
adequate quantity of supply of currency notes and coins in good quality.
3. Regulator and RBI regulates financial system with objective of
Supervisor of the
➢ maintaining public confidence;
Financial System
➢ protect depositor’s interest; and
➢ provide cost effective banking services to the public.
6.4. P R E V E N T I O N O F M O N E Y L A U N D E R I N G A C T , 2002
Black Money White Money
• Unaccounted Money on which

Tax is not paid • From Legitimate source
• Earned from illegal means like
➔Terrorism
➔Smuggling
➔Drug trafficing
➔Illegal Arms sale
t 2008
Money laundering is a process by which
➢ proceeds of crime and true ownership of those proceeds are
➢ concealed so that it appears to come from legitimate source.
Objective of ML: To conceal existence, illegal source, or illegal application of proceeds of crime and to make it
appear as clean/ legitimate.
It is used by criminals to make dirty money appear clean.
3 Stages of Money Laundering

Placement Layering Integration
It involves placement / Involves separation of proceeds of Involves conversion of proceeds of
movement of proceeds of crime crime form illegal source using crime into apparent legitimate
into a form which is less complex transactions to obscure earning through normal financial or
suspicious & more convenient. the audit trail & hide the proceeds. commercial transaction.
Eg:- Putting money in This is done through sending Eg: Fake invoice for good exports,
legitimate financial system. money through various Banks, Buying properties.
Countries, currencies, continuous It creates illusion that dirty money
deposits & withdrawals. is derived from legitimate source.
6.4.1. A N T I -M O N E Y L A U N D E R I N G ( AML) U S I N G T E C H N O L O G Y
What if Bank fails to control Money Laundering?
116 | P a g e
Loss of reputation Legal and Regulatory Declining profit.

and G/w. sanction.
Bank can be used in M.L. as primary means for placement and layering of proceeds of crime as it acts as a
means to transfer money across geographics, A/c & currencies.
The challenge is even greater for Banks using CBS as all transactions are integrated. With regulators
adopting stricter regulations on Banks and enhancing their enforcement efforts, Banks are using special
fraud and risk management S/w to:
a) Prevent and detect M.L.
b) Daily processing and reporting of suspicious Transaction.
6.4.2. F I N A N C I N G O F T E R R O R I S M
Money to fund terrorist activities moves through the global financial system via wire transfers and in and
out of personal and business accounts.
It is a form of M.L. but it does not work the way conventional M.L. works. Money starts as clean i.e., as
“charitable donation” before moving to terrorist A/c.
It is highly time sensitive requiring quick response.
6.4.3. K E Y P R O V I S I O N S O F PMLA, 2 002
Sec 3 Whosoever directly or indirectly indulges, attempts to indulge or knowingly assists or

is a party to any process or activity connected with the proceeds of crime including its
➢ concealment, possession, acquisition or use and
➢ projecting or claiming it as untainted property
➢ shall be guilty of offence of money-laundering.
Sec 12 Reporting Entities are required to:
Reporting entities 1) Maintain records of all transactions that enable it to reconstruct Individual
to maintain transaction.
Records Record is to be maintained for at least 5 years from the date of Transaction b/w
client and Reporting entity.
2) Furnish information w.r.t such value & nature of transaction to Director, whether
attempted or executed, as prescribed.
3) Maintain record of Identity of client & Beneficial owner, account file, business
correspondences for 5 years after the
a) Business relation b/w client and R.E. ended; or
b) A/c has been closed;
whichever is later.
Sec 13 ▪ The Director may, either on own motion or on application made by any authority,
Power of Director officer or person, make such enquiry from R.E. as may deem necessary.
to impose fine ▪ If Director is of opinion that due to Nature & complexity of case, Audit of record is
necessary, he may direct R.E to get the records audited by an Accountant [CA] from
a panel of CAs maintained by CG.
P a g e | 117
▪ Expense of audit & incidental expenses is to be borne by CG.

▪ If the Director, during course of enquiry, finds that R.E. or its designated director or
Board or any of its employee failed to comply with PMLA, he can:
a) Issue warning in writing; or
b) Direct such R.E. or its designated director or Board or employee to comply with
specific instructions; or
c) Direct R.E. its designated director or Board or any of its employee to send reports
at prescribed interval; or
d) Impose a monetary penalty on R.E, its designated director or Board or any of its
employee of not less than 10,000 & which may extend upto 1 lakh for each failure.
Section 63 Any person who wilfully and maliciously gives false information, causing an arrest or
Punishment for a search to be made of other person under this Act shall be liable for
false information ➢ imprisonment for a term which may extend to two years or
or failure to give
information, etc. ➢ with fine which may extend to fifty thousand rupees or
➢ both.
If a person
a) Refuses to answer any question asked by the Authority under PMLA; or
b) Refuses to legally sign any statement made by him before the Authority; or
c) Omits to attend or present of Books of A/c at time & place required by Authority;
he shall be liable to
➢ Penalty of not less than 500 to 10,000 for each default or failure.
Before an order is passed imposing penalty, an opportunity of being heard shall be given
to such person by the Authority.
Section 70 In case of contravention by Company,
Offence by ➢ every person who was in-charge of Company at the time of contravention as well as
Company
➢ Company shall be deemed to be
➢ guilty of contravention & punished accordingly.
No liability / Punishment of such person if he proves that:
a) contravention took place w/o his knowledge; or
b) he exercised all due diligence to prevent such contravention.
Miscellaneous Company includes anybody corporate, a firm or other association of Individual.

Director - In relation to firm, means partner .
6.5. I N F O R M A T I O N T E C H N O L O G Y A C T , 2000
Key Objectives/ Computer Privacy

Intro Provisions Advantages Related & SPDI Chap 1
Offence
118 | P a g e
The Amendment Act 2008 provides stronger privacy data protection measures as well as implementing
reasonable information security by implementing ISO: 27001 or equivalent certifiable standards to protect
against cyber-crimes.
For the banks, the Act exposes them to both civil and criminal liability.
The civil liability could consist of exposure to pay damages by way of compensation up to 5 crores.
The criminal liability exposure may be to the top management of the Banks and it could consist of
➢ imprisonment for a term which would extend from three years to life imprisonment as also fine.
6.5.1. C Y B E R C R I M E
Cyber Crime refers to offences that are committed

➢ against individuals or groups of individuals with a
➢ criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or
loss, to the victim directly or indirectly,
➢ using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and
groups) and mobile phones.
It involves use of a computer and a network. The computer may have been used in committing a crime, or
it may be the target.
UN manual on Prevention and Control of Computers Related Crime classifies cyber-crimes into:
a) Committing of fraud by manipulating input, output or throughput of a computer-based system.
b) Computer forgery which involves changing image or data stored in computers.
c) Deliberate damage caused to computer data or programs through virus or logic bombs.
d) Unauthorized access to computer by hacking into system or stealing password.
e) Unauthorized reproduction of computer programs or s/w privacy.
Bank is prone/ susceptible to cyber-crime as it deals with money. Using technology, fraud can be
committed across countries w/o leaving a trace.
Hence, CBS and Banking s/w should have high level of controls covering all aspects of cyber-crime. ISO:
27001 must be implemented for Information security.
7. B A S E L III N O R M S & AI I N B A N K I N G I N D U S T R Y
Introduction Process How Bank specific risk are assured

Financial crises of 2008 Base III is a comprehensive set of As nature of Banking Business & risk involved
caused significant reform measures developed by is quite large and complex, traditional
concern for the Banking Basel Committee on Banking assessment tools i.e., MIS and DSS do not
Industry. Supervision which aims to: work.
It exposed weak a) Strengthen the regulation & Thus, AI powered tools are used.
financial & risk supervision For this, data from CBS is transferred to data
management system in b) Strengthen risk management warehouse for analysis/ data mining using AI
Banks. tools.
c) Enhance its ability to absorb
financial shock. This helps in identifying hidden trends which
It specifies capital adequacy helps in risk Assessment
norms for Banks based on Risk This improves Risk management of Bank and
assessment. in turn assessment of capital adequacy under
BASEL III.
P a g e | 119

EIS चालीसा - Handwritten Notes Summary

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EIS चालीसा - Handwritten Notes Summary

Uploaded by

Copyright:

Available Formats

EIS चालीसा - Handwritten Notes

4. E-Commerce, M-Commerce and Emerging Technologies 70 – 94

5. Core Banking Solution 95 – 120

You are the master of your

A UTOMATED B USINESS P ROCESSES

▪ Business Process is co-ordinated & standard set of activities

Operating Processes Supporting Processes Management Processes

Features/ Objectives/ Factors affecting success of BPA Advantages/ Benefits of BPA

c) Availability - To ensure that data is available c) Reduced cost - It enables simultaneous

6. RISKS & ITS MANAGEMENT

Characteristics of Risk Source of Risk

Business Risk Technology Risk Data Related Risk

Physical Access of Electronic Access

Risk Management refers to Process of

Vulnerabilities potentially “allow” a threat to harm or exploit the system.

7. ENTERPRISE RISK MANAGEMENT

It is a process which is applied by –

thereby enhance its capacity to build value.

Internal Objective Set Identify Events Assess Risk

Monitor Control Risk Response

8. CONTROLS – MEANING & IMPORTANCE

Manual Control Automated Control Semi- automated Control

Order [Po] → 1000 qty of A + grade material

Quantity & Quantity & Quality Quantity &

IT General Control (ITGC) App Control

▪ I.C. is subject to certain inherent limitations as follows:

In computerized B.P., Controls are checked at 3 levels

Configuration Masters Transactions

Procure to Pay Order to Cash Inventory Human Fixed General

1) Procure to pay [Purchase]

2) Order to cash [Sale]

Customer Order Delivery Invoicing Collection Accounting

a) Customer order → Customer order received is documented

Relevant Ledger: Accounts Receivable

▪ Examples of Customer Master Data file:

▪ Examples of Inventory/Material Management Master Data file:

▪ Examples of Employee/ Payroll Master Data file:

▪ Examples of FA Master Data file:

Risk & Control at Transaction Level

Companies Act, 2013 IT Act, 2000

Section 143 [Powers & duties of Auditor & Auditing

➢ maintaining adequate A/C record ➢ adequate Internal Financial Control &

Management Auditor Responsibility

10.3. CORPORATE GOVERNANCE

11. I N F O R M A T I O N T E C H N O L O G Y AC T 2000, A M EN D E D B Y 2008

Introduction Key Objective/ Computer Related Principle of SPDI

10. Introducing virus, worms, Bombs & Trojan.

Main principle on data protection & privacy under IT Act are

Personal Data Section 43A of IT Act SPDI (Rule 3)

Applies on Body corporate which include Firm, sole Excludes:

F INANCIAL A CCOUNTING S YSTEM

Accountant’s view Auditor’s view Business Manager/Owner’s view

MASTER DATA NON-MASTER DATA

Includes names of Includes System of calculating Date related to statute/

Why Master and Non-Master Data?

Voucher Meaning Voucher Number

S No. Voucher Type Use

Transaction → Voucher Entry → Posting → Balancing -→ Trial Balance – P/L - BS

2.6. FUNDAMENTALS OF ACCOUNTING

Grouping of ledgers Is important as

WORKING OF Any SOFTWARE/Restaurant

FRONT END BACK END