BEC - Notes Chapter 4 http://www.cpa-cfa.

org

Introduction to Information Technology Components of a business information system Hardware - the actual physical devices Software - the systems and programs that process data, turning into information Data - raw facts Network - communication media that allows multiple computers to share data and info simultaneously People - the different people associated with business information system\ A business information system has three primary roles in business operations - Process detailed data - Assist in making daily decisions - Assist in developing business strategies Information is used by different levels in the organization for different purposes A management information system (MIS) - provides management and other end users with reports An accounting information system (AIS) - type of management information system, it is part transaction processing system and partly knowledge system Sequence of events in an AIS 1. Transaction data is entered into the AIS 2. The original paper source documents (if any), are filed 3. Transactions are recorded in the appropriate journal 4. Transactions are posted to the general and subsidiary ledgers 5. Trail balances are prepared 6. Financial reports are generated An audit trial should allow an auditor to trace the work from both begin to end, and, end to beginning A decision support system (DSS) - provides interactive support for managers during the decision making process. A DSS is a type of MIS Executive information systems (EIS) - provides senior executives with immediate and easy access to internal and external information to assist the executives in monitoring the business. EIS assists in strategic, not daily, decision making. Types of reports Exception reports - produced when a specific problem or exception occurs Demand reports - produced on-demand Ad Hoc reports - produced on-demand, without the need of a programmer to get involved. Also known as a user report writer Query reports - produced based on a specific question posed by the end user (type of Ad hoc report) Push reports - produced based on information provided by end user (pushes information to computer) Roles and responsibilities within the IT Function System analyst - person who designs the computer system, the thinker Internally-developed system - these analysts will design the overall application system\ Purchased-system - analysts may be called system integrators Computer programmer - writes the computer programs - Application programmer/software developer - responsible for writing and/or maintaining application program. Also tests application programs and prepares computer operating instructions 1

BEC - Notes Chapter 4 http://www.cpa-cfa.org

- System programmer - responsible for installing, supporting, monitoring, and maintaining the operating system Computer operator - responsible for scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes, and distributing reports Control clerk - Reviews error and correction log, and rectifies situation System administrator - Database administrator - responsible for maintaining and supporting the database software. May also perform some security functions for the database - Network administrator - establishes, monitors and supports the computer network - Web administrator - responsible for information on a website End users are any workers in an organization who enter data into a system or who use the information process by the system Segregate (never combine) - System programmers and Application computer programmers - Computer operators and Computer Programmers - Security administrators and Computer operators - Security administrators and Computer programmers IT Fundamentals The Central Processing unit (CPU) is composed of: - The Processor - interprets program instructions and coordinates input, output and storage devices (the control unit) and performs arithmetic calculations (the arithmetic logic unit) - The primary storage - the main memory to store program instructions and data until the program instructions are executed Secondary storage devices - means to permanently story programs and data (hard drive, CD-rom, optical disks) Peripherals - devices that transfer data to or from the CPU but do not take part in the actual processing of data Input devices - devices that get information into the computer (keyboards, mice, microphones) Output devices - devices that transfer data out of the computer (monitor, speakers, printers) Processing power - MIPS (millions of instructions per second) Multiprocessing - the coordinated processing of programs y more than one processor System software - programs that run the computer and support system management operations Operating system - provides the interface between the user and the hardware Database mgmt system (DBMS) - controls the development, use and maintenance or the database A database is a integrated collection of data records and data files A DMBS is not a database, but a tool Relational database - data is stored in two-dimensional tables that are related to each other via keys (i.e. look up your information based on your student number) There are 4 main functions of a DMBS 1. Database development - use DMBS to create a new or empty database 2. Database query - Use DMBS to retrieve information based on a query 3. Database maintenance - use DMBS to improve effectiveness (get info we need to run the business) and efficiency (working fast enough) 4. Application development - use DMBS to turn database into a computer software application 2

BEC - Notes Chapter 4 http://www.cpa-cfa.org

Types of databases a) Operational database - supports day to day operations b) Analytical database - consist of summarized data used primarily by managers c) Distributed database - physically distributed ion different pieces of local or remote hardware d) End-user database - developed by end users Advantages of DBMS a) Reduction of data redundancy and inconsistency b) Potential for data sharing c) Data independence d) Data standardization e) Improved data security f) Expanded data fields g) Enhanced information timeliness, effectiveness and availability Disadvantages of DBMS a) Expensive b) Highly trained personal required c) Increased chances of breakdowns d) Possible obscuring of the audit trail e) Specialized backup and recovery procedures required Application software - is the diverse group of systems and programs that an organization uses to accomplish its objectives. Networks - an interconnected group of computers and terminals Local Area Network (LAN) - permits shared resources (software, hardware and data) among computers within an area - Server - is a node dedicated to providing services or resources to the rest of the network - Network operating system - manages communication over a network - Router - used to route packets of data through LANS - Bridge - used to connect segments of LAN which use the same network protocol Most LAN and WANS are set up as client/server systems. Workstations are referred to as clients. Other processors that provide services to the workstations are called servers Network topology defines the physical configuration of devices and the cables that connect them Wide Area Network (WAN) - employ non-dedicated public communication channels (less secure than LAN) Value Added Networks (VAN) - privately owned and managed networks that provide additional services beyond standard data transmission - Process transactions in batches as opposed to real time so there is a transmission delay Transaction files - temporary, journals are transaction files (sales journal is called the sales transaction file) Master file - permanent, ledgers are master files (A/R ledger is called the A/R master file) Dollar fields - usual batch total term (a batch may contain $100 debits and $100 credits) Hash total - totalled item is not in dollars (a batch of customer numbers) When manual controls are built into a computerized environment, they are calles programmed controls. 2 types 1. Input controls - verify that transaction data is entered correctly (valid, complete, and accurate) 3

BEC - Notes Chapter 4 http://www.cpa-cfa.org

2. Processing controls - verify that transaction data is processed correctly

Risks, controls, disaster recovery and business continuity 4 main risks with respect to systems 1. Strategic risk - risk we design or choose a bad system or technology 2. Operating risk - risk we do things incorrectly 3. Financial risk - risk of having financial resources lost, wasted or stolen 4. Information risk - risk of loss of data integrity, incomplete transactions or hackers Risks can be divided into 3 catergories 1. Errors - unintentional mistakes 2. Intentional acts - fraud or irregularities 3. Disasters - fire, flood, war Application controls - controls that apply to the processing of individual transactions (what happens inside the computer Firewalls - a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources Firewalls deter but cannot completely prevent intrusion by outsiders Firewalls do not protect against viruses An application firewall, as opposed to a network firewall, is designed to protect specific application services from attack. Application firewalls are not meant to replace network firewalls but merely an additional safety barrier Virus - requires a host program, so it cannot run independently Worm - runs independently and propagates itself over a network (it cannot attach to another program) Trojan Horse - what you think Denial of Service attack - one computer bombards another computer with information to prevent legitimate users from accessing the network Data and procedural controls may include the use of a control group (members of the user departments) to ensure the system is running properly Son-father-grandfather backup concept - runs 3 sets of backups [newest backup] - [2nd oldest backup] - [oldest backup] Data validation Check digits - exist when some kind of technique is used to compute a digit to add to an existing # Limit tests - calculates whether the data value is within certain limits Reasonable checks - calculates whether data value has a specific relationship with other data values Encryption keys The public key is distributed to others in a separate transmission. The sender of a message uses the private key to encrypt the message, and the receiver uses the public key to decrypt the message Cold site - off site location that has all the electrical connections, but does not have the physical equipment Hot site - off site location that is completely equipped to immediately ready to run operations

BEC - Notes Chapter 4 http://www.cpa-cfa.org

Electronic Commerce E commerce is the electronic consummation of exchange (buying and selling) transaction E business is more general than e-commerce and refers to any use of information technology to perform business processes in an electronic from EDI is a computer-to-computer exchange of business transaction documents in structured formats that allow the direct processing of data by the receiving system Costs of EDI include legal costs, hardware costs, costs of translation software, costs of data transmission, costs associated with security EDI controls include encryption Audit trails in EDI should include - Activity transactions - Network and sender/recipient acknowledgements The greatest risk in an organizations use of EDI is an unauthorized access to the organizations system B2B commerce make purchasing decisions faster, simpler, safer, more reliable and more cost effective B2C is less complex that B2B because there is IT infrastructure and a supply chain only on one side of the transaction. Enterprise resource planning system (ERP) is a cross functional system that integrates and automates many business processes Supply chain mgmt (SCM) is concerned with the four important characteristics or every sale: what, when, where and how much SCM might incorporate, planning, sourcing, making and delivery SCM is a extended ERP system and addresses the entire supply chain Customer relationship mgmt (CRM) - provide sales force automation and customer services in an attempt to manage customer relationships