BEC-4 Flashcards Preview

BEC > BEC-4 > Flashcards

Flashcards in BEC-4 Deck (41):

IT(information technology)

1. Hardware - actual physical computer, mouse keypad
2. Software - systems and programs that process data and turn that data into information
3. Network - The communication media, allows more than one computer to share data with other computers
4. People - job titles can vary, but functions tend to stay the same, and some functions can also be outsourced if the company wishes
5. Data/Information - Data: Raw facts i.e a quantity a name a dollar amount
Information: Data that has been processed and organized


Accounting Information System(AIS)

- a type of MANAGEMENT accounting system(helps management have information to make decisions), may also be partly a transaction processing system and partly a knowledge system.
- a well designed system should leave an "audit trail" and allows the user to trace a transaction from a source document and vouch from the ledger back to the source documents.
- a proper Accounting information system should classify information and be set up to assist the auditor with the assertions(i.e cutoff)



Sequence - a list of transactions where we do not want duplicates and gaps in sequential numbers

Block- anytime a block of numbers are used to group similar items( 100-199 refers to assets, 200-299 refers to liabilities)

Group - different groups of numbers have different meanings, like a phone number(first numbers refer to area code, second group refers to specific number)


Chart of accounts

-allows the business to customize classification of data in the ways that best meet the information requirements of the business


Batch Procesing

-When master files are only updated periodically, such as daily
- taking similar individual transactions and putting them into a group or batch, and updating them periodically


Online Real-Time processing(OLRT)

- when the master files are immediately updated in real time



- a request for specific data(i.e today's sales), get it from asking the database to get an answer(what are today's sales?)


Centralization processing enviroments

- to a level of Degree, Headquarters may process certain data, while stores are decentralized and process other data



Periodic reports - produced routinely on a periodic basis
Exception Reports - produced when a specific condition or exception occurs(i.e customer who's credit balance is greater than the credit limit)
Demand Reports(aka pull report) - user has to pull report from the system or software, tell the system you want/demand a report on something
Ad-hoc report - one that does not currently exist but can be created on demand without the need of a software developer. Creating a custom report that the software does not already have.


More Reports

Push Reports - if a report window displays up-to-date reports every time an end user logs into a computer network, system automatically pushes current report to person, system generated but not scheduled

Dashboard Report - present summary information report that aids management action. More visual for quick reference

XBRL report - XBRL tags DEFINE the data. For example, tags could indicate the taxonomy used(GAAP or IFRS) the currency, the time period, as well as the definition of the element.
- A macro could be written that would pull tagged information from financial statements(like current assets or current liabilities) and then calculate the current ratio for you.


Categories of business information systems

Transaction Processing Systems(TPS) - process and record the routine daily transactions necessary to conduct a business

Management Information Systems(MIS) - provides users predefined reports that support effective business decisions, helping with daily or monthly decisions

Decision Support Systems(DSS) - an extension of MIS that provides interactive tools to support decision making. More specific than MIS. i.e tells you how much inventory you should order for example by using more advanced tools

Executive Information Systems(EIS) - senior executives with immediate and easy access to internal and external information to assist in STRATEGIC decision making i.e long term


Systems Development Life Cycle(SDLC)

- a framework for controlling and planning the activities associated with systems development
- like a waterfall, one step followed by another to plan the system


Prototyping Model

Alternative to SDLC, an approximation of a final system is built and tested and reworked as necessary until final system is complete


Steps in System Development


1. Systems analysis - define the nature and scope of teh project and needs of the users

2. Design - Conceptual: deciding how we'll meet the needs. See what software needs to be bought, developed or outsourced
Physical design:determine hardware to acquire, write computer programs, design database etc.

3. Implementation and Conversion - put into place and construct physical design items

4. Training

5. Testing

6. Operations and Maintenance


Participants in Business Process Desgin

Management - providing support and encouragement for development projects, clear signal that user needs are met

Accountants - plays 3 different roles :
1. Accounting Information System - since we will be using information generated from it let you know information needs and system requirements
2. help manage system development
3. take an active role in designing system controls, and monitoring and testing

Information Systems Steering Committee - plan and oversee the information systems function and make sure the system moves in the right direction and "gets done"

Project Development Team - responsible for the successful design and implementation of the business system

External parties - may need to seek their input


IT Control Objectives (memorize)

COBIT - framework that provides a set of measures, indicators, processes and best practices to maximize the benefit of information technology

1)Business Objectives - might include effective decision support, efficient transaction processing, compliance with reporting requirements

2)Governance Objectives - IT governance: strategic alliance, value delivery(promises made by the organization to meet certain needs of users), Resource Management, Risk Management, Performance Measurement

*3)Information Criteria: ICE RACE
I - Integrity
C -Confidentiality
E - Efficiency
R - Reliability
A- Availability
C- Compliance
E- Effectiveness

4) IT Resources

*5) Domains and processes of COBIT
PO - plan and organize
AI - acquire and implement
DS - deliver and support
ME - monitor and evaluate


Role of technology systems in monitoring controls

1.General Controls - ensure and organizations control environment is stable and well maintained overall

Application Controls - prevent, detect, and correct Transaction error and fraud and are more specific

2. Input controls - data and source data is entered correctly and numbered appropriately

3. Process controls - data matching: take 2 or more items of data and match them to show they check or agree

file labels: external labels are readable by humans, internal labels are readable by computers

4,5,6. Zero footing, system double checks before erasing something, user does reconciliation to make sure information correct


Segregation of Duties IT

System analyst - a) internally developed system - determines system requirements, designs overall system, and determines what type of network will be needed
b) purchased system - integrate with existing internal and purchased applications, and provide training to end users

Computer programmer - a) Application programmer/ Software developer(engineer) - responsible for writing and/or maintaining application programs
b) System programmer - responsible for installing, supporting, monitoring and maintaining the operating system. May also support capacity planning functions

Computer Operator - schedule and run the processing jobs, can be automated(no need for person)

File Librarian - store and protect programs and tapes from damage and unauthorized use(mostly automated nowadays)

Data Librarian - custody of and maintains the entity's data and ensures it is only released to those who are authorized

Security Administrator - responsible for the assignment of initial passwords and the rules for maintaining them

System Administrator a) Database administrator - responsible for maintaining and supporting the database software, and performing certain security functions. DIfferent from data librarian works on OVERALL DATABASE and librarian works on specific data in database.
b) Network administrator - support computer networks
c) web administrator - responsible for company website

Data Input Clerk - prepare, verify and input data to be processed

Hardware Technician - sets up hardware and troubleshoots hardware problems

End user - workers in an organization who enter data into a system or use the information processed by it


Son-father-grandfather concept

- most recent file = son, and so on
- take old file + todays transactions equals new file which is then stored separately on the master file

Mirroring - backup every transaction on a separate computer



Uninterrupted Power Supply - backup generator battery


Data Encryption

- electronic commerce
- using a password or a digital key to scramble a readable or plain text message into an unreadable or cypher message

Digital Certificates - an electronic document created by a trusted party that which certifies the identity the owners of a particular public key
PKI's( public key infrastructure) mange these keys



-require a minimum of 7-8 characters
- feature 3 of 4 characteristics (symbols, uppercase, lowercase, numbers)
- best to change at least every 90 days



- most crucial element in a corporate information security infrastructure and must be considered long before information technology is acquired and deployed

Program Level Policy - mission statement of IT security

Program Framework Policy - the IT security strategy


E-commerce vs. E-business

E-commerce - the specific electronic completion of an exchange of buying and selling

E-business - more general and broad refers to any business done through an electronic form


Electronic Data interchange(EDI)

- the computer to computer exchange of business transaction documents
- requires both computer systems to have a standard data system in order to communicate with each other
known as MAPPING

Benefits: reduced shipping/handling costs and time to be processed

Compared to E-commerce : more expensive, also more secure and private, but slower


Business Process Re-engineering(BPR)

- the analysis and redesign of business processes and information systems to achieve significant performance improvements

1. Tradition - difficult to change employee culture and belief
2. Resistance -change is often met with a great deal of resistance
3. Time and cost requirements - BPR is costly and usually takes at least 2 years to complete
4. Lack of management support - without support of top management emphasizing BPR the right environment is not set for change
5. Skepticism - some people view BPR as the same as traditional systems development but it is actually more comprehensive
6. Retraining - takes time and money to retrain employees
7. Controls - important controls that ensure system reliability and integrity cannot be deleted.



- when a business sells its products or services to another business. Has no consumer protection from the government that B2C(Business-to-consumer) has.

Benefits :
1. Speed - transactions between business's can be done faster online without having to be in person
2.Timing - transactions can be done all throughout the day regardless of time-zone or business hours
3. Personalization -one a business creates an online profile they can be guided to parts of the website that they would be most interested in
4. Security - transactions can be encrypted by computers providing greater security
5. Human error-generally there is no opportunity for human errors


Enterprise Resource Planning Systems(ERPS)

An ERP software system is automated and integrates many different functions and systems through finance, accounting, HR, manufacturing, logistics and allows them to flow through one integrated software system

1. Enter information once and can be used by all different departments
2.Improves the entity's ability to function as an integrate whole and track ass business functions like sales, expenses etc.
3. Can provide quickly to managers vital cross-functioning information and allow for quicker better decision making


Supply Chain Management Systems(SCM)

- is concerned with 4 important characteristics of every sale: what, when, where and how much
- SCM is the integration of business processes to ensure the most efficient and effective supply chain


Customer Relationship Management(CRM)

- provides sales force automation and customer service in an attempt to manage customer relationships


Electronic Funds Transfers(EFT)

- a form of electronic payment used in the retail and banking industry
- usually a 3rd party acts as an intermediary for the transaction


Application service provider(ASP)

- provides access to application programs on a rental basis
- the ASP owns and maintains the software and the user accesses it through the browser



- web pages that are a collage of other web pages and a variety of information( i.e google maps)



Hypertext markup language
- tag-based formatting language used for webpages



Hypertext transfer protocol
- communications protocol used to transfer web pages on the world wide web



Uniform resource locator
- sets formats for webpages and is the technical name for web address


Risk event identification

Strategic Risk - risk of choosing inappropriate technology
Operating Risk - risk of doing the right things but in the wrong way( i.e if have new hires, must enter new hires before doing payroll than opposite order)
Financial Risk - the risk of having financial resources lost, wasted or stolen( can be inventory, laptops)
Information Risk - risk of loss of data integrity, incomplete transactions, or hackers.


Threats in a computerized enviroment

Virus: piece of computer system that that causes harm to files and programs. Requires a host to propagate

Worm: a program like a virus that does not need a horse and can propagate itself over a network independently.

Denial-of-Service Attack : one computer or a group of computers bombards another computer with a flood of network traffic

Phishing: sending of a phony email to lure people to a phony website to lure a person to giving their information to a scammer



- hardware and software, the prevents unauthorized users from gaining access to a network, i.e a gatekeeper


Steps in Disaster Recovery

1. Assess the risks
2. Identify mission-critical applications and data
3. Develop the plan
4. Who's responsible?(determine leadership responsibilities during disaster)
5. Test the disaster recovery plan

* storing important files on backups is a strong characteristic of disaster recovery


Types of off-site locations

Hot site - fastest, quickest way for company to resume database activities in the event of a disaster

Cold Site - slower, takes 1 -3 days to resume database activities

Warm Site - compromise of a half day to a full day between a hot and cold site