BEC 4 System design and other elements Flashcards Preview

BEC > BEC 4 System design and other elements > Flashcards

Flashcards in BEC 4 System design and other elements Deck (63):
1

Categories of Business Information Systems

1. Transaction Processing Systems
2. Management Information Systems
3. Decision Support System
4. Executive Information Systems

2

Transaction Processing Systems

- process and record the routine daily transactions necessary to conduct business
- speed and efficiency important

3

Management Information Systems

- provides managers and other end users with reports
- provide managers with the information they need to make daily business decisions

4

Decision Support System

- an information system that provides interactive support for mangers during the decision making process
- does not automate decisions, but provides interactive tools that guide decision making
- expert systems
- assists managers in making daily business decisions

5

Executive Information system

- only used by top managers
- provides senior executives with immediate and easy access to internal and external information assist the executives in strategic, not daily, decision making

6

System Development Life Cycle

- provides a framework for planning and controlling the detailed activities associated with systems development
- "big design up front" approach - the plan is viewed as unchanging
- the waterfall approach - sequential steps of analysis, planning, design and implementation flow only in a single "downward" direction like a waterfall

7

System Analysis and Planning

1. Define the nature and scope of the project and identify its strengths and weaknesses
2. Conduct an in depth study of the proposed system to determine its feasibility
3. Identify the information needs of system users and managers
4. Document the info needs of system users
5. A report is prepared to summarize the work done during a systems analysis and submitted to appropriate levels of management.

8

Conceptual Design

The company decides how to meet users needs during the conceptual design phase:
- identify and evaluate appropriate design alternatives (buying software, developing software, outsourcing systems development)
- develop detailed specifications outlining what the system is to accomplish and how it is to be controlled

9

Physical Design

1. Design input and output documents
2. Write computer programs
3. Create fules and databases
4. Develop procedures
5. Develop controls

10

Implementation and Conversion

1. Installation of new hardware and software
2. Hiring or relocation of employees to operate the system
3. Testing or modifying new processing procedures
4. Establishing and documenting standards and controls for the new system
5. Converting to the new system and dismantling the old one
6. Fine tuning the system after it is up and running

11

Training

- hardware and software skills training
- orientation to new policies and operations
- a variety of training options etc

12

Testing

- tests of the effectiveness of documents and reports, user input, operating and control procedures, processing procedures and computer programs
- Tests of capacity limits and backup and recovery procedures

13

Operations and Maintenance

- system is periodically reviewed

14

Participants in Business Process Design

1. Management
2. Accountants
3. Information Systems Steering Committee
4. Project Development Team
5. External Parties

15

Information Technology Control Objectives

provides managers, auditors and information technology users with a set of measures, indicators, process and best practices to maximize the benefit of information technology

16

Information Technology Control Objectives outlined

1. Business objectives
2. Governance objectives
3. Information criteria
4. IT Resources
5. Domains and Processes of COBIT

17

Business objectives

- anticipate the global requirements that are associated with business owners or process managers
- effective decision support
- efficient transaction processing
- compliance with reporting requirements or information security requirements

18

Governance Objectives

1. Strategic alignment
- defining, maintaining and validating the IT value proposition
- Aligning IT and enterprise operations
2. Value delivery
- IT delivers promised benefits to advance overall business strategy and satisfy its customers
- Value is provided at optimized costs
3. Resource Management
- application
- information
- infrastructure
- people
4. Risk Management
5. Performance Measurement
- performance measurement translates strategy into action
- performance measurement is essential for IT governance

19

Information Criteria

1. Integrity
2. Confidentiality
3. Efficiency
4. Reliability
5. Availability
6. Compliance
7. Effectiveness

20

IT Resources

1. Applications
2. Information
3. Infrastructure
4. People

21

Domains and Processes of COBIT

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate

22

Role of technology systems in control monitoring

1. General and Application Controls
2. Input Controls
3. Processing Controls
4. Output Controls
5. Managing Control Activities

23

General and Application Controls

1. General Controls - designed to ensure that an organization's control environment is stable and well managed
2. Application Controls - prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system

24

Input Controls

If the data entered into a system is inaccurate or incomplete, the output will be too.
1. Prenumbering forms improves controls by making it possible to verify that all input is accounted for
2. A turnaround document is a record of company data sent to an internal party and then returned by the external party to the system as input. A turnaround document ensures that all input is accounted for.

25

Processing Controls

1. Data Matching
2. File Labels
3. Recalculation of batch totals
4. Cross-footing and zero balance test
5. Write protection mechanisms
6. Database processing integrity procedures

26

Output Controls

1. User review of output
2. Reconciliation procedures
3. External data reconciliation
4. Output encryption

27

Managing Control Activities

- related to the use of information technology resources
- segregation of duties
- limited access

28

Operational effectiveness

evaluating the ongoing effectiveness of control policies and procedures provides added assurance that controls are operating as prescribed and achieving their intended purpose.
A diagnostic control system compares actual performance to planned performance.

29

Operational effectiveness steps

A. Diagnostic controls
B. Control effectiveness
1. Strategic master plan
2. Data processing schedule
3. Steering committee
4. System performance measurements

30

Roles and responsibilities of Information Technology Professionals

1. System analyst
2. Computer programmer
3. Computer operator
4. IT Supervisor
5. File Librarian
6. Data Librarian
7. Security Administrator
8. System administrator
9. Data input clerk
10. Hardware technician
11. End user

31

System analyst

a. Internally developed system - system analyst design the application system, decide what type of computer network is needed
b. Purchased system - system analysts may be called system integrators, they learn the purchased application to integrate that application with existing internal and package application

32

Computer programmer

1. Application programmer/Software developer - responsible for writing and maintaing application programs, handle the testing of application programs and the preparation of computer operator instructions
2. System programmer - doesn't write programs, responsible for installing, supporting, monitoring and maintaining the operating system

33

Computer operator

in mainframe computing environment, they are responsible for scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes, and possibly printing and distributing reports

34

IT Supervisor

manages the functions and responsibilities of the IT department

35

File librarian

store and protect programs and tapes from damage and unauthorized use, and file librarians control the file libraries

36

Data librarian

has custody of and maintains the entity's data

37

Security administrator

1. Database administrator - responsible for maintaing and supporting the database software. May perform some or all of the security functions for the database.
2. Network administrator - support computer network
3. Web administrator - responsible for info on a website

38

Data input clerk

prepare, verify, and input data to be processed if that function has not been distributed to the end users.

39

Hardware technician

sets up and configures hardware and troubleshoots any resulting hardware problems

40

End user

any workers in an organization who enter data into a system or who use the information processed by the system. End users could be secretaries, administrators, accountants, auditors, CEOs and so on

41

Separate duties within Information Technology

dividing responsibilities for different portions of a transaction among several different people or departments

42

System Analysts vs Computer Programmers

1. System analysts
- determine information needs and then design an information system.
- in charge of hardware

2. Computer programmer
- create an information system based on system analysts' design by writing the computer programs
- in charge of application software

43

Computer Operators vs Computer Programmers

Should be separated because a person performing both functions could make unauthorized and undetected program changes

44

Security Administrator vs Computer Operator vs Computer Programmers

Security administrators - responsible for restricting access to systems and applications or database to the appropriate personnel. If this person is also computer operator or programmer, they can give themselves access to stuff.

45

Turnaround

machine readable companion documents such as the remittance advice that goes with various bill payments

46

Edit check

an application input control that validates data before the data is successfully inputted.

47

Run control total

not an application input control, it an output control. It is used to compare manual and computer generated batch totals.

48

Data elements

should be included in the system specification document for a financial report. Data elements define the building blocks of the information provided in a financial report.

49

Focus areas identified by COBIT for IT

1. Value delivery
2. Strategic alignment
3. Resource management
4. Risk management
5. Performance measurement

50

COBIT framework

Direct the IT process - Process and Organize
Deliver the IT Solution - Acquire and Implement
Deliver the IT Service - Deliver and Support
Ensure directions are followed - Monitor and Evaluate

51

Batch processing

processed in batches and not at the time when they are submitted

52

Online processing

transactions processed as entered

53

Functions segregated in an IT department

The duties of system analysts, computer programmers, and computer operators should be segregated

54

Programmed controls

1. Input controls
2. Processing controls
3. Output controls

55

System development life cycle

1. System analysis
2. Operations and maintenance
3. Implementation and conversion
4. Conceptual design
5. Physical design

56

Functions of internal control objectives

1. Preventive
2. Detective
3. Corrective

57

Executive information systems

provide senior executives with immediate and easy access to internal and external information to assist executives in monitoring business conditions. EIS assist in strategic, not daily decision making

58

Decision support system

a computer based information system that provides interactive support for managers during the decision making process. A DSS is useful for developing information directed toward making particular decisions.

59

Transaction processing system

systems that process and record the routine, daily transactions necessary to conduct business

60

Objective of management information systems

to provide managerial and other end users with reports. These predefined management reports provide managers with information they need to assist them in the business decision making process.

61

Focus areas of the COBIT framework

1. Strategic alignment
2. Value delivery
3. Resource management
4. Risk management
5. Performance measurement

62

COBIT criteria

Integrity
Confidentiality
Efficiency
Reliability
Availability
Compliance
Effectiveness

63

Segregation of duties between computer operators and computer programmers

a person performing both functions would have the opportunity to make unauthorized and undetected program changes