BEC 4 System design and other elements Flashcards Preview

BEC > BEC 4 System design and other elements > Flashcards

Flashcards in BEC 4 System design and other elements Deck (63)
Loading flashcards...
1

Categories of Business Information Systems

1. Transaction Processing Systems
2. Management Information Systems
3. Decision Support System
4. Executive Information Systems

2

Transaction Processing Systems

- process and record the routine daily transactions necessary to conduct business
- speed and efficiency important

3

Management Information Systems

- provides managers and other end users with reports
- provide managers with the information they need to make daily business decisions

4

Decision Support System

- an information system that provides interactive support for mangers during the decision making process
- does not automate decisions, but provides interactive tools that guide decision making
- expert systems
- assists managers in making daily business decisions

5

Executive Information system

- only used by top managers
- provides senior executives with immediate and easy access to internal and external information assist the executives in strategic, not daily, decision making

6

System Development Life Cycle

- provides a framework for planning and controlling the detailed activities associated with systems development
- "big design up front" approach - the plan is viewed as unchanging
- the waterfall approach - sequential steps of analysis, planning, design and implementation flow only in a single "downward" direction like a waterfall

7

System Analysis and Planning

1. Define the nature and scope of the project and identify its strengths and weaknesses
2. Conduct an in depth study of the proposed system to determine its feasibility
3. Identify the information needs of system users and managers
4. Document the info needs of system users
5. A report is prepared to summarize the work done during a systems analysis and submitted to appropriate levels of management.

8

Conceptual Design

The company decides how to meet users needs during the conceptual design phase:
- identify and evaluate appropriate design alternatives (buying software, developing software, outsourcing systems development)
- develop detailed specifications outlining what the system is to accomplish and how it is to be controlled

9

Physical Design

1. Design input and output documents
2. Write computer programs
3. Create fules and databases
4. Develop procedures
5. Develop controls

10

Implementation and Conversion

1. Installation of new hardware and software
2. Hiring or relocation of employees to operate the system
3. Testing or modifying new processing procedures
4. Establishing and documenting standards and controls for the new system
5. Converting to the new system and dismantling the old one
6. Fine tuning the system after it is up and running

11

Training

- hardware and software skills training
- orientation to new policies and operations
- a variety of training options etc

12

Testing

- tests of the effectiveness of documents and reports, user input, operating and control procedures, processing procedures and computer programs
- Tests of capacity limits and backup and recovery procedures

13

Operations and Maintenance

- system is periodically reviewed

14

Participants in Business Process Design

1. Management
2. Accountants
3. Information Systems Steering Committee
4. Project Development Team
5. External Parties

15

Information Technology Control Objectives

provides managers, auditors and information technology users with a set of measures, indicators, process and best practices to maximize the benefit of information technology

16

Information Technology Control Objectives outlined

1. Business objectives
2. Governance objectives
3. Information criteria
4. IT Resources
5. Domains and Processes of COBIT

17

Business objectives

- anticipate the global requirements that are associated with business owners or process managers
- effective decision support
- efficient transaction processing
- compliance with reporting requirements or information security requirements

18

Governance Objectives

1. Strategic alignment
- defining, maintaining and validating the IT value proposition
- Aligning IT and enterprise operations
2. Value delivery
- IT delivers promised benefits to advance overall business strategy and satisfy its customers
- Value is provided at optimized costs
3. Resource Management
- application
- information
- infrastructure
- people
4. Risk Management
5. Performance Measurement
- performance measurement translates strategy into action
- performance measurement is essential for IT governance

19

Information Criteria

1. Integrity
2. Confidentiality
3. Efficiency
4. Reliability
5. Availability
6. Compliance
7. Effectiveness

20

IT Resources

1. Applications
2. Information
3. Infrastructure
4. People

21

Domains and Processes of COBIT

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate

22

Role of technology systems in control monitoring

1. General and Application Controls
2. Input Controls
3. Processing Controls
4. Output Controls
5. Managing Control Activities

23

General and Application Controls

1. General Controls - designed to ensure that an organization's control environment is stable and well managed
2. Application Controls - prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system

24

Input Controls

If the data entered into a system is inaccurate or incomplete, the output will be too.
1. Prenumbering forms improves controls by making it possible to verify that all input is accounted for
2. A turnaround document is a record of company data sent to an internal party and then returned by the external party to the system as input. A turnaround document ensures that all input is accounted for.

25

Processing Controls

1. Data Matching
2. File Labels
3. Recalculation of batch totals
4. Cross-footing and zero balance test
5. Write protection mechanisms
6. Database processing integrity procedures

26

Output Controls

1. User review of output
2. Reconciliation procedures
3. External data reconciliation
4. Output encryption

27

Managing Control Activities

- related to the use of information technology resources
- segregation of duties
- limited access

28

Operational effectiveness

evaluating the ongoing effectiveness of control policies and procedures provides added assurance that controls are operating as prescribed and achieving their intended purpose.
A diagnostic control system compares actual performance to planned performance.

29

Operational effectiveness steps

A. Diagnostic controls
B. Control effectiveness
1. Strategic master plan
2. Data processing schedule
3. Steering committee
4. System performance measurements

30

Roles and responsibilities of Information Technology Professionals

1. System analyst
2. Computer programmer
3. Computer operator
4. IT Supervisor
5. File Librarian
6. Data Librarian
7. Security Administrator
8. System administrator
9. Data input clerk
10. Hardware technician
11. End user