BEC 4 System design and other elements Flashcards Preview

BEC > BEC 4 System design and other elements > Flashcards

Flashcards in BEC 4 System design and other elements Deck (63)
Loading flashcards...

Categories of Business Information Systems

1. Transaction Processing Systems
2. Management Information Systems
3. Decision Support System
4. Executive Information Systems


Transaction Processing Systems

- process and record the routine daily transactions necessary to conduct business
- speed and efficiency important


Management Information Systems

- provides managers and other end users with reports
- provide managers with the information they need to make daily business decisions


Decision Support System

- an information system that provides interactive support for mangers during the decision making process
- does not automate decisions, but provides interactive tools that guide decision making
- expert systems
- assists managers in making daily business decisions


Executive Information system

- only used by top managers
- provides senior executives with immediate and easy access to internal and external information assist the executives in strategic, not daily, decision making


System Development Life Cycle

- provides a framework for planning and controlling the detailed activities associated with systems development
- "big design up front" approach - the plan is viewed as unchanging
- the waterfall approach - sequential steps of analysis, planning, design and implementation flow only in a single "downward" direction like a waterfall


System Analysis and Planning

1. Define the nature and scope of the project and identify its strengths and weaknesses
2. Conduct an in depth study of the proposed system to determine its feasibility
3. Identify the information needs of system users and managers
4. Document the info needs of system users
5. A report is prepared to summarize the work done during a systems analysis and submitted to appropriate levels of management.


Conceptual Design

The company decides how to meet users needs during the conceptual design phase:
- identify and evaluate appropriate design alternatives (buying software, developing software, outsourcing systems development)
- develop detailed specifications outlining what the system is to accomplish and how it is to be controlled


Physical Design

1. Design input and output documents
2. Write computer programs
3. Create fules and databases
4. Develop procedures
5. Develop controls


Implementation and Conversion

1. Installation of new hardware and software
2. Hiring or relocation of employees to operate the system
3. Testing or modifying new processing procedures
4. Establishing and documenting standards and controls for the new system
5. Converting to the new system and dismantling the old one
6. Fine tuning the system after it is up and running



- hardware and software skills training
- orientation to new policies and operations
- a variety of training options etc



- tests of the effectiveness of documents and reports, user input, operating and control procedures, processing procedures and computer programs
- Tests of capacity limits and backup and recovery procedures


Operations and Maintenance

- system is periodically reviewed


Participants in Business Process Design

1. Management
2. Accountants
3. Information Systems Steering Committee
4. Project Development Team
5. External Parties


Information Technology Control Objectives

provides managers, auditors and information technology users with a set of measures, indicators, process and best practices to maximize the benefit of information technology


Information Technology Control Objectives outlined

1. Business objectives
2. Governance objectives
3. Information criteria
4. IT Resources
5. Domains and Processes of COBIT


Business objectives

- anticipate the global requirements that are associated with business owners or process managers
- effective decision support
- efficient transaction processing
- compliance with reporting requirements or information security requirements


Governance Objectives

1. Strategic alignment
- defining, maintaining and validating the IT value proposition
- Aligning IT and enterprise operations
2. Value delivery
- IT delivers promised benefits to advance overall business strategy and satisfy its customers
- Value is provided at optimized costs
3. Resource Management
- application
- information
- infrastructure
- people
4. Risk Management
5. Performance Measurement
- performance measurement translates strategy into action
- performance measurement is essential for IT governance


Information Criteria

1. Integrity
2. Confidentiality
3. Efficiency
4. Reliability
5. Availability
6. Compliance
7. Effectiveness


IT Resources

1. Applications
2. Information
3. Infrastructure
4. People


Domains and Processes of COBIT

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate


Role of technology systems in control monitoring

1. General and Application Controls
2. Input Controls
3. Processing Controls
4. Output Controls
5. Managing Control Activities


General and Application Controls

1. General Controls - designed to ensure that an organization's control environment is stable and well managed
2. Application Controls - prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system


Input Controls

If the data entered into a system is inaccurate or incomplete, the output will be too.
1. Prenumbering forms improves controls by making it possible to verify that all input is accounted for
2. A turnaround document is a record of company data sent to an internal party and then returned by the external party to the system as input. A turnaround document ensures that all input is accounted for.


Processing Controls

1. Data Matching
2. File Labels
3. Recalculation of batch totals
4. Cross-footing and zero balance test
5. Write protection mechanisms
6. Database processing integrity procedures


Output Controls

1. User review of output
2. Reconciliation procedures
3. External data reconciliation
4. Output encryption


Managing Control Activities

- related to the use of information technology resources
- segregation of duties
- limited access


Operational effectiveness

evaluating the ongoing effectiveness of control policies and procedures provides added assurance that controls are operating as prescribed and achieving their intended purpose.
A diagnostic control system compares actual performance to planned performance.


Operational effectiveness steps

A. Diagnostic controls
B. Control effectiveness
1. Strategic master plan
2. Data processing schedule
3. Steering committee
4. System performance measurements


Roles and responsibilities of Information Technology Professionals

1. System analyst
2. Computer programmer
3. Computer operator
4. IT Supervisor
5. File Librarian
6. Data Librarian
7. Security Administrator
8. System administrator
9. Data input clerk
10. Hardware technician
11. End user


System analyst

a. Internally developed system - system analyst design the application system, decide what type of computer network is needed
b. Purchased system - system analysts may be called system integrators, they learn the purchased application to integrate that application with existing internal and package application


Computer programmer

1. Application programmer/Software developer - responsible for writing and maintaing application programs, handle the testing of application programs and the preparation of computer operator instructions
2. System programmer - doesn't write programs, responsible for installing, supporting, monitoring and maintaining the operating system


Computer operator

in mainframe computing environment, they are responsible for scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes, and possibly printing and distributing reports


IT Supervisor

manages the functions and responsibilities of the IT department


File librarian

store and protect programs and tapes from damage and unauthorized use, and file librarians control the file libraries


Data librarian

has custody of and maintains the entity's data


Security administrator

1. Database administrator - responsible for maintaing and supporting the database software. May perform some or all of the security functions for the database.
2. Network administrator - support computer network
3. Web administrator - responsible for info on a website


Data input clerk

prepare, verify, and input data to be processed if that function has not been distributed to the end users.


Hardware technician

sets up and configures hardware and troubleshoots any resulting hardware problems


End user

any workers in an organization who enter data into a system or who use the information processed by the system. End users could be secretaries, administrators, accountants, auditors, CEOs and so on


Separate duties within Information Technology

dividing responsibilities for different portions of a transaction among several different people or departments


System Analysts vs Computer Programmers

1. System analysts
- determine information needs and then design an information system.
- in charge of hardware

2. Computer programmer
- create an information system based on system analysts' design by writing the computer programs
- in charge of application software


Computer Operators vs Computer Programmers

Should be separated because a person performing both functions could make unauthorized and undetected program changes


Security Administrator vs Computer Operator vs Computer Programmers

Security administrators - responsible for restricting access to systems and applications or database to the appropriate personnel. If this person is also computer operator or programmer, they can give themselves access to stuff.



machine readable companion documents such as the remittance advice that goes with various bill payments


Edit check

an application input control that validates data before the data is successfully inputted.


Run control total

not an application input control, it an output control. It is used to compare manual and computer generated batch totals.


Data elements

should be included in the system specification document for a financial report. Data elements define the building blocks of the information provided in a financial report.


Focus areas identified by COBIT for IT

1. Value delivery
2. Strategic alignment
3. Resource management
4. Risk management
5. Performance measurement


COBIT framework

Direct the IT process - Process and Organize
Deliver the IT Solution - Acquire and Implement
Deliver the IT Service - Deliver and Support
Ensure directions are followed - Monitor and Evaluate


Batch processing

processed in batches and not at the time when they are submitted


Online processing

transactions processed as entered


Functions segregated in an IT department

The duties of system analysts, computer programmers, and computer operators should be segregated


Programmed controls

1. Input controls
2. Processing controls
3. Output controls


System development life cycle

1. System analysis
2. Operations and maintenance
3. Implementation and conversion
4. Conceptual design
5. Physical design


Functions of internal control objectives

1. Preventive
2. Detective
3. Corrective


Executive information systems

provide senior executives with immediate and easy access to internal and external information to assist executives in monitoring business conditions. EIS assist in strategic, not daily decision making


Decision support system

a computer based information system that provides interactive support for managers during the decision making process. A DSS is useful for developing information directed toward making particular decisions.


Transaction processing system

systems that process and record the routine, daily transactions necessary to conduct business


Objective of management information systems

to provide managerial and other end users with reports. These predefined management reports provide managers with information they need to assist them in the business decision making process.


Focus areas of the COBIT framework

1. Strategic alignment
2. Value delivery
3. Resource management
4. Risk management
5. Performance measurement


COBIT criteria



Segregation of duties between computer operators and computer programmers

a person performing both functions would have the opportunity to make unauthorized and undetected program changes