BEC 4 System design and other elements

Question 1

Categories of Business Information Systems

Answer 1

1. Transaction Processing Systems
2. Management Information Systems
3. Decision Support System
4. Executive Information Systems

Question 2

Transaction Processing Systems

Answer 2

• process and record the routine daily transactions necessary to conduct business
• speed and efficiency important

Question 3

Management Information Systems

Answer 3

• provides managers and other end users with reports

- provide managers with the information they need to make daily business decisions

Question 4

Decision Support System

Answer 4

• an information system that provides interactive support for mangers during the decision making process
• does not automate decisions, but provides interactive tools that guide decision making
• expert systems
• assists managers in making daily business decisions

Question 5

Executive Information system

Answer 5

• only used by top managers
• provides senior executives with immediate and easy access to internal and external information assist the executives in strategic, not daily, decision making

Question 6

System Development Life Cycle

Answer 6

• provides a framework for planning and controlling the detailed activities associated with systems development
• “big design up front” approach - the plan is viewed as unchanging
• the waterfall approach - sequential steps of analysis, planning, design and implementation flow only in a single “downward” direction like a waterfall

Question 7

System Analysis and Planning

Answer 7

1. Define the nature and scope of the project and identify its strengths and weaknesses
2. Conduct an in depth study of the proposed system to determine its feasibility
3. Identify the information needs of system users and managers
4. Document the info needs of system users
5. A report is prepared to summarize the work done during a systems analysis and submitted to appropriate levels of management.

Question 8

Conceptual Design

Answer 8

The company decides how to meet users needs during the conceptual design phase:

• identify and evaluate appropriate design alternatives (buying software, developing software, outsourcing systems development)
• develop detailed specifications outlining what the system is to accomplish and how it is to be controlled

Question 9

Physical Design

Answer 9

1. Design input and output documents
2. Write computer programs
3. Create fules and databases
4. Develop procedures
5. Develop controls

Question 10

Implementation and Conversion

Answer 10

1. Installation of new hardware and software
2. Hiring or relocation of employees to operate the system
3. Testing or modifying new processing procedures
4. Establishing and documenting standards and controls for the new system
5. Converting to the new system and dismantling the old one
6. Fine tuning the system after it is up and running

Question 11

Training

Answer 11

• hardware and software skills training
• orientation to new policies and operations
• a variety of training options etc

Question 12

Testing

Answer 12

• tests of the effectiveness of documents and reports, user input, operating and control procedures, processing procedures and computer programs
• Tests of capacity limits and backup and recovery procedures

Question 13

Operations and Maintenance

Answer 13

• system is periodically reviewed

Question 14

Participants in Business Process Design

Answer 14

1. Management
2. Accountants
3. Information Systems Steering Committee
4. Project Development Team
5. External Parties

Question 15

Information Technology Control Objectives

Answer 15

provides managers, auditors and information technology users with a set of measures, indicators, process and best practices to maximize the benefit of information technology

Question 16

Information Technology Control Objectives outlined

Answer 16

1. Business objectives
2. Governance objectives
3. Information criteria
4. IT Resources
5. Domains and Processes of COBIT

Question 17

Business objectives

Answer 17

• anticipate the global requirements that are associated with business owners or process managers
• effective decision support
• efficient transaction processing
• compliance with reporting requirements or information security requirements

Question 18

Governance Objectives

Answer 18

1. Strategic alignment
   - defining, maintaining and validating the IT value proposition
   - Aligning IT and enterprise operations
2. Value delivery
   - IT delivers promised benefits to advance overall business strategy and satisfy its customers
   - Value is provided at optimized costs
3. Resource Management
   - application
   - information
   - infrastructure
   - people
4. Risk Management
5. Performance Measurement
   - performance measurement translates strategy into action
   - performance measurement is essential for IT governance

Question 19

Information Criteria

Answer 19

1. Integrity
2. Confidentiality
3. Efficiency
4. Reliability
5. Availability
6. Compliance
7. Effectiveness

Question 20

IT Resources

Answer 20

1. Applications
2. Information
3. Infrastructure
4. People

Question 21

Domains and Processes of COBIT

Answer 21

1. Plan and Organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate

Question 22

Role of technology systems in control monitoring

Answer 22

1. General and Application Controls
2. Input Controls
3. Processing Controls
4. Output Controls
5. Managing Control Activities

Question 23

General and Application Controls

Answer 23

1. General Controls - designed to ensure that an organization’s control environment is stable and well managed
2. Application Controls - prevent, detect, and correct transaction error and fraud and are application specific, providing reasonable assurance as to system

Question 24

Input Controls

Answer 24

If the data entered into a system is inaccurate or incomplete, the output will be too.

1. Prenumbering forms improves controls by making it possible to verify that all input is accounted for
2. A turnaround document is a record of company data sent to an internal party and then returned by the external party to the system as input. A turnaround document ensures that all input is accounted for.

Question 25

Processing Controls

Answer 25

1. Data Matching 2. File Labels 3. Recalculation of batch totals 4. Cross-footing and zero balance test 5. Write protection mechanisms 6. Database processing integrity procedures

Question 26

Output Controls

Answer 26

1. User review of output 2. Reconciliation procedures 3. External data reconciliation 4. Output encryption

Question 27

Managing Control Activities

Answer 27

- related to the use of information technology resources - segregation of duties - limited access

Question 28

Operational effectiveness

Answer 28

evaluating the ongoing effectiveness of control policies and procedures provides added assurance that controls are operating as prescribed and achieving their intended purpose. A diagnostic control system compares actual performance to planned performance.

Question 29

Operational effectiveness steps

Answer 29

``` A. Diagnostic controls B. Control effectiveness 1. Strategic master plan 2. Data processing schedule 3. Steering committee 4. System performance measurements ```

Question 30

Roles and responsibilities of Information Technology Professionals

Answer 30

1. System analyst 2. Computer programmer 3. Computer operator 4. IT Supervisor 5. File Librarian 6. Data Librarian 7. Security Administrator 8. System administrator 9. Data input clerk 10. Hardware technician 11. End user

Question 31

System analyst

Answer 31

a. Internally developed system - system analyst design the application system, decide what type of computer network is needed b. Purchased system - system analysts may be called system integrators, they learn the purchased application to integrate that application with existing internal and package application

Question 32

Computer programmer

Answer 32

1. Application programmer/Software developer - responsible for writing and maintaing application programs, handle the testing of application programs and the preparation of computer operator instructions 2. System programmer - doesn't write programs, responsible for installing, supporting, monitoring and maintaining the operating system

Question 33

Computer operator

Answer 33

in mainframe computing environment, they are responsible for scheduling processing jobs, running or monitoring scheduled production jobs, hanging tapes, and possibly printing and distributing reports

Question 34

IT Supervisor

Answer 34

manages the functions and responsibilities of the IT department

Question 35

File librarian

Answer 35

store and protect programs and tapes from damage and unauthorized use, and file librarians control the file libraries

Question 36

Data librarian

Answer 36

has custody of and maintains the entity's data

Question 37

Security administrator

Answer 37

1. Database administrator - responsible for maintaing and supporting the database software. May perform some or all of the security functions for the database. 2. Network administrator - support computer network 3. Web administrator - responsible for info on a website

Question 38

Data input clerk

Answer 38

prepare, verify, and input data to be processed if that function has not been distributed to the end users.

Question 39

Hardware technician

Answer 39

sets up and configures hardware and troubleshoots any resulting hardware problems

Question 40

End user

Answer 40

any workers in an organization who enter data into a system or who use the information processed by the system. End users could be secretaries, administrators, accountants, auditors, CEOs and so on

Question 41

Separate duties within Information Technology

Answer 41

dividing responsibilities for different portions of a transaction among several different people or departments

Question 42

System Analysts vs Computer Programmers

Answer 42

1. System analysts - determine information needs and then design an information system. - in charge of hardware 2. Computer programmer - create an information system based on system analysts' design by writing the computer programs - in charge of application software

Question 43

Computer Operators vs Computer Programmers

Answer 43

Should be separated because a person performing both functions could make unauthorized and undetected program changes

Question 44

Security Administrator vs Computer Operator vs Computer Programmers

Answer 44

Security administrators - responsible for restricting access to systems and applications or database to the appropriate personnel. If this person is also computer operator or programmer, they can give themselves access to stuff.

Question 45

Turnaround

Answer 45

machine readable companion documents such as the remittance advice that goes with various bill payments

Question 46

Edit check

Answer 46

an application input control that validates data before the data is successfully inputted.

Question 47

Run control total

Answer 47

not an application input control, it an output control. It is used to compare manual and computer generated batch totals.

Question 48

Data elements

Answer 48

should be included in the system specification document for a financial report. Data elements define the building blocks of the information provided in a financial report.

Question 49

Focus areas identified by COBIT for IT

Answer 49

1. Value delivery 2. Strategic alignment 3. Resource management 4. Risk management 5. Performance measurement

Question 50

COBIT framework

Answer 50

Direct the IT process - Process and Organize Deliver the IT Solution - Acquire and Implement Deliver the IT Service - Deliver and Support Ensure directions are followed - Monitor and Evaluate

Question 51

Batch processing

Answer 51

processed in batches and not at the time when they are submitted

Question 52

Online processing

Answer 52

transactions processed as entered

Question 53

Functions segregated in an IT department

Answer 53

The duties of system analysts, computer programmers, and computer operators should be segregated

Question 54

Programmed controls

Answer 54

1. Input controls 2. Processing controls 3. Output controls

Question 55

System development life cycle

Answer 55

1. System analysis 2. Operations and maintenance 3. Implementation and conversion 4. Conceptual design 5. Physical design

Question 56

Functions of internal control objectives

Answer 56

1. Preventive 2. Detective 3. Corrective

Question 57

Executive information systems

Answer 57

provide senior executives with immediate and easy access to internal and external information to assist executives in monitoring business conditions. EIS assist in strategic, not daily decision making

Question 58

Decision support system

Answer 58

a computer based information system that provides interactive support for managers during the decision making process. A DSS is useful for developing information directed toward making particular decisions.

Question 59

Transaction processing system

Answer 59

systems that process and record the routine, daily transactions necessary to conduct business

Question 60

Objective of management information systems

Answer 60

to provide managerial and other end users with reports. These predefined management reports provide managers with information they need to assist them in the business decision making process.

Question 61

Focus areas of the COBIT framework

Answer 61

1. Strategic alignment 2. Value delivery 3. Resource management 4. Risk management 5. Performance measurement

Question 62

COBIT criteria

Answer 62

``` Integrity Confidentiality Efficiency Reliability Availability Compliance Effectiveness ```

Question 63

Segregation of duties between computer operators and computer programmers

Answer 63

a person performing both functions would have the opportunity to make unauthorized and undetected program changes