Chapter 4

Question 1

Name and briefly describe the five major components that make up the information technology of an organization

Answer 1

HARDWARE: Hardware is the actual physical computer or computer peripheral device

SOFTWARE: Software is the systems and programs that process data and turn that data into information

NETWORK: A network is made up of the communication media that allows multiple computers to share data and information simultaneously

PEOPLE: Many people have a role in IT, such as hardware technicians, network administrators, software developers, and end users

DATA: Data is raw facts

Question 2

What are the five functions performed on data in a business information system?

Answer 2

The 5 functions performed on data are:

1. Collect
2. Process
3. Store
4. Transform
5. Distribute

Question 3

Describe the normal series of events in an accounting information system (AIS)

Answer 3

The series of events in an AIS is as follows:

1. The transactions data from source documents is entered into the AIS by an end user
2. The original paper source documents are filed
3. The transactions are recorded in the appropriate journal
4. The transactions are posted to the general and subsidiary ledgers
5. Trial balances are prepared
6. Adjustments, accruals, and corrections are entered
7. Financial reports are generated

Question 4

Name and briefly describe 6 different types of MIS reports

Answer 4

1. PERIODIC SCHEDULED REPORTS: the traditional reports that display information in a predefined format and are made available on a regular basis to end users of the system
2. EXCEPTION REPORTS: reports produced when a specific condition or “exception” occurs
3. DEMAND REPORTS: specific reports that can be printed on demand
4. AD HOC REPORTS: a report that does not currently exist but that can be created on demand without having to get a software developer involved
5. PUSH REPORTS: a report that can actually be “pushed” or sent to a computer screen or computer desktop
6. DASHBOARD REPORTS: a report used by a company to present summary information necessary for management action

Question 5

What are the primary roles of business information systems?

Answer 5

The primary roles of business information systems are to:

1. Process detailed data
2. Assist in making daily decisions
3. Assist in developing business strategies
4. Take orders from customers

Question 6

Name the five functions performed on data by a business information system

Answer 6

The five functions performed on data in a business information system are:

1. Collect
2. Process
3. Store
4. Transform
5. Distribute

Question 7

Describe the two types of processing used in a computerized environment

Answer 7

Batch processing–periodic processing

Online, real-time (OLRT) processing (often referred to as “online processing”)–immediate processing

Question 8

What is a batch control total and how does it differ from a hash total?

Answer 8

A batch control total (or batch total) is a manually calculated total that is compared to a computer-generated total as a means of testing the accuracy and completeness of the input and processing

Batch totals are used for numbers that are normally added, such as dollar amounts

Hash totals are used for numbers that are not normally added, such as account numbers

Question 9

What is the distinction between centralized and decentralized (distributed) processing?

Answer 9

Centralized processing maintains data and performs data processing at one or more central locations

Decentralized processing occurs when computing power and processing are spread over many locations

Question 10

What are the advantages and disadvantages of centralized processing?

Answer 10

ADVANTAGES of Centralized Processing

1. Data is secured better, once received
2. Processing is consistent

DISADVANTAGES of Centralized Processing

1. The cost of transmitting large numbers of detailed transactions can be high
2. There are increased processing power and data storage needs at the central location
3. There is a reduction in local accountability
4. Input/output bottlenecks may occur at high traffic times
5. There may be a lack of ability to respond in a timely manner to information requests from remote locations
6. The entire organization may be vulnerable to problems incurred at a single location

Question 11

List and explain the steps in batch processing

Answer 11

Batch processing is accomplished in two steps:

1. CREATE A TRANSACTION FILE: The first step is to create the transaction file by manually (usually) keying the data (data entry), editing the data for completeness and accuracy, and making any necessary corrections
2. UPDATE THE MASTER FILE: The second step is to update the master file by sorting the transaction file into the same order as the master file and then updating the relevant records in the master file from the transaction file

Question 12

What is the major distinction between batch processing and online processing?

Answer 12

The major distinction between batch processing and online processing is that transactions in a batch processing system are processed in batches and not necessarily at the time those transactions are submitted

In online processing, transactions are processed as the transactions are entered

Question 13

What are the various categories of business information systems?

Answer 13

The categories of business information systems are:

1. Transaction processing systems
2. Decision support systems
3. Management information systems
4. Executive information systems

Question 14

Identify functions that should be segregated in an IT department

Answer 14

The duties of systems analysts, computer programmers, and computer operators should be segregated (although many companies combine systems analysts and computer programmers)

Question 15

What are three types of programmed controls?

Answer 15

Programmed controls are:

1. Input controls
2. Processing controls
3. Output controls

Question 16

What are the six steps of the system development life cycle (SDLC)?

Answer 16

1. Systems analysis
2. Conceptual and physical design
3. Implementation and conversion
4. Training
5. Testing
6. Operations and maintainance

Question 17

What is the objective of executive information systems (EIS)?

Answer 17

Executive information systems (executive support systems) provide senior executives with immediate and easy access to internal and external information to assist executives in monitoring business conditions

EIS assist in strategic, not daily, decision making

Question 18

What is the decision support system (DSS)?

Answer 18

A decision support system is a computer-based information system that provides interactive support for managers during the decision-making process

A DSS is useful for developing information directed toward making particular decisions

Question 19

What are transaction processing systems?

Answer 19

Transaction processing systems are the systems that process and record the routine, daily transactions necessary to conduct business

Question 20

What is the objective of management information systems (MIS)?

Answer 20

The objective of MIS is to provide managerial and other end users with reports

These predefined management reports provide managers with the information they need to assist them in the business decision-making process

Question 21

What are the five focus areas of the COBIT framework?

Answer 21

1. Strategic alignment
2. Value delivery
3. Resource management
4. Risk management
5. Performance measurement

Question 22

What are information criteria described by COBIT?

ICE RACE

Answer 22

1. Integrity
2. Confidentiality
3. Efficiency
4. Reliability
5. Availability
6. Compliance
7. Effectiveness

Question 23

Identify the four domains and related process of the COBIT framework

Answer 23

The four domains and related processes of COBIT are:

Plan and Organize (Direct)

Acquire and Implement (Solution)

Deliver and support (Service)

Monitor and Evaluate (Ensure direction followed)

Question 24

Why is it important to have segregation of duties between computer operators and computer programmers?

Answer 24

It is important that computer operators’ and computer programmers’ duties be segregated because a person performing both functions would have the opportunity to make unauthorized and undetected program changes

Question 25

Why is it important to safeguard files and records?

Answer 25

Safeguarding of files and records is important because inadequate protection may result in loss or damage that might drive an organization out of business; hardware can always be replaced, but data often cannot be

Question 26

What is encryption?

Answer 26

Encryption involves using a password or a digital key to scramble a readable (plaintext) message into an unreadable (ciphertext message)

The intended recipient of the message then uses either the same or another digital key (depending on the encryption method) to convert the ciphertext message back into plaintext

Question 27

What characteristics should a password management policy address?

Answer 27

1. PASSWORD LENGTH: The longer the better. Passwords should be greater than seven characters. Many organizations standardize on eight characters
2. PASSWORD COMPLEXITY: Complex passwords feature three of the following four characteristics: upper case letters, lower case letters, numeric characters, and ASCII characters (e.g., ! @ # $ % ^ & * or ?)
3. PASSWORD AGE: The national security agency (NSA) recommends that passwords should be changed every 90 days. Administrative passwords should be changed more frequently
4. PASSWORD REUSE: The NSA recommends that password reuse of the previous 24 passwords be restricted. The goal is to prevent users from alternating between their favorite two or three passwords

Question 28

What are the four types of computer security policies?

Answer 28

1. Program-level policy
2. Program-framework policy
3. Issue-specific policy
4. System-specific policy

Question 29

Distinguish between digital signatures and e-signatures

Answer 29

Digital signature uses asymmetric encryption to create legally binding electronic documents

Web-based e-signatures are an alternative mechanism for accomplishing the same objective

An e-signature is a cursive-style imprint of a person’s name that is applied to an electronic document and is also considered legally binding

Question 30

What defines an information security policy?

Answer 30

Information security policies state how an organization plans to protect its tangible and intangible information assets

Question 31

How can the internet be defined?

Answer 31

The internet is an international network composed of servers around the world that communicate with each other

Question 32

Identify the costs associated with implementing EDI

Answer 32

1. Legal costs
2. Hardware costs
3. Costs of translation software
4. Costs of data transmission
5. Process reengineering and employee training costs for affected applications
6. Costs associated with security, monitoring, and control procedures

Question 33

Define B2B transactions and identify the three different markets

Answer 33

When a business sells its products or services to other businesses, it is called a Business-to-Business (B2B) transaction:

1. B2B E-COMMERCE: Many businesses buy, sell, or trade their products and services with other businesses
2. ELECTRONIC MARKET: It is very common for B2B transactions to occur electronically via the internet
3. DIRECT MARKET: It also is very common for B2B transactions to occur electronically between businesses when there is a preexisting relationship

Question 34

Identify some advantages of B2B e-commerce

Answer 34

1. Speed
2. Timing
3. Personalization
4. Security
5. Reliability

Question 35

Define electronic funds transfer (EFT) systems

Answer 35

EFT systems are a major form of electronic payment for banking and retailing industries

EFT uses a variety pf technologies to transact, process, and verify money transfers and credits between banks, businesses, and consumers

The federal reserve wire system is used very frequently in EFT to reduce the time and expense required to process checks and credit transactions

Question 36

Define EDI

Answer 36

EDI is the computer-to-computer exchange of business transaction documents in structured formats that allows for direct progressing of the data by the receiving system

Question 37

How are EDI transactions submitted, and what is mapping?

Answer 37

EDI transactions are submitted in a standard data format

Mapping is the process of determining the correspondence between elements in a company’s terminology and elements in standard EDI terminology

Question 38

What are the features of EDI?

Answer 38

The following are the features of EDI:

1. EDI allows the transmission of electronic documents between computer systems in different organizations
2. EDI reduces handling costs and speeds transaction processing
3. EDI requires that all transactions be submitted in a standard data format
4. EDI can be implemented using directed links, VANs, or over the internet

Question 39

What are some controls for an EDI system?

Answer 39

Controls for an EDI system might include:

1. Encryption of data
2. Activity logs of failed transactions
3. Network and sender/recipient acknowledgements

Question 40

What is e-commerce?

Answer 40

E-commerce involves electronic consummation of exchange transactions

E-commerce normally implies the use of the internet but a private network can also be used

Question 41

How does EDI differ from e-commerce on a cost, security, speed, and network basis?

Answer 41

EDI vs. e-commerce includes the following comparisons

1. COST: EDI is more expensive than e-commerce
2. SECURITY: EDI is more secure than e-commerce
3. SPEED: e-commerce is faster than EDI
4. NETWORK: EDI uses VAN (private) and e-commerce uses the internet (public)

Question 42

Define and describe the purpose of BPR

Answer 42

Business process reengineering (BPR) is the analysis and design of business processes and information systems to achieve significant performance improvements

The purpose of BPR is to simplify the system, make it more effective, and improve the entity’s quality and service

Question 43

Define and describe the purpose of ERP

Answer 43

An enterprise resource planning system (ERP) is a cross-functional enterprise system that integrates and automates the many business processes and systems that must work together in various functions (e.g., manufacturing, distribution, human resources) of a business

Question 44

Supply chain management is concerned with what four characteristics of every sale?

Answer 44

Supply chain management is concerned with:

1. Goods received should match goods ordered (What)
2. Goods should be delivered by the date promised (When)
3. Goods should be delivered to the location requested (Where)
4. The goods’ cost should be the lowest possible (How much)

Question 45

Compare and contrast HTML, HTTP, and URL

Answer 45

Hypertext markup language (HTML) is a tag-based formatting language used for web pages

Hypertext transfer protocol (HTTP) is the communications protocol used to transfer web pages on the world wide web

Uniform resource locator (URL) is the technical name for a web address, which directs users to a specific location on the web

Question 46

What are the risks in a business information system?

Answer 46

The risks in a business information system are:

1. Strategic risk
2. Operating risk
3. Financial risk
4. Information risk

Question 47

Name the five threats in a computerized environment

Answer 47

The five threats in a computerized environment are:

1. Virus
2. Worm
3. Trojan horse
4. Denial-of-service attack
5. Phishing

Question 48

What are access controls?

Answer 48

Access controls limit access to documentation, data files, programs, and computer hardware to authorized personnel

Examples include locks, passwords, user identification codes, assignment of security levels, callbacks on dial-up systems, the setting of file attributes, and the use of firewall

Question 49

What is a firewall?

Answer 49

A firewall is a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources

Question 50

What is disaster recovery and what is the difference between a hot site and a cold site?

Answer 50

Disaster recovery consists of plans for continuing operations in the event of destruction of not only programs and data but also processing capability

A hot site is an off-site location that is equipped to take over a company’s data processing

A cold site is an off-site location that has all of the electrical connections and other physical requirements for data processing but does not have the actual equipment

Question 51

What are three types of backups to perform to recover lost data?

Answer 51

1. Full backup
2. Incremental backup
3. Differential backup

Question 52

What are three types of disaster recovery?

Answer 52

1. Disaster recovery service
2. Internal disaster recovery
3. Multiple data center backups

Question 53

What are the three types of off-site location?

Answer 53

1. Cold site
2. Warm site
3. Hot site

Question 54

What is the disadvantage of a disaster recovery and business continuity plan?

Answer 54

The disadvantage is the cost and effort required to implement the plan

Question 55

Identify the four main functions of a DBMS

Answer 55

1. Database development
2. Database query
3. Database maintenance
4. Application development

Question 56

Identify nine components of a LAN

Answer 56

1. Node
2. Workstation
3. Server
4. Network interface card (NIC)
5. Transmission media
6. Network operating system (NOS)
7. Communications device
8. Communication/ Network protocols
9. Gateways and Routers

Question 57

Identify the two types of networks that can be used to provide WAN communications services

Answer 57

VALUE ADDED NETWORK: Privately owned communication network that provides additional services beyond standard data transmission

INTERNET-BASED NETWORK: Uses internet protocols and public communications channels to establish network communications

Question 58

List some of the features of a value added network (VAN)

Answer 58

A value added network:

1. Is privately owned
2. Provides additional services
3. Provides good security
4. Uses periodic (batch) processing
5. May be expensive

Question 59

List some of the features of an internet-based network

Answer 59

An internet-based network:

1. Uses public communications channels
2. Transmits transactions immediately
3. Is relatively affordable
4. Increases the number of potential trading partners

Question 60

What is the difference between an internet and an extranet

Answer 60

An intranet connects geographically separate LANs within a company, whereas an extranet permits specified external parties to access the company’s network

Question 61

What is the basic difference between a database and a database management system?

Answer 61

A database is an integrated collection of data records and data files

A database management system (DBMS) is the software that allows an organization to create, use, and maintain a database

Question 62

What is a data warehouse and what data mining?

Answer 62

A data warehouse is a collection of databases that store both operations and management data

Data mining is the processing of data in a data warehouse to attempt to identify trends and patterns of business activity

Question 63

What are some advantages of a DBMS?

Answer 63

Advantages of a DBMS include:

1. Data redundancy and inconsistency are reduced
2. Data sharing exists
3. Data independence exists
4. Data standardization exists
5. Data security is improved
6. Data fields can be expanded without adverse effects on application programs
7. Timeliness, effectiveness, and availability of information is enhanced

Question 64

What is the basic difference between WANs and LANs?

Answer 64

The basic difference between WANs and LANs is distance

LANs normally are within a fairly limited distance, and WANs allow a much longer distance

Question 65

What are some of the similarities and differences between the internet, intranets, and extranets?

Answer 65

The internet, intranets, and extranets all use internet protocols and public communication networks rather than proprietary protocols and networks so that the same browsers can be used

Intranets connect LANs within a company

Extranets allow a company’s customers and suppliers to access the company’s network