Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Chapter 3 > Chapter 6 > Flashcards

Chapter 6 Flashcards

1
Q

Business Process Management (BPM)

A
  • a management approach that seeks to coordinate the functions of an organization toward an ultimate goal of continuous improvement in customer satisfaction
  • customers can be internal or external
  • effectiveness and efficiency through promotion of innovation, flexibility and integration with technology
  • more flexible than a hierarchical organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

BPM Activities

A
  1. Design: involves the identification of existing processes and the conceptual design of how processes should function once they have been improves
  2. Modeling: introduces variables to the conceptual design for what-if analysis
  3. Execution: design changes are implemented and key indicators of success are developed
  4. Monitoring: information is gathered and tracked and compared with expected performance
  5. Optimization: using the monitoring data and the original design, process manager continues to refine process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

BMP Techniques

A
  1. Define: original process is defined as a baseline for current process functioning or process improvement
  2. Measure: indicators that will show a change to the process (reduced time, increased customer contacts) are determined
  3. Analyze: Various simulations or models are used to determine the targeted or optimal improvement
  4. Improve: improvement is selected and implemented
  5. Control: Dashboards and other measurement reports are used to monitor the improvement in real time and apply the data to the model for improvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PDCA

A
  • Plan: design the planned process improvement
  • Do: Implement the process improvement
  • Check: monitor the process improvement
  • Act: continuously commit to the process and reassess the degree of improvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Measures of BPM

A
  • Can be financial or nonfinancial
  • Correlate directly to managed process
  • Examples:
    • Gross Revenue: measure for sales or other measures of revenue volume in sales-drive organizations
    • Customer Contacts: used in an sales-driven organization
    • Customer Satisfaction: using relationship marketing techniques may consider
    • Operational Statistics: used in manufacturing operations (throughput times, delivery times, or other logistical measures)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Benefits of BPM

A
  • Efficiency: fewer resources are used to accomplish organizational objectives
  • Effectiveness: Objectives are accomplished with greater predictability
  • Agility: Responses to change are faster and more reliable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Shared Services

A
  • refers to seeking out redundant services, combining them, and then sharing those services within a group or organization
  • within organization or group of affiliates
  • Results:
    • Service Flow Disruption: consolidation of work to single location can create waste in transition, rework, and duplication as well as increases in the times it takes to deliver service
    • Failure Demand: demand for shared services caused by a failure to do something or to do something right for a customer
      • when a task must be preformed for a second time because it was first done incorrectly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Outsourcing

A
  • contracting of services to an external provider
    • payroll, call center
    • contractual relationship exists
  • Risks:
    • Quality Risk: defective or substandard product or service
    • Quality of Service: poorly designed service agreements may impeded quality of service
    • Productivity: real productivity might be reduced even though service provider employees are paid less
    • Staff Turnover: experienced and valued staff whose function have been outsourced may leave organization
    • Language Skills: may go offshore. language barriers may reduce the quality of service
    • Security: security of information with a third party might be compromised
    • Qualifications of Outsourcers: credentials of service providers may be flawed. offshore degrees may not be equal to domestic
    • Labor insecurity: increase when jobs move to an external service provider or, as a results of globalization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Offshore Operations

A
  • outsourcing of services or business functions to an external party in a different country
  • common types:
    • information technology
    • business process (call centers, accounting operations, tax compliance)
    • Software research and development
    • Knowledge process (requiring advanced knowledge and specialized skill sets
  • risks are same as outsourcing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Selecting Improvement Initiatives

A
  • Irrational Methods: intuitive and emotional/ lack structure and systematic evaluation/ based on fashion, fad, or trend/ result from immediate need for improvement/ short term view
  • Rational Methods:
    • Strategic Gap Analysis: external (environmental) assessments and internal (organizational) assessments performed
    • Review Competitive Priorities: review of price, quality, or other considerations
    • Review Production Objectives: review performance requirements
    • Choose Improvement Programs: decide how to proceed for improvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Implementing Improvement Initiatives

A
  • Internal Leadership: senior management must provide direction and commit resources to implementation
  • Inspections: ongoing implementation must be monitored and measured
  • Executive Support: executive management must be visibly supportive of the initiative
  • Internal process Ownership: individuals most deeply involved with process management must be committed to the need for process improvement and have the resources to carry it out
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Business Process Reengineering (BPR)

A
  • technique to help organization rethink how work is done to dramatically improve customer satisfaction and service, cut costs of operations, and enhance competitiveness
  • not synonymous with BPM
  • BMP = incremental change / BPR = radical changes
  • ground up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Just-in-Time (JIT)

A
  • anticipates achievement of efficiency by scheduling the deployment of resources just-in-time to meet customer or production requirements
  • concept that inventory does not add value and maintenance of inventory produces wasteful costs
  • Benefits:
    • synchronization of production scheduling with demand
    • Arrival of supplies at regular intervals throughout the production days
    • improved coordination and team approach with suppliers
    • more efficient flow of goods between warehouses and production
    • reduced setup time
    • greater efficiency in the use of employees with multiple skills
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Total Quality Management (TQM)

A
  • an organizational commitment to customer-focused performance that emphasizes both quality and continuous improvement
  • 7 Critical Factors:
    • Customer focus:
      • external & internal customers
    • Continuous Improvement
      • constantly strives to improve product and process
      • quality is not goal but part of process
    • Workforce Involvement
      • team approaches and worker input to process development and improvement
      • quality circles
    • Top Management Support:
      • actively describe and demonstrate support for quality mission
      • through quality circles or involvement with suppliers
    • Objective Measures
      • quality measure must be unambiguous, clearly communicated, and consistently reported
    • Timely recognition:
      • acknowledgement of achievements (compensation)
    • Ongoing Training
      • ensure workforce understanding and involvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Quality Audits and Gap Analysis

A
  • technique used as part of strategic positioning function in which management assesses the quality practices of the organization
  • Quality Audits:
    • Analysis that identifies strengths and weaknesses
    • strategic quality improvement plan that identifies the improvement steps that will produce the greatest return to the organization in the short and long term
  • determines the gap, or difference, between industry best practices and the current practices of the organization
    • target areas for improvement
    • common objective database from which to develop strategic quality improvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lean Manufacturing

A
  • requires the use of only those resources required to meet the requirements of customers
  • only invest in value-added activities
  • waste reduction
    • Kaizen and activity-based management methods use empirical data to measure and promote efficiencies

Continuous Improvement (Kaizen)

  • efforts that improve the efficiency and effectiveness of organization through greater operational control
  • occurs at manufacturing stage

Process Improvements/ Activity-Based Management (ABC & ABM)

  • Cost Identification: highlight costs of activities
    • cost data makes the identification of costs of quality and value-added activities more obvious
  • Implementation
    • ABC & ABM programs are more likely to have information they need to implement TQM program
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Demand Flow

A
  • manages resources using customers demand as the basis for resource allocation
  • contrasts with resource allocations based on sales forecasts or master scheduling
  • akin to JIT in that it focuses on the efficient coordination of demand for goods in production with the supply of good in production
  • kanban systems used for visual representation
  • relationship to lean in that it maximize efficiencies and reduces waste
  • one-piece flow manufacturing environments, in which components move progressively from production function to production function, benefits from
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Theory of Constraints (TOC)

A
  • states that organizations are impeded from achieving objective by the existence of one or more constraints
  • organization or project must be consistently operated in a manner that either works around or leverages that constraint
  • maximization of throughput
  • Constraint: anything that impedes the impedes the accomplishment of an objective/ limited in total and sometimes only face one
    • examples:
      • internal:
        • when market demands more than the system can produce
        • equipment may be inefficient or used inefficiently
        • people may lack necessary skills or mind-set necessary to produce required efficiencies
      • external:
        • when system produces more than market requires
  • Steps:
  1. Identification of the Constraint
  2. Exploitation of Constraint:
  3. Subordinate Everything Else to the Above Decision
  4. Elevate Constraint
  5. Return to First Step
  • Buffer: used throughout TOC
    • added before and after each constraint to ensure that enough resources to accommodate the constraint exist
    • eliminate effect of constraint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Six Sigma

A
  • uses rigorous metrics in the evaluation of goal achievement
  • continuous quality-improvement program that requires specialized training
  • expands on the PDCA model
  • Existing Product and Business Process Improvements (DMAIC)
    • define problem: based on customer comments, failed project goals, or others to determine the existence of a problem
    • Measure Key Aspects of the Current Process: collect relevant data
    • Analyze Data: examine relationships between data elements
    • Improve or Optimize Current Processes: use models and data to determine how the process can be optimized
    • Control: develop a statistical control process to monitor results
  • New Product or Business Process Development (DMADV)
    • Design Design Goal: design goals that are consistent with customer demands
    • Measure CTQ (Critical Quality Issues) analyze value chain to determine the features that provide value to customer and the production capabilities that are available
    • Analyze Design Alternatives: develop different methodologies to produce the new product
    • Design Optimization: use modeling techniques to determine optimization of the proposed process
    • Verify the Design: implement and test the plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

IT Governance

A
  • provides a clear understanding of all stakeholders and key functions involved, including people, processes, technology, performance metrics, risk managements, IT department operations, and what benefits results from IT initiatives
  • outlines how leadership accomplishes the delivery of mission-critical business capabilities using IT strategies, goals, and objectives
  • responsibility of board of directors and executive management
  • create applicable polices and procedures as well as determine the proper organizational structures
  • effective management of data
  • data must be available to users, have proper integrity, be in useful format and be secure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Elements of IT Governance

A
  1. Availability
    1. right employee at the right time
    2. security is an priority
  2. Architecture
    1. job roles and IT application should be designed to enable fulfillment of governance objectives
  3. Metadata:
    1. data dictionaries
    2. data describing other data
    3. robust in terms of breadth and specificity
  4. Policy
    1. help translate management and governance into practice
  5. Quality
    1. data integrity crucial
    2. ensuring basic standards are met
  6. Regulatory Compliance and Privacy
    1. protection of customers PII or PHI
    2. also must be inline with CCPA and HIPAA
  7. Security
    1. secure preservation, storage and transmission of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

COSO Internal Control- Integrated Framework

A
  • created by the Treadway Commission
  • covers internal control, risk management, and fraud deterrence
  • Information Technology Factors:
    • Control Activities:
      • Principle 11: there should be general controls over technology to achieve organizational objectives
      • must understand dependency between general controls over IT and the use of technology in business processes
      • controls over relevant technology infrastructure, security management, technology, acquisition of technology, and maintenance processes
    • Information and Communication:
      • Principle 13: organization should acquire, create, and use quality information to support internal controls
      • identify organization’s information needs, capturing both external and internal sources of data, processing relevant data into useful information, and maintain quality when processing the data
      • cost benefit analysis
  • Principle 14: effective communication of information is necessary to support internal controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

ISACA’s Control Objectives for Information and Related Technology (COBIT) Framework

A
  • nonprofit organization that developed
  • developed to help companies manage, optimize, and protect information technology assets
  • Governance Stakeholders
    • distinguishes between governance and managements, recognizing them as unique disciplines that exist for different reasons
    • governance is responsibility of board of directors, audit committee, executive committee, marketing committee
    • management is responsible for daily planning and administration of company operations (CEO, CFO, COO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

IT Governance and Organizational Objectives

A

Vision:

  • represents its aspirations and goals while strategy is what helps the company reach those goals
  • goals described in vision statement
  • IT governance should be designed to facilitate achievement of those goals

Corporate Strategy

  • way in which organization achieves goals and objectives from its vision
  • shapes organization’s operations and business model
  • IT governance must be in support of
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

IT Strategy

A

Factors that Impact:

  • Virtual/ Physical Network Design:
    • computing power of a company will be key element
    • depends of nature of business
  • Centralized/ Decentralized Network Design
    • organization with multiple offices across a wide range of locations - decentralized
  • Cybersecurity
    • some organization have more regulatory burdens and compliance needs than others
  • Disaster Recovery and Business Continuity
    • degree of recovery speed for system is more important in some environments
  • Available IT Personnel:
    • insourced, outsourced or combo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Structuring and Executing IT Governance

A
  • input from top leadership, middle managers, IT staff, end users, and external stakeholders
  • right policies and procedures in place to main relevancy, provide oversight, and align with organizational goals
  • Board of Directors:
    • appointment of those who will plan and administer policies
    • must evaluate IT governance to ensure they meet strategic and operational needs
  • Executive Management
    • structure is in place and executed effectively
    • set tone at the top for ethical climate or attitude toward policies
  • Middle Management
    • responsible for carrying out governance policies and making sure that subordinates are doing the same
    • appropriate resources and support
  • IT Support Staff
    • Strategic or Executive-level IT Staff:
      • executive or middle managers
      • daily planning and governance policies and carrying them out
      • Chief Technology Officer
    • Network Engineers:
      • responsible for designing and maintaining company network
      • configuring servers, routers, switches, internet connectivity
    • Help Desk and Lower-Level IT Support:
      • first responders when end users have trouble shooting needs
    • Cybersecurity Staff:
      • ensure safe and secure usage of company data and IT assets
    • Function-Specific Staff:
      • discipline-specific job roles
      • larger companies
      • experts for specific items
  • Accountants:
    • Stewards of Accounting Information Systems (AIS)
      • accountants know their information needs best and thus provide input to system developers
    • Members of Project Development Teams
      • participation in project development team
      • real time instead of reactionary
    • Testers
      • test to verify that controls are implemented and functioning properly
  • End Users
    • best to understand the day-to-day needs of the technology
  • External Stakeholders
    • customers or stakeholder such as auditors or regulators can drive change in IT governance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Project Development Teams

A
  • formed for new IT projects typically include members of management, IT systems personnel, accountants, and system users
  • responsible for project planning and tracking, IT infrastructure design, change management, and monitoring project performance.
  • Tasks:
    • monitoring the project to ensure timely and cost-effective completion
    • managing the human element (resistance to change)
    • frequently communicating with users and holding regular meetings to consider ideas and to discuss progress so that are not surprises at project completion
    • managing risk and escalating issues that cannot be resolved within the team
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Steering Committees

A
  • aka Project Steering Committee
  • individuals within an organization who review and approves long-range plans and oversees its information system
  • consists of high-level management and experts (CIO, controller, IT department heads)
  • oversight role
  • responsible for:
    • developing and communicating strategic goals
    • reviewing the IT budget and allocation of IT costs
    • Providing ongoing guidance and addressing big-picture issues that arise
    • ensuring management engagement and participation
    • monitoring the project development team’s progress
  • more holistic view
  • address concerns across business units
  • help facilitate coordination and integrations of information systems activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Business Impact Analysis (BIA)

A
  • helps to identify and assess risks
  • identifies business units, departments, and processes that are essential to the survival of an entity
  • identify organizational impact in event of failure or disruption
  • identify resources required to resume business activities in case of disaster
  • Assessing IT Governance Risks
  • Objectives:
    • estimate the quantitative or financial impact to the organization, assuming a worst-case scenario
    • estimate the qualitative impact to the organization and the effect it could have on operations, assuming a worst-case scenario
    • identify the organization’s business unit processes and the estimated recovery time frame
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Risk Assessment for IT Resources

A
  • need to know what IT resources and assets exist
  • determine base resources it needs to sustain minimum operations
  • document the following regarding assets:
    • date placed in service
    • machine specifications
    • make/model of hardware and software
    • operating systems installed
    • software applications installed
    • security software installed
    • firmware installed
    • assigned users and department
    • cost
    • insurance or any associated warranties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Impact Risk of IT Governance

A
  • determines criteria for categorizing the list of information resources as high, moderate, or low related to the effect on day-to-day operations

High

  • department cannot operate without resource
  • may experience a high recovery costs
  • may fail to meet the organization’s objective or maintain its reputation

Moderate

  • could partially function temporarily for a period of days or a week
  • may experience some cost of recovery
  • may fail to meet the organization’s objectives or maintain its reputation

Low

  • could operate for an extended period of time
  • may notice an effect on achieving the organization’s objectives or maintaining its reputation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Likelihood of Risk in IT Governance

A

High Likelihood

  • risk is highly probable, has occurred recently, can occur frequently, or controls to prevent it are ineffective

Medium Likelihood

  • risk could occur, but controls are in place that may impede successful exercise of vulnerability

Low Likelihood

  • risk is improbable, or control are in place to prevent or significantly impede successfully exercise of the vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

p 24 & 25

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

IT Infrastructure

A
  • multiple, interconnected technological components, with the core infrastructure involving a combination of on-premises and outsourced hardware, software, and specialized personnel
  • Hardware
    • Computer Hardware
      • microprocessors, graphics and sound cards, hard drives, RAM, power supply, motherboard
    • External hardware Devices
      • external peripheral devices, mice, keyboards, speakers
    • Infrastructure Housing
      • data centers, ventilation and climate controls for data centers
  • Networking Devices
    • Routers
      • connecting devices from a network
      • act as link between modem which connect computer to internet and organization’s switches
    • Switches
      • similar to routers
      • connect and divide devices within a computer network
      • allows multiple devices to share the same network
    • Gateway
      • computer or device that acts as an intermediary between different networks
      • transforms data from one protocol into another so that information can flow between networks
      • protocol is a rule that governs the way in which information is transmitted
    • Servers
      • physical or virtual machines that coordinate the computers, programs and data
    • Firewall
      • software applications or hardware devices that protect a person’s network traffic by filtering it through security protocols with predefined rules
      • Types:
        • Basic Packet-filtering
        • Circuit-Level Gateways: verifies source of packet
        • Stateful Multilayer Inspection Firewall: combine packet-filtering and network address translation
        • Network Address Translation Firewalls: assign an internal network address to specific, approved external sources
        • Next-Generation Firewalls: can assign different firewall rules to different application as well as different users
  • Software
    • instructs hardware on how to operate
  • Networks
    • group of computers and other machines that are connected through networking devices such as routers or modems
    • wired or wireless (LANs, WANs)
  • Mobile Technology
    • laptops, hotspots mobile phones
    • IoT (internet of things) device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Role of Management Information Systems

A
  • enables companies to use data as part of their strategic planning process as well as tactical execution of that strategy
  • often has subsystems
  • provides users predefined reports that support effective business decisions
  • feedback on daily operations and financial and nonfinancial information
  • support both internal and external business decisions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Subsystems of Management Information Systems

A
  • Accounting Information System (AIS)
  • Decision Support Systems (DSS)
  • Executive Information System (EIS)
  • Customer Relationship Management System (CRM)
  • Inventory Management
  • Knowledge Management Systems (KMS)
  • Supply Chain Management (SCM)
  • Enterprise Resource Planning (ERP)
  • Enterprise Performance Management
  • Communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Accounting Information System

A
  • AIS
  • for accountants and financial managers
  • collects records, and stores accounting information
  • creates an audit trail for accounting transactions
  • allows for trace back to source documents
  • 3 Subsystems
    • Transaction processing Systems: (TPS)
      • coverts economic event into financial transactions (journal entries)
      • distributes information to support daily operations
      • covers sales cycle, conversion cycle and expenditure cycle
    • Financial reporting System TRS or General Ledger System (GLS):
      • aggregates daily financial information from TPS for infrequent events such as mergers, lawsuit settlements, or natural disasters
      • enable timely regulatory and financial reporting
    • Management Reporting System (MRS)
      • provides internal financial information to solve day-to-day business problems
      • budgeting, variance analysis, cost-volume-profit analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Functions of AIS

A

Functions:

  • Collect, record, and store data and transactions
  • Transform data into information through compilation and reporting
  • Safeguard and maintain data integrity

Sequences:

  1. transaction data from source documents is entered into the AIS by an end user, via the internet by a customer, or automatically through readable technology such as bar codes or radio frequencies identification tags (RFID)
  2. original source documents are filed
  3. transactions are posted to appropriate journal
  4. transactions are posted to general and subsidiary ledgers
  5. trail balances are prepared
  6. adjustments, accruals, and corrections are entered as needed
  7. financial statements and reported are generated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Decision Support Systems (DDS)

A
  • an extension of an MIS that provides interactive tools to support day-to-day decision making
  • provide information, facilitate the preparation of forecasts, allow modeling of various aspects of a decision
  • aka expert system
  • What-if Scenarios:
    • help drive management’s decisions
    • used in forecasting production planning, expense, and revenue projections and expected growth
  • Artificial Intelligence:
    • high heavily on
    • used to automate decisions
  • examples:
    • inventory control
    • revenue optimization
    • traffic planning
    • capital investment planning systems
    • transaction processing systems
    • database query application
    • financial modeling application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Executive Information Systems (EIS)

A
  • provides senior executives with immediate and easy access to internal and external information to assist in strategic decision making
  • consolidates information
  • can be stand alone or subsystem
  • high-level reports and visualizations that allow for big-picture decision making
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Customer Relationship Management System (CRM)

A
  • strategic drivers for organizations
  • monitors and manages interactions between the organization and its past, current and potential customers
  • objectives:
    • enhance existing customer satisfaction
      • improve retention
      • increase customer spending
    • attract new customers
    • enhance targeted marketing and promotions to new and existing customers
    • anticipate customer needs to drive sales and satisfaction
    • enable cross-selling and upselling of products and services
    • forecast sales and manage sales staff
    • manage sales leads
  • managing leads to better brand recognition, higher revenue, and ultimately higher profits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

CRM Strategies

A
  • collecting and capturing information about customers to create customer profiles that include data points
    • loyalty cards, reward programs and satisfaction surveys
    • data mining of social media and online reviews
  • creating personalized experiences and promotions for individual customers
  • using business intelligence to automate recommendations and cross-selling opportunities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

CRM Benefits

A
  • increase customer satisfaction through personalized marketing efforts to tailor experience to individuals
  • increased response rates and decrease cost of marketing
44
Q

Types of CRM

A
  • Operational CRM:
    • automation of task such as sales, service, and marketing to streamline and simplify business process
    • generate leads and convert leads into customers
  • Analytical CRM:
    • designed to collect and analyze customer information and provide insights to management to aid in decision-making process
  • Collaborative or Strategic CRM:
    • enable organization to achieve its strategic goals by providing collaboration and sharing of customer information across functions such as sales, marketing, service, and support teams
45
Q

Types of CRM

A
  • Operational CRM:
    • automation of task such as sales, service, and marketing to streamline and simplify business process
    • generate leads and convert leads into customers
  • Analytical CRM:
    • designed to collect and analyze customer information and provide insights to management to aid in decision-making process
  • Collaborative or Strategic CRM:
    • enable organization to achieve its strategic goals by providing collaboration and sharing of customer information across functions such as sales, marketing, service, and support teams
46
Q

Inventory Management

A
  • either stand-alone or apart of broader management information system
  • software designed to assist with tracking, procurements, and distribution of inventory items
  • track quantities and trigger reordering
  • usually connected to point of sale
47
Q

Knowledge Management System (KMS)

A
  • any IT system that disseminates knowledge related to organization
  • with external parties or internal
  • examples
    • training videos
    • FAQ
48
Q

Enterprise Resource Planning (ERP)

A
  • cross-functional systems that are utilized to support different business functions and allow for the integration of information across departemnts, such as accounting, customer management, finance, human resources, inventory management, manufacturing, makerting, and vendor management
  • real-time communication
  • operating under centralized database and user interface
49
Q

Enterprise Resource Planning Pros & Cons

A

Benefits:

  • stores information in central repository so data is only entered once
  • acts as the framework for integrating and improving an organization’s ability to monitor and track sales, expenses, customer service, distribution and other functions
  • Provides vital cross-functional information quickly to managers across the organization in order to assist them in decision-making process
  • improve customer service
  • allows great access controls so that user privileges for multiple systems can be centrally managed

Disadvantages:

  • significant set up time
  • can be cost prohibitive because the required hardware, software, and training can include significant development and implementation costs as well as maintenance
  • integration of all business units can be complex bc integration of disparate systems may be difficult from a technology and process standpoint
  • causes significant changes to business processes which can lead to error, user resistance, and low adoption rate
50
Q

Enterprise Performance Management

A
  • aka Business Performance Management (BPM) or corporate performance management (CPM)
  • software solutions designed to help executives make strategic decisions
  • from financial perspective, enables leaders to plan, budget, and forecast business performances
  • consolidates financial results
51
Q

E-Commerce

A
  • electronic commerce platform to facilitate the sales of goods and services using the internet
  • removes overhead costs
  • create markets that might not exist otherwise
  • promotes competitive pricing
  • allows for product comparison more quickly
  • provides parity in information among market participants
  • Cons:
    • lag time for shipping
    • less human customer support
52
Q

Types of E-commerce

A
  1. Business-to-Business
    1. buying and selling goods and services between business entitles
    2. allows to streamline processes and establish efficient and effective relationships
  2. Business-to-Consumer
    1. allows businesses to interface and sell goods to their customers
    2. online via retail sites
    3. Types:
      1. Standalone sites
        1. smaller companies
        2. utilize shopping cart software
      2. Integrate Retail sites
        1. larger companies
        2. integrated so that sales are the same as if they were in a store
  3. Consumer-to-Business
    1. customers sell goods to business
  4. Consumer-to-Consumer
    1. online market place
    2. host acts as intermediary and charges a fee for service
  5. Government E-commerce:
    1. allows users and organizations to make, or receive and make, payments related to taxes and other regulatory requirements
53
Q

E-commerce Payment Methods

A
  • companies often use third party vendor
  • helps reduce payment processing time and cost
  • technology based on block chain
54
Q

IT Outsourcing

A
  • can outsource activities such as software, data entry, data storage, data management, disaster recovery, and network management
  • Pros:
    • usually lower cost/ pay for just what you need instead of large investment in hardware, software, and IT staff
    • Expertise: no need to invest in training internal employees/ useful for companies who don’t need a full time IT staff
    • Resources: access to specialized and high-quality resources
    • Enhanced focus on Core Business
  • Cons:
    • Less Control and have to grant IT firm access to sensitive information
    • Quality Control: service providers may not perform up to the expectations and desired quality
    • Loss of Immediate access to IT Support
55
Q

Cloud Computing

A
  • renting storage space, processing power, proprietary software, or a combination on remote servers from another company rather than purchasing and building it internally
  • offers infrastructure elasticity for changes in demand
  • cloud service provider performs all maintenance and tech support on hardware
56
Q

Risk of IT Outsourcing

A
  • Security and Privacy Practices:
    • security standards may not meet requirements of the organizations which can:
      • lead to inadequate controls or ineffective implementation of controls
      • misuse or abuse of organization’s data
  • Data Accessibility:
    • data can become inaccessible or overridden
    • data can be lost (either due to malice or mistake)
  • Data Disposal:
    • data can possibly not be effectively deleted
  • Vulnerability for Attacks:
    • if multiple firms are using same provider, an attack on one firm can lead to a beach for another
57
Q

SOC 1

A
  • governed by the Statement on Standards for Attestation Engagements (SSAE) 18
  • objective is to provide assurance that the service organization’s controls are designed and operating effectively so that financial statements are not negatively impacted
  • helps mitigate inherent risks in outsourcing IT functions
  • types:
    • Type 1: focuses on the fairness of the presentation of management’s description of the service organization’s systems and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date
    • Type 2: focuses on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
58
Q

SOC 2

A
  • governed by SSAE 19
  • for users who need attestation concerning controls as they relate to security, processing integrity, availability, and privacy
  • important for vendor management, oversight of a company, risk management, corporate governance, and regulatory oversight
  • types:
    • Type 1: report of management’s explanation or description of a given service company’s systems as well as the suitability of control design
    • Type 2: report of management’s explanation or description of a company’s control design and its operating effectiveness of internal controls
59
Q

SOC 3

A
  • reports are also for users who need attestation concerning controls as they relate to security, processing integrity, availability, and privacy
  • for companies that do not have knowledge required to make an effective use of the SOC 2 report
60
Q

Big Data

A
  • corporate accumulation of massive amounts of data that can be used for analysis, commonly referred to as data analytics
  • data collection is done passively, actively, by a person, or by a technology
  • sources include loyalty/ reward programs, customer focus groups, radio frequency identification (RFID tags), barcodes, and activity detected from sensors on cameras linked to the internet (IoT- internet of things)
61
Q

Dimensions of Big Data

A
  • Volume
    • quantity and amount of data points
    • various sources of data require didn’t volumes of storage (text file v. video file)
  • Velocity
    • speed of accumulation of data processing
    • ex. price of every transaction of a stock, or real time weather data collection
  • Variety
    • 3 Types:
      • Structured: data with a defined organizational format that has specific parameters
        • relational data base
      • Unstructured: format is not predefined and lacks organization
        • review post online or text in instruction guide
      • Semi-Structured: hybrid
        • comma-separated values (CSV file) → no restriction on size or length
  • Veracity: reliability, quality, or integrity of data
    • processes should be implemented to ensure data is both accurate and timely
  • Value: insights Big Data can yield
    • important to understand the question or business problem that needs solved
    • shapes the transformation and analytical process
62
Q

Big Data Confidentiality & Privacy

A
  • confidential information must be safeguarded to protect it from unauthorized access and exploitation
  • examples include employee records, banking and financial information, trade secrets, marketing strategies, and intellectual property
  • organizations must meet the privacy expectations of their customers
  • What controls are in place?
  • need ethics in all parts of the data life cycle (capture, maintenance, synthesis, analytics, usage, publication, archival, and purging)
  • organization governance program should be lead by a designated individual
63
Q

Relational Databases

A
  • most efficient and effective method
  • allows data to be stored in different tables and tables are linked through relationships using key fields
  • concepts:
    • tables: organizational structures within relational databases that establish columns and rows to store specific types of data records
      • Customer table would be a table where an entity would store all customer records
    • attributes (columns): headers of a table that describe the characteristics or properties desired to be known about each entity
      • Customer table attribute could be Last Name
    • records (rows): rows within a table in a relational database. each row contains information about one entity within the table
      • information about a single customer
    • fields: space created at the intersection of a column and row in a table in which data is entered
      • information placed in the field is called “data values”
    • data types: tell us the category of data
      • single character, string of characters, Boolean → provides yes/no or true/false
    • database keys: act as unique identifiers and create relationships within the relational database
      • primary key: unique identifiers for a specific row within a table and are made up of one or more attributes
        • each row has a unique primary key
        • ex. social security number
        • when has one or more attributes = composite or concatenated key
      • foreign key: attributes in one table that are also primary keys in another table
    • all other keys that are not primary or foreign are considered ‘non-keys’ or descriptive attributes
64
Q

Relationships

A
  • results from a link between a primary key in one table and a foreign key in another tables
  • allows for simultaneously retrieve information from both tables
65
Q

Data Dictionary

A
  • aka Metadata
  • provides information about the data in a database
  • list attributes and denotes the features and limitations of that attribute
  • includes data types, description, field size or length, and whether data is primary, foreign, or non-key attribute
  • Views:
    • Logical Database View: how the data paneers to a user
    • Physical Database View: pertains to how the data is actually stored within the database
66
Q

ETL Process

A
  • Extract:
    • can be automated, semiautomated, or manual extraction
    • native source and means of accessing data must be determined in the initial ETL phase
    • Steps:
      • Data identification
      • Obtaining the Data
        • if automated, an application programming interface (API) will be designed to extraction can happen
        • Requesting Data
        • or Manual Extraction
  • Transform:
    • most time-consuming steps
    • taking often-unstructured data, cleaning it, and validating it to ensure it is accurate and ready for analysis
    • Cleaning Steps:
      • determine the desired output, which includes attributes needed and formatting those attributes
      • deduplicate data points, remove inaccurate data, and account for outliers
      • Address missing fields
      • remove all attributes that will not provide value to analysis
      • ensure data is reasonable by performing spot-checks
      • remove sensitive information not needed for analysis
      • split data for analysis (data parsing)
      • use trimming tools to remove unneeded or extra spaces
    • Validating data after transformation to ensure data is not lost or inappropriately modified in cleaning process
  • Load:
    • load into software program
    • storage:
      • operational data storage: (ODS) often sources for data warehouses and are used to capture ongoing operational activities form a variety of input systems
      • Data Warehouse: very large repositories that are centralized and utilized for reporting and analysis rather than transformation
      • Data Mart: like warehouse but is more focused on a specific purpose such as marketing or logistics/ subset of data warehouse
      • Data Lake: contains both structured and unstructured data/ natural or raw format
67
Q

Data Storage Attributes

A
  • Relevance
    • need to define the purpose
    • directly describing attributes that has been labeled as primary key
  • Elements to be Included and Excluded
    • outlines the universe of data points housed within a repository
  • Relationship between Elements Include Validity, Completeness, and Accuracy
    • data being entered in a correct manner
    • no more data is required
    • data is free from errors and is true
68
Q

Types of Loading

A
  • Initial (Full) Loading:
    • occurs when the entire data set is loaded into repository
    • no prior iterations
  • Incremental Loading:
    • only differences between existing data and new data added
    • can be done in real time or in batches
  • Full Refresh Loading
    • entire data set is loaded into repository, replacing the previous load
69
Q

Data Analytics

A
  • process of taking raw data, identifying trends, and then transforming that knowledge into insights that can help solve complex business problems
  • used in validation, planning, insights, risk mitigation, and decision support
70
Q

Types of Data Analytics

A
  • Descriptive Analytics
    • what happened
    • summarizes activity that has occurred within a given attribute or attributes
    • techniques:
      • observing summary statistics
      • sorting data to reveal ranges or patterns
      • analyzing data based on age, location, time, income
  • Diagnostic Analytics:
    • reveal why an event happened
    • attempts to uncover correlations, patterns, and relationships with data set to explain why
    • techniques:
      • drill-down or mining
      • cluster or profile analysis to determine if any similar groupings of variables reveal insight or unknown answers to questions
      • correlation analysis between two or more variables to explain why certain data points changes
      • sequence checks to see if there are gaps or duplication issues
  • Predictive Analytics:
    • help to forecast future data points by transforming insight into foresight
    • techniques:
      • regression analysis: mathematical model to determine the relationship between dependent variable and one or more independent variable
      • classification analysis: utilizes already labeled data points and allocates them into similar groups/ differs from regression because it works to predict a category using predefined criteria based on past activities
      • decision trees: rely on the probability of outcomes/ begin with single decision node and branch out from there
  • Prescriptive Analytics:
    • reveal how to achieve desired event
    • describes next course of action
    • take probability learned from predictive and turns into recommendations
    • techniques:
      • AI and machine learning
      • Scenario modeling and “what if” analysis
71
Q

Uses of Data Analytics

A
  • Customer and Marketing Analytics
    • build customer profiles
    • analyze spending preferences
    • optimizes marketing strategies
  • Managerial and Operational Analytics
    • usually run in real time
    • maximizes efficiencies and production
    • incorporate into key performance indicators
  • Risk and Compliance Analytics
    • monitor transactions through continuous auditing, monitoring and reporting
    • adherence to controls, covenants, and applicable regulations
  • Financial Analytics
    • allow organizations and analysts to monitor financial performance through data mining and ratio analysis on continuous basis
  • Audit Analytics
    • types:
      • assessing risk
      • providing assurance around certain operations
      • establishing thresholds and expectations
      • improving quality of audit by testing full populations
  • Tax Analytics
    • used by government entities, organizations, tax accountants, and analytics to organize tax information and guidelines
    • used in tax planning
    • monitor tax performance indicators
72
Q

Types of Data

A
  • Qualitative Data: nonnumerical and considered to be categorical in nature
    • nominal: simplest form of data that cannot be ordered or ranked
    • ordinal: categorical and not quantitative but can be ranked
  • Quantitative Data: numerical in nature
    • discrete: whole numbers and can only have certain values
    • continuous: can take on any value within a given interval
73
Q

Considerations for Visual Data Design

A
  • Scale Appropriately
  • Use of Legends Appropriately
  • Avoid Bias
  • Use Consistent Time Periods
  • Use Colors that can be Easily Seen and Follow Cultural Norms
  • Use Clear and Easy-to-Read Titles and Labels
74
Q

Factors Driving Change in IT Infrastructure

A
  • existing systems are no longer supported by vendors who provide technical support
  • existing systems are no longer compatible with modern software or hardware
  • advances in technology have resulted in more effective systems being available
  • competitive advantages to be gained through improvements in processes
  • growth or expansion of organization requires more scalable solutions
  • shifts in consumer demand or preferences that require changes in the way technology preforms
75
Q

Change Management

A
  • term used to describe the policies, procedures, and resources employed to govern change in an organization
  • either initiated from within the organization or imposed from without
  • usually impact IT structure and governance
  • robust change management process is key component for successfully ensuring that organization can keep up with changing needs without losing ability to operate or achieve its strategic objectives
  • Steps:
    • identify and define the need for change
    • design a high-level plan including goals to be achieved as a result of change
    • obtain approval from management for the change
    • develop an appropriate budget and time line
    • assign personnel responsible for managing the change
    • identify and address potential risks that could occur during the change or post implementation
    • provide an implementation road map
    • procure necessary resources, including IT, and train the appropriate personnel
    • test the change
    • execute the implementation plan
    • review and monitor change implementation and test as needed to verify effective implementation
76
Q

Change Management Risks

A
  • Selection and Acquisition Risks
  • Integration Risks
  • Outsourcing Risks
77
Q

Selection and Acquisition Risks in Change Management

A
  • Lack of Expertise
    • purchasing agents does not have knowledge or organizational perspective to purchase software that meets needs of organization
  • Lack of Formal Selection and Acquisition Process
    • could result in overspending, inappropriate related party transactions or kickbacks, or software that does not align with the IT governance strategy
  • Software/ Hardware Vulnerability and Incompatibility
    • proper safeguards and security features are needed to adequately protect an organization from unauthorized use does not exist
78
Q

Integration Risks in Change Management

A
  • User Resistance
  • Lack of management Support
  • Lack of Stakeholder Support
  • Resource Concerns
  • Business Disruption
  • Lack of System Integration
79
Q

Outsourcing Risks in Change Management

A
  • Lack of Organizational Knowledge
  • Uncertainty of the Third Party’s Knowledge and Management
  • Lack of Security
80
Q

Change Management Controls

A
  • designed to minimize the possibility that inherent risks will cause business disruptions or negatively impact IT systems
  • Include:
    • Policies and Procedures
      • outline how it should be executed from selection to integration
    • Emergency Change Policies
      • separate contingency policies and procedures in case of emergency
    • Standardized Change Requests
      • use of consistent forms and request protocols for timely completion
    • Impact Assessment
      • effect a change will have on the organization’s business activities a well as any potential disruptions
    • Authorization:
      • protect against unauthorized modification to project’s scope
    • Separation of Duties
      • protect against assets or information being utilized improperly
    • Conversion Controls
      • help to minimize data conversion errors related to the impacted IT assets and resources
    • Reversion Access
      • ability to revert to prior system or process that existed before the change in the case of unexpected complications
    • Pre-Implementation Testing
    • Post-Implementation Testing
    • Ongoing Monitoring:
81
Q

Outsourcing Controls in Change Management

A
  • Outsourcing Policies and procedures
  • System and Organization Controls (SOC) Reports
  • Utilize Key Performance Indicators
82
Q

System Development Life Cycle

A
  • provides a model for organizations to create, modify, or acquire information systems to meet the needs of the organizations and their users
  • Steps:
    • Plan
    • Analyze
    • Design
      • conceptual design: broad translation of business requirements into technical requirements
      • logical design: hardware and software specifications
      • physical design: more granular platform and product specifications
    • Develop
    • Test
    • Deploy
      • Plunge or Big Bang: entire new system is immediately delivered to all customers and clients (lowest cost/ highest risk)
      • Ramped (Rolling, Phased) Conversion: portions of the new system replace corresponding parts of the old system, one piece at a time (above-average costs, below average risk)
      • A/B Testing (Pilot, Canary): subset of users gets the new system while the old is still in use(average cost, average risk)
      • Blue/ Green (Other Pair of Colors/ Shadow): new system is fully deployed in parallel with the old system (highest cost, lowest risk)
    • Maintain
  • Waterfall Model is most common
    • different teams of employees performing separate tasks in sequence
    • challenges:
      • requires a lot of time to complete
      • benefits of new system are not realized until completion
      • no customer input and change can be difficult to manage
      • some employees may be idle before beginning or after completing their step
83
Q

System Development and New System Risk

A
  • Resource Risk:
    • expensive and time consuming
    • lack of funding can cause project fail or corners to be cut
  • Scheduling Risk
    • if schedules are not met, the entire project can be delayed
  • Technical Risk
    • major factor
    • can lead to system downtime and latency problems
    • if design and functionality do not meet end users need a rework is required $$$
  • Project Management Risk
    • requires strong guidelines, leadership and support
    • high stress can lead to employee turnover, dissention or issues within the team that can delay the project
  • User Resistance Risk
84
Q

Managing Risks of Legacy Systems

A
  • many entities maintain legacy systems because of:
    • cost
    • time
    • user resistance
    • features and customization
    • risk of information loss
85
Q

Risks of Legacy Systems

A
  • Security Vulnerability
  • Lack of Vendor Support
  • Compatibility Issues
  • Lack of Efficiency and Effectiveness
86
Q

Mitigating Risk of Legacy Systems

A
  • Isolating the System
  • Hardening: turning off any unnecessary features of the legacy systems to reduce exposure
  • Virtual Patches
  • Monitoring: frequent review and monitoring
87
Q

One Piece Flow Manufacturing

A

lean manufacturing concept that is aimed to achieve a discrete flow of work contrary to batch production approach.

one step at a time

88
Q

One Piece Flow Manufacturing

A

lean manufacturing concept that is aimed to achieve a discrete flow of work contrary to batch production approach.

one step at a time

89
Q

Information System & Change Management Testing Strategies

A
  • testing should involve the acquired software, any developed software, and the change management process
  • purpose:
    • determine whether the software is operating as expected
    • discover errors, defects, missing components, or gaps
    • verify that end product meets expectation
90
Q

Types of Tests in Cahnge Management

A
  • Unit Test: used to validate the smallest component (unit) of the system
    • goal is to isolate testing of each part to show that individual parts are functioning properly
  • Integration Test: determines if the units, once combined, function as designed
    • goal is to test if components integrate effectively
  • System Test: evaluate system as w whole
    • goal is to test whether system meets the functional and technical specifications as well as specified quality standards
    • enable quality assurance (QA)
  • Acceptance Testing/ Application: determine whether the software works correctly for the intended user in normal work environment
    • Most important
    • conducted by a QA team
91
Q

Types Of System Tests

A
  • Functional Tests: focus on testing the functions performed by the system
    • run realistic business scenarios to validate
  • Black-box Testing: little information about how the product is designed
    • focusing on design
    • test system in same manner the end user would to validate
  • White-Box Testing: provides many details and is focused on code and design improvement as apposed to functionality
  • Exploratory Testing: utilized for the less-common or exception based situations with no specified test cases
  • Performance Testing: designed to test run-time or speed performance of software when processing required work load
  • Recovery Testing: check system’s ability to recover from failures
  • Security Testing: verifies that system protection mechanisms prevent improper penetration or data alteration and validate that authorized access levels function properly
  • Regression Testing: rerun previous test cases with the entire application after new features or functionalities have been incorporated
  • Stress Testing: test to see how well it deals with abnormal resource demands (quantity, frequency, and volume)
  • Sanity Testing: exercises logical reasoning and behavior of the software to determine whether system logic is functioning as designed
92
Q

Types Of Acceptance Testing

A
  • Alpha Testing: initial version of completed software is tested by the customer under the supervision of the developer at the developer’s site
  • Beta Test: later version of the complete software is tested by customer at his or her own site without developer present
93
Q

Security Life Cycle

A
  • Identify: determine what asset exist and identify and document the risk associated with those assets
  • Assess: determine the likelihood of the risk materializing and the level of the impact of that threat to the organization
  • Protect: mitigation strategies must be put in place.
    • developing and communicating security polices and procedures
    • developing internal controls
  • Monitor: continually monitor activities and acquisitions for new risks and ensure that current risk mitigation efforts are still effective
94
Q

Types of IT Risks

A
  • Technology Risk: risk of disruption to business as a result of any information technology activity
    • can be pervasive and affect organization’s reputation, operations, financial position, and overall strategy
    • all other risks are under this umbrella
  • Security Risk: risks associated with unauthorized access or use of an organization’s information technology
    • external threats such as hackers
    • internal misuse of information, assets, and reputation with stakeholders
  • Availability Risk: risk that an organization will not be able to access and utilize its information technology as needed
    • result of some type of system failure or external event
  • Operational Risk: risk that an organization is unable to operate effectively or efficiently due to issues concerning information technology
    • includes utilizing software that does not meet the needs of the organization or having correct software but utilizing it ineffectively
  • Financial Risk: risk of losing financial resources as a result of them being misused, lost, wasted, or stolen
    • employee using company printer for personal use
  • Compliance Risk: focused on issues related to information technology not sufficiently meeting the requirements of regulatory bodies
    • vary by industry
  • Strategic Risk: risk of misalignment of business and IT strategies
95
Q

Types of IT Threats

A
  • Natural and Political Disasters:
    • earthquakes, floods, fires, storms, and floods
    • transportation accidents
    • events related to hazardous materials
    • terrorist attacks
    • political uprising or war
  • Errors in software and equipment malfunctions
    • software crashes or viruses
    • hardware failures
    • power outages
  • Accidental Actions
    • human errors
    • negligence
    • omitted data
    • data lost, modified or destroyed in transmission or storage
    • ineffective software training
  • Intentional Actions
    • fraud
    • sabotage
    • corruption
    • computer crimes such as viruses, phishing, malware, social engineering, and computer hijacking
    • financial statement fraud
    • misappropriation of assets (theft)
96
Q

IT Risk Management

A
  • Integrate management of IT Risk into the overall risk management of the enterprise
  • make well-informed decisions about the nature and extent of the risk, the potential risk appetite, and the risk tolerance of the enterprise.
  • Develop response to risk
97
Q

General IT Control (GITCs)

A
  • Systems development life-cycle standards and controls
  • physical and logical controls over infrastructure
  • business resiliency management
  • change management procedures
  • software acquisition, development, operations, and maintenance controls
98
Q

IT Application Controls

A
  • built into typical business processes that use computer application
  • implement preventive, detective, and corrective control around transactions in order to address effors, deficiencies, and fraud in applications
  • accurate → complete → valid → authorized
99
Q

Nature of IT Controls

A
  • Manual Controls: control performed b a person without making direct use of automated systems
  • Automated Controls: performed by an automated systems
    • embedded with IT infrastructure to provide continuous controls based on established rules
    • accuracy → timeliness → efficiency → security
  • IT-Dependent Manual Control: individual performing a control function with some use of an IT component
100
Q

Functions of IT Controls

A
  • Preventive Control: takes precautions to prevent problems in future
    • hiring qualified and competent personnel
    • security awareness training
    • segregation of duties
    • physical access control (locks/ guards)
    • Technical control (firewalls/ antivirus software/ security configuration management)
  • Detective Controls: to find and reveal issues or deficiencies not averted by preventive controls
    • second line of defense
    • bank or account reconciliations
    • physical security such as surveillance cameras
    • intrusion detection systems
  • Corrective Controls: have ability to identify, repair, restore, and recover from issues that cause damage to system or process
    • applying operating system upgrades
    • maintaining data and system backups
    • fixing data entry or transaction errors
101
Q

Types of Firewalls

A
  • Packet-Filtering Firewall: utilizes a router to inspect the header information found in packets of data that travel between the organization’s network and the internet and to determine whether to allow or block the exchange
  • Application-Based Firewall: allows for exchange of information but not the direct exchange of packets. can apply to entire network or for a specific host
  • Stateful Inspections: Monitor both the packet header and destination
102
Q

Vulnerability Controls

A
  • Hardening: reduce their surface vulnerability by turning off features or functions that are not needed during operations
  • Patch Management: as vulnerabilities are discovered, should be addressed by patches (r fixes) before they are exploited
  • Anti-malware Program: implementing robust procedures around the uses of external devices, accessing certain websites, and executing suspicious programs
103
Q

Data Encryption

A
  • involves using password or a digital key to scramble a readable (plaintext) message into unreadable (ciphertext) message
  • intended recipient of message then uses digital key to decrypt message back to plain text
  • System Types:
    • Symmetric: sender and recipient use same shared key
    • Asymmetric: uses two keys
104
Q

Digital Certificates

A

form of data security

electronic documents that are created and digitally signed by a trusted party

certify the identify of owners of a particular public key

105
Q

Public Key Infrastructure

A
  • system and processes used to issue and management asymmetric keys and digital certificates
106
Q

Hot Site

A

location that is equipped with the necessary hardware and possibly software

Chapter 3 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions