Professional Documents
Culture Documents
Information Technology
Information Technology
Information Technology
MIS is designed to provide past, present, and future information for planning,
organizing, and controlling the operations of the organization. It differs from
business information system in that it provides managements with predefined
reports to help in decision-making.
Types of reports:
1. Periodic scheduled reports: made available to end users on a regular basis (daily,
weekly, monthly reports)
4. Ad Hoc reports: doesn’t exist yet, but can be created on demand without having to
get software developer “on the fly”
*Accounting Information System (AIS) is a sub-system of MIS and it’s partly TPS and
knowledge system
A system analyst is the designer of the system. He designs the system in consultation
with the users and communicates the design to the programmers. A system flowchart is a
tool used by the analyst to define the systems requirements.
After the design of the system has been done, the design is sent to the programmers.
There are two types of programmers:
Application programmer:
Is responsible for writing, testing, and debugging the application programs from
specification provided by the system analyst. A program flowchart is used by the
application programmer to determine the program logic.
A computer operator is responsible for data input, loading tapes , running computer
operations, and maintaining a log. They ensure that data are input properly and correctly
processed and needed output is produced.
The librarian is responsible for keeping custody of data, software and documentation,
and allowing access to authorized users.
Data control (control group): The data control group ensures that source data have been
properly approved, monitor the flow of work through the computer, and reconciles input
and output (control totals), and maintain a record of input errors to ensure their correction
and resubmission and distributes system output. Control group is responsible for the
distribution of all computer output.
A web administrator maintains the website (web server) and the contents of it. He
supervises web developers.
Operations: data input clerks and computer operators should not have access to
program code (programming) that would be enable them to modify programs nor
should they control the output (custody).
• Computer operator should NOT have access to operator instructions and detailed
program listings.
IT Controls
o Record count: total number of records entered into the program at that
time.
o Hash total: the total of values that do not have a meaning, but serve as a
way to verify the correct entry of these values. i.e. Total of account
numbers.
Processing controls: once data has been input, processing controls ensure that the data is
properly manipulated to produce meaningful output.
o Computer programs are tested using error testing compilers to ensure that they
don’t have programming language errors.
o Systems testing to make sure that the programs within the system are interacting
properly.
Hardware:
Hard drives or magnetic disks, floppy disks, CD-ROM, Optical disks, and
magnetic tape.
RAID (Redundant Array of Independent Disks) combine multiple disk drives into
an array. If one is crashed, the other has the data.
3. Peripherals:
- Parallel processing: simultaneous use of more than one computer to execute a program.
When multiple processors or computers process the same program, there is an efficiency
loss to provide the control of the overall processing. This factor is called the
multiprocessing (MP) factor. Processing power is often measured in term of MIPS,
which is millions of instruction per second (not minute)
1. System software
- Utility program
o Data storage:
Byte=group of 8 bits
File=group of records.
o Database:
o DBMS:(not a database)
o Database turning: program that allow the DBA to test the database to
ensure that the database is operating both effectively and efficiently.
- Data control language: specify privileges and security rules. The data
control language is a type of database language used to specify the
privileges and security rules governing database users.
- Data definition language (DDL) used to build the data dictionary (the
database structure of the database. The data definition language defines the
database structure and content, especially the schema and subschema
descriptions, including the names of the data elements contained in the
database and their relationship to each other.
Types of databases:
o Data Warehouses: stores data from current and previous years from each
department and dump them into huge warehouse. It is useful for data
mining which means process the data in the data warehouses to identify
trends, patterns, and relationships. A limited data warehouse is called
Data Mart. Data mining CANNOT be done manually. It is inordinate
amount of data.
Advantages of a DBMS:
o Data independence.
o Data sharing
o Data standardization.
Disadvantages
o Possible obscuring of the audit trail as a result of data movement from one
file to another
Database structure:
Programming language:
Programming languages like COBOL, Pascal, Basic and Visual Basic, and C and
C++, allow programmers to write programs in source code. Source code is human
readable which is translated or compiled into object code machine language (0-1)
Networks
Types of networks:
1. Local Area Networks (LAN): is normally a private network that link several
different user machines, computers, printers, databases to other shared devices
within a limited geographic area (small area) often with the same building.
o Bridge is a device that divides LAN into two segments which both use
the same set of network protocols.
Network topologies:
o Bus: use a common backbone to connect all the devices on the network. If
one device is down, they are all down. Only one device can transmit at a
time, other wait till backbone is free.
o Ring: formed in a ring with each device connected to other two devices. If
one device down, they are all down.
o Star: formed in a star with each device connected to a central hub. The
hub controls the transmission. If one device is down, it is only down. If the
hub is down, the entire network is down. i.e. telephone system connected
to a PBX and many home networks.
o Tree: connect multiple stars into a bus. Each hub is connected to the bus
and handles the transmission for its star. i.e. phone network of a large city.
2. Wide Area Networks (WANs) may be a VAN, internet, and point to point
network.
VAN is private, more secure, expensive, and slow because it uses batch system
(periodic).
c. Internet-based Networks:
o Transaction files (temporary): are files used to update the master files.
Transaction files are temporary files. In the computerized environment, journals
called transaction files. i.e. sales journal is called the sales transaction file.
Methods of processing:
o Online Analytical Processing (OLAP) allows end user to retrieve data from a
system and perform analysis using statistical and graphical tools.
Source documents are grouped into batches, and control totals are calculated.
Periodically, the batches are entered into the computer system, edited, sorted, and
stored in a temporary file. The temporary transaction file is run against the master
file to update the master file. Processing of transactions in a batch system is
uniform.
In batch processing, the grandfather-father-son file procedure can be used either
to recover from processing problems or to retain files off-site for disaster
recovery..
Batch total, often used in batch processing, are totals of dollar fields in
transaction. the total computed from the batch is compared to an input batch total
for the batch of transaction; if the two total are the same, processing of the batch
can continue.
Hash totals, often used in batch processing are totals of fields in transactions other
than dollars. The total computed from the batch is compared to an input hash
total for the batch of transactions; if the two totals are the same, processing of the
batch can continue.
o Centralized processing:
- Maintain all data and perform all data processing at a central location.
Mainframe and large server computing applications are often examples of
centralized processing.
- Disadvantage: high cost, increase the need for processing power and data
storage, reduction in local accountability, input/output bottlenecks at high
traffic times, and increase inability to respond in timely manner to information
requested from remote locations.
o Computer systems should be designed to supply electronic audit trails, which are
often as effective as paper audit trails.
o The increased availability of raw data and management reports affords greater
opportunity for both the client and the auditor to perform analytical procedures.
Risks, Controls, disaster recovery, and business continuity
Risks:
o Operating Risk: risk of doing the right things the wrong way.
Risk Management
- Definitions
o Risk = probability of harm or loss
o Threat = any hostile intent
o Vulnerability = characteristic of a design that renders the system to a
threat
o Safeguards and controls = firewall
- Types of Controls
o General Controls – password to enter computer
o Application Controls – password to enter a program
o Physical Controls – Locks on Doors
o Segregation of Duties
Access controls:
2. Electronic Access:
o Callbacks on dial-up systems: call users’ phone when their ID log in.
o Firewall (deter, not to prevent) is a system often both hardware and
software of user identification and authentication (valid user has access to
the system) that prevents unauthorized users from gaining access to
network resources, acting as a gatekeeper, it isolates a private network
from a public network. It does not prevent or protect against viruses
Firewall methodologies:
1) Packet filtering: examines packets of data as they pass through the firewall. It is the
simplest form of firewall configuration.
2) 2) circuit level gateway: allow data into a network that result from requests from
computers inside the network
3) Application level gateway: examines data coming into the gateway. They can be
used to control which computers in a network can access the internet and can also be
used to control which internet websites or pages can be viewed once access in
allowed.
o Virus is a piece of computer program that inserts itself into some other program,
including operation systems, to propagate. It requires a host program to propagate
it, so it cannot run independently.
o Worm is a program (special type of virus) that can run independently and
normally propagates itself over a network. It cannot attach itself to other
programs.
o Trojan horse is a program that appears to have a useful function but that contains
a hidden and unintended function that presents a security risk. It does not replicate
itself.
o Denial-of-service attack:
o Phishing is the sending of phony emails to try to lure people to phony web sites
asking for financial information.
Digital Certificates
o To send encrypted message, apply for digital certificate from certificate authority
o Longer length of key – more secure (128 bits)
o Brute-force attack – attacker tries every possible key until right one is found
o Public Key Encryption Encrypted using public key, decrypted using private key
o Private Key Encryption Both sender and receiver must have the private key
Disaster Recovery planning devises plans for the restoration of computing and
communications services after they have been disrupted by an event such as an
earthquake, flood, or terrorist attack.
o The major player is the organization itself and external service provider.
o Hot site: an off-site location that fully equipped meaning it has all
computers and data ready to begin operations immediately in the event of
disaster.
Backup approaches:
Backup facilities:
1. Hot site: an off-site location that fully equipped meaning it has all computers and
data ready to begin operations immediately in the event of disaster.
An agreement between two or more organization to aid each other with their data
processing need in the event of a disaster.
4. Internal site:
Large organizations with multiple data processing centers rely upon their own
sites for backup in the event of a disaster.
Mirroring uses a backup sever that duplicates all the process and transaction of primary
server. If the primary server fails, the backup server can immediately take its place
without any interruption in the service. It is very expensive.
Electronic Business
E-Commerce:
is the electronic consummation of exchange (buying and selling) transactions. It uses a
private network or the internet as the communication provider. Certain types of e-
commerce involve communication between previously known parties or between parties
that have had no prior contracts or agreements with each other. In the recent past, e-
commerce was an option for many kinds of business. Today, it is a cost of doing business
for most types of business.
E-Business:
E-Business is a more general term than e-commerce and refers to any use of information
technology, particularly networking and communications technology, to perform business
processes in an electronic form. The exchange of this electronic information may or may
not relate to the purchase and sales of goods or services. E-commerce relates to buying
and selling transactions.
Electronic Data Interchange (EDI) (standard format)
One of the first types of e-business/e-commerce was EDI. EDI is computer to computer
exchange of business transaction documents (purchase orders, confirmations, invoices,
etc.) in structured formats that allow the direct processing of the data by receiving
system. EDI started with buyer-seller transactions (e.g., invoices and purchase orders) but
was then expanded to inventory management and product distribution.
Extensible Markup Language (EML): sent data in a flexible format, as opposed to EDI
which sent date in a standard format.
- EDI reduces handling costs and increases processing speed. Because EDI speeds
transaction processing, the business cycle is generally shortened and year-end
receivable balances are reduced
o Suppliers and buyers can use EDI to improve inventory management by speeding
up processing of sales/purchase/inventory transactions.
o EDI requires that all transactions be submitted in a standard data format
(international language)
o Mapping: is the process of determining the correspondence between data
elements in an organization’s terminology and data elements in standard EDI
terminology. Once the mapping has been completed, translation software can be
developed or purchased to convert transactions from one format to the other.
o EDI can be implemented using direct links between the trading partners trough
VANs and the internet.
o Reduce human effort in the processing of business documents.
Cost of EDI:
1. Legal costs associated with modifying and negotiating trading contracts with
trading partners and with communications providers.
2. Hardware Costs such additional communications equipment, improved servers,
modems, routers.
3. Cost of Translation Software to translate data into the very specific EDI
formats.
4. Cost of Data Transmission if VAN is used.
o Security- transactions that contain private information are encrypted with then
undecipherable.
o Reliability- there is no opportunity for any human errors.
o It’s NOT more secure than B2C or C2C and government is not involved in it.
o Often provided by a third-party vendor who acts as the intermediary between the
company and the banking system.
o Security is provided through various types of data encryption.
- Transaction tagging
- Embedded audit modules: are sections of an application program code that collect
transaction data for the auditor. Such modules allow the auditor to capture
specific data as transactions are being processed.
- Test deck (test data)
- Parallel simulation
Encryption performed by physically secure hardware is more secure than that performed
by software because software may be more accessible from remote locations. In
addition, because hardware decrypts faster than software, more complex algorithms
(which are more difficult to "crack") may be used.
- Edit checks are designed to ensure that invalid inputs are rejected. A list of
rejected transactions would be produced to allow the correction and re-
submission of such transactions.
- provide the computer operating system with the ability to schedule, resource
allocation and data retrieval functions based on a set of instruction provided by
Job control language
File-oriented system: focuses on individual application, each with its own set of files and
with each file physically separate from the other files. In other hand, DBMS focuses on
data rather than a particular application.
Virtual memory is memory where portions of a program that are not being executed are
stored, but it is not real memory. It is actually a part of disk storage. When the part of
the program that is being stored in virtual memory is to be executed, the part of the
program is retrieved and stored in real memory. (It’s NOT part of the real memory)
When application software is purchased, the purchaser may or may not receive a copy of
the source code. The source code may or may not be escrowed. Escrow of the source
code supposedly protects the purchaser (not the seller) if the software vendor fails to live
up to its contractual obligations. Manteca may or may not be provided (support and
update)
RAID disk storage, while relatively inexpensive, does not necessarily mean lower
performance and reliability.
It is correct that processing power is often described in terms of MIPS. However, the
MIPS measurement is only one of the factors in determining the overall processing power
of a particular processor or computer system. For example, the internal and external (to
the processor itself) data transfer speed is also important. If a particular application
system is input/output intensive, like many commercial application systems are, data
transfer speed might be much more important than pure processing power.
In a relational database, the data are stored in two-dimensional tables that are related to
each other by keys, not implemented by indexes and linked lists. Indexes and linked
lists were normally used in the earlier hierarchical and tree-structured databases.
Object-oriented databases can be used to store comments, drawings, images, voice, and
video that do not normally fit into more structured databases. However, object-oriented
databases are normally slower than, not faster than, relational databases.
Even if a company has a strong firewall and an application that run on its network, it does
not protect it completely from viruses. Also, that does not mean that the company should
not install an anti-viruses system.
Program modification controls are controls over the modification of programs being used in
production applications.
Program modification controls include both controls that attempt to prevent changes by
unauthorized personnel and also that track program changes so that there is an exact record of
what versions of what programs were running in production at any specific point in time.
Program change control software normally includes a software change management tool and a
change request tracking tool. Program change control often involves changing what are
effectively the same programs in two different ways simultaneously. Normally, an environment
has both production programs and programs that are being tested. Sometimes, production
programs require changes (production fixes) at the same time the test versions of the same
programs are being worked on. This process must be controlled so that one set of changes does
not incorrectly overlay the other.
A company uses application software packages. The license agreements for the packages do
not invariably provide the right to make backup copies of the software for disaster recovery
purposes.
Standard disaster recovery plans are limited to the restoration of IT processing. However, the
plans may be extended to the restoration of functions in end user areas. Disaster recovery
service providers will do almost anything related to disaster recovery for the right amount of
money, as long as that service is specified (and priced) in the disaster recovery contract. Most
disaster recovery service providers will not provide services that were not specified in the disaster
recovery contract. If and when a disaster occurs, the customer normally gets what the customer
has been paying for.
The major emphasis in disaster recovery is normally the restoration of hardware and
telecommunication services.
It is difficult at best to figure out what the word "controls" is doing in any of these choices in a
disaster recovery question. So let's just ignore it; it really does not make any difference to the
answer. In addition, and more importantly, we have to make sure that we note the word
"uninterrupted" in the question. We have to assume that the disaster recovery being referenced
here is more stringent than either the hot site recovery or cold site recovery discussed in the text
(i.e., the ability to recover from a disaster instantaneously with absolutely no downtime of any
kind). This type of disaster recovery would normally be some kind of "mirror" facility, where two
identical processing facilities are maintained at different geographical locations and all
transactions are processed simultaneously at both facilities, and where either facility can take
over instantaneously for the other if one is lost. This kind of disaster recovery is normally quite
expensive, but it is sometimes worth it in some businesses. Downtime (or the complete lack
thereof) is a key factor in the disaster recovery plan. Backup is always essential in any disaster
recovery plan. Choice "c" is the only choice with both downtime and backup.
- External labels will prevent file destruction by properly identifying each file.
- Automated transactions are not subject to the same types of authorizations as are
manual transactions,
After supply chains are set up, they can’t remain unchanged, Supply chains have to
be constantly reengineered as products change and to increase efficiency and reduce
costs.
- Uninterrupted power supply (UPS): backup system that don’t shut down
Prepared by,
Aiman Almeqham